INFORMATION ABOUT DATA PROCESSING PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 (“GDPR”)
This Information has been created by SINAPSI S.r.l., with registered offices in Via delle Querce n.11/13, Bastia Umbra (PG), VAT and Tax Identification Code 02727730547 (hereinafter, the “Data Controller”). Pursuant to art.13 EU regulation no. 2016/679 (hereinafter, “GDPR”), your data will be processed in accordance with the principles of lawfulness, fairness and transparency and protection of your privacy and your rights.
- Categories personal data processed – Object of the Processing
The Data Controller processes personal and identifying data (such as name, surname, business name, address, telephone number, e-mail address, bank and payment details). This is hereinafter referred to as “personal data” or “data” and you will have supplied this data on completing a contract or purchasing a product or service from the Data Controller.
- Purposes of the processing
The data supplied is processed:
A) Without your express consent (art. 6 letter b), e) GDPR), for the following Service Purposes:
- approve the establishment of a contractual relationship with the Company
- complete a contract for the sale of one of the Data Controller’s products, which may also include the provision of after-sale assistance and support services;
- fulfil the pre-contractual, contractual and tax obligations deriving from the existing relationships with you;
- fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for money laundering prevention);
- exercise the rights of the Data Controller, for example the right to legal defence in court;
- process a contact request through email or through the contact form on the website;
- select candidates by receiving CVs
- sending information and/or promotional material on products or services similar to those already purchased or for which it has shown an interest.
B) Only subject to your specific and distinct consent (art. 7 of the GDPR), for the following Marketing Purposes:
- Informative newsletters: information or promotional communications may be sent via sms and/or email from SINAPSI S.r.L. relating to their own initiatives and/or those of jointly-owned companies and/or partners
- Special offers and promotions: sms and/or emails including newsletters relating to special offers and promotions regarding our products and services;
- Invitations to events or training courses: sms and/or emails including newsletters relating to invitations to events, workshops organised by Sinapsi or by third parties, or training courses on our products;
- Satisfaction surveys on products purchased through mail questionnaires or telephone surveys, intended to improve our communication and the services we offer, and to better target commercial offers from Sinapsi so they correspond to the interests and tastes of the data subject.
- Methods of processing
The processing of your personal data is carried out in compliance with the guidelines indicated in art. 4 no. 2) of the GDPR and more precisely: collection, registration, organisation, storage, consultation, processing, editing, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Data shall be processed manually, online or using technology and/or using electronic systems which may be automated, online or technological, in a manner which corresponds to the purpose for which the data was collected and which ensures its safety. The Data Controller will adopt all due precautions to avoid any risk of unauthorised access, destruction or loss, or any processing which does not have prior consent or does not meet the purposes for which the data was collected. The Data Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of the Service and no later than 5 years from the collection of data for the Marketing Purposes. Once the aforementioned time period has elapsed, the Data will be destroyed, deleted or anonymised, in line with the technical procedures for destruction and backup.
- Data Recipients
Data may be disclosed to third parties operating as Data Controllers, such as banks, authorities and police or security bodies and other private or public entities who have the right to request access to data. Your data may be made accessible for the indicated purposes in 2.A) and 2.B) of this Policy:
- to employees and collaborators of the Data Controller, as Authorised processors and/or system administrators;
- data may be processed on behalf of the Society by third parties who are given adequate instructions. These parties are included in following categories:
- società di marketing e promozione di campagne commerciali;
- società che offrono servizi di gestione e manutenzione del sistema informativo;
- professional firms providing tax and accounting services and legal services;
- consultancies providing human resource management services
- Transfer of personal data to countries not belonging to the European Union
Your data will not be transferred outside the European Union.
- Nature of providing data and consequences of refusing data processing
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee the Services of art. 2.A) as described. The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in art. 2.A).
- RIGHTS OF THE DATA SUBJECT
In your capacity as a data subject, you have the rights set forth in art. 15 to 20 of the GDPR and precisely the rights to:
- access your personal data;
- effect changes or cancel the data or limit their processing;
- deny processing;
- transfer data without impediment;
- the data subject may revoke consent at any time (the information which must be provided to the data subject in the event of revoking consent does not concern instances in which, for example, the processing is necessary to comply with a legal obligation which the Data Controller is subject to or to carry out any actions in the public interest or which are connected to public duties which the Data Controller must fulfil;
- complain to the relevant authorities (Garante Privacy).
- Procedures for exercising rights
You can exercise your rights at any time by sending:
- a recorded delivery letter to; SINAPSI s.r.l Via delle Querce n.11/13 – 06083 Bastia Umbra (PG)
- an email to the address: firstname.lastname@example.org
The Services of the Data Controller are not aimed at minors aged under 18 years and the Data Controller does not intentionally collect personal data relating to minors. In the event of a minor’s information being involuntarily recorded, the Data Controller will delete it in a timely manner.
- Data Controller, processors and agents
The Data Controller is SINAPSI Srl with registered office in Via delle Querce n.11/13 – 06083 Bastia Umbra (PG) – Phone 075/8011604 – E-mail: email@example.com An updated list of external processors, Authorised data processors and system administrators is held at the registered offices by the Data Controller.