Privacy Policy

Privacy policy and request of consent for the processing of personal data

Updated on12/06/2018

Version No.2/2018 Privacy Policy

Privacy policy on the processing of personal data ("Privacy Policy") provided according to Article 13 of EU Regulation 679/2016.

This App collects some personal data of its users.

Dear User,

Before starting to navigate the website, we invite you to read this privacy policy on the processing of personal data (“Privacy Policy”).

This privacy policy is provided pursuant to Article 13 of European Regulation 679/2016, concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of this data and has the purpose of explaining to the website users how their personal data is processed.

The privacy policy is provided exclusively for this website, owned by Serr.All. Industria Serramenti s.r.l.and not for other websites that may be consulted by the user through links or that are accessed through social media available on the website.

  1. Data Controller

The Data Controller of the data obtained through the website is Pan Urania SpA . loc. Drove 14 int A/312 53036 Poggibonsi (Siena) Italy, VAT and Tax Code No.: IT 00290190529 Economic and Administrative Index Number: SI – 71045(the “Data Controller”).

 The Data Controller can be contacted as follows: Certified email address: ,

E-mail: tel. +39 055 80551, fax +39 055 8078421

The Data Controller has appointed representatives, people in charge and entrusted with the management of the personal data. An updated list of these people can be requested by sending e-mail to

  1. Purpose and legal basis of the processing

The data collected from this website will be processed by the Data Controller, in accordance with the principles of necessity, lawfulness, fairness, proportionality, and transparency, with the following purposes:

  1. To allow the use of the site
  2. For the fulfilment of any legal obligation;
  3. To send newsletters only with your express consent and without prejudice to the possibility of exercising the opting outright at any time;
  4. For sending advertising material and conducting direct sales of products and services, research, surveys, analysis, market surveys or commercial communications regarding the Data Controller's products or services, only with your express permission and without prejudice to the possibility of exercising the opting outright at any time;
  5. For the sending of advertising and direct marketing activities, market research or commercial communication surveys about the Data Controller's products or services based on profiling activities only with your express permission and without prejudice to the possibility of exercising the opting outright at any time only with your express permission.

The provision of data for the purposes of points (a) and (b) are required, whereas it is optional for points (c) (d) and (e); refusal to provide data makes it impossible for the Data Controller to understand your needs, respond to your requests, and carry out marketing and marketing with profiling activities

The personal data processed by the Data Controller are provided voluntarily from you through the navigation of the website, by sending e-mail, and by subscribing to the newsletter.

  1. Methods used to process, communicate and disseminate the data

The data you provide will be processed in compliance with current regulations and, in any event, so as to ensure the security and confidentiality of the same, such as to prevent the disclosure or unauthorized use, alteration or destruction.


The data will be processed on paper and/or electronically, also with the help of electronic and informative means, directly and/or through delegated third parties, according to logic strictly related to the aforementioned purposes.


These subjects will operate as internal and external data processors pursuant to Article 29 of the Privacy Regulation Code. The Data Controller will directly process your data in its own infrastructure and/or availing of the support and technological infrastructures of third-party suppliers appointed as data processors.

A list of all the data processors appointed by the Data Controller is available by writing to


Individual processing operations will be appointed to natural data processors, and your data may also be transferred abroad and outside the EU to external companies according to the procedures indicated in Chapter V of the EU Regulation 679/2016.

The personal data relating to name, surname, email address and data contained in email communications can be stored on servers maintained by third parties, suppliers of IT and telecommunication services (by way of example and not limited to: cloud computing services, e-mail services).

Data, except for the data that the user makes available on any publicly accessible areas of the websites, is never disclosed.

 The Data Controller invites you to carefully assess the potential diffusion or communication of your data and/or information to third parties and assumes no responsibility for any consequence.

The personal data of the User can be used by the Data Controller in court or in the phases leading to possible legal action for the defence against abuse in the use of this Application or the related services by the User. The User declares to be aware that the Data Controller may be required to disclose the Data upon request of public authorities.

  1. Minors

The Data Controller reminds parents to monitor their children's use of the Internet for safe use and filtering of contents, even with the support of Parental Control Instruments.

With regard to the collection and processing of personal data, the Data Controller does not process the personal data of minors without the consent of the parents.

Registration, newsletter subscriptions and anything else required within our website, is permitted only to users of age or users that are 14 (fourteen) years of age and have the consent of the parents.

Therefore the Data Controller invites users who are under the age of 18 (eighteen) not to communicate their personal data without the permission of a parent, and reserves the right to deny access to the Services and/or exclude from the site any user who has concealed their age or who has communicated his/her personal data without the consent of their parents if they are below the age of 18 (eighteen).


  1. Duration of data processing

The personal data are processed for the period of time necessary to achieve the purpose for which it was collected and in accordance with the terms prescribed by law.

The Data Controller acknowledges the right of the interested party to revoke consent and to oppose the processing at any time as well as the possibility of requesting the cancellation of data in accordance with Article 17 of EU Regulation 2016/679.

  1. Processed data

The Data Controller collects the data that has been freely provided by the User when voluntarily filling in a contactform, sending e-mail,or using other communication tools.

Some personal data relating to the use of Internet communication protocols ("Browser Data") is captured when browsing the website.

Examples of Browser Data are as follows:

  • IP address: Internet Protocol address is a numerical label that uniquely identifies a device called a host connected to a computer network that uses the Internet Protocol as the network protocol.
  • Domain names of computers used by users who connect to the site
  • The URI (Uniform Resource Identifier) addresses of the resources requested,
  • The time of the request, the method used in submitting the request to the server, the size of the file obtained in response.
  • The numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding the user's operating system and computer environment.

This data is collected with the sole purpose of allowing the use of the website and is collected in the aggregate, but it could, through processing and association with data held by third parties, allow users to be identified.

Navigation data is used for statistical purposes on the use of the website and to check the correct operation of the same.

The voluntary and optional sending and transmission of communications through the website or by e-mail, involves the acquisition of personal data provided by the data subject for the sole purpose of communications and to fulfil any requests. These data will be processed in accordance with this policy.

The voluntary and optional registration to the newsletter service involves the acquisition of the personal data provided by the data subject that will be used only to send the newsletter and will be processed in accordance with this privacy policy. 

This application supports the "Do Not Track" requests.   To know if any third party services used supports them, the User is invited to consult the respective privacy policy.

This site makes use of Cookies. To learn more and detailed information, you can read the Cookie Policy.

  1. Optional nature of data disclosure by the data subject

The dissemination of personal data by the interested party to the Data Controller is done voluntarily. By browsing this website, you voluntarily consent to communication and processing of your personal information and navigational data (see article 2 of this policy).

By subscribing to the newsletter, filling out the contact formor using e-mailor other communication tools, the user authorizes the holder to the processing of his/her personal data, in order to enable communication and fulfil the requests made.

A refusal to give consent to the processing of personal data may prevent correct navigation and/or communication between the User and the website and/or the fulfilment of requests made.


  1. Recipients of the personal data

The data provided by user may be disclosed to third parties appointed by the Data Controller for the performance of technical operations on the site and/or for the conduct of organizational and administrative operations, for the performance of consultancy, logistics, accounting (etc.) assignments, for the sending of the newsletter, within the scope of the purposes for which the data is provided.

  1. The right to access personal data

The data subject has the right to:

Access personal data to obtain confirmation that personal data is being processed (Article 15 of EU Regulation 679/2016);

  • Request cancellation of personal data (Article 17 of EU Regulation 679/2016);
  • Request the correction and/or integration of personal data (Article 16 of EU Regulation 679/2016);
  • Ask to limit the processing of personal data (Article 23 of EU Regulation 679/2016);
  • Oppose the processing of personal data (Article 21 of EU Regulation 679/2016);
  • Obtain personal data in a structured and commonly used format that can be detected by automatic devices (Article 20 of EU Regulation 679/2016);
  • Proposing claim to authority.

The data subject can contact the Data Controller at the addresses indicated in Article 1 of this privacy policy.

  1. Changes to the Privacy Policy

The Data Processor has the right to make changes to this privacy policy at any time and without notice. The changes will apply from the date of publication on the website. The user is therefore invited to consult this section regularly. The user should not use the website if he/she does not agree with the changes. The user may at any time exercise the rights referred to in article 9 above, to obtain the cancellation of data that may be collected.

  1. Definitions

For the purposes of this policy and in accordance with Article 4 of EU Regulation 679/2016, the following terms have the following meanings:

Personal data: any information concerning an identified or identifiable natural person ("data subject"). The natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an on-line identifier or one or more elements characteristic of his/her physical, physiological, genetic, psychological, economic, cultural or social identity is considered identifiable.

Navigation data: personal data relating to the use of Internet communication protocols. By way of example, the following data can be considered Navigation Data: IP addresses, browsing history on our website, data provided by the user.

Usage Data: this information is automatically collected by this Application (or by third-party applications that this Application uses), among which: IP addresses or domain names of the computers used by the User that connects with this Application, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the Application,  with particular reference to the sequence of pages consulted, to the parameters related to the User's operating system and IT environment.

Data subject (or Users): a physical person, identified or identifiable individual to whom the personal data refers. For the purposes of this policy, the data subject is the person who uses the website, or rather, the user.

Processing:any operation or set of operations, carried out with or without the use of automated processes and apply to personal data or personal data sets, such as collection, recording, organization, structuring, storing, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparing or interlinking, limiting, or destruction.

Profiling:any form of automated processing of personal data consisting in the use of such personal data to evaluate personal aspects relating to an individual, in particular to analyse or predict aspects of his/her work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement of such natural person;

The Data Controller (or Controller):the natural or legal person, public authority, service or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of that processing are determined by the law of the European Union or the Member States, the data controller or the specific criteria for nomination may be established by the law of the European Union or the Member States; 

The Data Processor (or Processor):the natural or legal person, public authority, service or any other body that processes personal data on behalf of the Data Controller.

This Application:the hardware or software tool through which the Personal Data of the Users is collected.

Cookie: a small piece of data stored within the User's device.

Normative references

EU Regulation 679/2016.

2018 - All rights reserved Serr.All. Industria Serramenti s.r.l.