Privacy Policy

This information is provided, pursuant to Art. 13 of EU Regulation 2016/679 (GDPR) and the Italian Legislative Decree 196/2003 amended by the Italian Legislative Decree101/2018 to users who interact with the websites belonging to the company Panotec Metalworking S.r.l. accessible by electronic means from the following addresses:, corresponding to the home pages of the respective websites.

This document describes the way in which only the official company website is managed and not other external websites that can be reached by the user through links.

Additional information may be provided within the different access channels, divided according to the topics covered. Other information may be provided within the website in relation to specific services.

Data Controller:

Contact data:

Purpose of data processingLegal basis of data processingPeriod of data retention
Administrative-accounting activities in general and for the fulfilment of legal obligations, regulations and applicable national and supranational law.Need to fulfil legal obligations.Contractual duration and, after
termination, for the ordinary limitation period of 10 years.
Any contact requests, sending the information you requested.Execution of a contract in which the interested party is a party or execution of pre-contractual measures taken upon the request of the same (art. 6(1)(b) of the Regulation).Time required to provide feedback.
If necessary, to ascertain, exercise or defend the rights of the Data Controller in court.Legitimate interestFor the entire duration of the same, until appeals are allowed.
Direct marketing:

automated contact methods (sms, mms, email) and traditional contact methods (such as telephone calls with an operator) to send promotional and commercial communications relating to services/products offered or to report company events or the participation in webinars, as well as to carry out market studies and statistical analyses.
Consent (optional and revocable at any time).

It should be noted that the Data Controller collects a single consent for the Marketing purposes described herein, in accordance with the General Provision of the Guarantor for the protection of personal data “Guidelines on Marketing and against Spam” of 4 July 2013.
Should you wish to object the processing of your data for marketing purposes carried out as indicated herein, as well as revoke the consent given, you may do so at any time by contacting the Data Controller at the addresses indicated in this document, without prejudice to the lawfulness of the processing based on the consent given prior to revocation.
Until consent is revoked.
After the retention periods indicated above have expired, the Data will be destroyed, erased or made
anonymous, compatibly with the technical erasure and backup procedures.

Type of Data Processed and Collection Procedures

Browsing data – log files

It is possible to access the website without the user being asked to provide any personal data. The computer systems and applications that allow this website to work detect, during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) not associated with directly identifiable users. The data collected includes the IP addresses of the users who connect to the website, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request and the numerical code indicating the status of the response given by the server (successful, error, etc.). and other parameters relating to the user’s operating system and computer environment.

This information does not provide the user’s personal data and is not collected to be associated with identified interested parties, but it is technical/computer data collected and used in an aggregate and anonymous manner to: check that the website works properly and to monitor its security; improve the quality of the service and provide statistics concerning the use of the website; ascertain responsibility in the event of hypothetical computer-related crimes to the detriment of the website.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of messages to the contact addresses, as well as the completion and submission of the forms found on the Data Controller’s website, involves the acquisition of the sender’s data, as well as all the personal data included in the communications, necessary to respond to the requests made and/or to provide the requested service. However, it is guaranteed that this processing will be based on principles of correctness, lawfulness, transparency and protection of confidentiality as indicated in the GDPR. In any case, before activating a certain service, appropriate information will be provided and, where necessary, the consent to the processing of personal data will be acquired. This consent may be revoked at any time, making it impossible to use the service in question.

Failure to provide consent or revocation of the same does not entail any consequences, except for making it impossible to use the website and/or to obtain the requested service or to receive more detailed information about the Company’s activities.

In any case, the processing of personal data may be carried out, if necessary, to pursue a legitimate interest of the Data Controller or according to a legal obligation. In particular, obtaining consent for the processing referred to in the previous point concerning browsing and log data is not necessary as the data is processed as responding to a legitimate interest (Considering 47 of the GDPR).

Provision of Data

Apart from what is specified for browsing data, the provision of personal data by the interested party, for certain purposes described in the previous section, is to be considered optional. Failure to provide it may make it impossible to use certain services provided by the website.

Data Processing Methods

The personal data is processed using automatic tools for the time strictly necessary to achieve the purposes for which it was collected, in accordance with the principles of lawfulness, purpose limitation and minimisation of data, pursuant to Art. 5 of the GDPR and in compliance with the mandatory time prescribed by law. Specific safety measures are observed to prevent data loss, misuse or incorrect use and unauthorised access.

Communication and/or Dissemination of Data

Your Data, subject to processing, will not be disclosed but may be communicated to companies contractually bound to the company, in accordance with and within the limits of the GDPR. The personal data is stored on servers located within the European Union. It remains in any case understood that the Data Controller, if necessary, will have the right to move the servers also outside the EU GPDR. In this case, the Data Controller guarantees, as of now, that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission, and the user will be informed.

The data may be communicated to third parties belonging to the following categories:

  • subjects that provide services for the management of the information system and telecommunication networks used by the company (including email);
  • firms or companies with which the Company has assistance and consultancy relationships;
  • third party companies for staff selection and management;
  • competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request;
  • companies offering website and information system maintenance services.

The subjects belonging to the above categories act as Data Processors, or operate independently as separate Data Controllers. The list of Data Processors is constantly updated and available at the company’s headquarters. Any further communication or dissemination will take place only with your explicit consent.


Website and the Data Controller’s Services are not intended for children under 16 years of age and the Data Controller does not intentionally collect personal information from minors. In the event that information about minors is unintentionally recorded, the Data Controller will delete it in a timely manner, upon the users’ request.

Rights of the interested party

The interested parties have the right to receive information from the Company concerning the processing of personal information by sending an email to: .

  • Right of access: we are transparent about the data we collect and the use we make of it. You can contact us at any time by sending an email to access the information in our possession;
  • Right to rectification: you have the right to correct any inaccurate or incomplete information and request that it be updated and/or edited;
  • Right to erasure: send a request to erase all data relating to you and we will process your request within 30 days;
  • Right to restriction: you have the right to ask the Data Controller to limit the processing of your data;
  • Right to portability: upon request, we will export your data so that it can be transferred to third party companies in a structured, commonly used and machine-readable format;
  • Right to objection: you can unsubscribe at any time from all the specific uses we make of your data (newsletter, automatic emails, etc.);
  • Right to lodge a complaint: if you believe that your rights have not been respected, you can lodge a complaint to the competent authority as indicated on the website or via email to