CSC – SARTORI (VAT No. 04157710288) pursuant to article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”), on the protection of individuals with regard to the processing of personal data and on the free movement of such data, is required to provide users of the website www.csc-satori.it the following information with reference to the processing of personal data collected via this website.
In any case, the full policy, which includes all the details of the information we are required to provide you pursuant to article 13 GDPR, is available below the table. In accordance with the current European legislation, as Data Subject you have rights and obligations, which we explain herein.
CSC-SARTORI srl, (VAT No. 04157710288), with head offices in Via Piovego Prima Strada 9, 35010 Arsego (PD), Italy.
Cookies, browsing, identification, and personal data of the users of the website.
Data are processed to:
- Allow you to browse the website;
- Comply with the requests you submit via the Contact Us form;
- Comply with legal obligations or orders from Public Authorities.
- Legitimate interest of the Data Controller (for browsing data and cookies);
- Comply with pre-contract measures adopted on your request or with your consent (only if it becomes necessary, e.g. to send newsletters).
Electronically or in hard copy, in compliance with all the measures applied by the Data Controller (and any Data Processors) to ensure the safety, privacy and control of the data.
Data may also be saved and processed on servers located outside the European Union.
- Subjects legally authorised to access data;
- Providers of services necessary to operate the website;
- Providers of other services acting as Data Processors;
- Subjects to whom communication is necessary to comply with contract obligations;
- Public Authorities.
Personal data processed by the Data Controller shall not be disseminated.
Personal Data will be retained for the time necessary to achieve the purposes listed above. In any case, data may be retained until the deadline to exercise the rights connected to each type of data expires.
Data retention beyond this deadline will be based on the following criteria:
- Pursuit of the processing purposes;
- Retention period accepted by the user;
- Retention period required by law;
- Revocation of consent by the user;
- Maximum period allowed by the current regulations to protect the rights and/or interests of the Data Controller;
- To browse the website, you need to provide your browsing data and the data collected by certain cookies;
- To allow us to reply to the requests you submit via the Contact Us form, you must provide the data we ask you for, plus any data you deem necessary, and express your consent to the processing of specific categories of data;
Your browsing experience on the website may not be optimal and we may not be able to comply with your requests.
You have the right to:
- Access any data about you that we hold and request it in an intelligible form;
- Request to update, correct and/or add data;
- Request to erase data (right to be forgotten);
- Request to limit data processing;
- Request to be notified of the update, correction, erasure, limitation;
- Request data portability;
- Object to the processing and refuse automated decision-making processes, including profiling;
- Revoke your consent;
- Complain to a supervisory authority.
The website uses technology such as cookies to personalise content and advertising, to facilitate the interaction with social media functions and analyse the traffic on the site. Information regarding the use of the website is shared with trusted partners in the social media, advertising, and statistics sectors.
Reg. EU 2016/679 (European General Data Protection Regulation – GDPR) on the protection of individuals with regard to the processing of personal data and on the free movement of such data, requires the Data Controller to process personal data based on the principles of lawfulness, fairness, transparency, purpose limitation and retention, data minimization, correctness, integrity and confidentiality.
In compliance with article 13 of the GDPR, please be informed that:
1. Data Controller
The Data Controller is CSC – SARTORI srl (P.IVA 04157710288), with head offices in Via Piovego Prima Strada 9, 35010 Arsego (PD), Italy, and can be contacted calling +39 0495742899, or via email at email@example.com.
Types of personal data processed
Visiting and consulting the website generally does not entail collecting and processing users’ personal data. In addition to the so-called browsing data, any personal data voluntarily provided by users while interacting with the website or requesting to use the services offered on the site, will also be processed. The data processed by the Data Controller include identifying data as well as special and sensitive data (if voluntarily provided using the contact form on the website), within the limits of the purposes for which they were collected and in compliance with the dispositions of articles 9 and 10 of the GDPR and applicable regulations, and in any case subject to prior consent provided in writing, where necessary.
3. Purposes and Legal Basis of Processing
The Data Controller will process data for the following purposes:
- allow the user to enjoy services and features offered on the website;
- comply with the requests the user submits via the Contact Us form;
- send newsletters;
- research and/or conduct statistical analysis on aggregate or anonymous data, with no possibility to identify the users, in order to assess the website functionality, measure traffic and evaluate usability and interest in the site (without the Data Controller processing data);
- complying with the legal obligations to which the Data Controller is subject;
- ascertain, exercise, or defend a right in judicial proceedings or any time Authorities exercise their functions.
Based on the category of data, the legal basis for Processing is as follows:
- browsing data and first-party automated statistics cookies: legitimate interest of the Data Controller;
- identifying data, personal and possibly sensitive and judicial data provided by users in their requests via the Contact Us form: complying with pre-contract measures adopted on the users’ request and/or based on their consent;
- in some cases, processing is necessary to comply with the legal responsibilities of the Data Controller, for example, communication to authorities, government or regulatory bodies.
Cookies and Browsing Data
The Site mainly uses technical and profiling cookies, anonymised when possible. Cookies are small files stored in the hard disk of the user’s computer.
Technical cookies are necessary for a website to function correctly and allow the user to browse; without them the user may not be able to display some pages correctly or access certain services.
Profiling cookies aim to create a user profile and are used to send promotional messages based on the preferences expressed by the user during their visits to the website.
Cookies can be categorised as:
- session cookies: deleted as soon as the browser session is closed;
- persistent cookies: saved by the browser for a set period of time. They are used, for example, to recognise the device that connects to a website, facilitating the user’s authentication;
- proprietary cookies: generated and managed directly by the operator of the website visited by the user;
- third-party cookies: generated and managed by subjects other than the operator of the website visited by the user.
The profiling cookies we use are linked to the services offered by Facebook (for further information visit https://www.facebook.com/policies/cookies/) and Google Ads (for further information visit https://policies.google.com/technologies/cookies?hl=it)
We adopt the following techniques to reduce the ability of cookies to identify users:
- IP anonymization:
- Service set-up to prevent the association of the remaining portion of the IP address to other services.
Personal data will be:
- collected electronically;
- saved in digital format in the server accessible to the Data Controller and Data Processors;
- protected to avoid destruction, changes, deletion and unauthorised access, using efficient physical, logical and organizational security measures;
- further processed, including in hardcopy format, to the extent and for the time strictly necessary to achieve the purposes mentioned above.
The Data Controller observes specific security measures to prevent the loss, change or erasure of data, unlawful and/or inappropriate use, and unauthorised access and transmission. The Data Controller also commits to adopting any additional measures – within reason – to guarantee that personal data are processed securely and in compliance with the applicable laws and regulations.
Data may also be saved and processed on servers located outside the European Union, always respecting the processing methods set by the GDPR.
The user can help the Data Controller to update data and keep them up to date by notifying any changes.
Personal Data Recipients
Data acquired via the website are communicated to recipients in the measure strictly necessary to achieve the purposes mentioned above.
The categories of Recipients include:
- all subjects whose access to data is recognised by law or regulations;
- subjects to whom communication is necessary for the functionality and provision of the services offered by the website, who act as Data Processors, based on written agreements with the Data Controller;
- people appointed and authorised by the Data Controller who are bound by a confidentiality agreement and legally obliged to maintain confidentiality (e.g. employees and collaborators of the Data Controller);
- physical and/or juridical subjects, public and/or private subjects to whom data communication is necessary or functional to the Data Controller’s activity based on the methods and purposes mentioned above.
The Data Controller may be required to communicate data to third parties to comply with legal obligations and obey orders from public authorities.
The communication of personal data to the categories of recipients listed above may result in transferring personal data to EU and non-EU countries (non-EU countries will include only countries who have adhered to the Privacy Shield protocol, i.e. countries that guarantee an adequate level of protection in compliance with the GDPR).
Data will not be disseminated.
Personal Data Retention
Personal data are stored and processed using electronic systems owned by the Data Controller and managed by them or by third-party service providers. Data are processed exclusively by authorised personnel, including personnel involved in extraordinary maintenance.
The Data Controller retains data for the minimum amount of time necessary to achieve the purposes mentioned in point 3 herein.
Without prejudice to the above, the Data Controller will retain data for the longest period of time allowed by the applicable regulations to protect their rights and interests.
Mandatory and Optional Nature of Personal Data Provision
The provision of certain data is mandatory to allow the Data Controller to manage communications, contact users, or reply to user requests that would otherwise remain unsolved. On the other hand, the provision of other data is optional: failure to provide optional data will be of no consequence to the user.
The provision of browsing data is mandatory and essential to allow the Data Controller to let the user use the website.
The communication of identifying, personal and special categories of data provided by the user in their requests via the Contact Us form, is optional.
Consequences of Refusing to Provide Personal Data
The user may refuse to provide browsing data when they consist of personal data.
Should the user refuse to provide identifying, personal, and special categories of data in their requests via the Contact Us form, the Data Controller may not be able to comply, partially or totally, with their requests.
Data Subject Rights (articles 15-22 GDPR)
Data Subjects have the right to ask the Data Controller, at any time, for confirmation as to whether or not personal data concerning them is being processed and, if it is, to obtain access to the data and request them in intelligible form; to update, rectify and integrate their personal data; to cancel the data (right to oblivion) without undue delay or to limit the purposes for which they are processed for one of the reasons set in the GDPR; to be notified by the Data Controller of the update/rectification/erasure/limitation of their data; to request the portability of the data if they are processed automatically based on consent or a contract; to object, partially or completely, for reasons in connection with their specific situation, to the processing, and refuse the automated decision process, including profiling, without prejudice to the limits set by legal obligations in relation to personal data retention.
Where the data processing is based on consent, Data Subjects will also have the right to revoke their consent at any time without prejudice to the lawfulness of the processing carried out before the consent was revoked. In this case, personal data will be erased from the database as soon as possible.
These rights can be exercised as provided by article 12 of the GDPR, by sending a request in writing accompanied by the photocopy of an identification document, via recorded mail, to the Data Controller at CSC – SARTORI srl, Via Piovego Prima Strada 9, 35010 Arsego (PD), Italy, or via email to firstname.lastname@example.org. Before changing any information, the Data Subjects may be asked to confirm their identity by answering some questions. The Data Controller will reply promptly and, in any case, no later than one month after receiving the request.
Data Subjects also have the right to complain, in compliance with article 77 of the GDPR, with a supervisory authority, which in Italy is the Data Protection Authority.
The process and terms to file a complaint are set and governed by the applicable national legislation. Complaints do not prejudice any judicial or administrative actions, which in Italy may be filed with the Data Protection Authority or the competent Court.
The terms of this policy may change overtime or vary based on the purposes of the processing: any significant amendments to this policy will be published on the website www.csc-sartori.it and the new version will become binding from that moment. Data Subjects are kindly advised to visit this section of the website regularly.