Information provided pursuant to Art. 13 of EU Regulation no. 2016/679 (GDPR)
The Data Controller
The Data Controller is Progest S.p.A., represented by the pro-tempore legal representative, located at Zona ASI Aversa-Nord, Via della Stazione s.n.c. 81030 Gricignano di Aversa CE, VAT number 02563041215, email: info@progestspa.it, certified email: info@pec.progestspa.it.
Purpose of Processing
- Management of the Contractual Relationship
The collection of data and information is carried out to ensure the proper management of the contractual relationship (mandate formalities, planning, and post-mandate assistance entrusted). For these purposes, the Data Controller may collaborate with third parties appropriately appointed under the law. The data will be processed in compliance with the principles of lawfulness, ensuring that confidentiality is always protected. Only the data necessary to perform the requested service will be processed.
Data collection is carried out using paper and electronic means by adequately trained company personnel.
The data will be retained for the time necessary to fully carry out the activities related to it.
Legal basis: obligations related to the execution of the mandate. - Web Service
2.1 Provision of the Web Service
The collection of data and information is carried out to ensure the proper functioning and use of the website (operating data, statistical data, security information, etc.).
Data is collected automatically when the website pages are accessed.
The data will be retained for a maximum of 6 months.
Legal basis: legitimate interest of the Data Controller, consisting of the application of technical requirements strictly related to the proper functioning of the web pages.
- 2.2 Receipt of Requests
Data collection is carried out to process contact or interaction requests that are spontaneously submitted via the forms on the web page (e.g., "contacts" section).
The provision of data is optional.
The data will be retained for the time necessary to process the request.
Legal basis: execution of contractual and pre-contractual activities at the request of the interested party. - 2.3 Personal Account
Through the site, it is possible to create a personal account and access the "Reserved Area," from which it is possible to manage the contractual relationship with the Data Controller.
Creating an account is not mandatory; it is an optional service offered by the Data Controller to manage the contractual relationship and enhance the commercial experience with the customer.
The data will be retained until an account deletion request is made. Afterward, only the data required by law or necessary for company know-how will be retained.
Legal basis: fulfillment of contractual obligations.
- Reporting of Illicit Acts (Whistleblowing)
The procedure for managing reports of illicit acts (Whistleblowing) guarantees the anonymity of the reporter.
However, it is possible to submit a report while making your personal data visible. In this case, data collection is carried out exclusively to ensure the proper management of the report.
Reports can be sent to the Data Controller by email at odvprogest@gmail.com or through the electronic procedure by accessing the page https://progestspa.trusty.report/.
Data security is ensured by appropriate measures, including encryption.
The identity of the reporter may be necessary in the following cases:
a) The disciplinary charge is based, in whole or in part, on the report, and knowing the reporter's identity is absolutely essential for the defense of the reported person.
b) There are binding provisions requiring Progest to disclose the reporter's identity.
All those who receive and/or are involved in the management of the reports are required to protect the confidentiality of this information.
The provision of data is optional.
The data will be retained for 18 months by default. This period may be extended up to 36 months for individual reports if further investigation is needed after the initial period.
Legal basis: Legal obligations (i. Art. 6, co. 2bis et seq. of Legislative Decree 8 June 2001, n. 231; ii. Legislative Decree 10 March 2023, n. 24 – implementing EU Directive 2019/1937 of the European Parliament and of the Council of 23 October 2019; iii. ascertaining, exercising, or defending a right in court).
Communication of Data to Third Parties
Data may be disclosed to third parties for legal obligations. It may also be shared with companies that perform activities on behalf of Progest S.p.A., such as IT systems management, accounting, debt collection, data transmission, printing, enveloping, rating, insurance, etc.
The dissemination of personal data is not foreseen unless explicitly authorized by the interested party.
Transfer of Data to Non-EU Countries
Regarding the data processing activities outlined in points 1) and 3), no data transfers to non-EU countries will occur. For the processing described in point 2), related to web pages, there is the possibility that data may be shared with services located outside the European Union. In this context, we recommend reading our Cookie Policy for further details. No data transfers outside the EU are anticipated for customer management. The Data Controller ensures that appropriate legal bases are in place for any potential transfers of data outside the EU.
Automated Processes
No automated processes, including profiling, are utilized.
Rights of the Data Subject
Under Articles 15-22 of the GDPR, data subjects have the following rights:
a) Access to data and the right to obtain a copy;
b) Rectification of inaccuracies;
c) Erasure of data;
d) Restriction of data processing;
e) Objection to processing;
f) Data portability, allowing the receipt of data in a structured, commonly used, and machine-readable format and its transfer to another data controller without barriers, where technically feasible;
g) Withdrawal of consent.
Data subjects also have the right not to be subject to decisions based solely on automated processing.
Processing of Requests
For data processing activities mentioned in point 3), requests will be processed within a maximum of 72 hours. In more complex cases, an extended timeframe may be required (up to 30 days), with prior notification to the data subject. Requests should be directed to the department responsible for handling reports.
Additional Information and Exercising Rights
For more details about data processing or to exercise any of the rights listed above, you can send an email to info@progestspa.it.
Filing a Complaint
In the event of a breach of personal data processing, the data subject has the right to lodge a complaint with the Data Controller, the Data Protection Authority, or the competent legal authority. If a violation of personal data occurs, you may also file a complaint directly with the Data Protection Authority.