PRIVACY POLICY PURSUANT TO ART. 13 OF THE EU REGULATION 2016/679

The purpose of this Privacy Policy is to describe how the website www.sydema.it works, with reference to the processing of personal data of visitors who visit it.

Sydema s.r.l. ensures compliance with the legislation on the protection of personal data (D. Lgs 196/03 and Reg. 2016/679/EU). Visitors are invited to read this Privacy Policy carefully before submitting any kind of personal information and/ or fill in any electronic form on the site.

1.Data Processing Owner

Sydema s.r.l., with registered office in Via Merano 16/A, Milano (MI), 20127, Tel. 02 28179.1 PEC address: sydema_srl@pec.it, is the Data Controller. Sites of partner companies that from time to time participate in data processing activities in an autonomous manner may assume the role of independent data controllers.

2.Object of the Treatment

In general, the visitor can access the website without having to provide personal data.

The description of each tretament is given below:

1) Navigation data

The computer systems and software procedures used to operate this site acquire, in normal operation, some personal data that are then transmitted implicitly in the use of Internet communication protocols. This is information that by its nature could, through associations and processing with data held by third parties, allow to identify visitors (e.g. IP addresses, names of computer domains used by visitors who connect to the site, etc.). This data is only used to check the proper functioning of the site. No data deriving from the web service will be communicated or disseminated.

2) Data provided voluntarily by visitors

If visitors, by connecting to this site, send their personal data to access certain services, that is, to make e-mail requests, they are aware that this involves the acquisition by the Owner of the sender’s address and/or other personal data that will be processed to respond to the request, that is, for the provision of the service.

The personal data provided by visitors will be communicated to third parties only if the communication is necessary to comply with the requests of the visitors themselves or by legal obligation.

3) Cookies

Data deriving from the navigation by visitors on the site may be recorded. The data may be recorded in aggregate and anonymous form for statistical analysis on the use of the site.

3.Treatment methods

The processing is carried out through automated and/or manual tools for the time necessary to achieve the purposes for which the data were collected and in any case in accordance with the applicable regulations.

4.Purpose of treatment

In addition to the purposes related to the completion of the forms of the dedicated section of the site, the purposes of processing carried out by the Data Controller must be understood as:

  1. use of personal data of the visitor (in particular email address, first name, last name, company role, company) for the communication of commercial information on future initiatives, announcements of new products or services and respond to any request or question submitted through the site;
  2. for sending advertising or promotional material and managing participation in online contexts (e.g., webinars, conferences, etc.);
  3. collection, storage and processing of personal data of the visitor through the use of CRM Dynamics365;
  4. collection, storage and processing of data for statistical analysis in anonymous and/or aggregate form.

5.Legal basis of treatment

The Data Owner processes personal data relating to visitors if one of the following conditions is met:

  • the visitor has given consent for one or more specific purposes;
  • processing is necessary to fulfil a legal obligation to which the Data Owner is subject;
  • processing is necessary for the performance of a task in the public interest or for the exercise of official authority vested in the Data Controller;
  • processing is necessary for the pursuit of the legitimate interest of the Owner or third parties;
  • processing is necessary for marketing purposes.

However, it is always possible to ask the Owner to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.

6.Recipients

In addition to the Owner, in some cases, may have access to the data categories of Managers and authorized subjects involved in the corporate organization of the Site (administrative, commercial, marketing, legal, system administrators). The Data Owner may use external parties (such as third-party technical service providers, hosting providers, cloud services, IT companies, etc.) who may be appointed as external Managers. The updated list of Data Processors may always be requested from the Data Owner, by contacting the address indicated above.

7.Transfer to a Third Country

The Owner uses, for the services offered by the site, servers located in Italy and therefore, on the basis of Reg. 2016/679/eu to be considered suitable as falling within the EU. The data processed by the Data Owner will not be transferred.

8.Data processing location

The processing operations connected to the web services of this site take place at the aforementioned headquarters of the Data Controller and are carried out only by technical personnel in charge of the processing.

9.Time and place of data retention

In the event that the visitor is a customer of ours, we will keep personal data for the duration of the relationship, contractual and/or business and, after the conclusion of the relationship, we can store personal data in a database for five (5) years.

In case the visitor is a prospect, in the absence of a contractual and/or business relationship, we will keep your data for a period not exceeding three (3) years from the contact request.

Log files are stored for security purposes, website maintenance and website improvement and will be stored for no longer than one (1) year from their collection.

10.Optional or mandatory provision of data

Apart from what is specified for navigation data that automatically acquires data, visitors are free to provide their personal data or not to provide them. Failure to provide them may result only in the impossibility of obtaining what has been requested and/or of being able to participate in the activities proposed in online contexts.

11.Diritti degli interessati

The subjects to whom the personal data refer have the right at any time under the GDPR to obtain confirmation of the existence or not of the same data and to know its content and origin, verify its accuracy or request integration or update, or rectification.

In relation to the processing of the aforementioned data, visitors have the right to obtain from the Owner:

Right to access:

(Article 15 of the Rules)

i.e , confirms that the processing of personal data concerning you is ongoing or not and, if so, the right to obtain, inter alia, access to your personal data and information relating to the purposes of the processing, the categories of personal data in question, to the recipients or categories of recipients to whom the personal data have been or will be disclosed.

Right to rectify:

(Article 16 of the Regulation)

 

(i) rectification of inaccurate personal data concerning the visitor without undue delay and (ii) integration of personal data, if incomplete

Right to cancel (‘right to be forgotten’):

(Article 17 of the Rules)

cancellation of personal data concerning the visitor without undue delay (the Data Owner has the obligation to delete personal data without undue delay in the cases provided for in Article 17 of the Regulation)

Right to restriction of processing:

(Article 18 of the Regulation)

limitation of processing in the cases referred to in Article 18 of the Regulation.

Right to data portability:

(Article 20 of the Regulation)

reception in a structured, commonly used and machine-readable format of personal data concerning the visitor and in our possession; the right to transmit such data to another controller without hindrance by the owner to whom it has supplied them in the cases referred to in Article 20 of the Regulation.

Right to object to processing carried out pursuant to Article 6, paragraph 1 e) or f):

(Article 21 of the Regulation)

opposition, at any time, for reasons relating to a particular situation, to the processing of personal data concerning the visitor pursuant to Article 6, paragraph 1 letters e) or f) including profiling on the basis of those provisio

At any time visitors will have the opportunity to avail themselves of the rights mentioned above by means of a formal request sent to the address pec sydema_srl@pec.it accompanied by an identity document.

12.Automated decision-making processes

Automated decision-making processes are not carried out on the aggregated data collected, except for the best management of the site.

13.Final clauses

In view of the current state of development of the legislation on the protection of personal data, we inform you that this privacy policy may be subject to updates.

Last updated date

10/07/2020