PRIVACY POLICY CUSTOMERS

Privacy Policy Customers

PRIVACY POLICY PURSUANT TO ARTICLE 13 of the GENERAL DATA PROTECTION REGULATION (EU) 2016/679 (GDPR) European regulation on personal data protection)

Dear Customer, this information is provided to individual customers (natural persons) and to natural persons operating in the name of and on behalf of corporate customers (legal persons), pursuant to art.13 General Data Protection Regulation (EU) 2016/679 (GDPR) (European regulation on personal data protection).

 

1) THE DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS

The data controller is Sipol S.p.A. – Via Leonardo Da Vinci, 5 – 27036 Mortara (PV) – VAT NO. 01842120188| C.F. 01669490037 – Tel. +39 0384 295237 - privacy@sipol.com.

 

2) THE PURPOSES OF AND LEGAL BASIS FOR THE DATA PROCESSING

a. The processing is necessary for the performance of a contract to which the data subject is party (art. 6 para. 1 point b GDPR)

The processing of your data is necessary in order to meet obligations arising from a contract/assignment to which you are party, or to comply, before and after the execution of the contract, with your specific requests. For such purposes, your prior consent to the processing of your data is not required, as the need to perform a contract to which you are party, or to comply with your specific requests, constitutes the legal basis legitimating the data processing.

b. For the purposes of the legitimate interests pursued by the data controller (art. 6 para. 1 point f GDPR)

We will process your data also beyond the extent necessary for the performance of the contract should this be necessary in order to safeguard our legitimate interests or those of third parties. In such cases, your prior consent is not required.

c. To comply with a legal obligation (art. 6 para. 1 point c GDPR)

When the processing of your data is necessary for purposes connected with legal obligations imposed by laws, rules, regulations and provisions issued by the authorities, your prior consent to the processing of your data is not required, as, in such cases, the need to have the said personal data at our disposal in order to meet a legal obligation to which the data controller is subject constitutes the legal basis legitimating the data processing.

 

3) METHODS OF PROCESSING

Your data will be processed using paper and electronic methods. Please be assured that we have implemented all measures deemed necessary and/or appropriate in order to maintain the integrity of the data, and to prevent their loss, even accidental, as well as unauthorised access to and use of the same.

 

4) RECIPIENTS OF PERSONAL DATA

Your personal data will not be disseminated, only communicated to specific subjects. On the basis of their roles and qualifications, internal and external staff members are entitled to process the data within the limits of their competences and in accordance with the instructions given them by the data controller.  The same data may also be communicated to parties entitled to access them pursuant to legal provisions, rules and regulations, to mail delivery companies, banks and credit institutions, debt collection companies, law firms, insurance companies, IT support companies, professional studios/companies providing accounting services, fiscal and tax services, freelance/casual collaborators, agents and bodies/companies appointed by and/or in a collaboration relationship with the undersigned.

 

5) DATA TRANSFER

Your personal data will be managed and stored on servers located within the European Union and will not be transferred outside the European Union. It is nevertheless understood that the data controller retains the right, if necessary, to choose to use servers located in other locations in Italy and/or the European Union and/or non-EU countries, and/or to use cloud services. In such cases, the data controller guarantees, as of now, that any data transfer outside the EU will take place in compliance with the applicable legal provisions, if necessary through the stipulation of agreements designed to  guarantee an adequate level of protection and/or through adoption of the standard contractual clauses envisaged by the European Commission.

 

6) DATA STORAGE

The data controller keeps and processes personal data for the time strictly necessary to fulfil the purposes indicated, or for the period imposed by applicable civil and tax laws.

 

7) THE RIGHTS OF THE DATA SUBJECT

Pursuant to the following articles of Regulation (EU) 2016/679 (GDPR):15. Right of access, 16. Right to rectification, 17. Right to erasure, 18. Right to restriction of processing, 20. Right to data portability, 21. Right to object, data subjects may exercise their rights by writing to the data controller at the address given above or by sending an e-mail to: privacy@sipol.com. In accordance with article 7 of Regulation (EU) 2016/679 (GDPR), the data subject can, at any time, withdraw the consent given. The data subject has the right to lodge a complaint with the supervisory authority in the member state of his or her habitual residence.

 

8) PROVISION OF DATA

Where provision of your  complete personal data is mandatory in order to comply with legal requirements, rules and regulations, and thus determines our ability to meet, correctly and effectively, our contractual obligations, your possible refusal to provide the said data will make it impossible for us to fulfil the contractual obligations undertaken towards you; instead, provision of consent allowing us to send you newsletters and advertising material and carry out promotional activities, is optional.

 

9) AUTOMATED DECISION-MAKING PROCESSES

The data controller does not process data using methods involving automated decision-making processes.