Privacy Policy
The owner of this site, Gruppo Sistematica SpA , in compliance with the obligations deriving from national [1] and community legislation (hereinafter GDPR [2] or Regulation) and subsequent amendments, respects and protects the privacy of users/visitors, implementing adequate and proportionate security measures so as not to harm their rights.
This information applies exclusively to the online activities of this site, in particular to filling out forms , requesting information or any other form of interaction with the site which involves the communication of personal data by the user. With it the Owner pursues the objective of providing maximum transparency regarding the information that the site collects and how it uses it.
The processing will be based on the principles of lawfulness, correctness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability.
Pursuant to the articles. 13 and 14 of the GDPR and current legislation, the following information is provided relating to the processing that Gruppo Sistematica SpA will carry out with personal data:
1. Subjects of the treatment
The Data Controller of personal data is Gruppo Sistematica SpA , with registered office in Via dei Monti Parioli 48 – 00197 Rome (Italy) , VAT number: 00704800556 , which can be contacted using the e-mail address info@grupposistematica.it , or certified email address (PEC) sistema.spa@legalmail.it .
2. Method of processing and type of data collected
The Data Controller adopts all appropriate technical and organizational measures to secure the personal data processed. In particular, these measures are aimed at preventing unauthorized access, disclosure, modification or destruction of the data, which will be collected, processed and stored in the archives, both paper and electronic, of the Data Controller and/or authorized internal subjects and external managers expressly authorized for this purpose. The processing will be carried out with the aid of both paper supports and IT means or electronic tools with a logic of organization and processing of personal data, in order to guarantee its security and confidentiality.
The Data Controller may process some personal data of users who interact with the site’s web services, in particular:
- navigation data: the IP address, the addresses in URI [3] notation , the type of browser and the parameters of the device used to connect to the site, the name of the ‘ Internet Service Provider (ISP), the web page the visitor came from [4] and exit, as well as the details relating to the date and time of visit, the requests sent to the site server and which make navigation possible. The navigation data may also be used to compile anonymous statistics that allow us to understand the use of the site and improve its structure. The navigation data may possibly be used to ascertain illegal activities, such as in cases of computer crimes, to the detriment of the site;
- contact details (name and surname, email address, company name and telephone number), possibly of an economic and fiscal nature (in the event that, for example, an invoice is requested), necessary for the performance of contractual relationships, existing or future, with users.
- “Special categories” of personal data, i.e. data that can be classified as sensitive, are not collected and processed in any way [5] .
3. Purpose of the processing
The data provided by the user or communicated by third parties will be processed for the following purposes:
a) registration on the website, on the services developed or made available by the Owner, use of the related information services, management of contact or information requests;
b) establishment of contractual relationships and consequent administrative, legal and fiscal obligations, as well as to allow effective management of financial and commercial relationships;
c) fulfillment of obligations established by community and national regulations;
d) direct marketing, i.e. sending advertising material, promotional activities, commercial communication of products and/or services offered by the company; this activity may be carried out by sending advertising/information/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding users/customers, carried out through “automated” contact systems [6] ;
e) verification of the correct functioning of the site and for security reasons, in order to block attempts to damage the site itself or to cause damage to other users and in any case to ascertain and repress activities that are harmful or constitute a crime.
By accessing the “Contacts” section, the site allows the visitor/user to insert messages and other information. The voluntary and explicit sending of such information does not require a request for consent and the possible compilation of specifically prepared forms entails the subsequent acquisition of the address and data of the visitor/user, necessary to respond to the requests made and/or to provide the requested service.
The information that users of the site deem to make public through the services and tools made available to them are provided by the user knowingly and voluntarily, exempting the Owner from any liability regarding possible violations which as a result orders. In fact, it is up to the user to obtain any permission to enter personal data of third parties or content protected by national and international regulations.
4.Legal basis for the processing of personal data
The provision of personal data for the purposes referred to in points 3-a) and 3-b) is mandatory, as the processing is connected to a pre-contractual and/or contractual phase or functional to a request from the interested party or intended by a specific regulation. Any failure by the interested party to provide certain personal data in relation to the aforementioned purposes could prevent the Data Controller from providing its services.
Regarding point 3-d) ( direct marketing ), personal data are entered voluntarily by the interested party. Consent must be expressed through an unequivocal positive act, furthermore it must be free, specific, optional and always revocable without consequences on the usability of the services, except for the impossibility for the Owner to provide some of them. In any case, the user may exercise the right to object at any time ( see paragraph 9. “Rights of the interested party”).
The data collected and processed for the purposes of site security and for the prevention of abuse and illicit activities referred to in point 3-e), as well as the data for the analysis of site traffic (statistics) in aggregate form, are processed based on the legitimate interest of the Owner to protect the proper functioning of the site, as well as to protect the users themselves. In such cases, the user can exercise the right to object at any time ( see paragraph 9. “Rights of the interested party”).
5.Use of Cookies
Cookies are small text files that the site sends to users’ terminals and are used to perform computer authentication, session monitoring, memorization of information on specific configurations, memorization of preferences and more . This site uses cookies mainly to improve the browsing experience through the measurement and analysis of aggregated and anonymized browsing data.
For information on the cookies used, as well as on the management, setting and deactivation of cookies , users can consult the appropriate section of the site and follow the specifically provided procedures.
6.Recipients of personal data
The data will not be disclosed by the Data Controller, giving knowledge of it to indeterminate subjects in any way, not even by making it available or consulting it.
The data will be stored with the Data Controller and may instead be communicated to specific subjects defined as follows:
- authorized subjects involved in the organization of the site [7] ;
- external subjects [8] delegated for this purpose to specific processing activities and duly appointed as Data Processors pursuant to art. 28 of the Regulation, in accordance with the applicable legislation and limited to the purposes of the requested and necessary professional services;
- subjects whose right to access the data is recognized by legal provisions or orders from the authorities;
- any third countries or international organizations, if for technical and/or operational reasons it is necessary to transfer some data collected to technical systems and services managed in the cloud and located outside the European Union area [9] . In this case, the processing will be regulated in accordance with the provisions of Chapter V of the GDPR and authorized on the basis of specific decisions of the European Union and the Personal Data Protection Authority.
The complete list of all managers and those authorized to process personal data can be requested by writing to the email address info@grupposistematica.it , or by ordinary mail to the address Via dei Monti Parioli 48 – 00197 Rome (Italy) .
7.Place of treatment
The data collected by the site are processed at the headquarters of the Data Controller and at the Web Hosting data center . Web Hosting ( Serverplan srl ), as Data Controller, processes personal data on behalf of the Owner in compliance with European standards.
8. Personal data retention period
The data collected will be processed exclusively for the purposes indicated above and kept for the time strictly necessary to provide the requested service. In any case, this period of time will not extend beyond 10 years, at the end of which the Data Controller will proceed with the automatic deletion of the personal data collected.
9.Rights of the interested party
The Regulation reserves specific rights to users/interested parties. In particular, the interested party may exercise at any time the right to:
- access their personal data, obtaining confirmation as to whether or not personal data concerning them is being processed and, in this case, being informed regarding the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the same may be communicated, at the applicable retention period, to the existence of automated decision-making processes;
- obtain the rectification of inaccurate personal data concerning him without unjustified delay;
- obtain, in the foreseen cases, the cancellation of personal data concerning him without unjustified delay;
- obtain, in the cases provided for, the limitation of processing;
- request the portability of the data you have provided to the Data Controller, i.e. to receive them in a structured format, commonly used and readable by an automatic device, also to transmit such data to another Data Controller without impediments on the part of the Data Controller to whom has provided them within the limits established by the art. 20 of the Regulation;
- object at any time, for reasons related to your particular situation, to the processing of personal data concerning you, in the cases provided for by the Regulation;
- revoke your consent at any time, with the same ease with which it was granted;
- lodge a complaint with the Personal Data Protection Authority;
- obtain all available information on the origin of the personal data, if these have not been collected from the interested party;
- receive communication without unjustified delay in the case of ” data breach “, i.e. in the event that the violation of one’s personal data presents a high risk for one’s rights and freedoms;
- be informed of the existence of adequate guarantees, if personal data are transferred to a third country or to international organisations.
All the aforementioned rights can be exercised upon request of the interested party by writing directly to info@grupposistematica.it
This information may be subject to periodic updates.
Owner of the processing of personal data
Sistematica SpA Group
[1] Legislative Decree no. 196/2003, Code regarding the protection of personal data, amended by Legislative Decree 101/2018;
[2] European regulation for the protection of personal data n. 2016/679;
[3] Uniform Resource Identifier;
[4] referrals;
[5] pursuant to art. 4 of the Code and art. 9 of the GDPR;
[6] e.g. SMS and/or MMS, e-mail, interactive applications;
[7] e.g. employees of the Data Controller and possibly of the Data Processor, including administrative and commercial staff, system administrators;
[8] e.g. third-party technical service providers, lawyers, hosting providers , IT companies, communication agencies;
[9] in particular with Google, Facebook, Twitter, Microsoft, LinkedIn, through social plugins and the Google Analytics service;