In carrying out its activities, SACS processes personal data in compliance with the applicable laws and contractual provisions, using methods based on principles of correctness, lawfulness and transparency, protecting the privacy of the data subject and his / her rights.
- DATA CONTROLLER
Through this document, SACS, in its quality of data controller of the processing of personal data (hereinafter “Controller“), intends to provide the information pursuant to art. 13 and following of EU Regulation 679/2016 (hereinafter “GDPR“), with reference to the processing of personal data of users (hereinafter, “User/Users“) of the website https://sacsmarine.it (hereafter, “Website“).
In order to receive information about your Personal Data, the purposes and the parties the Data is shared with, contact the Data Controller.
Via Don Locatelli, 49
20877 Roncello (MB) Italia
Legal head office:
Via Dante, 14
20121 Milano (MI) Italia
Data Controller contact email: email@example.com
- TYPES OF DATA COLLECTED
a)Navigation data: the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subject, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical IT crimes to the detriment of the Website: apart from this eventuality, the data on web contacts do not persist for more than seven days.
- b) Data provided voluntarily by the User through the “contact” section of the Website or by sending an email to firstname.lastname@example.org: submitting a contact email, involves the processing of User data for the sole purpose of replying to the request and fulfill the related administrative obligations. The data being processed are: name, e-mail.
- c) Data provided voluntarily by the User for receiving promotional communications related to the products, events and promotion of SACS: in the event that the data Subject signs up for the newsletter service or expresses his consent for the receipt of commercial communications by the Data Controller, the data will be processed for sending such communications by e-mail or ordinary mail, to the addresses provided by the Data Subject. The data being processed are: name, e-mail, domicile.
- D) Cookies: for the process of data through cookies, please take a look to the relevant policy LINKABILE.
- PURPOSES OF THE PROCESSING AS WELL AS THE LEGAL BASIS FOR THE PROCESSING
User’s data collected are processed by the Controller for:
– FUNCTIONING OF THE SITE: to pursue a legitimate interest of the Controller, consisting in ensuring the safety of the Website and the information exchanged therein, that is the capacity of such Website to resist, at a given level of security, to unforeseen events or acts illicit or malicious that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible. The legal basis for processing is art. 6, par. 1 lett. f) of GDPR.
– USE THE CONTACT REQUEST: to reply to the requests submitted by the data subject. The legal basis for processing is art. 6, par. 1, lett. b) of GDPR, being the processing necessary the execution of the contract of which the data subject is a party;
– SENDING OF COMMERCIAL\PROMOTIONAL COMMUNICATIONS, INVITATIONS TO EVENTS/WORKSHOP OF THE CONTROLLER: if the data subject has expressed his explicit consent, to receive invitations events organized by the Controller or for sending promotional communications related to the activity of the Controller, including market research. The legal basis for processing is art. 6, lett. A) of GDPR, ie the consent of the data subject.
- MANDATORY/OPTIONAL NATURE OF PROVIDING DATA
Providing the data referred to in point 2, lett. b) is optional. In case of refusal, however, the User will not be able to use the contact service.
Providing data referred to in point 2, lett. c) is optional. The User can withdraw his consent at any time and without indicating the reasons. The easiest way to do this is to click on the “Unsubscribe” link, which is available in every newsletter or communication received. The User can alternatively send a communication to the Controller at email@example.com.
- MODE OF PROCESSING THE DATA
The processing will be carried out both on paper and electronically, with the help of modern computer systems and manual procedures, only by persons expressly appointed for this purpose. The processing will take place with logic and through forms of organization of data strictly related to the obligations, tasks or purposes mentioned above. The Data Controller uses technical and organizational measures to protect the data in his possession from manipulation, loss, destruction and against access by unauthorized persons. Security measures are constantly improved on the basis of technological development.
- DATA DISCLOSURE
The User’s personal data will be processed by parties authorized to perform these tasks, duly appointed as data processors or in charge of processing, equipped with security measures to guarantee the confidentiality of the data subjects to which the data refer and to avoid undue access to third parties or unauthorized personnel. If necessary, the data collected may be communicated, within the limits strictly relevant to the obligations, tasks or purposes referred to in point 2, to public or private subjects (insurers, auditing and certification companies, etc.) or competent Authorities for the purpose of prevention, detection or repression of crimes, with the observance of the rules that regulate the matter. No data will be disseminated.
The updated list of all Data Processors is available at SACS’s office and may be requested at the following e-mail address firstname.lastname@example.org. Such list may be updated from time to time.
User’s data, stored in electronic form, is stored on a server owned by SACS located in the European Union.
- RETENTION TIME
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
For the purposes referred to in art. 2) a) and b) herein above personal data will be processed for the period strictly necessary for the pursuit of the aforementioned objectives and also subsequently, for the fulfillment of legal obligations and/or for defensive purposes.
The data provided for commercial communications activities, opinion polls and market research will be stored until the request by the data subject to interrupt such activity or for 2 years.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
- USER’S RIGHTS
Users have the right to know their rights, essentially consisting of the right to receive from the other contractual party information about the existence of the processing of their personal data, as well as access to their data, to obtain rectification, integration, update, erasure or block. Furthermore, the User will also have the right to obtain a copy of his data, limitation of processing and/or to oppose to their processing, as well as the right to data portability and to submit a complaint with the competent control Authorities at the conditions and within the limits indicated in art. 13 of the GDPR.
Each data subject has the right to the following pursuant to articles 15 and following of the GDPR:
- Right to be informed;
- Right of access by the data subject;
- Right to rectification;
- Right to erasure (‘right to be forgotten’);
- Right to restriction of processing;
- Right to data portability;
- Right to object.
The data subject can therefore know what personal data are hold by the Controller, their origin and how they are used, request the updating, correction or integration and, in the cases provided for by the provisions in force, the cancellation, the limitation of treatment or oppose to their treatment. Each data subject may, if he wishes, request to receive a copy of the personal data held by the Data Controller in a format readable by electronic devices and, where technically possible, the Data Controller may transfer the data directly to a third party indicated by Interested.
If the user considers that the processing of his/her personal data has been carried out illegitimately, he/she can file a complaint with one of the competent control Authorities for compliance with the rules on the protection of personal data. In Italy, the complaint can be filed to Garante per la Protezione dei Dati Personali (http://www.garanteprivacy.it/).
- EXERCISE OF RIGHTS
To exercise the aforementioned rights, Users can send a communication to the FOLLOWING email address -email@example.com, indicating the subject “Privacy – exercise of rights”.
*** *** ***