POLICY ON THE PROTECTION OF PERSONAL DATA IN ACCORDANCE WITH EU REGULATION No. 2016/679 ("GDPR")
DATA CONTROLLER (or OWNER)
TYPE OF DATA AND PURPOSE FOR COLLECTION
Data collection and use will be performed on the following types of data:
Data is collected for the following purposes:
a. Establishment and execution of the contractual relationship
- Post-sales assistance
- Customer Management
- Quality Management
- Planning of activities
- Customer satisfaction degree survey
- Customer invoicing records
b. To comply with regulations in force
c. If necessary, to ascertain, exercise or defend the rights of the Data Controller in and outside a judicial court
d. Marketing: e.g. to send text messages and e-mails, make telephone calls and send traditional mail for promotional and commercial offers related to services / products offered by the Company or to inform of company events, as well as to carry out market studies and statistical analysis
e. Eventi aziendali, nonché realizzazione di studi di mercato e analisi statistiche
f. Profiling: analysis of preferences, habits, behaviours or interests of the customer for the purpose of sending personalised advertising information.
LEGAL BASIS FOR DATA COLLECTION AND USE
The applicable legal bases for data collection and use identified in the GDPR are:
DATA RETENTION PERIOD AND CRITERIA FOLLOWED FOR ESTABLISHING THAT PERIOD
The data retention period can be as follows:
Once the aforesaid retention period is over, the data will be destroyed, deleted or made anonymous, according to the technology means available for performing these purposes.
OBLIGATION TO PROVIDE DATA
The provision of data for the purposes described in sections a), b) and c) above is mandatory. Failure to provide data will lead to the impossibility to proceed with the contractual relationship.
DATA PROVIDED TO THIRD PARTIES
Data may be transmitted to subjects other than the Data Controller. The data may also be transmitted to subjects who process them on behalf of the Data Controller acting as Data Processors according to a legally binding agreement that ensures data protection.
Third parties that may be provided with the data, e.g.:
a. IT companies (e.g. providers of data back-up, e-mail, WEB/cloud computing, hosting, network monitoring, e-mail sending, website maintenance services, etc.)
b. consultants (e.g. for payroll services, medical services, workplay safety consultancy services, professional services, etc.)
c. police and local authorities, security patrol services, public or private entities that have the right to demand data
d. other Entities of the Company
The list of data processors is constantly updated and available at the Data Controller's headquarters.
SUBJECTS AUTHORISED TO PROCESS DATA
Data may be processed by employees based on their work duties, after being authorised and adequately instructed on data processing.
THERE IS NO DATA TRANSFER IN THIRD COUNTRIES (EXTRA EU/EEA)
RIGHTS OF THE DATA SUBJECT AND LODGING A COMPLAINT WITH A SUPERVISORY AUTHORITY
Data subjects have the following rights:
a. Right to access:
- The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling (and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject); where personal data are transferred to a third country, which are the appropriate safeguards.
- The data subject shall have the right to obtain from the data controller a copy of the personal data undergoing processing. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
b. Right to erasure in the following cases: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing; c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing; d) the personal data have been unlawfully processed; e) the personal data have to be erased to comply with a legal obligation to which the data controller is subject; f) the personal data have been collected in relation to the offer of internet-based services.
d. Right to restriction of processing when the accuracy of the personal data is contested by the data subject; when the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; when the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; when the data subject has objected to processing (pending the verification whether the legitimate grounds of the data controller override those of the data subject).
e. Right to object, on grounds relating to his or her particular situation, at any time to processing of personal data (when processing is necessary for the performance of a task carried out in the public interest or for a legitimate interest of the controller, including profiling), except for the prevalence of other public interest rights or law obligations.
f. Where personal data are processed for direct marketing purposes carried out through automated methods (e-mail, etc.), the data subject shall have the right to object to processing of personal data for such marketing, which includes profiling related to such direct marketing.
g. Right to data portability, that is the data subject shall have the right to receive his or her personal data in a structured, commonly used and machine-readable format, in case the processing is carried out by automated means. The right to data portability includes the right to have the personal data transmitted directly from one data controller to another, where technically feasible.
h. As regards the cases described in sections b), c) and d), the data controller shall inform each of the recipients to whom the personal data have been transmitted of any rectifications, deletions or restriction of data processing performed unless this proves impossible or involves a disproportionate effort.
i. For further information, please refer to the company policy regarding the processing of personal data in the workplace, available from the Data Controller.
To exercise your rights, you can contact the Data Controller in accordance with Article 28 of EU Regulation 2016/679: Sifarma Spa, Via Filippo Brunelleschi 12, 20146 Milan, Italy (in the person of the Legal Representative o by writing to the following email address: firstname.lastname@example.org). Data subjects have the right to lodge a complaint with the competent Supervisory Authority in the Member State in which they normally reside or work or the Member State where the alleged violation has occurred.
THE SOURCES WE RECEIVE PERSONAL DATA FROM
Personal data not collected from the data subject originates from:
Cookies are made up of portions of code installed within the browser that help the Data Controller deliver the service, based on the purposes described. Some of the purposes for installing Cookies could, moreover, require the consent of the user.
Cookie installation based on user content, such consent can be revoked freely at any time by following the instructions provided in this document.
Activities strictly necessary for the functioning of the service
Activity regarding the saving of preferences, optimisation, and statistics
Other types of Cookies or third parties that install Cookies
Some of the services listed below collect statistics in an anonymized and aggregated form and may not require the consent of the User or may be managed directly by the Owner - depending on how they are described - without the help of third parties.
These cookies are provided by and processed by third parties to generate specific advertising messages based on the user’s navigation preferences and interests. Such cookies do not, however, utilise user's sensitive data.
The services contained in this section enable the Data Processor to monitor and analyze web traffic and can be used to keep track of User behaviour.
HOW TO PROVIDE OR WITHDRAW CONSENT TO THE INSTALLATION OF COOKIES
In addition to what is specified in this document, the User can manage preferences for Cookies directly from within their own browser and prevent – for example – third parties from installing Cookies.
Through browser preferences, it is also possible to delete Cookies installed in the past, including the Cookies that may have saved the initial consent for the installation of Cookies by this website.
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.
Cookies can be disabled by following the instructions provided on the specific webpage made available by EDAA (European Interactive Digital Advertising Alliance
These solutions may prevent the user from using or viewing sections of the Website.
|First-party cookies||Technical - PHPSESSID||Session|
|Third-party cookies Google Analytics http://www.google.com/intl/en/analytics/privacyoverview.html||Analytics - _gid||Please see: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage|
|Third-party cookies Google Analytics http://www.google.com/intl/en/analytics/privacyoverview.html||Analytics - _ga||Please see: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage|
DEFINITIONS AND LEGAL REFERENCES
Personal Data (or Data)
Personal data is any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a person.
Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
The physical person to whom the Personal Data refer to.
Data Controller (or Owner)
The physical person or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.
Small sets of data stored in the User's device.
This privacy statement has been prepared in conformity with a number of regulations, including articles 13 and 14 of Regulation (EU) 2016/679.