Privacy policy

Privacy policy


The data subjects are hereby informed (pursuant to Art.4(1) of the GDPR) of the following general profiles, valid for all areas of processing:

  • all data are processed in accordance with current privacy regulations (Reg. (EU) 2016/679 and Italian Legislative Decree 196/2003, as amended and supplemented by Legislative Decree 101/2018);
  • all data are processed in a lawful, correct and transparent manner in relation to the data subject, in compliance with the general principles set out in Article 5 of the GDPR;
  • specific security measures are observed to prevent the loss of data, its illegal or incorrect use and unauthorised access (GDPR, Art.32).

The Controller is the undersigned Company (represented by the pro-tempore legal representative) that can be contacted for any privacy request or to exercise the rights listed below, at the following addresses:

Contact details
Pagani Geotechnical Equipment Srl
Tel: 0523-771535 – Email:

Data Protection Officer
Name: Galli Data Service Srl Email:

Rights of the Data Subjects

  •  right to request the existence of and access to personal data concerning him or her (Art.15 “Right of access”)
  • right to obtain the rectification/integration of inaccurate or incomplete data (Art.16 “Right to rectification”)
  • right to obtain, if there are justified reasons, the erasure of data (Art.17 “Right to erasure”)
  • right to obtain the restriction of processing (Art.18 “Right to restriction of processing”)
  • right to receive data concerning him or her in a structured format (Art.20 “Right to data portability)
  • right to object to processing and automated decision-making processes, including profiling (Art.21, 22)
  • the right to withdraw previously given consent;
  • the right to lodge a complaint with the Data Protection Authority in the event of failure to reply.
    The following specific information is given below, referring to:
    1) data processing related to the operation of the website
    2) processing of data of customers/suppliers of the Controller


1.1 Navigation data

The IT systems and software processes responsible for the operation of this website acquire certain personal data during the course of their normal operations, the transmission of which is an integral and essential part of the Internet communication protocols. This is information which is not gathered in order to be associated with identified parties, but due to its nature could, through processing and association with data held by third parties, permit identification of the users. This category of data includes the IP addresses or domain names of the computers used by visitors to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to issue the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, failure etc.) and other parameters concerning the user’s operating system and IT environment.


Purposes and legal basis for the processing


These data are used only to obtain anonymous statistical information on use of the site and to check it is operating correctly. These data could also hypothetically be used to determine responsibility in the event of attacks or other criminal acts carried out on the site (legitimate interests of the Controller).
Scope of communication

(GDPR-Art.13(1)e and f

The data may only be processed by internal personnel, duly authorised and instructed in the processing (GDPR-Art.29) or by any subjects in charge of the maintenance of the web platform (in this case appointed external data processors) and will not be disclosed to other subjects, disseminated or transferred to non-EU countries (unless with the prior compliance with the requirements of Chapter V of the GDPR). Only in the event of an investigation may they be made available to the competent authorities.
Data retention period


The data are normally kept for short periods of time, with the exception of any extensions related to investigation activities.
Provision of data


The data are not provided by the data subject but acquired automatically by the technological systems of the website..


1.2 Cookies

For farther information, please read the cookie policy.

1.3 Web site specific functions

Some pages of the website may involve requesting information from the browser in relation to specific services (e.g. request information, user registration, work with us, etc.).

Products pages



Purposes and legal basis for the processing


Only the data necessary for the correct provision of the service and necessary to give a correct and exhaustive response to the data subjects will be requested. The processing is subject to the acceptance of specific, free and informed consent (GDPR-Art.6(1)a)
Scope of communication

(GDPR-Art.13(1)e and f)

The data are only processed by personnel duly authorised and instructed in the processing (GDPR-Art.29) or by any subjects in charge of the maintenance of the web platform (in this case appointed external data processors). The data will not be disclosed or transferred to non-EU countries (unless in compliance with the requirements of Chapter V of the GDPR).
Data retention period


The data are retained for periods compatible with the purpose of collection
Provision of data


The provision of data referring to mandatory fields is necessary in order to obtain a response, while the optional fields are aimed at providing staff with additional useful elements to facilitate contact.


1.4 Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails and/or ordinary mail to the addresses listed on this site will result in acquisition of the sender’s email address, which is essential for responding to the requests, as well as any other personal data included in the message. If the sender submits his/her CV with a professional application, he/she remains solely responsible for the relevance and accuracy of the data sent. Please note that any CVs without authorisation for data processing will be deleted immediately.


2.1 Purpose of the processing

The company processes personal identification data of customers/suppliers (for example, name, surname, company name, personal/tax data, address, telephone, e-mail, bank and payment references) and any operational contacts (name, surname and contact details) acquired and used in the provision of the products/services provided.

2.2 Purposes and legal basis for the processing

The data are processed for:

  • concluding contractual/professional relationships and providing services;
  • fulfilling pre-contractual, contractual and tax obligations arising from existing relationships, as well as managing the necessary communications related to them;
  • fulfilling obligations imposed by laws, regulations, Community legislation or an order of the Authority;
  • exercising a legitimate interest as well as a right of the Controller (for example: the right of defence in court, the protection of credit positions; ordinary internal operational, management and accounting requirements).

Failure to provide the above data will make it impossible to establish a relationship with the Controller. Pursuant to Art.6(1)b,c and f, the aforementioned purposes represent suitable legal bases for the lawfulness of processing. If processing is intended for different purposes (e.g. marketing communications, production of photo/video content, etc.), a specific consent will be requested from the data subjects.

2.3 Methods of processing and retention time

The personal data is processed by means of the operations indicated in Art. 4(2) of the GDPR and specifically: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Personal data are processed both on paper and electronically. The Controller will process the personal data for the time necessary to fulfil the purposes for which they were collected and related legal obligations.

2.4 Scope of processing
The data are processed by internal personnel, duly authorised and instructed pursuant to Art. 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external Data Processors or Independent Controllers (consultants, technicians, banking institutions, carriers, etc.). The data may be transferred outside the EU as part of the management of international contracts, in compliance with the conditions of Chapter V of the GDPR, aimed at ensuring that the level of protection of the data subjects is not affected (“Art.45 Transfers on the basis of an adequacy decision, Art.46 Transfers subject to appropriate safeguards, Art.47 Binding corporate rules, Art.49 Derogations for specific situations”). The data are not subject to automated processes that produce significant consequences for the data subject.


Please note that this policy may be subject to periodic review, also in relation to the relevant legislation and case law. Appropriate highlighting of any significant changes will be given on the homepage of the website for a reasonable period of time. Data subjects are in any case invited to periodically consult this policy.