INFORMATION ON THE PROCESSING OF PERSONAL DATA

This information describes how personal data is managed by the website www.thepaac.com (from now on, only Website)  regarding the processing of personal data of users who consult and/or use it (in particular, for users who use the subscription service called “MyPaac” or the service “MyEvent”  - from now on only Service) as well as the data processing practices transmitted by the interested party to the Data Controller.

In compliance with art. 13 (for data collected from the interested party) and 14 (for data not collected from the interested party) of Regulation (EU) 2016/679 (GDPR) are made available to users of this Website the following information refers exclusively to the processing carried out through this site (and specifically to those attributable to the company Pac s.r.l. as subsequently indicated in point 4) and not through other websites that may be visited via links from this one, for which it is suggested to read the relevant information provided by the respective owners.

This Website and any services offered through it are reserved for individuals who have reached the age of eighteen. The Data Controller, therefore, does not collect personal data relating to persons under 18 years old. At the request of these users, the Data Controller will promptly delete all personal data involuntarily collected.

1) Data Controller

PAC s.r.l., (from now on, only PAC) company with registered office in Caserta (81100), Viale Carlo III di Borbone, 8, Tax code and VAT number 04519540613, in the person of the pro tempore legal representative, "Data Controller" according to EU Regulation 2016/679 (from now on also the "GDPR") through its pro tempore legal representative (from now on only PAC).

2) Legal basis of the processing

The processing of personal data is based on the right to information, on the fulfillment of contractual obligations or on the consent by freely and consciously filling in the appropriate information fields using dedicated forms and banners. By using (including the so-called Service) or consulting the site, visitors and users approve this privacy statement and consent to the processing of their personal data concerning the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service. Further consents relating to the specific purpose of the service are collected through the communication or service request forms.

3) Purpose of the treatment

Users' personal data will be processed in the ways and the forms prescribed by the GDPR for the performance of the functions of the Website.

In particular, the personal data provided to the Data Controller will be processed for the pursuit of the following purposes:

• Statistics (analysis) : Collection of data and information in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site. None of this information is related to the physical person-user of the site and does not allow identification in any way. Consent is not required.

• Execution of the Contract: to follow up on specific requests addressed to the Owner by the User (execution of the contract) through the Website and its communication tools (form contacts, information request forms and the like).

• Ancillary Activities: for the potential subscription to newsletters and the consequent sending of various commercial communications concerning the sector in which the Data Controller operates, with the specific consent given by the user for communications of an informative nature relating to the services of the Data Controller, following the request for information via e-mail messages or filling out the form contacts and other communication tools.

• Safety: Collection of data and information to protect the security of the site (spam filters, firewalls, virus detection) and the Users and to prevent or unmask fraud or abuse to the detriment of the Website. The data are recorded automatically and may also include personal data (IP address) that could be used, in compliance with the laws in force on the subject, to block attempts to damage the site itself or to cause damage to other users or in any case harmful activities or constituting a crime. These data are never used for the identification or profiling of the User and are periodically deleted. Consent is not required.

4) Data Collected

This site collects user data in two ways:

• Data collected in an automated way:

  While browsing Users, the following information may be collected and stored anonymously:

  1. browser type;
  2. type of device used to connect to the site;
  3. date and time of visit;
  4. web page of origin of the visitor (Referral) and exit;
  5. possibly the number of clicks;

  These data are used for statistical and analysis purposes, in an exclusively anonymous form.

• "Voluntary" data collection:

  The site may collect other data in the event of voluntary use by users of additional services (for example through the use of forms and/or chatboxes) and will be used exclusively for the provision of the requested service. In this case, the following may be requested and/or used:

  1. Identification data (first name, last name, date of birth, e-mail address, postal address and telephone number, other contact data, etc.);
  2. Economic information on transactions (for example information relating to orders and / or purchases made, returns, etc.);
  3. Data relating to physical characteristics optionally entered for order management (not falling within the definition of biometric data);
  4. Other commercial information or information relating to tastes and/or preferences (as well as any additional data sent spontaneously by the user and useful for the execution of the contract);

5) Place and time of conservation

The data are processed at the headquarters of the Data Controller, at premises under its availability and / or at the Company appointed by the same as External Data Processors.

The data collected by the site during its operation are kept for the time strictly necessary to carry out the specified activities. Upon expiry, the data will be deleted or anonymised unless there are other purposes for their conservation.

Data for analytics (statistics) purposes are stored in aggregate form for 24 months.

6) Cookies

This website uses cookies, and text files that are recorded on the user's terminal or that allow access to information on the user's terminal. Cookies allow information on visitor preferences to be stored, they are used in order to verify the correct functioning of the site and to improve its functionality by customizing the content of the pages based on the type of browser used, or to simplify navigation by automating procedures (eg . Login, site language), and finally for the analysis of the use of the site by visitors.

7) Types and cookies used

It is advisable to visit the appropriate cookie section.

8) Recipients and any recipients of personal data

The data collected may be disclosed to companies connected, linked or controlled by the Data Controller, as well as to consultants or third parties operating in the name and on behalf of the Data Controller - and in any case designated by the same, pursuant to art. 28 of the Regulation as Data Processors - for the fulfillment of services related to the purposes indicated in this statement, both intra-EU and non-EU (in the latter case, subject to further explicit consent and communication to the user).

In other cases, the data may be transferred to other third parties, in turn Autonomous Data Controllers (when not joint controllers) or External Data Processors, again for the purpose of executing the contract.

Here are the suppliers necessary for the purpose of providing the Service:

1. Axerve (https://www.axerve.com): payment management;
2. Paypal (https://www.paypal.com/it/home): payment management;
3. Poste S.P.A. (qui il link alla privacy policy https://https://www.poste.it/privacy-policy.html): shippinng;
4. SDA (https://www.sda.it): shippinng;
5. eDisplay (https://serversmtp.com/it/smtp/19-Informativa-Privacy/kb-6.html): sending automatic e-mails.

For some specific and optional services, then, the data can then be transmitted respectively to:

• Tidio LLCcon (https://www.tidio.com/privacy-policy/) based in: 160 Spear Street, # 1000, San Francisco, CA 94105 U.S.A .: for the Chatbox service;
• Tidio Poland Sp. z o.o. (https://www.tidio.com/privacy-policy): based in Wojska Polskiego 81, 70-481 Szczecin, Poland: for the Chatbox service;
• TrustPilot (www.trustpilot.com): for reviews.

It is possible to request the updated list of suppliers accessing the data at any time.

9) Rights of the interested party

Each interested party has the right of access, rectification, cancellation (oblivion), limitation, receipt of notification in the event of rectification, cancellation or limitation, portability, opposition and not to be the subject of an automated individual decision, including the profiling, pursuant to art. from 15 to 22 of the GDPR.

These rights can be exercised in the forms and terms set out in art. 12 GDPR by written communication sent to the Data Controller via e-mail to the reference address (point 1 and subsequent point 12).

The Data Controller will make an adequate response as soon as possible and in any case within 1 month of receiving the request. Pursuant to articles 15 and following of the Regulations, the user has the right to request access at any time.

10) Complaints

It is possible to revoke this consent at any time by sending an email to the address of the owner: [email protected] as well as after express communication at the headquarters of the owner.

11) Right to withdraw consent

Each interested party has the right to complain according to art. 77 and following the GDPR to a supervisory authority, which for the Italian State is identified in the Guarantor for the protection of personal data.

The forms, methods and terms for proposing complaints are provided for and governed by the national legislation in force. The complaint is without prejudice to administrative and judicial actions, which for the Italian State can alternatively be proposed to the same Guarantor or to the competent Court.