According to the Article 13 of EU Regulation no. 2016/679 (Later called “GDPR”), We would like to inform you that the processing of personal data will be carried out with the appropriate methods and procedures in order to guarantee the respect for human rights and fundamental freedoms, as well as the individual dignity, with particular reference to privacy and safety, to personal identity and to the personal data protection right.
We recall that “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4 of GDPR).
1. Subject of the processing and data source
The data collected by Sefin S.p.A. refer to:
- Data collected automatically. During their normal function, computer systems and applications software spent on the website operation detect some data (whose transmission is implicit in the use of Internet Protocol) potentially associated to some identified users. In the data collected are included IP address and domain names of users’ pc, the Uniform Resource Identifier (URI), time of the request, the method used to submit the request to the server, the answer’s file size, the numeric code of the answer state (succeeded or failed state, etc.) and other parameters for the operating system, the browser, and the IT environment of the user. These data will be processed only for the purpose of obtaining statistic information on the site use, and to control the smooth functioning, for the time strictly necessary. The contribution of such data is mandatory, being directly connected to the web browsing experience.
- Data deliberately given by the user. The processing of the data you gave by filling out the collecting form shall require your expressed and unequivocal consent. Instead, the voluntary sent of e-mail to our e-mail address don’t need other notices or requests for consent.
- Cookies. The site uses technical cookies of third parties that could collect users’ surfing data. The contribution is optional and it’s given via free and informed consent. Cookies work in order to analyze the usability of the site, and to make it easier-to-use, and intuitive over time. For more information, please see the specific “cookies policy notice”.
2. Legal basis for the processing
The legal basis for the processing lies (i) in your explicit and clear consent (ex article 6.1, point A of the GDPR) and (ii) in the legitimate interest of the Controller (ex art. 6.1, point F of the GDPR).
3. Purpose of the processing
Personal data are processed with the only purpose of improving your surfing experience.
4. Methods of data processing
Personal Data you provided will be a processing subject in compliance with the abovementioned legislation and with the Controller’s duty of confidentiality. Data will be processed using both computer facilities and paper documents, quite as any other type of suitable medium, in accordance with security measures under Article 5, sub. 1 point F of the GDPR.
The data processing shall be limited to the following operations and in this way:
- Data collection from the data subject;
- Recording and processing on a computerized system;
- Archives’ organization in a mainly automated way
Personal data wont’ be circulated, but they will or could be communicated to public and private entities that operate under the purpose listed above.
5. Data retention
The surfing data collected will be processed only for the time of surfing session (“storage limitation” principle, article 5 of GDPR).
6. Access to data processing
Personal data will be made accessible, for the purpose at point 3:
- To employees / collaborators as authorized to the processing, prior to suitable appointment;
- To the third parties, in contractual relationship with the Controller.
7. Data Communication
Data will not be communicated to not-authorized third parties, or released in any way.
To this end, the processing is carried out with the use of security’s measures suitable to prevent the access to data from not-authorized third parties, and to ensure confidentiality.
Without the need of an express consent, the Controller could communicate your data – for the purpose at point 3 – to collaborators and company’s external leaders, responsible to execute the processing operations.
8. Data Transfer
Data management and conservation will be performed on server inside de EU, property of the Controller or of third parties duly appointed as Responsible of processing. Personal data won’t be transferred outside the European Union.
9. Nature of the data providing and refusal to answer’s implications
For the purpose at point 3, data providing is mandatory. Without them, it won’t be possible to browse this website.
10. Rights of the data subject
According to the GDPR provisions, the data subject shall have the following rights in respect of the Controller:
- To obtain confirmation as to whether or not data related to him or her are being processed, and where that is the case, to obtain access to the personal data (Article 15, Right of access);
- To obtain the rectification of inaccurate personal data concerning him or her without undue delay (Article 16, Right to rectification);
- To obtain the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay, if certain conditions exist (Article 17, Right to be forgotten);
- To obtain restriction of processing in certain cases (Article 18, Right to restriction of processing);
- To receive the personal data concerning him or her carried out, and to transmit that data to another Controller, without obstacles from the first controller, assuming certain cases (Article 20, Right to data portability);
- To object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him or her (Article 21, Right to object);
- To receive notice of the personal data breach suffered by the Controller without undue delay (Article 34);
- To revoke the consent given, at any time (Article 7, Conditions for consent);
Where applicable, the data subject shall have also the rights under articles 16-21 of the GDPR (Right to Rectification, Right to be forgotten, Right to restriction of processing, Right to data portability, Right to object), as well as the Right to compliant to the Guarantor Authority.
11. How to exercise your rights
You could write at any time the Controller sending an e-mail to the following address : firstname.lastname@example.org
12. The Controller
The Controller is Sefin S.p.A.
VAT number: 04919090151.
Address: 10, Viale Zara, 20124 Milan – Italy.
The list of managers and collaborators authorized to the processing is available at the place of the Controller above-mentioned.
13. Updating of this disclosure
This disclosure may be modified. Any substantial change will be transmitted to the data subject through notice or publication on Sefin website.