Privacy policy

Pursuant to and in conjunction with the combined provisions of Legislative Decree 196/2003 (Privacy Code) and European Regulation 2016/679 (General Data Protection Regulation or GDPR), the company PALMABIT S.r.l. located in Via Oscar Romero 5, 25018 Montichiari (BS), as Data Controller (hereinafter referred to as Controller), declares the following.

This privacy policy is available and valid for the website https://www.palmabit.com.

Art. 1. Data controller (the person or company, who decides how and why to process the data).
PALMABIT S.r.l. || Via Oscar Romero no. 5, 25018 Montichiari (BS) | VAT No.: IT03469550986 | Tax No.: 03469550986 | email: hello@palmabit.com | PEC: palmabit@pec.it .

Art. 2. Purpose (purpose for which data is collected) and legal basis (if a data point is or is not required to execute the contract, or if your specific consent is required to use the data).

The controller designs and develops software.
This website does not track and collect data from users. There is a contact form that allows those interested to reach the data controller directly. The data sent on the contact forms are not automatically stored in the database and on cookie data on users’ computers are not read.
Sending the contact form is optional, absolute and voluntary and means that the sender's email address will be captured in order to respond to requests, as well as any other personal data entered willingly by the interested party. The mandatory fields required to be able to respond to users are: Name, email address and message.
No explicit consent is required for the processing of data as the Controller has a legitimate interest to use the information provided voluntarily by the data subject in order to achieve the following

- respond to sent requests;
- provide quotes, draft contract proposals;
- fulfill the obligations provided by the law, by a regulation, by community legislation or by order of Authority;
- exercise the rights of the Controller, for example any right to defense in court.

Art. 3. Duration of the processing (how long the data is kept).
Except for when provided for in specific regulations (e.g. fiscal, anti-money laundering, etc.), for the entire duration of the contract and for the entire duration of any dispute, the data controller keeps the data collected for a maximum period of 3 (three) years from the time the relationship with the Interested Parties is terminated, so as to be able to respond to any queries.

Art. 4. Processing methods (how we use the data).
Processing is carried out within the limits strictly required to achieve the aforementioned purposes (see Art. 2), in compliance with the principle of proportionality in the methods of recovery and relocation and by adopting all appropriate measures to guarantee security and the confidentiality of the personal data of the interested parties.

Art. 5. Where are the data collected?
The data are processed and stored at the headquarters of the Controller and on company equipment (e.g. computers). All data (paper and digital) are protected by adequate security systems in order to guarantee their confidentiality and safety. All data are physically stored in Italy. Certain digital files may be stored in cloud systems. The service providers have been selected so as to guarantee the safety and confidentiality of the data. These devices are physically located within the European Union.

Art. 6. Who is the data communicated to?
The data may not be communicated and sent to third parties, except for legal reasons. In fulfilling these obligations, customer data may be transmitted to third parties that process data on behalf of the Controller in their capacity as external Processors appointed pursuant to art. 28 GDPR (as an example, an accountant in relation to billing data), to Credit Providers, to employees and / or collaborators of the Controller in order to carry out their normal work, as persons authorized to process data and whose updated list is available at its offices.

Art. 7. Rights of interested parties (Art. 15 and thereafter of GDPR).
Art. 15: Right of access, including the right to obtain information regarding the period for which the personal data will be stored, or if not possible, the criteria used to determine such period. Right to information on the origin of the data collected, as well as the purposes and methods of processing. Right to lodge a complaint with the supervisory authority at any time: Privacy Guarantor: Piazza di Monte Citorio no. 121, 00186 ROMA Tel. +39 06 696771 - PEC: protocollo@pec.gpdp.it

Art. 16: Right of the data subject to obtain an update, rectification or integration of the personal data.
Art. 17: Right to erasure and right to be forgotten.
Art. 18: Right to restriction of processing, where applicable.
Art. 19: Obligation of the controller to notify the subject of rectification, erasure and/or restriction
Art. 20: Right to data portability, if technology allows it.

Art. 8. Instances of the interested parties.
The requests referred to in Art. 7 above may be submitted by the interested parties to the Data Controller by registered letter or certified e-mail (PEC) at the addresses shown in the preceding Art. 1. The interested parties must attach a valid identity document to the request in all cases.


Date of last privacy policy update: 01-08-2018