Privacy Policy
Data Controller
The Data Controller is Cartiere Paolo Pigna S.p.A., with registered office at Via Daniele Pesenti 1, 24022 Alzano Lombardo (BG), Italy. Tel. +39 035 519111. For information regarding the processing of personal data carried out by the Data Controller, as well as to exercise the rights of data subjects (pursuant to Articles 15–22 of EU Regulation 679/2016 “GDPR”), please use the dedicated email address: privacy@pigna.it.
Data Protection Officer (DPO)
The Data Controller has appointed, pursuant to Article 37 of the GDPR, a Data Protection Officer (“DPO”). The DPO can be contacted at the following email address: dpo@pigna.it. Email address of the Data Controller: privacy@pigna.it.
Types of Data Collected
Among the Personal Data collected by this website, by itself or through third parties, there are: Trackers; Usage Data; first name; email address; number of Users; session statistics; answers to questions; clicks; keypress events; motion sensor events; mouse movements; scroll position; touch events; last name.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific information notices displayed prior to data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this website. Unless otherwise specified, all Data requested by this website are mandatory. If the User refuses to provide them, it may be impossible for this website to provide the Service. Where this website indicates certain Data as optional, Users are free to refrain from providing such Data, without this having any impact on the availability or functioning of the Service. Users who have doubts about which Data are mandatory are encouraged to contact the Data Controller. Any use of Cookies – or other tracking tools – by this website or by the owners of third-party services used by this website is intended to provide the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this website.
Methods of Processing
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, access to the Data may be granted to other parties involved in the organization of this website (administrative, commercial, marketing, legal staff, system administrators) or to external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies), appointed, where necessary, as Data Processors by the Data Controller. An updated list of Data Processors may always be requested from the Data Controller.
Place
The Data is processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located.
Some of the services used by this Website may involve the transfer of Personal Data to countries outside the European Economic Area (EEA), in particular to the United States.
Such transfers may occur, for example, through third-party services such as analytics tools, tag management systems, spam protection services, content delivery services, or the display of external content (e.g. Google).
In such cases, the Data Controller ensures that the transfer of Data takes place in compliance with Articles 44 et seq. of the GDPR, by adopting appropriate safeguards, including, where applicable, adequacy decisions of the European Commission or the use of Standard Contractual Clauses (SCCs).
For further information on the place of processing and the measures adopted, the User may contact the Data Controller.
Retention Period
Unless otherwise indicated in this document, Personal Data are processed and stored for the time required by the purpose for which they were collected and may be retained for a longer period due to legal obligations or based on the Users’ consent.
Purposes of Processing the Collected Data
The User’s Data is collected to allow the Data Controller to provide the Service, comply with legal obligations, respond to requests, protect its own rights and interests (or those of Users or third parties), detect any malicious or fraudulent activities, as well as for the following purposes: Analytics, Tag Management, Displaying content from external platforms, Contacting the User, Spam and bot protection, Creation and management of this Application, Traffic optimization and distribution, and Direct marketing.
For specific information about the Personal Data used for each purpose, the User may refer to the section “Details on the Processing of Personal Data”.
Details on the Processing of Personal Data
Contacting the User
Contact form
By filling in the contact form with their Data, the User consents to its use to respond to requests for information, quotes, or any other nature indicated by the form header.
Personal Data processed: email; name.
Mailing list or newsletter
By registering to the mailing list or newsletter, the User’s email address is automatically added to a contact list to which email messages containing information, including commercial and promotional content, relating to this Website may be sent.
Personal Data processed: last name; email; name.
Creation and management of this Website
The main components of this Website are created and managed directly by the Data Controller using the software mentioned below.
WordPress (self-hosted) (this Website)
This Website is developed and managed by the Data Controller through a CMS (Content Management System) called WordPress.
Personal Data processed: Usage Data.
Tag management
This type of service allows the Data Controller to centrally manage the tags or scripts required on this Website. As a result, the User’s Data may be processed by these services, with the possibility that it will be stored.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal Data processed: Usage Data.
Place of processing: Ireland – Privacy Policy.
Traffic optimization and distribution
This type of service allows this Website to distribute its content using servers located across different territories and to optimize its performance.
The Personal Data processed depends on the characteristics and implementation methods of these services, which by their nature filter communications between this Website and the User’s browser.
Due to the distributed nature of this system, it is difficult to determine the locations where content is transferred, which may contain the User’s Personal Data.
Google Hosted Libraries (Google LLC)
Google Hosted Libraries is a traffic optimization and distribution service provided by Google LLC.
Personal Data processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy.
Spam and bot protection
This type of service analyzes traffic on this Website, potentially containing Users’ Personal Data, in order to filter it from unwanted traffic, messages, and content recognized as SPAM or to protect it from malicious bot activities.
Google reCAPTCHA (Google Ireland Limited)
Google reCAPTCHA is a spam protection service provided by Google Ireland Limited. The use of reCAPTCHA is subject to Google’s privacy policy and terms of use.
To understand how Google uses Data, please refer to their partner policy and their Business Data page.
Personal Data processed: clicks; Usage Data; keypress events; motion sensor events; touch events; mouse movements; scroll position; responses to questions; Tracking Tools.
Place of processing: Ireland – Privacy Policy.
Analytics
The services in this section allow the Data Controller to monitor and analyze traffic data and are used to track User behavior.
Google Analytics (Universal Analytics) (Google Ireland Limited)
Google Analytics (Universal Analytics) is a web analysis service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected to track and examine the use of this Website, compile reports and share them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize ads in its advertising network.
To understand how Google uses data, please refer to the Google partner policies.
Personal Data processed: Usage Data; Tracking Tools.
Place of processing: Ireland – Privacy Policy – Opt Out.
Google Analytics 4 (Google Ireland Limited)
Google Analytics is a statistical service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected to track and examine the use of this Website, compile reports and share them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads in its advertising network. In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is stored in any data center or server. For more information, please refer to the official Google documentation.
To understand how Google uses Data, please refer to their partner policy and their Business Data page.
Personal Data processed: Usage Data; number of Users; session statistics; Tracking Tools.
Place of processing: Ireland – Privacy Policy – Opt out.
Displaying content from external platforms
This type of service allows content hosted on external platforms to be displayed directly on the pages of this Website and to interact with it. These services are often referred to as widgets, small elements embedded in a website or application. They provide specific information or perform a particular function and often allow user interaction.
This type of service may still collect web traffic data related to the pages where the service is installed, even when Users do not use it.
Google Fonts (Google Ireland Limited)
Google Fonts is a font style visualization service provided by Google Ireland Limited that allows this Website to incorporate such content within its pages.
Personal Data processed: Usage Data; Tracking Tools.
Place of processing: Ireland – Privacy Policy.
Font Awesome (Fonticons, Inc.)
Font Awesome is a font style visualization service provided by Fonticons, Inc. that allows this Website to incorporate such content within its pages.
Personal Data processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy.
Widget Google Maps (Google LLC)
Google Maps is a map visualization service provided by Google LLC that allows this Website to incorporate such content within its pages.
Personal Data processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy.
Cookie Policy
this website uses Tracking Tools. To learn more, Users may consult the Cookie Policy.
Legal Basis of Processing
Personal Data are processed on the basis of the following legal grounds, in relation to the specific purposes:
| Purpose | Legal basis |
|---|---|
| Contact form | Legitimate interest of the Data Controller |
| Newsletter | User’s consent |
| Creation and management of this website | Performance of a contract |
| Tag management | Legitimate interest of the Data Controller |
| Traffic optimization and distribution | Legitimate interest of the Data Controller |
| Spam and bot protection | Legitimate interest of the Data Controller |
| Statistics (Analytics) | User’s consent |
| Font display (Google Fonts) | User’s consent |
| Font display (Font Awesome) | User’s consent |
| Map display (Google Maps) | User’s consent |
Reference: art. 6(1) of the GDPR.
Additional Information on Data Retention
Unless otherwise stated in this document, Personal Data are processed and stored for the time required by the purpose for which they were collected and may be retained for a longer period due to legal obligations or based on the Users’ consent. Therefore:
- Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User shall be retained until such contract has been fully performed.
- Personal Data collected for purposes related to the legitimate interest of the Data Controller shall be retained until such interest is satisfied. Users may obtain further information regarding the legitimate interest pursued by the Data Controller by referring to the relevant sections of this document or by contacting the Data Controller.
- Where processing is based on the User’s consent, the Data Controller may retain Personal Data for a longer period until such consent is withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period in order to comply with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data shall be deleted. Therefore, once this period expires, the rights of access, erasure, rectification and data portability can no longer be exercised.
User Rights under the General Data Protection Regulation (GDPR)
Users may exercise certain rights with regard to their Data processed by the Data Controller. In particular, and within the limits provided by law, Users have the right to:
- withdraw their consent at any time;
- object to the processing of their Data;
- access their Data;
- verify and request rectification;
- obtain restriction of processing;
- obtain erasure or removal of their Personal Data;
- receive their Data or have them transferred to another controller;
- lodge a complaint with the competent supervisory authority or take legal action.
Users also have the right to obtain information regarding the legal basis for Data transfers abroad and the security measures adopted by the Data Controller.
Details on the Right to Object
Where Personal Data are processed in the public interest, in the exercise of official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing on grounds relating to their particular situation. Users are informed that, where their Data are processed for direct marketing purposes, they may object to such processing at any time, free of charge and without providing any justification.
How to Exercise User Rights
Any requests to exercise User rights may be addressed to the Data Controller using the contact details provided in this document. Requests are free of charge and will be answered by the Data Controller as early as possible and in any case within one month.
Legal Defense
The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages thereof for the defense against abuses in the use of this website or related Services. The User declares to be aware that the Data Controller may be required to disclose Personal Data upon request of public authorities.
System Logs and Maintenance
For operation and maintenance purposes, this website and any third-party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.
Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page. Where the changes affect processing activities based on the User’s consent, the Data Controller shall collect new consent from the User, where required.
Latest update: 1 dicembre 2025