Privacy Policy

As required by current regulations (Art. 13 of the General Data Protection Regulation, hereinafter GDPR), Polk&Union S.r.l. (hereinafter also referred to as the “Controller” or “Company”) provides users who access the website www.polkandunion.com (hereinafter also the “website”) with information regarding the processing of their data.
 
WHO IS THE CONTROLLER AND HOW TO CONTACT THEM
 
The Data Controller is Polk&Union S.r.l., located at Viale dell’Arte, 85 – 00144 Rome – VAT number 11241081006. The Company can be contacted via the email address info@polkandunion.it.
 
WHAT DATA IS PROCESSED
 
The data processed includes navigation data and data provided voluntarily by the user.
 
Navigation Data
 
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
 
This information is not collected to be associated with identified individuals, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.
 
This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.
 
Data Provided Voluntarily by the User
 
This category includes all personal data provided by the user on a voluntary basis (for example, when requesting information by writing to the email addresses listed on the website). In case the user decides to contact the Controller through the specific forms on the website, they can obtain detailed information about the data processing by accessing the specific information provided on the relevant pages.
 
WHAT ARE THE PURPOSES AND LEGAL BASES FOR PROCESSING?
 
Navigation Data: Purposes and Legal Bases
 
Navigation data is acquired to obtain statistical information about the use of the website, for security purposes, and to check its proper functioning. It may also be used to establish liability in case of potential cybercrimes against the website.
 
The legal basis for processing this data is the legitimate interest and, in the case of requests by authorities, a legal obligation.
 
For the use of cookies or pixels for specific purposes, please refer to the cookie policy, which can be accessed from the website footer.
 
Data Provided Voluntarily by the User: Purposes and Legal Bases
 
Personal data provided by the user on a voluntary basis when contacting the controller is used solely to fulfill the user’s requests and allow them to use the subscribed services.
 
The legal basis for processing this data is the performance of pre-contractual measures and the obligations arising from the contract.
 
If necessary, the data may also be used to protect the controller’s legitimate interests in conducting defensive activities or asserting or defending a right in legal proceedings.
 
HOW ARE DATA MANAGED?
 
The collected data is processed using computer tools. Appropriate security measures are in place to prevent data loss, unlawful or incorrect use, and unauthorized access.
 
For data processing related to the website services, servers located within the European territory are used.
 
Data provided directly by the user is kept for the time strictly necessary to fulfill requests and is then deleted, except for defense requirements, which may require further storage.
 
Navigation data of users who access the website is acquired and processed directly by the hosting provider, without the Company having access to it.
 
Regarding data acquired through Google Analytics and other services that use cookies and similar tools, please refer to the cookie policy for details.
 
WHAT HAPPENS IF DATA IS NOT PROVIDED?
 
With the exception of navigation data necessary to carry out computer and telematic protocols, providing data through the various available methods is voluntary.
 
However, not providing such data will result in the inability to process the submitted requests or the requests the user intends to make.
 
WHO CAN ACCESS THE DATA?
 
The data will be processed by the Controller’s authorized personnel.
 
The data may be accessed by competent authorities in response to specific requests that the Controller is required by law to fulfill, by companies providing IT services, and by legal consultants for litigation management and legal assistance in the event of disputes that may require their involvement.
 
It should be noted that some of the mentioned entities operate as data processors, and the communication to those operating as independent data controllers is done because of legal obligations or to fulfill contractual obligations or the legitimate interest of the Controller, which consists of maintaining the security of IT systems and conducting defensive activities through legal consultants.
 
The data subject may request the Controller to provide a list of external data processors.
 
The communication is limited to the categories of data whose transmission is necessary for the performance of the activities and purposes pursued.
 
Here is the translation of the provided text from Italian to English:
 
WHAT ARE THE RIGHTS OF THE DATA SUBJECT?
 
The law recognizes to the data subject the right to ask the data controller for access to personal data and for their correction or deletion, or the limitation of processing concerning them, or to object to their processing, as well as the right to data portability.
 
The data subject may exercise their rights at any time, without formalities, by contacting the data controller via the email address privacy@polkandunion.com.
 
Below are the details of the rights recognized by the current legislation on the protection of personal data.
  • The right of access, which is the right to obtain from the data controller confirmation as to whether or not personal data concerning them are being processed and, if so, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the data subject’s right to request from the data controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. If personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
  • The right to rectification, which is the right to obtain from the data controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • The right to erasure, which is the right to obtain from the data controller the erasure of personal data concerning them without undue delay if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing; c) the data subject objects to the processing carried out as necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or for the purposes of the legitimate interests pursued by the data controller or by a third party, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject; f) the personal data have been collected in relation to the offer of information society services directly to a child. However, the request for erasure cannot be fulfilled if the processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; c) for reasons of public interest in the area of public health; d) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes insofar as erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise, or defense of legal claims.
  • The right to restriction, which is the right to obtain from the data controller restriction of processing, except for storage, only with the consent of the data subject or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person or for reasons of major public interest of the Union or of a Member State if: a) the data subject contests the accuracy of the personal data for a period enabling the data controller to verify the accuracy of such personal data; b) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) although the data controller no longer needs the personal data for the purposes of the processing, the data subject needs them for the establishment, exercise, or defense of legal claims; d) the data subject has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject.
  • The right to data portability, which is the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means. This right does not affect the right to erasure.
  • The right to object, which is the right of the data subject to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or for the purposes of the legitimate interests pursued by the data controller or by a third party. If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing.
 
The data subject is also informed that, if they believe that the processing of their personal data is in violation of the GDPR, they have the right to lodge a complaint with the supervisory authority, as provided for in Article 77 of the Regulation, or to seek appropriate judicial remedies (Article 79 of the Regulation).
 
ADDITIONAL INFORMATION
 
Regarding cookies and similar tools used by the website, please refer to the following sections.
 

Cookie Information

Browsing the website www.polk&union.com (hereinafter referred to as the website) involves the sending of cookies and similar tools to the user’s device.
 
Therefore, with this document, as required by current regulations (Article 13 of the General Data Protection Regulation, hereinafter referred to as GDPR, and Article 122 of the Privacy Code), we provide users who browse the website with information about the cookies used or for which installation is allowed.
 
WHAT ARE COOKIES?
 
A “cookie” is a small text file created on the user’s computer when they access a specific website, with the purpose of storing and transporting information. Cookies are sent by a web server (which is the computer on which the visited website is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user’s computer. They are then sent back to the website during subsequent visits.
 
During navigation, the user may also receive cookies on their device from different websites (so-called “third-party cookies”), which are set directly by operators of these websites and used for the purposes and according to the methods defined by them.
 
WHAT COOKIES ARE USED?
 
The Site uses technical cookies and third-party profiling cookies and similar tools.
 
First-party cookies
 
Technical cookies
 
The website uses technical cookies, for which, according to current regulations, no consent is required from the data subject.
 
More specifically, the website uses:
  • Technical cookies that ensure the normal navigation and use of the website by the user, as detailed below:
COOKIE NAME
EXPIRATION
bp_ut_session (system cookies)
Session
In the absence of these cookies, the website would not function correctly.
  • Technical Cookies that Facilitate User Navigation:
These cookies enhance user navigation and can be disabled as indicated in this notice.
 
COOKIE NAME
EXPIRATION
pil_language (stores language choice)
1 year
Cookie_notice_accepted (prevents the brief information contained in the banner from reappearing in the case of connections made within the expiration period; activated by clicking “ACCEPT” on the banner)
1 month
 
Third-Party Cookies:
 
Some third-party cookies are installed through the website. These include technical cookies (such as Google Analytics cookies, with the measures prescribed by the Guarantor Authority in place) that do not require consent, and profiling cookies (such as cookies related to the Google Maps service) activated by clicking “ACCEPT” on the banner.
 
Here are the individual third-party cookies in detail, along with links for the user to obtain more information and request cookie deactivation.

Third-Party Technical Cookies

Google Analytics

The Site uses Google Analytics for statistical purposes. This is a web analysis service provided by Google LLC (“Google”) that uses cookies deposited on the user’s computer to allow statistical analysis of the visited website. In addition to cookies, Google also uses a pixel tag (
www.google.com/intl/en/policies/privacy/key-terms/). Data generated by Google Analytics is stored by Google as indicated in the Privacy Policy available here: developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
 
The retention period has been set to 50 months. For the privacy policy of Google, which adheres to the Privacy Shield and acts as a data processor for this service, please refer to the website: www.google.com/intl/en/analytics/privacyoverview.html.
 
As expressly indicated by the Privacy Guarantor in the “Clarifications on the implementation of cookie regulations” of June 5, 2015, sites that use analytical cookies made and made available by third parties for statistical purposes are not subject to obligations and requirements provided by regulations (notification to the Guarantor first and foremost) if suitable tools are adopted to reduce the identifiability of the analytical cookies they use (for example, by masking significant portions of the IP address) and if the use of these cookies is subject to contractual constraints between websites and third parties, in which express reference is made to the commitment of the third party to use them exclusively for the provision of the service, to store them separately, and not to “enrich” or “cross” them with other information in their possession.
 
The owner of this site has decided to use Google’s IP anonymization function (described at the following link: https://support.google.com/analytics/answer/2763052?hl=it) and has accepted the Data Processing Amendment, in which Google undertakes to process data according to the site owner’s requests and not to share them with other additional services unless the owner requests it through service settings. The owner of this site has not connected Google Analytics to any additional services, and no advertising or data sharing options with Google have been activated.
 
Given the precautions taken, the Google Analytics service used by this site for statistical purposes is activated upon landing, and no user consent is required for the release of related cookies. To deactivate Google Analytics, a browser add-on is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=it.
 

Non-Technical Third-Party Cookies

The website installs some non-technical third-party cookies that are activated by clicking the “ACCEPT” button inside the banner that users see when accessing the website. Here are the individual non-technical third-party cookies in detail, along with links for the user to obtain more information and request cookie deactivation.

Google Maps Service

The website uses Google Maps to assist users in locating the Data Controller’s headquarters. This is a web service provided by Google LLC (Google) that allows interactive maps to be included within web pages. This service involves the installation of cookies by Google. To review Google’s privacy policy and deactivate this service, please refer to the following link: www.google.com/intl/it/policies/privacy/.
 
WHAT HAPPENS IF YOU AVOID INSTALLING COOKIES?
 
Except for technical cookies, the installation of other cookies is subject to the user’s consent, which can be granted by clicking the appropriate button within the banner containing the brief information. Users can also avoid the installation of cookies other than technical ones through the specific functions available in their browsers.
 
In cases where a user chooses not to authorize the installation of cookies other than technical ones, they can still navigate within the website.
 
HOW TO DISABLE COOKIES?
 
Users can delete non-technical cookies that are not strictly necessary for navigation using the methods indicated in this notice for specific cookies or directly through their web browser. It should be noted that each browser has different procedures for managing settings. Users can obtain specific instructions through the links provided below:
Regarding users browsing from mobile devices, it should be noted that system configurations for excluding the storage or deleting of cookies may vary depending on the brand and/or model of the device used. Therefore, it is necessary to consult the instructions provided by the manufacturer.
 
To obtain information about the cookies stored on your device and deactivate them individually, please refer to this link: http://www.youronlinechoices.com/it/le-tue-scelte.
 
WHAT RIGHTS ARE RECOGNIZED TO THE DATA SUBJECT?
 
The law recognizes to the data subject the right to request the data controller to access personal data and rectify or erase them or limit their processing, in addition to the right to data portability. The data subject can exercise their rights at any time, without formality, by contacting the data controller through the email address privacy@polkandunion.com. Below are the rights recognized by current regulations on the protection of personal data:
 
Below are the detailed rights recognized by current regulations on personal data protection.
  • Right of access: The right to obtain from the data controller confirmation as to whether or not personal data concerning the data subject is being processed, and, if so, access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data is not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing. If personal data is transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
  • Right to rectification: The right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure: The right to obtain from the data controller the erasure of personal data concerning the data subject without undue delay where one of the following grounds applies: a) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing; c) the data subject objects to the processing, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; d) the personal data has been unlawfully processed; e) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject; f) the personal data has been collected in relation to the offer of information society services referred to in Article 8(1). The request for erasure may not be accepted if the processing is necessary for: a) exercising the right of freedom of expression and information; b) compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; c) reasons of public interest in the area of public health; d) archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) the establishment, exercise, or defense of legal claims.
  • Right to restriction of processing: The right to obtain from the data controller the restriction of processing, where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data; b) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the data controller override those of the data subject.
  • Right to data portability: The right to receive the personal data concerning the data subject which they have provided to a data controller, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided. This right shall not adversely affect the rights and freedoms of others.
  • Right to object: The right of the data subject to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on legitimate interests or the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, including profiling, unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
The data subject is also informed that, in case they believe that the processing of their personal data is in violation of what is provided by the GDPR, they have the right to lodge a complaint with the Authority, as provided for in Article 77 of the Regulation itself, or to take appropriate legal actions (Article 79 of the Regulation).
 
WHO IS THE DATA CONTROLLER AND HOW TO CONTACT THEM
 
The Data Controller is Polk&Union S.r.l., with its registered office at Viale dell’Arte, 85 – 00144 Rome – VAT number 11241081006. The company can be contacted via the email address info@polkandunion.it.
 
As for the ownership of the processing of data acquired through third-party cookies, please refer to the information provided in the list included in this document.
 
FURTHER INFORMATION ON DATA PROCESSING
 
Additional information regarding the processing of personal data is available in the privacy policy, which can be accessed from the website’s footer.