Privacy Policy
Privacy Policy
(complying with art. 13 of General data protection regulation EU 2016/279 GDPR)
Latest update: [June 2019]
Introduction Sinfo One S.p.A. with headquarters in Via Benedetta 77/A 43122 Parma (PR), VAT No. 02457000343, (hereinafter, the “Company” or “we”), in its capacity as Data Controller, hereby informs you on the procedures to collect, use and disclose your personal data through the website www.sinfo-one.it (hereinafter the "Website") and the relevant services (hereinafter the "Services"), in compliance with the provisions of the legislation in force on personal data protection. The Company is the Data Controller of the personal data (i.e. all the information regarding the natural person that is identified or identifiable, hereinafter “data subject”) collected from you and about you through the Website and the Services, that are processed in compliance with the provisions of this Privacy Policy. This Privacy Policy and our Cookie Policy apply to all users, including users of the Website and Services without being registered or subscribed to any specific service. The Company collects (1) data that you have voluntarily shared with the Company, (2) data on the activity collected when you access and interact with the Website or Services and (3) other information. Specifically, the Company collects the following personal data:- Data that you voluntarily shared with the Company: we can collect your personal data (such as name, surname, e-mail address, home address, phone number, etc.) if you forward a request via the contact form available on the Website or if you want to use the Services we provide;
- Activity Data: when you access or interact with the Website, we can collect information on such activities. For example, to enable the connection to the Website or Services, our servers receive and register information on the computer, device and browser used by the visitor, including, potentially, the IP address, the type of browser and other information on the software and hardware. If access is made from a mobile or other type of device, the univocal identifier of the device, the geolocation data and other information on the operations carried out with that device can be detected. Also cookies and other tracking technologies (such as browser cookies, pixel, beacon and Adobe Flash technology with cookies) can be used also to collect and store information on the use of the Website or Services, such as the pages visited, the contents displayed, the searches made and the advertisements viewed. For additional information, please refer to our Cookie Policy.
- Information from other sources. The information collected can be supplemented with data from other sources, for example information accessible to the public and commercially available.
- Financial data from providers of payment services: in some cases we can avail ourselves of an independent payment service to enable users to purchase a product or make payments. In these cases, the information provided is subject to the privacy provisions of the service provider concerned and not to this Privacy Policy.
- Special categories of personal data: we expressly ask you not to send or disclose via the Website, the Services or in other ways the information belonging to special categories of personal data (such as social security numbers, information on the race or ethnic origin, political opinions, religious or other beliefs, health, criminal records or trade union membership).
- To enable you to use the Website or the Services;
- To assess and improve our Services and their features;
- To improve the user experience during browsing of the Website and use of the Services;
- To provide assistance to customers and answer any questions;
- To comply with legal obligations (including the provision of services) or to answer requests from public authorities;
- To protect the rights of the Company or third parties; in particular, in some cases the Company may disclose personal data in situations in which it believes in good faith that such processing is necessary: (i) to protect, assert or defend the legal, privacy, security or property rights of the Company or of its employees, agents and contractors (including the enforcement of our contracts and conditions of use); (ii) to protect the security and privacy of the users of the Website or Services and of other people; and (iii) to protect from frauds or for risk management purposes;
- with your voluntary consent, to send you promotional and marketing communications via automated (e-mail) and non-automated means (phone calls with operator or ordinary mail);
- with your voluntary consent, to understand your preferences and personal choices to always offer your favourite services;
- with your voluntary consent, to share your data with trusted trading partners to allow them to send you commercial messages.
- paragraph 3, letters from a) to d) of this Policy is necessary for the management of the Website and the provision of the Services;
- paragraph 3, letter e) of this Policy is mandatory pursuant to the applicable laws in force;
- paragraph 3, letter f) of this Policy is based on the Company’s legitimate interest, according to the cases;
- paragraph 3, letters g), h) and i) of this Policy is carried out based on the user’s voluntary consent and, if possible, on the Company’s legitimate interest.
- the data collected for the purposes described in paragraph 3, letters from a) to d) are retained for the period strictly necessary for the use of the Website or Services;
- the data collected for the purposes described in paragraph 3, letter e) are retained for ten (10) years to satisfy the requests of the data subjects and to comply with the applicable laws and rules, including regarding the Services;
- the data collected for the purposes described in paragraph 3, letter f) are retained for the period strictly necessary to pursue the Company’s legitimate interest;
- the data collected for the purposes described in paragraph 3, letters g) and h) are retained for the period strictly necessary to achieve the purposes for which they were initially collected and, in any case, for no longer than [2 years];
- the data collected for the purposes described in paragraph 3, letter i) are retained for the period strictly necessary to achieve the purposes for which they were initially collected and according to what established by the recipients of those data.
- Third service providers who are in charge of processing activities and are liable or sub-liable of the processing duly appointed if requested by the applicable laws (e.g. providers of cloud services, providers of essential services or support Services - and therefore, by way of example and not exclusively, the company providing IT services, consultants and lawyers, companies deriving from possible mergers, splits or other change);
- Competent national authorities complying with the applicable law;
- Trusted trading partners with the prior explicit consent of the data subjects.
- Are personal data transferred abroad?
- request access to personal data regarding them and obtain copy thereof;
- obtain the rectification of incorrect personal data regarding them;
- request the erasure of personal data regarding them;
- obtain the restriction of the processing of the personal data regarding them;
- receive the personal data regarding them in a structured format that is commonly used and readable by an automatic device to exercise the portability right;
- oppose to the processing of personal data regarding them;
- oppose, for reasons connected to the specific situations of the data subjects, to the processing of personal data regarding them to pursue the legitimate interest of the Data Controller or of third parties. In this case, the Data Controller shall refrain from further processing personal data, unless one can prove the existence of compulsory legitimate grounds for performing the processing that prevail over the interests, rights and freedoms of the data subjects, or for asserting, exercising or defending a right in judicial proceedings;
- to withdraw consent at any time without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal.
- Amendments and updates to this Privacy Policy