(complying with art. 13 of General data protection regulation EU 2016/279 GDPR)
Latest update: [June 2019]
Sinfo One S.p.A. with headquarters in Via Benedetta 77/A 43122 Parma (PR), VAT No. 02457000343, (hereinafter, the “Company” or “we”), in its capacity as Data Controller, hereby informs you on the procedures to collect, use and disclose your personal data through the website www.sinfo-one.it (hereinafter the “Website“) and the relevant services (hereinafter the “Services“), in compliance with the provisions of the legislation in force on personal data protection.
The Company collects (1) data that you have voluntarily shared with the Company, (2) data on the activity collected when you access and interact with the Website or Services and (3) other information. Specifically, the Company collects the following personal data:
- Data that you voluntarily shared with the Company: we can collect your personal data (such as name, surname, e-mail address, home address, phone number, etc.) if you forward a request via the contact form available on the Website or if you want to use the Services we provide;
- Information from other sources. The information collected can be supplemented with data from other sources, for example information accessible to the public and commercially available.
If the information collected by the users or referring to them does not identify them as a specific individual (e.g. raw data, in aggregated or anonymous form), directly or indirectly, it can be used for any purpose or shared with third parties to the extent allowed by the applicable laws on data protection.
We do not collect
- Special categories of personal data: we expressly ask you not to send or disclose via the Website, the Services or in other ways the information belonging to special categories of personal data (such as social security numbers, information on the race or ethnic origin, political opinions, religious or other beliefs, health, criminal records or trade union membership).
Connected Services. The Services can be connected also to websites managed by non affiliated companies and may contain advertisements or offer contents, functions, games, newsletters, competitions or game shows, or applications developed and managed by non affiliated companies. The Company is not responsible for the privacy provisions of these non affiliated companies; as a consequence, exiting from Services or clicking on the advertisements, we recommend you to check the respective privacy policies.
We process the personal data collected from you or about you for the following purposes:
- To enable you to use the Website or the Services;
- To assess and improve our Services and their features;
- To improve the user experience during browsing of the Website and use of the Services;
- To provide assistance to customers and answer any questions;
- To comply with legal obligations (including the provision of services) or to answer requests from public authorities;
- To protect the rights of the Company or third parties; in particular, in some cases the Company may disclose personal data in situations in which it believes in good faith that such processing is necessary: (i) to protect, assert or defend the legal, privacy, security or property rights of the Company or of its employees, agents and contractors (including the enforcement of our contracts and conditions of use); (ii) to protect the security and privacy of the users of the Website or Services and of other people; and (iii) to protect from frauds or for risk management purposes;
- with your voluntary consent, to send you promotional and marketing communications via automated (e-mail) and non-automated means (phone calls with operator or ordinary mail);
- with your voluntary consent, to understand your preferences and personal choices to always offer your favourite services;
- with your voluntary consent, to share your data with trusted trading partners to allow them to send you commercial messages.
If the data collected from you or about you do not identify you personally, we can use such information for additional purposes or share it with third parties.
Personal data processing for the purposes of:
- paragraph 3, letters from a) to d) of this Policy is necessary for the management of the Website and the provision of the Services;
- paragraph 3, letter e) of this Policy is mandatory pursuant to the applicable laws in force;
- paragraph 3, letter f) of this Policy is based on the Company’s legitimate interest, according to the cases;
- paragraph 3, letters g), h) and i) of this Policy is carried out based on the user’s voluntary consent and, if possible, on the Company’s legitimate interest.
These data processing purposes are not mandatory and you can oppose or withdraw consent at any time following the procedure described in paragraph 10 of this Policy.
The Company carries out personal data processing for a period of time that does not exceed the purposes described in paragraph 3 above. In any case the following retention periods apply:
- the data collected for the purposes described in paragraph 3, letters from a) to d) are retained for the period strictly necessary for the use of the Website or Services;
- the data collected for the purposes described in paragraph 3, letter e) are retained for ten (10) years to satisfy the requests of the data subjects and to comply with the applicable laws and rules, including regarding the Services;
- the data collected for the purposes described in paragraph 3, letter f) are retained for the period strictly necessary to pursue the Company’s legitimate interest;
- the data collected for the purposes described in paragraph 3, letters g) and h) are retained for the period strictly necessary to achieve the purposes for which they were initially collected and, in any case, for no longer than [2 years];
- the data collected for the purposes described in paragraph 3, letter i) are retained for the period strictly necessary to achieve the purposes for which they were initially collected and according to what established by the recipients of those data.
For the purposes described above, data are processed with electronic and manual means and are protected with appropriate security measures. In this respect, even though the Company applies suitable administrative, technical, physical and staff-related measures to protect the data in its possession from loss, theft and use, unauthorised disclosure and alteration, it cannot guarantee that any and all possible IT risks are excluded.
For purposes consistent with the ones described in paragraph 3 of this Policy, the Company can share personal data with the following categories of recipients located inside or outside the European Economic Space (EES) complying with the provisions of paragraph 8 below:
- Third service providers who are in charge of processing activities and are liable or sub-liable of the processing duly appointed if requested by the applicable laws (e.g. providers of cloud services, providers of essential services or support Services – and therefore, by way of example and not exclusively, the company providing IT services, consultants and lawyers, companies deriving from possible mergers, splits or other change);
- Competent national authorities complying with the applicable law;
- Trusted trading partners with the prior explicit consent of the data subjects.
- Are personal data transferred abroad?
The Data Controller may transfer the personal data of the data subjects to countries that are outside the European Economic Space. In these cases, the Controller shall make sure that such transfer is based on one of the safeguards identified in the GDPR, including (a) the standard contract clauses drawn up by the European Commission; (b) the adequacy decisions by the European Commission dealing with the Countries where the recipients are located; (c) binding corporate rules adopted by the Company and approved by the competent authorities.
The Website is not addressed to people under 18 and the Company does not deliberately collect the personal data of people under age.
The data subjects may exercise the following rights:
- request access to personal data regarding them and obtain copy thereof;
- obtain the rectification of incorrect personal data regarding them;
- request the erasure of personal data regarding them;
- obtain the restriction of the processing of the personal data regarding them;
- receive the personal data regarding them in a structured format that is commonly used and readable by an automatic device to exercise the portability right;
- oppose to the processing of personal data regarding them;
- oppose, for reasons connected to the specific situations of the data subjects, to the processing of personal data regarding them to pursue the legitimate interest of the Data Controller or of third parties. In this case, the Data Controller shall refrain from further processing personal data, unless one can prove the existence of compulsory legitimate grounds for performing the processing that prevail over the interests, rights and freedoms of the data subjects, or for asserting, exercising or defending a right in judicial proceedings;
- to withdraw consent at any time without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal.
The data subjects are entitled to file a claim with the Italian Data Protection Supervisor.
The data subjects can exercise their rights via a written request sent to the registered offices of Sinfo One (Via Benedetta 77/a – 43100 Parma) or sending an e-mail to firstname.lastname@example.org.
It is understood that any amendment, addition or update shall be notified in compliance with the legislation in force.