Dear Data Subject, we wish to inform you that under “Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (General Data Protection Regulation – hereinafter “GDPR”), the protection of natural persons in relation to the processing of personal data is a fundamental right. Pursuant to Article 13 of the GDPR, we hereby inform you that:
A. CATEGORIES OF DATA
Savifin srl will process your personal data as:
a. Data collected automatically. As part of their normal operations, the IT systems and applications employed to run this website collect some data (the transmission of which is implicit in the use of internet communication protocols) potentially associated with identifiable users. The data collected include the IP addresses and domain names of the computers used to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used to submit the request to the server, the size of the returned file, the numerical code of the server response status (completed, error, etc.) and other parameters relating to the user’s operating system, browser and IT environment. These data are processed for as long as is strictly necessary, for the sole purpose of collecting anonymous statistical data on use of the website, and to make sure it is functioning properly. The provision of such data is obligatory as it is directly linked to the web browsing experience.
b. Data voluntarily submitted by the user. Your consent is not required when you intentionally and explicitly send electronic mail to the addresses provided in the various access channels of this site. If you fill in any specifically prepared forms, the sender and/or user’s address and personal data will be acquired in order to respond to your enquiries and/or provide the service you requested. No further privacy information or requests for consent are necessary if you knowingly send emails to our electronic mail addresses. Conversely, specific condensed privacy notices will be published or displayed on the pages of the site set up for particular services on request (form). Therefore, you must explicitly consent to the use of the data included on these forms to be able to submit your request.
B. SOURCE OF PERSONAL DATA
The personal data in the possession of Savifin srl are collected directly from the data subject.
C. DATA CONTROLLER
The Data Controller is:
Via Volta, 34 – 20825 Barlassina (MB)
Tax Code and VAT no. 02238390963
D. CONTACT DETAILS OF THE DATA PROCESSING OFFICER (DPO)
The data processor does not need to appoint a DPO.
E. PURPOSES OF DATA PROCESSING AND LEGAL BASIS
Your consent provides the legal basis for processing your personal data, which is carried out for the following purposes:
1. To improve your web browsing experience;
2. To use the data in the contact emails we receive and on the forms so we can respond to specific requests;
3. To track your browsing activity so we can adapt the way we offer content to bring it in line with your behaviour.
F. RECIPIENTS OF THE PERSONAL DATA
Within the limits relevant to the designated purposes of processing, your data may be disclosed to partners, consultants, private companies, appointed by the Data Controller as Data Processors or to comply with statutory requirements or to fulfil your specific requests. Your data will not be disclosed in any way. The Data Processors and mandated Data Representatives are identified in the Privacy Document, which is regularly updated.
G. TRANSFER OF THE DATA ABROAD
The data collected are not disclosed to the Controller’s foreign shareholders – physical and/or legal persons – or to other third country enterprises that belong to the same corporate group as the Data Controller.
H. PERIOD OF DATA STORAGE
The data collected will be stored for no longer than is necessary for the purposes for which the personal data are processed (“principle of storage limitation”, Article 5(e), GDPR) or on the basis of the timeframes specified by statutory provisions. Data stored for the purposes for which they were collected are checked for obsolescence on a regular basis.
I. DATA SUBJECT’S RIGHTS
The Data Subject has the right, at any time, to ask the Controller to access, to rectify, to erase their personal data, to restrict or to object to the processing of their personal data, to request data portability, to withdraw consent to the processing of their personal data. They may exercise and any of the other rights specified in the GDPR simply by notifying the Data Controller. The data subject also has the right to lodge a complaint with a Supervisory Authority.
J. WHETHER DATA SUBMISSION IS OBLIGATORY OR NOT
It is mandatory to provide your data while browsing our website with regard to points E.1 and E.2 of the foregoing purposes so we can deliver the service properly. Conversely, it is optional to provide your data for point E.3, and this will not affect delivery of the service in any way whatsoever.
K. DATA PROCESSING METHODS
The personal data you provide will be processed in compliance with the aforementioned GDPR and with the confidentiality obligations that underlie the Data Controller’s business activity. The data will be processed in both computerised and paper form and on any other suitable medium, in compliance with the appropriate security measures specified in Article 5 (1)(F) of the GDPR.