(Version updated on 14 November 2025)
Pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”), Platek S.r.l. describes the methods of processing the personal data of users who browse and use the website www.platek.eu. This privacy notice applies to the processing activities connected with simple browsing of the website and the use of its functionalities (for example, any contact forms, information requests, service subscriptions), as further specified in the following sections.
This notice does not concern third-party websites, pages or online services that may be reached via hyperlinks, plugins or widgets on the website. Such external resources are independent of the data controller; users are therefore invited to read their respective privacy notices.
1. Data Controller and contact details
The data controller is Platek S.r.l., tax code 03007130176, VAT no. 03320290178, with registered office at Via Paderno 15/F, 25050 Rodengo Saiano (BS) – Italy. For any request relating to the processing of personal data and for the exercise of the rights provided for in Articles 15–22 GDPR, you may write to: privacy.gruppodonati@donatiholding.it or to the certified e-mail (PEC) address: plateklight@legalmail.it.
2. Categories of data processed
a) Browsing data. The computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data the transmission of which is implicit in the use of Internet communication protocols. This category of data includes, by way of example, the IP addresses or domain names of the devices used, the URI addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response, and other parameters relating to the user’s operating system and computer environment. Such data are used solely for the purpose of obtaining anonymous statistical information on the use of the Website and to verify its correct operation, as well as for system security and maintenance purposes.
b) Data voluntarily provided by the user. The voluntary, explicit and optional sending of messages to the contact addresses indicated on the Website, as well as the completion of the forms in the sections “Subscribe to the newsletter”, “Book an appointment” or other equivalent forms, entails the acquisition of the personal data communicated by the user (for example, name, surname, e-mail address, telephone number, company name and the content of the request), which are necessary in order to respond to the communications. Only common personal data are collected. Users are invited not to send, in their communications, personal data of third parties or special categories of data (for example data relating to health, religious beliefs or political opinions) that are not strictly necessary.
c) Cookies. The Website uses technical cookies and, subject to consent, analytical and profiling cookies, including third-party cookies, in order to ensure the proper functioning of the pages and improve the browsing experience. For detailed information on the types of cookies used, their purposes and how to manage preferences, please refer to the Cookie Policy available in the dedicated section of the Website.
3. Purpose and legal basis of processing
a) Website browsing.
The legal basis for processing browsing data is the legitimate interest of the Controller, pursuant to Article 6(1)(f) GDPR, aimed at ensuring the correct functioning, security and integrity of the Website, as well as producing anonymous statistics on the use of online services.
b) Handling requests and contacts.
For data voluntarily provided by the user through contact forms, the legal basis for processing is the performance of pre-contractual measures adopted at the request of the data subject, pursuant to Article 6(1)(b) GDPR.
c) Newsletter subscription.
Data provided for subscribing to the newsletter service are processed in order to send periodic informational or promotional communications relating to Platek S.r.l.’s products and initiatives. The legal basis for processing is the explicit consent of the data subject pursuant to Article 6(1)(a) GDPR. The user may withdraw consent at any time via the unsubscribe link present in every communication received or by writing to privacy.gruppodonati@donatiholding.it or acnora by writing to the certified e-mail (PEC) address: plateklight@legalmail.it.
4. Consequences of failure to provide personal data
The provision of browsing data and technical cookies is necessary to enable the technical functioning of the Website and the use of its services; failure to provide such data will result in the impossibility of accessing or correctly browsing the Website. The provision of cookies other than technical cookies is instead based on the user’s consent and may be revoked or revised through the specific cookie management section of the site.
The provision of personal data via contact forms or e-mail addresses indicated on the Website is optional, but necessary in order to respond to the requests sent. In the absence of such data, Platek S.r.l. will not be able to provide the requested information or services.
The provision of data for newsletter subscription is entirely optional: lack of consent will result in the impossibility of receiving informational and promotional communications from the Controller, without any consequence on the use of the Website or access to other services. Consent may be withdrawn at any time using the methods indicated in this notice.
5. Methods of data processing
Personal data are processed by authorized personnel of Platek S.r.l. using manual and electronic tools, according to logics strictly related to the purposes indicated and in compliance with the principles of lawfulness, fairness, transparency, relevance and proportionality. Processing is carried out by adopting appropriate technical and organizational measures to ensure the security and confidentiality of the data, to prevent loss, unlawful or improper use and unauthorized access, in accordance with Article 32 GDPR. The Controller does not carry out processing involving automated decision-making or profiling, except as may be indicated in the Cookie Policy with regard to third-party profiling cookies.
6. Period of personal data retention
Personal data are retained for the time strictly necessary to achieve the purposes for which they were collected and in any case within the limits provided for by the applicable legislation, taking into account the principles of proportionality and minimization set out in Article 5(1)(e) GDPR.
In particular:
– browsing data are retained for the period necessary for technical operations of management and security of the Website;
– data voluntarily provided through contact forms are retained for the time necessary to handle the request and manage any further related communications;
– data collected for newsletter subscription are retained until consent is withdrawn or, in any case, for a maximum period of 24 months from the last meaningful interaction with the communications sent. This period is automatically renewed in the presence of conclusive behaviour by the data subject, such as opening messages, clicking on content or other interactions with the e-mails received.
After the above periods, the data will be deleted, without prejudice to any further retention necessary to comply with legal obligations or to protect rights in judicial proceedings.
7. Data storage location
Personal data are stored at the Controller’s registered office and, where necessary, at external entities expressly designated as data processors, located within the European Union.
Certain services related to the technical management of the Website or to the sending of newsletters (for example, hosting services, IT maintenance or platforms for sending communications, such as Mailchimp or equivalent services) may involve the transfer of personal data to countries outside the European Economic Area.
In such cases, the transfer is carried out in full compliance with Articles 44 et seq. GDPR, on the basis of an adequacy decision of the European Commission, or through the adoption of Standard Contractual Clauses or other appropriate safeguards capable of ensuring the protection of personal data.
Further information on storage locations and applicable safeguards may be requested from the Controller using the contact details indicated in this notice.
8. Communication and disclosure of data
Personal data may be communicated, within the limits strictly relevant to the purposes indicated above, to individuals within the company who are expressly authorized to process data pursuant to Article 29 GDPR and who are properly instructed in confidentiality and data protection. They may also be communicated to external entities that provide the Controller with technical or professional services necessary for the operation of the Website and for the provision of the services requested by users (for example, hosting and IT maintenance companies, e-mail or newsletter service providers, consultants), which act as Data Processors pursuant to Article 28 GDPR and are bound by specific contractual agreements that ensure the protection of personal data.
Data will not be disclosed nor communicated to third parties for purposes other than those indicated in this notice, except where required by law or by orders from competent public authorities.
9. Data storage location
Personal data are stored at the Controller’s registered office and, where necessary, at external entities expressly designated as data processors, located within the European Union.
Certain services related to the technical management of the Website or to the sending of newsletters (for example, hosting services, IT maintenance or platforms for sending communications) may involve the transfer of personal data to countries outside the European Economic Area. In such cases, the transfer is carried out in full compliance with Articles 44 et seq. GDPR.
10. Data subject rights
Pursuant to Articles 15 to 22 GDPR, the data subject has the right to:
– obtain confirmation as to whether or not personal data concerning him or her exist and access such data (right of access);
– request the rectification or updating of inaccurate data and the completion of incomplete data (right to rectification);
– obtain the erasure of personal data in the cases provided for by law (right to erasure);
– obtain restriction of processing where the conditions set out in Article 18 GDPR are met (right to restriction);
– receive personal data in a structured, commonly used and machine-readable format and transmit them to another controller (right to data portability);
– object at any time, on grounds relating to his or her particular situation, to the processing of personal data carried out on the basis of the Controller’s legitimate interest (right to object);
– withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (right to withdraw consent);
– lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or bring proceedings before the competent judicial authorities if he or she believes that his or her rights have been violated.
11. How to exercise your rights
To exercise the above rights, the data subject may submit a written request to Platek S.r.l. by e-mail to privacy.gruppodonati@donatiholding.it, or by certified e-mail (PEC) to plateklight@legalmail.it. Alternatively, a registered letter with return receipt may be sent to the following address: Platek S.r.l. – Via Paderno 15/F, 25050 Rodengo Saiano (BS) – Italy.