Privacy Policy

PRIVACY INFORMATION PURSUANT TO ARTICLES. 13 AND 14 OF EU REGULATION 2016/679

In compliance with the provisions of the European Regulation for the protection of personal data EU 2016/679 (hereinafter " GDPR "), we provide you with the following information relating to the processing of your personal data.

Data Controller and Data Protection Officer

Panaro Srl (tax code and VAT no. 00156160368), with registered office in Vignola (MO), Via delle Scienze n. 313, Italy processes the personal data of Users who access the Panaro Shop .de Marketplace on the panarocases.de website as " Data Controller ".

PANARO Srl has appointed Dr. Cesare Grandi , domiciled for the present position at Eco Sistemi Srl, Via Caselline n. 609 – 41058 Vignola (MO) and can be contacted at the following numbers: e-mail privacy@eco-sistemi.it . as “Data Protection Officer” (“ DPO ”).

Why this warning?

The Data Controller is constantly committed to respecting and protecting your privacy and wants you to feel safe both when simply browsing the site and in the event that you decide to register by providing us with your personal data to take advantage of the services made available.
This page therefore provides the main information on the processing of personal data of Users (hereinafter also "Data Subjects") who browse the panarocases.de website (hereinafter " Site "). Any other pages that you can consult via links on the Site, such as Facebook, Instagram, Twitter and YouTube or other web pages, are not the subject of this privacy policy; therefore, before interacting with these areas we invite you to carefully read the usage policies of these sites.

1. Source from which the personal data originates

Browsing data

The computer systems and software procedures used for the operation of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet (e.g. "IP addresses", names domain of the computers used by Users who connect to the Site and other parameters relating to the operating system and the User's IT environment). This is information that is not collected to be associated with identified subjects, but which by its very nature could, through processing and association with data held by third parties, allow Users to be identified. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site, checking its correct functioning and, if necessary, ascertaining responsibility in the event of computer crimes against the Site or other sites connected or connected to it.
Among the data collected there are also cookies, text files that websites store on the User's computer while browsing. Cookies will be used mainly to offer you a fast and secure digital experience, for example, allowing you to keep the connection to the protected area active while browsing through the pages of the Site, but also to send personalized advertising messages or for statistical analysis. For all detailed information on the use of Cookies on the Site, you can read the Cookie Policy on the site. This Site may also use Google's Advanced Conversions to understand how visitors interact with the Site after viewing an advertisement. To activate this feature, some of your personal data (such as, for example, your email), previously encrypted using a one-way hashing algorithm, may be shared with Google. This information is used on the basis of legitimate interest (art. 6, paragraph 1, letter f) of the GDPR) to measure the effectiveness of advertising campaigns and to provide more relevant advertisements. For more information on how Google personalized ads work, click here .

Data provided by the User

Through the forms on the Site, you will have the possibility to enter your personal data (such as name and surname, date of birth, gender, telephone number, e-mail address) to register, as well as information on payment methods (number of card, holder, expiry date, CVV) and delivery addresses to place an order on the Site as better specified in the following paragraph 3.
All this data will also be transmitted to the Sellers operating on the site; the latter are appointed data controllers.
Furthermore, in some sections of the Site, you will have the opportunity to share reviews and comments. The information you publish, including your name and profile picture and other information relating to your adverts and actions, may therefore be visible to other Users. You can always delete a single piece of content, using the specific button on the side of it, or all the content published by deleting your account. Before proceeding to delete your account, you can also request a copy of your personal data, at any time, by contacting the data controller.
We remind you that the creation of an account on the Site is subject to acceptance of the Site's Terms of Use; therefore, by registering you accept the conditions of use of the site and you assume responsibility for the declaration regarding your age.

2. Purpose of processing, legal basis and data retention times

A. SERVICES RESERVED FOR USERS:

creation of a personal account via the Site and use of the services reserved for registered Users. Among these, the possibility of contacting Customer Service and making complaints, booking products and receiving updates on availability, publishing comments, reviews and sharing the contents on the Site. Furthermore, you will be able to receive institutional communications relating to PANARO SRL or the Seller. This activity may involve the transfer of data to third party suppliers of instrumental or complementary services (for example: IT service providers).
Legal basis
Correct and timely execution of the contract of which the interested party is a party pursuant to the Conditions of Use of the Site or the execution of pre-contractual measures adopted at the request of the same (art. 6, par. 1, letter (b) GDPR) .
storage
As long as the personal account is active and 10 years from the end of the contractual relationship.

B. PURCHASE OF GOODS OR SERVICES:

completion of the purchase order for the products and services offered, the management of orders and refunds, including aspects relating to payment, delivery of products and any other fulfillment provided for in the General Conditions of Sale. Furthermore, this includes communications relating to the unavailability of the products, cancellation of the order, the exercise of the right of withdrawal, confirmation of delivery to verify the status of the shipment, delay in delivery and any other request made by contacting the Customer care. This activity may involve the transfer of data to third party suppliers of instrumental or complementary services (for example: logistics and shipping companies, IT and payment service providers).
Legal Basis
Correct and timely execution of the contract of which the interested party is a party pursuant to the General Conditions of Sale or the execution of pre-contractual measures adopted at the request of the same (art. 6, par. 1, letter (b) GDPR).
storage
For the time necessary to complete the purchase order and 10 years from the end of the contractual relationship.

C. ADMINISTRATIVE AND ACCOUNTING ACTIVITIES:

carrying out any administrative and accounting activity connected to registration on the Site, as well as the fulfillment of obligations established by community and national regulations. This activity may involve the transfer of data to third parties (for example: professionals and consultancy firms, legal and accounting auditing, financial, banking and insurance institutions).
Legal basis
Compliance with a legal obligation (art. 6, par. 1, letter (c) GDPR).
storage
For the entire duration of the services provided and 10 years from the end of the contractual relationship.

D. MARKETING:

sending commercial communications on products and services.
This activity may concern, for example, the sending of advertising, information, promotional material relating to market research, invitations to participate in events, special offers, promotions and news, by means of automated systems via e-mail, text message or similar and via the postal service. This activity may involve the transfer of data to third parties (for example: IT and payment service providers, marketing agencies).
Legal basis
Free consent expressed by the interested party (art. 6, par. 1, letter (a) GDPR).
storage
For a time window not exceeding 36 months from the last purchase or until consent is revoked.

E. PROFILING:

improve and increase the ability to adapt the overall offer to the User's needs by sending commercial communications and personalized promotional offers based on profiling. To this end, your consumption habits and preferences will be collected, even individually, through automated or electronic analysis of the information acquired through the use of the products and services. This activity may involve the transfer of data to third parties (for example: IT service providers).
Legal basis
Free consent expressed by the interested party (art. 6, par. 1, letter (a) GDPR).
storage
For a time window not exceeding 36 months from the last purchase or until consent is revoked.

F. SOFT SPAM:

the sending of commercial communications aimed at the promotion or direct sale of products or services similar to those already purchased or used by the User, using the email coordinates indicated on such occasions. The User has the right to object at any time with the methods indicated at the bottom of the communication or indicated below for the exercise of rights. This activity may involve the transfer of data to third parties (for example: IT and payment service providers, marketing agencies)
Legal basis
Legitimate interest of the owner (art. 7, par. 1, letter (f) GDPR)
storage
For a time window not exceeding 36 months or until the right of opposition is exercised.

- The provision of data for the purposes referred to in points (A) Services reserved for Users, (B) Purchase of goods or services and (C) Administrative and accounting activity is necessary and, therefore, failure to provide personal data will result in the inability to provide the requested services.
- With reference to the purpose of the processing referred to in points (D) Marketing, (E) Profiling, the consent to the processing of personal data is purely optional and always revocable, without consequences on the usability of the services, except for the impossibility of keeping you updated on the new initiatives or on particular promotions or advantages that may be available.
- As regards the purpose referred to in point (F) Soft Spam, the User has the right to object to the processing at any time with the methods indicated at the bottom of the communication or at the contact details indicated below for the exercise of rights referred to in the articles. 15 and following. of the GDPR

3. Methods, logic of processing and security measures

The processing is also carried out with the aid of electronic or automated means and is carried out with organization and processing logic compliant with the provisions of current legislation on the protection of personal data, in order to minimize the risks of loss of confidentiality, integrity and availability of data.
Still in relation to data security, the site uses Banca Sella's secure payment service which involves the use of the TLS security protocol. The confidential data of the credit card (card number, holder, expiration date, security code) are encrypted and transmitted directly to the payment manager, who is solely responsible for them. The site does not store the data of the credit card used by the User to pay for the products, except for the last four digits of the credit card used and its expiration date.
If payments are made via PayPal, the data entered on the PayPal site will be processed directly by the service provider and will not be transmitted or shared with the Data Controller who is therefore not able to know and does not store the data of the credit card connected to the User's PayPal account or the data of any other payment instrument connected to that account.
With reference to data protection aspects, the User is invited to report to the data controller any circumstances or events in the event that he suspects or becomes aware of undue, fraudulent use or undue disclosure of the registration credentials by sending a communication to privacy@panarocases.com and privacy@eco-sistemi.it. This information will be used in order to allow an immediate assessment of the data breach and the adoption of any measures aimed at combating the event pursuant to art. 33 of the GDPR.

4. Areas of communication and data transfer

Your personal data may be communicated to employees, collaborators or auxiliaries for the performance of administration, accounting and IT and logistical support activities, who have been specifically appointed as subjects authorized for processing.

The Data Controller may communicate and have the personal data of Users processed separately by third parties who provide services upon our request. These include our suppliers of commercial services (e.g. marketing), appointed for this purpose as external data controllers, as well as third parties who provide instrumental IT and telematic services (e.g. hosting, management and development services of websites). to the functioning of the Site. We will provide these third parties only with the information necessary to carry out the requested services, taking all measures to protect your personal data

If for technical or operational reasons it is necessary to make use of subjects located outside the European Economic Area, the recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by the Data Controller and the transfer will be regulated in accordance with what provided for by Chapter V of the GDPR.

Finally, personal data may be communicated to the competent public bodies and authorities for the purposes of fulfilling regulatory obligations or to ascertain responsibility in the event of computer crimes against the Site.

5. Rights of interested parties

You will be able to exercise the rights recognized to you by data protection legislation at any time, including:

  • to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes;
  • to obtain without delay the updating, rectification or integration of inaccurate personal data concerning you;
  • to obtain, in the foreseen cases, the cancellation of your data;
  • to obtain the limitation of processing or to oppose it, when possible;
  • to request the portability of the data you have provided to the Data Controller, i.e. to receive them in a structured format, commonly used and readable by an automatic device, also to transmit such data to another data controller, within the limits and with the constraints established by the art. 20 of the GDPR.

Furthermore, you can lodge a complaint with the Guarantor Authority for the Protection of Personal Data pursuant to art. 77 of the GDPR if you believe that the processing is carried out in violation of the legislation on the protection of personal data.

6. Contacts

To exercise your rights or request further information on the processing of your data you can contact the Data Controller by writing to:
Panaro Srl at the following address: privacy@panarocases.com
Dr. Cesare Grandi as “Data Protection Officer” (“DPO”), contactable at the following address: e-mail privacy@eco-sistemi.it

Furthermore, we remind you that you can stop sending commercial communications at any time by clicking on the appropriate link at the bottom of any e-mail with promotional or informative content sent by PANARO or by the Seller or by accessing, after logging in to the Site, the section “My data” and deselecting the processing not requested.

Browsing the Site implies full knowledge and acceptance of the content and everything indicated in the Privacy Policy. The Owner also informs you that this page may be modified without notice and therefore we recommend reading it periodically.