Welcome to our smartphone/tablet application“PF Scan” (hereinafter the “App”)!
With this Privacy Policy Pietro Fiorentini S.p.A. intends to provide users of the App (hereinafter, the “Users”) with the main information concerning the processing of their personal data connected with use of the App and its features.
Access to the App requires the User to complete the registration process by entering the appropriate credentials. Furthermore, while using the App, the User might be required to provide further data – e.g. to recognise the components and to send a purchase request. Thanks to the Privacy Policy the User may access all the information concerning the processing of their personal data, pursuant to Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”) and to the applicable national regulations on the protection of personal data, including (It.) Legislative Decree no. 196 of 30 June 2003 – Code on the protection of personal data (the “Privacy Regulations”).
Please read carefully our Privacy Policy, which applies both when simply downloading the App and when registering on it. By completing the App download, the User declares to have read and understood this Privacy Policy.
- Identity and contact details of the Data Controller
The Data Controller is Pietro Fiorentini S.p.A., with registered office in Via Enrico Fermi, no. 8/10, 36057 Arcugnano (VI, Italy), Tax ID and VAT 08620190150 (“PF”, the “Controller” or the “Company”), tel. +39 0444 968 511, fax +39 0444 960 468, e-mail [email protected].
- Subject of the data processing
In order to access the features and services offered by the App (such as scanning PF products and accessing the relevant manuals), the User must complete the registration procedure. Once this procedure has been completed, he/she can use his/her personal and confidential credentials (i.e. username and password), to unlock the features offered by the App. Where necessary, the Company will acquire the User’s specific consent to process the data or to access the information contained in their device.
When the App is in use, the Data Controller will process various types of information concerning Users. By way of example, the following personal data will be processed (as a whole, the “Data” or “Personal Data”):
- personal details (e.g. name, surname, country of origin);
- contact details (e.g. e-mail);
- company information (e.g. role, company) as well as information concerning the scanned products (e.g. search and scanning log);
- (only when a product is scanned) geolocation data (e.g. GPS position).
- Provision
Some of the personal data required by the App, such as name and surname and e-mail address, may be marked as “mandatory” [e.g., marked with an (*)] as they are necessary to complete the registration procedure and access the App services you wish to use. Failure to provide the data marked as “mandatory” will make it impossible for the Company to provide the required service (e.g., if the User does not provide his/her e-mail address, it will not be possible to complete the registration process). Failure to provide the data marked as “optional” will have no consequences. The User is always free to choose whether to use the scanning features provided by the App.
The Users are only required to provide their own personal data within the App. Should the personal data of third parties be provided, Users must expressly declare and acknowledge that they have received the consent from the third parties in question to the processing of their personal data by the Company, or other Data Controllers.
- Purposes and legal basis of processing
The Users’ Personal Data are collected and processed for purposes strictly related to the use, management and updating of the App, of the services provided within it and of their presentation to the Users. The specific purposes for which the data are used are set out in detail herein.
(a) Registration, creation of a personal account, use and improvement of the services offered by the App
The Users’ Personal Data are processed to ensure access to the App and its features, and specifically in order to:
- enable registration with the App and its normal and efficient use and maintenance;
- create a personal account;
- consent access to the App features (e.g. scanning the QR code of PF products, access the relevant technical documentation, etc.); and
- improve its performance and operation.
The Users’ email address may also be used to send any communications concerning how the App features are used (e.g. to confirm successful registration, to change the credentials, etc.).
The data processing connected to the provision of the App services and its operation does not require the Users’ consent, as it is necessary to perform a contract between the Users and the Company, as well as to correctly fulfil the legal obligations that the Data Controller is subject to. The data processing for the purposes of performing analyses and improving the App’s operation does not require the Users’ consent, as it is necessary for pursuing the Company’s and the Users’ legitimate interest in the provision of a high-quality service, as well as for the prevention of any malfunctions that might impair the App’s proper functioning.
In connection to this purpose, the Users’ Data may be processed by the Company to exercise the Data Controller’s rights in court and to manage disputes, as well as for the prevention and repression of unlawful acts: the Data Controller’s interest corresponds to the constitutionally guaranteed right of action (art. 24 It. Const.) and, as such, it is socially recognised as prevailing over the interests of the individual data subject.
The information regarding the User’s account may be autonomously updated and edited at any time in the “Menu” à “User Account” section of the App.
We would like to remind you that access to the scanning and recognition feature of PF products requires you to allow the App to access the data and/or information stored in your device (see §5).
(b) Sending feedback – Request for information
Where the User should send to the Company a request for information using the specific “Support” feature, your data will be processed to adequately manage the requests and, where appropriate, contact the Users concerned.
Processing of the data for this purpose does not require the Users’ consent, as it is necessary for the execution of precontractual measures adopted on the User’s request.
(c) Statistical Analyses
The information concerning the scans of PF products is processed to perform statistical analyses, at aggregate level, concerning the use of the App (e.g. App usage level by geographical area) and PF products on a global scale.
Processing of the data for the purpose of statistical analyses does not require the Users’ consent, as it is necessary for pursuing the Company’s legitimate interest in the improvement of its commercial positioning and its products.
Furthermore, after collecting the suitable and specific consent, the Users’ data shall be processed by the Company for further needs, such as:
(d) Communication and marketing
Sending commercial and promotional notices concerning news, events and activities regarding PF. This activity may be performed by using email and by sending push notifications.
The consent given may be withdrawn at any time (i) (with regard to the Newsletters) by clicking the specific link found in all communication; (ii) (with regard to push notifications) by accessing the settings of your device; (iii) using the methods specifically envisaged for exercising the data subjects’ rights (v. § 10). It is understood that failure to provide consent for the purposes of Communication and marketing shall in no way affect the possibility to use the services offered by the App.
- Access to the data stored in the device
The App requires your consent (to be provided in different ways depending on your device’s operating system, e.g. Android, Windows, IOS, etc.) to be able to access the following data and/or information stored in your device, in order to provide the App services that fall under the relevant purpose:
- GPS position detected by your device: it allows the App to acquire the exact position of the scanned PF product and provide the most suitable technical documentation;
- camera: it allows the App to scan the QR codes attached to the PF products, for easier recognition;
- push notifications: this allows the App to send you push notifications regarding commercial and promotional communications related to PF news, events and activities.
This access is disabled by default and no data shall be collected failing express authorisation by the user. Specifically, consent regarding this processing will be requested upon first launching the App or before accessing the product scanning feature (“Scan QR code”): the methods for collecting your consent may vary depending on the Operating System of your device. However, you may withdraw/provide your consent at any time by going to your device settings.
- Processing modes
The Users’ Personal Data are processed, by computerised means, through the operations of collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. The Data are processed in compliance with current legislation and protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the purposes of the collection.
The sending of commercial communications or the information provided on certain promotions through push notifications may take place in a wholly automated manner thanks to the use of marketing automation software: this processing does not produce any legal effects on the data subject, nor does it significantly affect you as a person.
- Data Retention
The Data Controller shall process the Personal Data for the time required to fulfil the purposes under para. 4 above and in compliance with any consents given. At the end of the retention period, the data shall be destroyed or anonymised. Specifically:
- the data regarding the personal account shall be stored for 10 years after closure thereof;
- the data relating to the sending of feedback and requests for information shall be stored for 10 years from receipt;
- the data collected by using the App and the PF product scanning feature shall be stored for statistical purposes, in aggregate form, for 5 years after collection. When said term has elapsed, the data shall be stored in anonymous form to perform further statistical analyses;
- the data processed for the purposes of communication and marketing, until withdrawal of consent and, in any case, for a period exceeding 5. Before the expiry of said term, the Company shall send the User a notice to ascertain whether the User intends to reconfirm their interest in receiving communications from the Data Controller.
- Recipients of the Data – Access and Communication
Within the above purposes, the Personal Data may be disclosed to:
- the authorised persons to perform processing identified by the Data Controller pursuant to art. 29 of the Regulation, in their capacity as data processing appointees and/or internal data processors and/or system administrators;
- third parties who carry out outsourced activities on behalf of the Data Controller and who will process the Data in their capacity as data processors (e.g. suppliers of the company’s technological infrastructure, professionals and consultants, internet providers, companies that provide services instrumental to the marketing and communication activities, etc.). Said subjects have been adequately selected.
The updated list of data processors, data processing appointees and system administrators is kept at the Controller’s premises.
Users’ Data may also be disclosed, for the above purposes, to third parties (e.g. legal consultants) who will process the data in their capacity as independent data controllers, as well as to Public Administrations or competent authorities, supervisory bodies, law enforcement agencies and judicial and administrative authorities, at their express request or for the investigation and prosecution of crimes, the prevention of and protection from threats to public security or to allow the Company to ascertain, exercise or defend its rights in court.
The communication of Users’ personal data will take place in full compliance with the legal provisions set forth by the Privacy Regulations and the technical and organisational measures established by the Company to ensure an adequate level of security. The Users’ personal data shall not be disseminated.
- Data Transfer
Data may be transferred for the above-mentioned purposes to countries outside the EU. In order to ensure an adequate level of protection of Personal Data, the transfer will take place pursuant to adequacy decisions approved by the European Commission or by having the Controller adopt the Standard Contractual Clauses prepared by the European Commission. The list of non-European countries that data is transferred to is available at the Controller’s office.
- Rights of the data subject
The Company would like to inform the Users that, in their capacity of data subjects, they have the right, bar any legal limitations, to:
- obtain confirmation of the existence or otherwise of their Personal Data, even if not yet recorded, and that such data be made available to you in an intelligible form;
- obtain an indication and, where appropriate, a copy of a) the origin and category of the Personal Data; b) the logic applied in the event of processing carried out with the aid of electronic instruments; c) the purposes and methods of processing; d) the identification details of the data controller and data processors; e) the subjects or categories of subjects to whom the Personal Data may be communicated or who may become aware of them, in particular if they are recipients from third countries or international organisations; f) where possible, the Data retention period or the criteria used to determine this period; g) the existence of an automated decision-making process, and if so, the logic used, its importance and the consequences foreseen for the data subject; h) the existence of adequate safeguards in case of transfer of data to a non-EU country or an international organisation;
- obtain, without undue delay, the updating and rectification of inaccurate data or, when interested, the integration of incomplete data;
- obtain the erasure, transformation into anonymous form or blocking of data, where possible: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of revocation of the consent that the processing is based on and if there is no other legal ground, d) if the User has objected to the processing and there is no overriding legitimate reason to continue the processing; e) in case of compliance with a legal obligation; f) in the case of data referring to minors. The Data Controller may refuse erasure only in the case of: a) exercising the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercising a right in court;
- obtain the restriction of processing in the event of: a) a dispute regarding the accuracy of the personal data; b) unlawful processing by the Data Controller to prevent their erasure; c) exercise of a right in court; d) verification of whether the Data Controller’s legitimate reasons prevail over those of the data subject;
- receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format the personal data concerning them in order to transmit them to another controller or – if technically feasible – to obtain direct transmission by the Controller to another controller;
- object, in whole or in part, for legitimate reasons related to their particular situation, to the processing of personal data concerning them;
- lodge a complaint with the Data Protection Authority.
In the above cases, where necessary, the Data Controller shall inform the third parties to whom the Data are disclosed of any exercise of their rights by the User, except in specific cases (e.g. when such fulfilment proves to be impossible or involves a manifestly disproportionate effort compared to the protected right).
- Methods of exercising the rights
The User may exercise their rights at any time:
- by sending a registered letter with acknowledgement of receipt to the Controller’s address;
- by sending an email or registered email (PEC) to [email protected].
- Links to other websites
This Privacy Policy is only provided for the “PF Scan” App and not for any other websites that the User may access through links. The Company shall not be held responsible for personal data provided by Users to external parties or to any websites linked to this App.
- Revision clause
The Company reserves the right to review, amend or simply update, wholly or in part this Privacy Policy, at its sole discretion, in any way and/or at any time, without prior notice, also in consideration of changes in legal provisions or regulations regarding the protection of personal data. The Users shall be notified of any amendments and updates to the Privacy Policy as soon as they are adopted and they shall be binding as soon as they are published on the App. We therefore kindly ask Users to regularly access the “Privacy” section to check the most recently published and updated Privacy Policy.
(Last update March 2024)