PRIVACY POLICY PURSUANT TO ARTICLE 13 and 14 of the GENERAL DATA PROTECTION REGULATION (EU) 2016/679 (GDPR) (European regulation on personal data protection)
Dear Customer, this information is provided to individual customers (natural persons) and to natural persons operating in the name of and on behalf of corporate customers (legal persons), pursuant to art.13 and art.14 General Data Protection Regulation (EU) 2016/679 (GDPR) (European regulation on personal data protection).
1) THE DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS: The data controller is Sipol S.p.A. – Via Leonardo Da Vinci, 5 – 27036 Mortara (PV) – VAT NO. 01842120188| C.F. 01669490037 – Tel. +39 0384 295237 – privacy@sipol.com.
2) DATA AND SOURCE OF PERSONAL DATA: The Data Controller processes all personal data relating to legal persons (not governed by the GDPR) as well as common personal data, identification, economic, financial and any payment data obtained directly from the interested party and / or acquired from external companies for the purpose of collecting commercial information (including, for example, information on management).
3) THE PURPOSES OF AND LEGAL BASIS FOR THE DATA PROCESSING:
a. The processing is necessary for the performance of a contract to which the data subject is party (art. 6 par. 1 point b GDPR)
The processing of your data is necessary in order to meet obligations arising from a contract/assignment to which you are party, or to comply, before and after the execution of the contract, with your specific requests. For such purposes, your prior consent to the processing of your data is not required, as the need to perform a contract to which you are party, or to comply with your specific requests, constitutes the legal basis legitimating the data processing.
b. For purposes of legitimate interests pursued by the data controller (art.6 par.1 point f GDPR)
If necessary, data may even be processed beyond mere contractual fulfillment in order to safeguard our legitimate interests or those of third parties such as the assertion of legal claims and defense in the event of disputes, the identification of means of defense against disputes for the protection of company assets in relation to direct or indirect damages that could derive from complaints / disputes, solvency verification and management of access to our headquarters. Prior consent is not required for such purposes.
c. To comply with a legal obligation (art. 6 par. 1 point c GDPR)
When the processing of your data is necessary for purposes connected with legal obligations imposed by laws, rules, regulations and provisions issued by the authorities, your prior consent to the processing of your data is not required, as, in such cases, the need to have the said personal data at our disposal in order to meet a legal obligation to which the data controller is subject constitutes the legal basis legitimating the data processing.
4) METHODS OF PROCESSING
Your data will be processed using paper and electronic methods. Please be assured that we have implemented all measures deemed necessary and/or appropriate in order to maintain the integrity, confidentiality and availability of the data,
5) RECIPIENTS OF PERSONAL DATA
Your personal data will not be disseminated, only communicated to specific subjects. On the basis of their roles and qualifications, internal and external staff members are entitled to process the data within the limits of their competences and in accordance with the instructions given them by the data controller. The same data may also be communicated to parties entitled to access them pursuant to legal provisions, rules and regulations, to mail delivery companies, banks and credit institutions, debt/commercial information collection companies, law firms, insurance companies, IT support companies, professional studios/companies providing accounting services, fiscal and tax services, freelance/casual collaborators, consultants, agents and bodies/companies appointed by and/or in a collaboration relationship with the undersigned.
6) DATA TRANSFER
Your personal data will be managed and stored on servers located within the European Union and will not be transferred outside the European Union. It is nevertheless understood that the data controller retains the right, if necessary, to choose to use servers located in other locations in Italy and/or the European Union and/or non-EU countries, and/or to use cloud services. In such cases, the data controller guarantees, as of now, that any data transfer outside the EU will take place in compliance with the applicable legal provisions, if necessary through the stipulation of agreements designed to guarantee an adequate level of protection and/or through adoption of the standard contractual clauses envisaged by the European Commission.
7) DATA STORAGE
The data controller keeps and processes personal data for the time strictly necessary to fulfil the purposes indicated, or for the period imposed by applicable civil and tax laws.
8) THE RIGHTS OF THE DATA SUBJECT
Pursuant to the following articles of Regulation (EU) 2016/679 (GDPR):15. Right of access, 16. Right to rectification, 17. Right to erasure, 18. Right to restriction of processing, 20. Right to data portability, 21. Right to object, data subjects may exercise their rights by writing to the data controller at the address given above or by sending an e-mail to: privacy@sipol.com. In accordance with article 7 of GDPR 2016/679, the data subject can, at any time, withdraw the consent given. The data subject has the right to lodge a complaint with the supervisory authority in the member state of his or her habitual residence.
9) PROVISION OF DATA
Where provision of your complete personal data is mandatory in order to comply with legal requirements, rules and regulations, and thus determines our ability to meet, correctly and effectively, our contractual obligations, your possible refusal to provide the said data will make it impossible for us to fulfil the contractual obligations undertaken towards you; instead, provision of consent allowing us to send you newsletters and advertising material and carry out promotional activities, is optional.
10) AUTOMATED DECISION-MAKING PROCESSES
The data controller does not process data using methods involving automated decision-making processes.