PRIVACY INFORMATION NOTICE
This information notice is provided pursuant to European Regulation 2016/679 on the protection of personal data, taking into account Recommendation no. 2/2001 adopted on 17 May 2001, to Users using the Service delivered through the Pagani Application and relates to all personal data that the Data Controller collects and holds regarding its Users.
The Services are reserved for Pagani vehicle owners: for this reason the Data Controller performs all appropriate preliminary checks in order to provide the User with the credentials for accessing the Application, consisting of a username and password.
The information notice is provided for the Pagani mobile application and not for other websites and/or applications that the user may consult through links to third party offsite pages.
Further information on vehicle connectivity features can be requested directly from Pagani or by consulting the vehicle user manual.
The data controller is Horacio Pagani S.p.A. (“Pagani”), with registered office in Via dell’Artigianato no. 5, Vill. La Graziosa – 41018 San Cesario Sul Panaro (MO), Italy, Tel. +39 059 4739201 – email address: firstname.lastname@example.org
Some Data may be shared with recipients located in countries outside the European Union or the European Economic Area, also owing to the fact that they are stored in databases handled by third companies that operate on behalf of Pagani as Data Processors, for technical and operational purposes and/or to ensure high service continuity.
Pagani ensures that the processing of the Data by these persons is subject to the purposes for which they were collected, and will be carried out in compliance with applicable laws. Therefore, in the event of transfer of Data outside the European Economic Area, Pagani will take all appropriate and necessary contractual measures to www.pagani.com ensure an adequate level of protection, including adequacy decisions, agreements based on the Standard Contractual Clauses approved by the European Commission and any other guarantee useful to ensure that the level of protection of natural persons guaranteed by EU Regulation 2016/679 is not compromised.
Further information may be requested at email@example.com
The Application collects certain types of data provided directly by the User and other data collected automatically, called browsing data. The data collected and processed by the Data Controller through the Application refer to the following categories.
The data collected automatically by the Application are: registration date, date of the last login, user language, version of the Application installed on the device, token for sending notifications and information on the operating system.
In the event that the user has given specific consent following the installation of the Application or subsequently when requested, the Application may access the device’s geolocation coordinates (latitude/longitude), through GPS (Global Positioning System) technology. This information is collected for the purpose, for example, of finding the nearest Pagani-approved service centre and giving directions to the User. Such consent may be withdrawn at any time by accessing the device’s settings.
If the User has given his/her specific consent following installation of the Application or subsequently when requested, the Application may access the multimedia files (photos, videos, etc..) on the User’s device. This information is collected for the purpose, for example, of uploading photographs or videos relating to anomalies detected by the User on the vehicle, in order to receive real-time assistance. Such consent may be withdrawn at any time by accessing the device’s settings.
DETAILS ON PERSONAL DATA PROCESSING
The data collected by the Application are collected for the following purposes, in observance of the principles under art. 5 of EU Regulation 2016/679.
1. Registration and authentication
After entering his/her username and password, the Application identifies the User and allows him/her to access the dedicated Services.
The purpose for processing these data categories is the management of registered Users and their identification in order to allow access to the Services.
2. Services made available by the Application
The optional, explicit and voluntary submission of messages or requests for assistance sent to the Controller’s contact details implies the acquisition of the data needed for answering, as well as all the data (e.g. personal details) included in the communications, along with photographs or videos. The purpose for processing these data categories is to correctly provide the Services made available by the Application, including the management of requests for support, assistance or any other request sent using the methods made available by the Application.
3. Technical improvements and research and development purposes
Pagani Group companies may analyse Account Information and the information collected through use of the Application and the Services, as well as other information in their possession regarding the User, for research purposes and in order to improve the products and services.
The data provided by the data subject and those collected automatically by the Application are necessary for performing a contract which the data subject is a party to or for implementing pre-contractual measures taken at his/her request. The provision of data for the above purposes is optional, but should the User fail to provide the data or provide incorrect data, he/she will not be able to access the Application and use the dedicated Services.
Some data may be processed in accordance with current legal obligations. Access to certain Services, such as those involving the geolocation of mobile devices or the uploading of photographs and/or videos from the multimedia files of devices, is subject to the data subject’s consent. In these cases, consent may be withdrawn at any time, without prejudice to the lawfulness of the processing based on consent prior to withdrawal and without such withdrawal leading to any detrimental consequences for the data subject.
The Data will be brought to the attention or shared with Pagani Group Companies also located in countries outside the European Union and with duly appointed Pagani personnel. The data will also be communicated to persons duly designated as data processors by virtue of a contract or other legal deed entered into with Pagani (for example, companies dealing with the management of IT systems and services, service and consultancy companies insofar as necessary for performing their tasks at Pagani, etc.).
The data will also be communicated to or brought to the attention of companies belonging to Pagani’s sales and service network, also located in countries outside the European Union, in order to provide the services made available by the Application. Finally, the data will be communicated, if requested, to the competent financial offices and/or other Public Administrations, in accordance with the provisions of applicable laws.
The dissemination of any personal data being processed is in any case excluded. The Data Controller will not disclose information about data subjects to third parties without their consent, except where required by law. The complete list of data processors and persons in charge of personal data processing may be requested by sending a specific request to firstname.lastname@example.org
DATA PROCESSING METHODS
Personal data shall be processed using automated and manual means and for the time period strictly required to achieve the purposes for which such data have been collected.
As soon as the personal data are no longer necessary for the purposes for which they were collected, the Data Controller will delete them unless they must be archived according to the law or unless the User has agreed that the data be processed for a longer period of time.
In particular, personal data that have been collected are kept for a period of time identified by taking into account criteria such as the existence of a contractual agreement between the parties, or the User’s continued interest to access the Application, until he/she requests that his/her personal account be deleted and unless other data retention periods have been established for different purposes.
Special security measures are observed to prevent data loss or illegitimate or improper use as well as unauthorised accesses to such data. Personal data management security is also ensured through use of the User’s personal password, which must be kept carefully and with due diligence, and through account revalidation or using similar methods.
RIGHTS OF THE DATA SUBJECT
In accordance with articles 15 – 22 of EU Regulation 2016/679, rights are granted to all data subjects.
Right of Access: In accordance with art. 15, the data subject has the right to obtain confirmation that personal data concerning him/her are being processed and, where appropriate, to obtain a copy thereof. The data subject also has the right to obtain access to personal data concerning him/her and to further information such as the purpose of the processing, the categories of recipients, the data retention period and the rights that may be exercised.
Right to rectification: the data subject, pursuant to art. 16, has the right to obtain the rectification of inaccurate personal data that concern him or her or completion thereof. Right to erasure: the data subject has the right to obtain the erasure of personal data concerning him/her, without undue delay, should one of the grounds envisaged by art. 17 apply.
Right to restriction of processing: in the cases envisaged by art. 18 of Regulation 2016/679, the data subject has the right to obtain restriction of processing. Right to data portability: the data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance, according to the provisions of art. 20 of Regulation 2016/679;
Right to object: the data subject has the right to object to processing of personal data concerning him or her according to the provisions of art. 21 of Regulation 2016/679. The data subject also has the right to lodge a complaint with the competent Supervisory Authority: the Privacy Authority.
Requests to exercise the above rights must be made in writing to the Data Controller and sent to email@example.com
The Data Controller will respond promptly to any requests to exercise data subjects’ rights, within the timeframe established by current legislation.
Any further explanation or request for clarification may be submitted in writing to the Data Controller.
UPDATES AND AMENDMENTS
The Data Controller reserves the right to amend, supplement or periodically update this Information Notice in accordance with applicable legislation or the provisions adopted by the Data Protection Authority.