Cookie Consent by Free Privacy Policy Generator website

pursuant to Art. 13 of EU Regulation 2016/679(“RGPD”)

1. Data Controller and contacts

2. Purposes of the processing, legal bases, storage period
2.a) Viewing and browsing the website
2.b) Site analytics
2.c) Marketing (newsletter)
2.d) Management of user request form (contacts, stakeholders, accesses)
2.e) Recruitment
2.f) Verification, exercise, and/or defence of a right
3. Optional nature of the provision of data and consequences of a refusal to provide data
4. Recipients or categories of recipients
5. Transfer of data abroad
6. Rights of the data subject
7. Changes

The Data Controller is the party who decides for what purposes the Data Subject’s data are to be processed, according to what legal basis, for how long, and to whom they can be transmitted. The Data Controller is Panfilia Impresa Sociale S.r.l., with registered office in Turin, Via Cottolengo 14, VAT No. and Taxpayer Code 12557730012. For all matters concerning the processing of your personal data, you can contact the Data Controller by regular mail to the above address, or by sending an email to: The Data Controller does not have to name a DPO (Data Protection Officer), since the legal requirements making it obligatory do not apply.

A purpose is a reason for which we process your personal data. Below is a list of our purposes. Each and every purpose has one or more legal bases.

2.a) Viewing and browsing the website
Purpose:: to permit a flawless website browsing experience.
Legal basis:: use of a service requested by the data subject, art. 6.1.b) RGPD.
Notes on the processing and storage period:
Viewing and browsing the website entail, for reasons intrinsic to the use of ICT protocols, an exchange of technical information between the Controller’s ICT system and yours. The information transmitted consists, for example, of the following: operating system used, browser and its version, time of the request, information flow size.
The data are immediately deleted at the end of the browsing session, unless they are necessary for the exercise or defence of rights (see below).

2.b) Site analytics
Purpose: statistical studies/analyses on aggregate or anonymous data that do not entail the processing of personal data.
Legal basis: these are data that are rendered anonymous, and thus not subject to the legislation on the protection of personal data.
Notes on the processing:
The Data Controller uses the Google Analytics service to collect aggregate data on the site’s performance. See the section on analytic cookies below for more information.

2.c) Marketing (newsletter)
Purpose:: marketing.
Legal basis: consent, as per art. 6.1.a) of the GDPR. and art. 13 of Dir. 2002/58/CE (and Art. 130.2 of Italian Legislative Decree 196/03).
Notes on the processing and storage period:
The newsletter only contains mere commercial information. You may withdraw your consent at any time, easily and free of charge, by writing to us or using the “Unsubscribe” button found in every newsletter. Your information will not be transmitted to third parties, with the sole exception of the processors chosen by the Controller for its industrial organization.
As expressly envisaged by the legislation (Art. 13.2 of Dir. 2002/58/CE and Art. 130.4 of Italian Legislative Decree 196/03), the Controller may send informational newsletters, even without their consent, to customers who have already purchased similar goods or services, without prejudice to their right to object to their receipt, easily and free of charge (typically by using the “Unsubscribe” link found in every newsletter). When you purchase one of our goods or services, you may refuse the newsletter from the outset, by writing to the Controller’s contact email address.

2.d) Management of user request form (contacts, stakeholders, accesses)
Purpose: acknowledgment/fulfilment of direct request from user.
Legal basis: contract, as per Art. 6.1.b) of the GDPR.
Notes on the processing and storage period:
At the present time, the site supports three types of direct requests:
Contacts through the contact form. We only collect the data that are strictly necessary for responding to the contact request.
Requests for documents by stakeholders. We only collect the data that are strictly necessary for responding to the stakeholder’s request.
Requests for access to the reserved area. We only collect the data that are strictly necessary for permitting the authentication of users in order to allow them access to the reserved area.
The personal data transmitted by filling in the above-said forms are used solely for the above-said purposes; they are not processed for marketing purposes, nor for profiling or any other purpose other than those indicated. They are not transmitted to third parties. For their processing, the Controller might rely on processors within its company organization. They are deleted once the customer’s request has been met. The authentication logs are deleted at the end of the session.

2.e) Recruitment
Purpose: establishment of employment or a consultancy relationship.
Legal basis: performance of precontract- and contract-related measures, as per Art. 6.1.b) of the GDPR.
Notes on the processing and storage period:
Any curricula vitae (CVs) transmitted are used solely for recruitment purposes. If the job applicant is not hired, they are holded for six months.
If the applicant is hired, the CV will be kept for the entire period of employment for purposes of verification of the information indicated, as it contains elements of reference for drafting the employment contract. Also, the Controller uses quality certification systems that require keeping the CV of the persons hired.
The information on CVs is not transmitted to third parties. It could be processed by processors employed by the Controller in its company organization.

2.f) Verification, exercise, and/or defence of a right
Purpose: defence of rights.
Legal basis: legitimate interest, as per Art. 6.1.f) of the GDPR.
Notes on the processing and storage period:
The Controller’s legitimate interest is to exercise rights and defend itself both judicially (including pre-litigation) and extrajudicially with regard to third parties (including public authorities) and data subjects.
The personal data collected for this purpose are kept for 10 years, as envisaged by the ordinary limitation period (Art. 2946 of the Italian Civil Code), except in the case of interruption of the limitation period.

The decision to provide your personal data is optional and voluntary. The only consequence if you refuse to provide your personal data will be the impossibility for you to browse the website or for us to provide you with the services you request.

We will transmit the personal data collected through the website to:
- hosting, housing, and cloud providers;
- providers of information communication platforms or channels;
- providers of remote payment services (where applicable);
- consultants and professionals who assist us (also in legal and commercial matters, if necessary);
- public and police authorities if it becomes necessary to involve them;
- judicial authorities in the exercise of their functions when deemed necessary or when required by law; - persons authorized by the Controller to process the data who have committed themselves to
confidentiality or are under an appropriate statutory obligation of confidentiality (e.g. employees and consultants).

We use back office services also located in other countries EU/EEA (Albania). This processing is carried out in compliance with the applicable legislation, through the recourse to legal guarantees, i.e. standard contractual clauses approved by the European Commission. You may obtain a copy of said clauses by contacting the Controller.

Rights: You may exercise the following rights: access, rectification, erasure (“right to be forgotten”), limitation, objection, and portability pursuant to Articles 15, 16, 17, 18, 20 e 21 of the GDPR.
Complaint: hYou also have the right to lodge a complaint with the competent supervisory authority (for Italy: Garante per la protezione dei dati personali: Personal Data Protection Authority) for any violation of the legislation on the processing of personal data (GDPR).
We do not engage in: automated decision-making or profiling activities.
Withdrawal of consent: Consent may be withdrawn at any time, without any formalities. For example, you may always withdraw your consent to the newsletter; see above.

This Privacy Policy Statement is in effect from 25 May 2018 and replaces the previous version. We reserve the right to change or simply update its contents. Any variations will be binding from the moment they are published on the website. We therefore recommend that you consult this section regularly so you can be informed of the most recent and updated version of the Statement, and therefore keep up to date on the data collected and how the Controller uses them.


8.a) What are cookies
Cookies are text files stored on the user's device. They are temporary markers that contain information to keep track, until they are deleted, of user activity. This may be log-in information (which then, until the relevant cookie is deleted, does not have to be re-entered by the user each time), the user's language preferences, the contents of the shopping cart, information needed to enable communication between websites or to improve it, etc. Cookies may be used for purely technical purposes, and in that case do not require user consent, or they may be used for different purposes, typically for profiling and marketing, and in that case require user consent. These may be first-party cookies, i.e. cookies from the Data Controller of this site, or third-party cookies, such as those from Google for analytics activity. 8.b) Characteristics, purpose, legal basis, storage

1. Technical cookies:
• Purpose: To allow the proper functioning and enjoyment of the Site.
• Legal basis: art. 5 dir. 2002/58/CE.
• Retention: session cookie, it is removed when the browser is closed;
• NB: these cookies do not require consent. If technical cookies are disabled, the fruition of the site may suffer malfunctions

2. Third-party analytics cookies (Google, with anonymization):
• Purpose: statistical processing of site usage, more information:
• Legal basis: anonymized data, RGPD not applicable
• Retention:
• NB: the anonymization procedure is described here:

3. Third-party profiling cookies
• Third party: Silktide Ltd, Brunel Parkway, Pride park, Derby, DE24 8HR, site:
• Purpose and third party disclosure: see
• Legal basis: consent ex art. 13 dir. 2002/58/EC\
• NB: With respect to third-party cookies we are mere intermediaries. Any decision on the purposes and methods of processing is made by the third party, not by us. Equally, the information regarding the above cookie is made by the third party
• We merely collect, as an intermediary, your consent, if any, for the third party to install third-party cookies on your device.
• Specifically, you give consent to the installation of the third-party cookie if you: click "I agree" on the banner on the home page or if you perform any of the steps indicated on the banner.
• Consent may be revoked at any time. Revocation must be made directly against the third party.
• You can, however, always: delete cookies stored on your device; set your browser to disable the installation of cookies (see more details below); use third-party extensions to disable, even selectively, cookies. The use of open source extensions is recommended.

8.c) How to set browsers to prevent the installation of cookies
You can disable the installation of cookies by setting your browser. Below are the directions for the main browsers:
• Chrome:
• Firefox:
• Internet Explorer:
• Microsoft Edge:
• Safari:
• Safari iOS:
• Opera: