Information on the processing of personal data of Customers
Version 1.2 dated 21/09/2022 (third issue)
Holder of the
Treatment
Pursuant to Art. 4 of the GDPR:
Sineglossa ETS
Via Marconi, 41, 60125 Ancona (AN)
Tel. and fax: +39 071.2412416
E-mail: info@sineglossa.it
P. VAT: 02413030426
Pursuant to Articles 13 of Regulation 2016/679/EU (hereinafter “GDPR”), Sineglossa (hereinafter “Data Controller”), in its capacity as “Data Controller”, informs you that your personal data – collected for the purpose of the conclusion of the contract with the Customer and/or as part of the execution and/or stipulation of the same – will be processed in compliance with the aforementioned regulations, in order to guarantee the rights, fundamental freedoms, and dignity of natural persons, with particular reference to confidentiality and personal identity.
We inform you that if the activities provided involve the processing of personal data of third parties in its ownership, it will be our responsibility to ensure that we have complied with the provisions of the regulations with respect to the Data Subjects in order to make their processing by us legitimate.
1.
Origin, purpose, legal basis and nature of data processed
The processing of your personal data, directly provided by you, is carried out by SINEGLOSSA for the purpose of the conclusion of the contract with the Customer and/or as part of the execution and/or conclusion of the same. Likewise, the occurrence of processing of personal data of third parties disclosed by the Client to the Company is possible. With respect to this assumption, the Client stands as an autonomous data controller and assumes the resulting legal obligations and responsibilities, holding the Company harmless
with respect to any dispute, claim, and/or demand for damages from processing that may be received by the Company from interested third parties.
In compliance with applicable data protection regulations and without the need for specific consent from the Data Subject, Data will be stored, collected and processed by the Company for the following purposes:
a. fulfillment of contractual obligations, execution and/or conclusion of the contract with the Client and/or management of any pre-contractual measures;
b. fulfillment of any regulatory obligations, tax and fiscal provisions arising from the conduct of business activities and obligations related to administrative-accounting activities;
c. Sending newsletters and communications with direct marketing purposes through email, sms, mms, push notifications, fax, paper mail, operator phone;
d. Disclosure and dissemination of personal data for marketing purposes;
The legal bases of processing for the purposes (a) and (b) above are Articles 6.1(b) and 6.1(c) of the Regulations.
The provision of Data for the above purposes is optional, but failure to provide it and refusal to provide it would make it impossible for the Company to execute and/or enter into the contract and provide the services requested by the same.
The legal basis for the processing of personal data for purposes (c) is Art. 6.1(a) of the GDPR as the treatments are based on consent; it should be noted that the Data Controller may collect a single consent for the marketing purposes described herein, pursuant to the General Provision of the Guarantor for the Protection of Personal Data “Guidelines on Promotional Activities and Countering Spam” of July 4, 2013. The provision of consent to the use of data for marketing purposes is optional and should, the data subject wish to object to the processing of Data for marketing purposes performed by the means indicated herein, as well as to revoke the consent given; he/she may do so at any time without any consequences (except for the fact that he/she will no longer receive marketing communications) by following the directions found in the “Rights of the Data Subject” section of this Notice.
For the purposes mentioned in point d, the Company informs that the data may also be disclosed to third party business partners. Consent to Processing for Marketing Purposes by the Data Controller Company-where given by the data subject-does not also cover the different and further marketing processing represented by the communication of data to third parties for the same purposes. In order to proceed with such external communication (currently not carried out by the Company, but possible in the future), an additional, separate, additional, documented, express and entirely optional informed consent is required, valid until revoked.
Finally, it should be noted that for processing carried out for the purpose of sending its own advertising material or direct sales or for carrying out its own market research or commercial communications in relation to products or services similar to those used by the Customer, the Company may use e-mail or personal addresses pursuant to and within the limits permitted by Art. 130(4) of the Code and the June 19, 2008 order of the Data Protection Authority even in the absence of explicit consent. The legal basis for processing data for this purpose is Art. 6(1)(f) of the GDPR, without prejudice to the possibility of objecting to such processing at any time by following the instructions in the “Rights of the Data Subject” section of this Notice.
2.
Communication
The data may be communicated to third parties appointed as data processors under Article 28 of the GDPR and in particular to banking institutions, companies active in the insurance field, service providers strictly necessary for the performance of business activities, or consultants of the company, where this proves necessary for fiscal, administrative, contractual reasons or for needs protected by current regulations.
Your personal data, or the personal data of third parties in your ownership, may also be communicated to external companies, identified from time to time, to which SINEGLOSSA entrusts the performance of obligations arising from the assignment received to which will be transmitted only the data necessary for the activities requested of them. All employees, consultants, interims, and/or any other “natural person” who carry out their activities based on the instructions received from SINEGLOSSA, pursuant to Art. 29 of the GDPR, are appointed “Data Processors” (hereinafter also referred to as “Data Processors”). SINEGLOSSA shall give appropriate operating instructions to the appointees or managers, if any, with particular reference to the adoption of and compliance with security measures, in order to be able to guarantee the confidentiality and security of the data. Precisely with reference to data protection aspects, the Client is invited, pursuant to Art. 33 of the GDPR to report to SINEGLOSSA any circumstances or events from which a potential “personal data breach (data breach)” may result in order to allow for an immediate assessment and the adoption of any actions to counter such an event by sending a communication to SINEGLOSSA at the contact details below.
The Data will not be disseminated. This is without prejudice to SINEGLOSSA’s obligation to communicate the data to public authorities upon specific request
3.
Transfer
abroad
Transfer abroad of your personal data may take place if it is necessary for the management of the assignment received. The equivalent levels of protection adopted for the processing of personal data of its employees will be required for the processing of information and data that may be disclosed to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be disclosed, and the regulatory tools provided by Chapter V of the GDPR will be applied.
4.
Modalities, logics
of the treatment and
timing of
preservation
Your data are collected and recorded lawfully and fairly for the above purposes in accordance with the principles and requirements of Art. 5 c 1 of the GDPR.
The processing of personal data is carried out by means of manual, computerized and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure their security and confidentiality.
Personal Data will be processed by SINEGLOSSA throughout the duration of the assignment and also thereafter to enforce or protect its rights or for administrative purposes and/or to execute obligations arising from the applicable pro tempore regulatory and legislative framework and in compliance with specific legal obligations on data retention.
5.
Rights
of the Interested Party
In accordance with, within the limits and under the conditions provided for by the data protection regulations regarding the exercise of the rights of the Data Subjects with regard to the processing operations covered by this Information Notice, as a Data Subject you have the right to request confirmation as to whether or not any processing of your personal data is taking place, access to the personal data concerning you and in relation to them you have the right to request their rectification, cancellation notification of rectification and cancellation to those to whom the data may have been transmitted by our Organization, restriction of processing in the cases provided for by the norm, portability of personal data – provided by you – in the cases indicated by the norm, to object to the processing of your data and, specifically, you have the right to object to decisions concerning you if they are based solely on automated processing of your data, including profiling. In the event that you believe that the processing operations concerning you violate the rules of the GDPR, you have the right to file a complaint with the Guarantor pursuant to Art. 77 of the GDPR. If you wish to request further information about the processing of your personal data or for the possible exercise of your rights, you may contact SINEGLOSSA in writing