Privacy Policy

(complying with art. 13 of General data protection regulation EU 2016/279 GDPR) 

Latest update: [June 2019]


Sinfo One S.p.A. with headquarters in Via Benedetta 77/A 43122 Parma (PR), VAT No. 02457000343, (hereinafter, the “Company” or “we”), in its capacity as Data Controller, hereby informs you on the procedures to collect, use and disclose your personal data through the website (hereinafter the “Website“) and the relevant services (hereinafter the “Services“), in compliance with the provisions of the legislation in force on personal data protection.

  1. What does this privacy policy refer to?

The Company is the Data Controller of the personal data (i.e. all the information regarding the natural person that is identified or identifiable, hereinafter  “data subject”) collected from you and about you through the Website and the Services, that are processed in compliance with the provisions of this Privacy Policy.

This Privacy Policy and our Cookie Policy apply to all users, including users of the Website and Services without being registered or subscribed to any specific service.

  1. What type of data do we collect?

The Company collects (1) data that you have voluntarily shared with the Company, (2) data on the activity collected when you access and interact with the Website or Services and (3) other information. Specifically, the Company collects the following personal data:

  1. Data that you voluntarily shared with the Company: we can collect your personal data (such as name, surname, e-mail address, home address, phone number, etc.) if you forward a request via the contact form available on the Website or if you want to use the Services we provide;
  2. Activity Data: when you access or interact with the Website, we can collect information on such activities. For example, to enable the connection to the Website or Services, our servers receive and register information on the computer, device and browser used by the visitor, including, potentially, the IP address, the type of browser and other information on the software and hardware. If access is made from a mobile or other type of device, the univocal identifier of the device, the geolocation data and other information on the operations carried out with that device can be detected.  Also cookies and other tracking technologies (such as browser cookies, pixel, beacon and Adobe Flash technology with cookies) can be used also to collect and store information on the use of the Website or Services, such as the pages visited, the contents displayed, the searches made and the advertisements viewed. For additional information, please refer to our Cookie Policy.
  3. Information from other sources. The information collected can be supplemented with data from other sources, for example information accessible to the public and commercially available.

If the information collected by the users or referring to them does not identify them as a specific individual (e.g. raw data, in aggregated or anonymous form), directly or indirectly, it can be used for any purpose or shared with third parties to the extent allowed by the applicable laws on data protection.

We do not collect

  • Financial data from providers of payment services: in some cases we can avail ourselves of an independent payment service to enable users to purchase a product or make payments. In these cases, the information provided is subject to the privacy provisions of the service provider concerned and not to this Privacy Policy.
  • Special categories of personal data: we expressly ask you not to send or disclose via the Website, the Services or in other ways the information belonging to special categories of personal data (such as social security numbers, information on the race or ethnic origin, political opinions, religious or other beliefs, health, criminal records or trade union membership).

Connected Services. The Services can be connected also to websites managed by non affiliated companies and may contain advertisements or offer contents, functions, games, newsletters, competitions or game shows, or applications developed and managed by non affiliated companies.  The Company is not responsible for the privacy provisions of these non affiliated companies; as a consequence, exiting from Services or clicking on the advertisements, we recommend you to check the respective privacy policies.

  1. Why do we collect personal data?

We process the personal data collected from you or about you for the following purposes:

  1. To enable you to use the Website or the Services;
  2. To assess and improve our Services and their features;
  3. To improve the user experience during browsing of the Website and use of the Services;
  4. To provide assistance to customers and answer any questions;
  5. To comply with legal obligations (including the provision of services) or to answer requests from public authorities;
  6. To protect the rights of the Company or third parties; in particular, in some cases the Company may disclose personal data in situations in which it believes in good faith that such processing is necessary: (i) to protect, assert or defend the legal, privacy, security or property rights of the Company or of its employees, agents and contractors (including the enforcement of our contracts and conditions of use); (ii) to protect the security and privacy of the users of the Website or Services and of other people; and (iii) to protect from frauds or for risk management purposes;
  7. with your voluntary consent, to send you promotional and marketing communications via automated (e-mail) and non-automated means (phone calls with operator or ordinary mail);
  8. with your voluntary consent, to understand your preferences and personal choices to always offer your favourite services;
  9. with your voluntary consent, to share your data with trusted trading partners to allow them to send you commercial messages.

If the data collected from you or about you do not identify you personally, we can use such information for additional purposes or share it with third parties.

  1. Onwhich legal basis does data processing rest?

Personal data processing for the purposes of:

  1. paragraph 3, letters from a) to d) of this Policy is necessary for the management of the Website and the provision of the Services;
  2. paragraph 3, letter e) of this Policy is mandatory pursuant to the applicable laws in force;
  3. paragraph 3, letter f) of this Policy is based on the Company’s legitimate interest, according to the cases;
  4. paragraph 3, letters g), h) and i) of this Policy is carried out based on the user’s voluntary consent and, if possible, on the Company’s legitimate interest.

These data processing purposes are not mandatory and you can oppose or withdraw consent at any time following the procedure described in paragraph 10 of this Policy.

  1. How long do we retain personal data?

The Company carries out personal data processing for a period of time that does not exceed the purposes described in paragraph 3 above. In any case the following retention periods apply:

  1. the data collected for the purposes described in paragraph 3, letters from a) to d) are retained for the period strictly necessary for the use of the Website or Services;
  2. the data collected for the purposes described in paragraph 3, letter e) are retained for ten (10) years to satisfy the requests of the data subjects and to comply with the applicable laws and rules, including regarding the Services;
  3. the data collected for the purposes described in paragraph 3, letter f) are retained for the period strictly necessary to pursue the Company’s legitimate interest;
  4. the data collected for the purposes described in paragraph 3, letters g) and h) are retained for the period strictly necessary to achieve the purposes for which they were initially collected and, in any case, for no longer than [2 years];
  5. the data collected for the purposes described in paragraph 3, letter i) are retained for the period strictly necessary to achieve the purposes for which they were initially collected and according to what established by the recipients of those data.
  1. How are personal data processed?

For the purposes described above, data are processed with electronic and manual means and are protected with appropriate security measures.  In this respect, even though the Company applies suitable administrative, technical, physical and staff-related measures to protect the data in its possession from loss, theft and use, unauthorised disclosure and alteration, it cannot guarantee that any and all possible IT risks are excluded.

  1. Who has access to personal data?

For purposes consistent with the ones described in paragraph 3 of this Policy, the Company can share personal data with the following categories of recipients located inside or outside the European Economic Space (EES) complying with the provisions of paragraph 8 below:

  1. Third service providers who are in charge of processing activities and are liable or sub-liable of the processing duly appointed if requested by the applicable laws (e.g. providers of cloud services, providers of essential services or support Services – and therefore, by way of example and not exclusively, the company providing IT services, consultants and lawyers, companies deriving from possible mergers, splits or other change);
  2. Competent national authorities complying with the applicable law;
  3. Trusted trading partners with the prior explicit consent of the data subjects.
  4. Are personal data transferred abroad?

The Data Controller may transfer the personal data of the data subjects to countries that are outside the European Economic Space.  In these cases, the Controller shall make sure that such transfer is based on one of the safeguards identified in the GDPR, including (a) the standard contract clauses drawn up by the European Commission; (b) the adequacy decisions by the European Commission dealing with the Countries where the recipients are located; (c) binding corporate rules adopted by the Company and approved by the competent authorities.

  1. People aged under 18

The Website is not addressed to people under 18 and the Company does not deliberately collect the personal data of people under age.

  1. Which rights can be exercised to protect one’s personal data?

The data subjects may exercise the following rights:

  • request access to personal data regarding them and obtain copy thereof;
  • obtain the rectification of incorrect personal data regarding them;
  • request the erasure of personal data regarding them;
  • obtain the restriction of the processing of the personal data regarding them;
  • receive the personal data regarding them in a structured format that is commonly used and readable by an automatic device to exercise the portability right;
  • oppose to the processing of personal data regarding them;
  • oppose, for reasons connected to the specific situations of the data subjects, to the processing of personal data regarding them to pursue the legitimate interest of the Data Controller or of third parties. In this case, the Data Controller shall refrain from further processing personal data, unless one can prove the existence of compulsory legitimate grounds for performing the processing that prevail over the interests, rights and freedoms of the data subjects, or for asserting, exercising or defending a right in judicial proceedings;
  • to withdraw consent at any time without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal.

The data subjects are entitled to file a claim with the Italian Data Protection Supervisor.

The data subjects can exercise their rights via a written request sent to the registered offices of Sinfo One (Via Benedetta 77/a – 43100 Parma) or sending an e-mail to


  1. Amendments and updates to this Privacy Policy

Also considering future changes that may be introduced in the applicable Privacy legislation, the Data Controller may supplement and/or update this Privacy Policy partly or totally.

It is understood that any amendment, addition or update shall be notified in compliance with the legislation in force.