Personal Data Processing Privacy Policy

(Articles 13 and 14 of EUROPEAN REGULATION No. 679/2016)

 

Dear web user,

In its capacity as “Data Controller”, Sapiselco srl, having its registered office in Via Irpinia, 43/45 z.a. – 35020 Saonara (Padua), Taxpayer ID and VAT Reg. No. IT 00073410284, informs you that pursuant to Articles 13 and 14 of European Regulation No. 679/2016 (hereinafter the “EU Regulation”) your data will be processed as described below.

  1. Purpose of processing

The Data Controller informs you that any individually identifiable information (e.g. first name, last name, company name, address, telephone number, email address, bank and/or payment details, etc.) (hereinafter “personal data” and/or simply “data”) concerning you — including data that were collected in the past, whether verbally directly from you or through third parties, as well as data that will be collected in the future — may be subject to processing in full compliance with the EU Regulation. The Data Controller will process your data in compliance with law provisions, most notably for the performance of an agreement to which you are party or in order to take steps at your request prior to entering into a contract (e.g. preparing an offer, etc.) (Article 6 of the EU Regulation).

Data processing means any operation or set of operations concerning collection, recording, organisation, storage, consultation, processing or alteration, selection, retrieval, comparison, use, combination, blocking, disclosure, dissemination, erasure or destruction of data.

  1. Purposes of processing and legal basis

Legal basis: EU Regulation No. 679/2016

(A) Without your explicit consent (Article 6(b), (c), (e) of the EU Regulation) for the following purposes:

  • Fulfilling pre-contractual, contractual and tax obligations arising from dealings in place with you;
  • Fulfilling obligations laid down by law, regulations, community rules or Authority orders (e.g. money laundering legislation);
  • Exercising the Data Controller’s rights, such as the right of defence in legal claims;
  • General book-keeping;
  • Business management (invoicing, document management, if applicable, etc.);
  • Credit management;
  • Statistical and quality assurance analyses;
  • Insurance-related management;
  • Technical support.
  • In particular, your data will be processed for purposes connected to the fulfilment of the following legal or contractual obligations:
  • Technical or functional access to the Site, no data will be retained after closing your browser;
  • Advanced navigation purposes or customised content management;
  • Statistical and analytical purposes relating to navigation and users.

(B) Subject to your specific and explicit consent (Article 7 of the EU Regulation), for the following commercial and/or marketing and/or profiling purposes:

  • Sending newsletters, commercial communications and/or advertising materials by email, mail and/or SMS and/or phone contacts regarding products or services being marketed by the Data Controller and/or conducting surveys to measure your level of satisfaction about the quality of the services you requested.
  • Sending commercial and/or promotional communications of third parties (e.g. business partners) via email, mail and/or SMS and/or phone contacts.
  1. Treatment methods

Your personal data will be processed by performing the operations as set out in Article 4(2) of the EU Regulation, namely: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, blocking. Your personal data will be subject to both paper-based and electronic and/or automated processing, without prejudice, however, to the security and confidentiality of your data.

  1. Data and other information retention period

The Data Controller will process your personal data for such a period as may be necessary to pursue the purposes outlined above, with the proviso that such period will not exceed the time limit laid down by law following termination of the relationship for the purposes thereunder.

With reference to personal data being processed for marketing purposes or profiling purposes, they will be retained according to the principle of proportionality and at any rate until the purposes underlying the processing are achieved or until the specific consent is withdrawn by the data subject.

More specifically, the Data Controller will process your data for not more than 2 years since their collection for marketing purposes and one year for profiling purposes.

The personal data provided by you will be processed with “lawfulness, fairness and transparency” while protecting your confidentiality and rights.

A periodic audit will be performed on a yearly basis regarding the data being processed and the possibility of erasing them if they are no longer needed for the relevant purposes.

  1. Access to data

Your data may be accessed for the purposes as under 2(A) and (B) above:

  • By the Data Controller’s shareholders, employees and collaborators in Italy and abroad in their capacity as internal data processors and/or data processing agents and/or system administrators;
  • By third party companies or individuals who provide outsourced services on behalf of the Data Controller in their capacity as external data processors (including, but not limited to, associated firms, lawyers, data processing companies, certification authorities, accounting/tax consultants and, in general, all the authorities supervising compliance with the aforesaid purposes, credit institutions, professional firms, consultants, insurance companies for the delivery of insurance services, financial offices, Municipal Authorities and/or Offices, consultants and companies providing services for and engaging in workplace safety, who may in turn disclose your data to or allow them to be accessed by their own members, users and relevant assigns for specific market research purposes. The data collected and processed may also be disclosed, in Italy and abroad, to sub-contractors, suppliers, IT system administrators, carriers, shippers and customs agents).

For convenience, a detailed list of the above entities is available at our office.

  1. Data disclosure

Without the need for explicit consent (Article 6(b) and (c) of the EU Regulation), the Data Controller may disclose your data for the purposes as under 2(A) above to supervisory authorities, judicial authorities, insurance companies for the delivery of insurance services as well as any entity to which disclosure is required by law for the pursuit of the aforesaid purposes.

These entities will process your data in their capacity as independent data controllers.

During and after navigation, your data may be disclosed to third parties, with special reference to:

  • Twitter: Twitter social widgets and tweets are services ensuring interaction with Twitter social network provided by Twitter Inc.
  • Facebook, Inc.: Facebook social widgets are services ensuring interaction with Facebook social network provided by Facebook, Inc.
  • Semantic Sugar, Inc : AdRoll is an advertising service provided by Semantic Sugar, Inc.
  • Google: Google+ social widgets are services ensuring interaction with Google+ social network provided by Google Inc.
  • Google: AdWords Remarketing is a Remarketing and Behavioral Targeting service provided by Google Inc.
  • Facebook, Inc.: Facebook Custom Audience is a Remarketing and Behavioral Targeting service provided by Facebook Inc.
  • Facebook, Inc.: Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook Inc.
  • Google: Google Analytics is a web analysis service provided by Google Inc.
  • MixPanel Inc.: MixPanel is a statistical service provided by MixPanel Inc.
  • Awio Web Services LLC: Improvely is a statistical service provided by Awio Web Services LLC.
  • Facebook, Inc.: Facebook Ads conversion monitoring is a statistical service provided by Facebook Inc.
  • Google: Google AdWords conversion monitoring is a statistical service provided by Google Inc.
  • Google: Youtube is a video content viewing service managed by Google Inc.

Your data will not be disseminated.

  1. Transfer of data

Your personal data are stored on equipment located at the office of the Data Controller or hosted at a service provider’s facility within the European Union. It is, however, understood that the Data Controller has the power to move your data in non-UE countries as well, if necessary. In this case, the Controller hereby undertakes to ensure that any transfer of data outside of the EU will comply with applicable law provisions, subject to adopting the standard contractual clauses and audits of the European Commission.

With regard to both the personal data stored on its own equipment as well as any data stored at a provider’s facility, the Data Controller has taken appropriate technical and organisational steps to ensure a suitable level of security, in full compliance with the provisions under Article 32 of the EU Regulation.

Navigation: to the extent of the purposes outlined above, your navigation data may also be transferred to the following countries: – EU countries, – United States.

Cookie management: if you have any doubts or concerns regarding the use of cookies you may take steps at any time to prevent their installation by changing, for example, the privacy settings in your browser to block certain types of cookies.

Since browsers — and often different versions of the same browser — may differ from one another, even significantly, if you wish to change the preferences and settings of your browser yourself, you may find detailed information on how to achieve this in the Help section of your browser.

  1. Nature of the data provided and consequences arising from denial to provide the data

Providing the data for the purposes listed under 2(A) above is mandatory. Failure to do so may prevent us from delivering the services listed under 2(A).

Providing the data for the purposes listed under 2(B) above is voluntary. You may therefore decide not to provide any data or subsequently object to the processing of the data you previously provided. In this case, you will not be able to receive newsletters, commercial communications and advertising materials and/or any other material pertaining to the services delivered by the Data Controller.

You will, however, continue to be entitled to the services as under 2(A) above.

  1. Data subject rights

In your capacity as data subject, you may exercise the rights listed under Article 15 of the EU Regulation as detailed below:

  1. You have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

(a) The purpose of processing;

(b) The categories of personal data concerned;

(c) The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients of third party countries or international organisations;

(d) Where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;

(e) The existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;

(f) The right to lodge a complaint with a supervisory authority (locally known as the Garante per la protezione dei dati);

(g) Where the personal data have not been collected from the data subject, any available information on their source;

(h) The existence of automated decision-making processes, including profiling, referred to in Article 22(1) and (4) of the EU Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

  1. Where your personal data are transferred to a third party country or an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the EU Regulation relating to the transfer.
  2. The Data Controller will provide a copy of your personal data undergoing processing if you so request.

For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information will be provided in a commonly used electronic form.

  1. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Moreover, you may, where applicable, exercise the rights as under Articles 16-22 of the EU Regulation, including:

  • The right to rectification of your personal data;
  • The right to be forgotten (right to erasure);
  • The right to restriction of processing;
  • The right to data portability;
  • The right to object;
  • The right to lodge a complaint with a Supervisory Authority.

You also have the right to withdraw your consent at any time, where given, with the understanding that this will not affect the lawfulness of the processing based on the consent given prior to such withdrawal.

  1. How to exercise your rights

You may exercise your rights at any time by sending:

  • A registered letter with acknowledgement of receipt (see address on letterhead);
  • An email to f.griggio@sapiselco.com.
  1. Minors

The services provided by the Data Controller as part of the relationship with you do not involve voluntary collection of personal data regarding minors. In the event that information regarding minors is involuntarily recorded, then the Data Controller will promptly erase it upon request of the data subject.

  1. Personal data obtained from the data subject

It may happen that our company is not the Data Controller to whom you entrusted your personal data but acts as joint data controller or external data processor instead, resulting in your data being provided to us indirectly by virtue of an agreement entered into by the parties. In any such cases, our company will make its best efforts to ensure that you have been informed and have given your consent to the processing. You may contact us at any time to enquire about the source from which your data were collected.

  1. Data Controller, Data Protection Officer and Data Processing Agents

Below is some information we need to provide to you not only to ensure compliance with law requirements but also because transparency and fairness towards our customers are two cornerstones of our business.

Data Controller. The Data Controller of your personal data is Sapiselco srl with signing authority being vested in Mr Federico Griggio, who is accountable to you for the lawful and proper use of your personal data and whom you may contact for any information or enquiry by calling +39 049 644925 or sending an email to f.griggio@sapiselco.com.

DPO (Data Protection Officer). You may also reach out to the Data Protection Officer to obtain information and submit requests regarding your data or to report service disruptions or any issue you may have.

The Data Controller has appointed Mr Nicola Ghinello as Data Protection Officer who may be reached by phone at + 39 348 3165267 or email at nicola.ghinello@dpo-rpd.com.

Data Processing Agents. The updated list of data processing agents is stored at the Data Controller’s registered office.