Privacy and Data Protection
Privacy Vision
Our Vision: Transparency in Motion
Technological innovation demands responsibility. For PARA S.r.l., safeguarding privacy is more than just regulatory compliance—it is an essential quality standard.
In this dedicated space, we have centralized all data protection resources to provide you with immediate control and clarity. We are committed to handling your information with integrity, implementing top-tier cybersecurity measures to protect the business of those who choose our solutions.
Some definitions
To ensure you fully understand the information that follows, we must first explain the meaning of some fundamental terms used in the GDPR. Specifically: what constitutes personal data, what processing involves, who the Data Subjects are, and the roles of the Data Controller and Data Processor, etc.
Personal Data
Personal data refers to any information relating to an identified or identifiable natural person. For example, personal data includes first and last names, addresses, phone numbers, tax identification numbers, email addresses, photographs, profession, salary, bank details, health conditions, etc.
On the other hand, information relating to companies and other legal entities is not considered personal data. This includes the company name, registered office, VAT number, financial statements, and corporate email addresses (e.g., info@companyname.it). However, data belonging to the natural persons who work there—such as legal representatives, employees, and external consultants—is considered personal data.
Data is only “personal” when it can be linked to a specific natural person, even through reasonable effort. Completely anonymous data is not subject to data protection regulations.
Special categories of data (so-called "sensitive data")
Special categories of data are highly sensitive personal data concerning private matters such as health, political opinions, religious beliefs, or a person’s sexual orientation.
Processing them requires greater safeguards and, generally, the explicit consent of the data subject.
Processing Activity
In the context of personal data, “processing” refers to any operation performed on data, even if automated, from collection to deletion.
In other words, processing is any use of personal data, such as collecting, storing, consulting, modifying, communicating, or deleting it.
Data Controller
The Data Controller is the natural or legal person who determines the purposes (the goal) and means (the methods) of the processing of personal data.
Therefore, each company is the Data Controller of personal data referring to its clients, employees, and suppliers.
When data is processed by a legal entity, such as a corporation, the Data Controller is not its legal representative, but the legal entity itself.
Data Subjects
Data Subjects are the natural persons to whom the processed data refer (for example, the clients, suppliers, or employees of a Data Controller).
We handle information with the same rigor as our industrial processes, operating as the Data Controller::
• Collection (Input): We acquire only strictly necessary data (“Data Minimization”).
• Usage: We process information exclusively for contractual and legal purposes.
• Security: We protect databases with technical and physical anti-intrusion measures.
• Archiving (Output): We retain data only for mandatory periods, ensuring secure deletion thereafter.
When Para processes personal data in the capacity of Data Controller, it is required – pursuant to Regulation (EU) 2016/679 – to provide a clear and complete privacy notice to the data subjects.
Below you can consult the privacy notices prepared for the main categories of data subjects we interact with.
Client Privacy Notice
In this document, you can find information regarding how Para processes its clients’ data.
Click on the image to download it.
Supplier Privacy Notice
Click on the image to download the Supplier Privacy Notice.
In this document, you can find information regarding how Para processes its suppliers’ data.
Candidate Privacy Notice
If you wish to share your data with Para to work with us, here you will find information on how we will process your data.
Agents Privacy Notice
Are you a Para agent?
Click on the icon to download the notice and discover how Para processes your personal data.
Cookies and Tracking Systems
To learn how Para processes website users’ data and uses Cookies, you can consult the site’s Privacy & Cookie Policy by clicking the link and customize your choices.
What are the rights of Data Subjects regarding their personal data
Every person has the right to know how their personal data are processed and to exercise effective control over them.
In this section, we explain your rights recognized by the GDPR and how you can exercise them in a simple and transparent manner.
Access to Data
You have the right to know if a processing of personal data concerning you is in progress and to know: the origin of the data; the categories of data processed; the recipients; the purposes of the processing; the existence of automated decision-making, including profiling; the data retention period.
Rectification
If your data are incorrect, outdated, or incomplete, you have the right to request their rectification and/or integration, and you can demand that the Data Controller communicates this to the recipients to whom the data were transferred, unless this is impossible or involves disproportionate effort.
Erasure
You have the right to the erasure of your data in the cases provided for by Art. 17 GDPR, and specifically when: they are no longer necessary for the purpose for which they were collected; you have withdrawn your consent to the processing and no other valid legal basis exists; you have objected to the processing and no prevailing legitimate interest of the Data Controller exists; the data are processed unlawfully; erasure is necessary to comply with a legal obligation. You have the right to have the Data Controller communicate this to any recipients of the data, unless this is impossible or involves disproportionate effort.
Objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on a legitimate interest of the Data Controller. In such case, we will cease processing your data, unless we demonstrate the existence of compelling legitimate grounds to proceed with the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You also have the right to object at any time to the processing of your data for direct marketing purposes, including profiling for marketing purposes: in such case, your data will no longer be processed for such purposes.
Portability
When data processing is based on your consent or is necessary for the performance of a contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used format or to request that they be transmitted to another Data Controller, where technically feasible.
Restriction
You have the right to request the restriction of processing of your data when: you contest their accuracy, for the period necessary for verification; the processing is unlawful but you oppose the erasure of the data; the Data Controller no longer needs them, but you require them for the establishment, exercise, or defense of legal claims; you have objected to processing, pending the verification whether the legitimate grounds of the Data Controller override yours. You have the right to have the Data Controller communicate this to any recipients of the data, unless this is impossible or involves disproportionate effort.
To exercise your privacy rights, send an email to parasrl@parasrl.com
