According to the General Data Protection Regulation EU 2016/679 (hereinafter “GDPR”) and the Act of May 10,2018 on the Protection of Personal Data (hereinafter “the Act”), PRAMAC SP. Z O.O, with its registered office in ul. Krakowska 141-155 budynek F, Wroclaw, Poland in the quality of Data Controller, wholly owned by PR Industrial s.r.l. (“Data Processor”), informs individuals (hereinafter “User(s)”) acceding to the website “www. pramac-lifter.pl” (hereinafter the “Website”) to obtain technical and commercial information with regards to the products or to purchase products, on the scope, manner, nature, communication and disclosure of data collected through the User(s) contact us/sign up form.
1) Type of Data
Data Controller collects data provided voluntarily by the User on the forms present on the Website such as: personal and identification data, telephone and e-mail addresses, company data, current account details and/or other ordinary data strictly necessary for the pursuit of the purposes referred to in the following point 2.
2) Purpose of the data processing
User personal data is collected and processed for the following purposes:
a. to reply to requests of information by the User, to execute the purchase agreements of the products and to allow Data Controller to fulfil the obligations established by the law, by the current fiscal, administrative and accounting rules, as well as to correctly fulfil the obligations assumed in execution of the agreements entered into;
b. to perform direct marketing, such as sending the User communications on products similar to those requested, services offered by the company or to elaborate studies or market statistics;
c. to allow other companies belonging to PR Industrial Group (within the EU or outside the EU) to carry out marketing activities and/or send offers on products, services or activities offered or promoted by the same, as well as to elaborate studies, research marketing statistics.
3) Manner of processing and use of the data
User’s personal data will mainly be processed using electronic means, or in any case automatically, according to the GDPR and through the implementation of the specific security measures in order to prevent loss of data, illicit or improper use and/or unauthorised access.
Data is stored on electronic and/or paper form, in compliance with the applicable laws and limited to the necessary term to achieve its purpose and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
4) Legitimacy of the processing and optional or obligatory consent
For the purposes referred to in the above item n. 2.a), submission of data by User is necessary and, failure to provide data requested, even partially, will result in the impossibility i) to perform the obligations arising from the agreement in which the data subject is involved and/or ii) to provide the offered/requested services; in relation to this purpose, consent is not required and processing is legitimate pursuant to art. 6 (1) (b) of GDPR.
Processing under item 2.b), carried out for direct marketing purposes on products or services similar to those requested by the User, finds its applicability pursuant to art. 6 (a) (f) of the GDPR, on Data Controller’s legitimate interest to promote its own products or services in a context where data subject may reasonably expect such processing, to which User may oppose at any time.
Processing carried out for purposed described under item 2.c) is based on the User’s explicit consent pursuant to art. 6 (1) (a) of the GDPR. Submission of Personal data for this purpose is entirely optional and does not compromise make use of the services.
5) Communication and transfer of personal data
User data is collected and processed at the offices of Data Controller or at the offices of the technical staff appointed for the maintenance of the Website, called the External Processor.
Without prejudice to those communications made to fulfil legal obligations, all data collected for the purposes set forth under item 2 may be communicated to the following:
– parties appointed by Data Controller to perform activities directly related or connected to the delivery and distribution of products or services requested by User;
– parties that may become aware of data due to their role as Data Processor or as people in charge of the Data Controller data processing.
Data Controller informs User that, being part of Generac Group, some data may be transferred – for the Purposes referred to in point 2.a) of this Policy above – to other Generac Group companies which are based in the United States of America.
Considering that the United States does not guarantee an adequate level of protection of personal data compared to that provided for in the European Union, the Data Controller has taken steps to ensure that the transfer of the personal data of the User to this country takes place only in compliance with the conditions set out in art. 45/49 of the GDPR and, in particular: contractual agreements based on the Standard Contractual Clauses (“SCCs”) as developed by the European Commission pursuant to Article 46 of the GDPR and Binding Corporate Rules approved by an EU data protection supervisory authority.
Transfer to the other companies of the PR Industrial Group (within the EU or outside the EU) for the purpose under item 2.c) is based on the explicit consent of User.
The data will not in any case be subject to dissemination.
6) User’s Rights
User under the Act and the GDPR has the right to access his personal data, obtain confirmation of the existence or not existence of his personal data and to be informed of the content and source, to verify its accuracy or to request the integration, updating, rectification, erasure, portability, as well as the right to request the deletion and to oppose the processing of data for legitimate reasons.
Furthermore, User has the right to revoke consent at any time; revocation of consent does not affect the lawfulness of the processing based on the consent obtained before the revocation.
To exercise his rights, User may, at any time, contact the Data Controller sending an e-mail to info.pl@pramac.com.
Users also have the right to lodge a complaint with the competent supervisory authority in case they think their personal data are being processed in a way that leads to violations of the GDPR.
7) Updates
This Privacy Policy may be modified over time, including in relation to the possible entry into force of new regulations. This Privacy Policy is integrated by the Privacy Policy in the footer of the Website.
User of the Website is therefore invited to consult both Privacy Policies periodically.