Pursuant to Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, and pursuant to art. 13 of the EU Regulation n. 679/2016 («GDPR»).
|DATA CONTROLLER||Sitael S.p.A.
Via San Sabino n. 21
Mola di Bari, 70042 Italy
+39 080 53 21 796
|DATA PROTECTION OFFICER «DPO»||+39 080 53 21 796
|PERSONAL DATA PROCESSED|
|1. Processed personal data for Site functional purposes
During their normal operation, computer systems and procedures involved in the functioning of www.sitael.com website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected with the aim of identifying users: however, this information could allow user identification through processing and association with data held by Sitael or third parties because of its nature.
This category of data includes also IP addresses or computers’ and terminals’ domain names used by data subjects connecting to the site, requested resources’ addresses in URI / URL notation, requested time, method used in submitting the request to the server, file size obtained in response and other parameters relating to the operating system and user’sbject’s computer environment.
2. Personal data provided by the data subject
The optional, explicit and voluntary transmission of personal data – as requested by various sections of this site – is aimed at processing the data subject’s requests (for example, filling in the newsletter subscription or sending requests to the e-mail addresses present there) and implicate the sender’s personal data acquisition necessary to respond, as well as all the data included in the communications.
Specific information will be reported in the Website pages prepared for the services on request, in such a way to draw the data subjects’ attention to their personal data processing.
|PURPOSE OF PROCESSING||LEGAL BASIS FOR PROCESSING||DATA RETENTION PERIOD|
|Functioning of the website
Personal data collected during navigation are used to obtain anonymous and statistical information on the website use and to check its correct functioning.
|Processing brought about for this purpose is based on a legitimate interest of the Data Controller in the correct website management.||For the period for which this is strctly necessary in order to obtain valid statistical information and effectively check the website correct functioning.|
|Commercial and informative communications transfer
Personal data provided directly by the data subject are used in order to process the data subject’s requests (e.g. Newsletter or contact request).
|Processing brought about for this purpose is carried out with the specific consent provided by the data subject.
|Until the data subject has revoked the consent given.|
Data provided directly by the data subject are used in order to prepare and execute contracts with data subjects.
|Processing used for this purpose is based on the execution of a contract to which the data subject is a party.||10 years from the contract termination.
|NATURE OF THE PROVISION OF THE DATA|
|With the exception of navigation data, which are necessary to implement IT and electronic protocols, personal data provision by data subjects is free and optional. However, failure to provide the personal data themselves will make it impossible to proceed with requests forwarded or those the data subject intends to forward.|
|We inform you that your data may be made accessible for the aforementioned purposes at:
• Data Controller’s employees and collaborators, expressly instructed and authorized for processing;
• Data Processors identified through a specific agreement;
• Service providers who carry out outsourced activities on behalf of the Data Controller (e.g. Website management, Newsletter sending management), in the capacity of Data Processors, within the limits of the purposes indicated in this statement.
The Data Processors list can be requested through a specific request to our DPO.
|METHOD OF PROCESSING|
|Personal data processing provided by the data subject is accomplished by means of the operations indicated in art. 4, n. 2) of the GDPR, by personnel expressly authorized to process it and appropriately instructed in order to guarantee the data processed confidentiality and to avoid the loss, destruction, unauthorized access or unauthorized processing of the same data, as well as from the units to which they belong within their competence.
Data provided will be collected using suitable electronic and/or paper instruments, with logics strictly related to the same purposes and, in any case, capable of guaranteeing their security, secrecy and confidentiality.
| The aforementioned data are stored mainly on servers located within the European Union. However, data provided for sending communications for purposes of marketing (e.g. “Newsletter”) are stored on servers located in non-EU countries at the following companies:
• MailChimp – the Rocket Science Group, LLC, 512 Means St., Suite 404, Atlanta, Georgia 30318 – which guarantees its compliance to the Privacy Shield.
We guarantee that the extra-EU data transfer takes place in compliance with the applicable legal provisions and that your data will never be used directly by MailChimp or sold by them to third parties.
|LINK AD OTHER WEBSITES|
|From this website, it is possible to connect, via specific links, to other websites belonging to third parties. The Data Controller declines any responsibility regarding the possible request and/or release of personal data to third party sites.|
|DATA SUBJECT RIGHTS|
|In the spirit of absolute transparency and correctness with which Sitael S.p.A. intends to manage the topic, we assure you our complete availability for any necessary clarification and our collaboration for the appropriate fulfilments.
We inform you that the Regulation gives data subjects the opportunity to exercise specific rights.
In the capacity of data subject, you have the right to obtain confirmation from the Data Controller that your personal data is being processed. In this case, pursuant to art. 15 of the GDPR, data subject will be entitled to obtain access to its personal data and to verify the purposes and methods of processing. You may also exercise your rights to update, rectify, integrate, oppose, limit, and erase your personal data.
Furthermore, the data subject can deactivate and cancel the subscription to the Newsletter service by clicking on the deactivation link in the Newsletter received.
According to the art. 7 of the GDPR, the data subject has the right to withdraw, where applicable, the consent given.
In order to exercise these rights, please write to Sitael to the attention of the Data Protection Officer, domiciled for the office at the Company’s headquarters or contact us at the email email@example.com
Data subjects who believe that their personal data processing is in violation of the GDPR’s provisions have the right both to lodge a complaint with the Privacy Authority, as provided by art. 77 of the Regulation, and to commence legal proceedings according to art. 79 of the Regulation.
|Any entry into force of new regulations in this field, as well as the constant updating of data subject services, could lead to the need to modify methods and terms described in this policy. We therefore invite you to consult this page periodically.|