Privacy & Policy
For Sefin S.p.A. (hereinafter "Data Controller" and / or "Owner"), the privacy and security of personal data are critical, which is why we collect and manage your personal data with the utmost care and take measures aimed at their protection.
Below you will find information on the processing of information by the Data Controller pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter, the "Regulation").
THE DATA CONTROLLER
The Data Controller of personal data is Sefin S.p.A., Viale Zara 10 - 20124 Milan, Tel. 02693651, P.I. 04919090151.
PERSONAL DATA PROCESSING
The categories of personal data that the Owner collects and processes while browsing the site are as follows:
1. Personal and contact data (e-mail, telephone number) collected following the completion of the contact forms on the website;
2. Personal and contact data (e-mail, telephone number) or access to your Google or Facebook accounts collected following any interaction with Zendesk Chat;
3. Personal data collected for marketing purposes (newsletter);
4. Data collected through interaction with the internet website (es. Cookies)
PURPOSE AND LEGAL BASIS OF THE DATA PROCESSING
The Data Controller collects and processes personal data for the following purposes:
1. subject to your express consent, management of requests for information and / or assistance using the personal information entered in the Contact form and Zendesk Chat;
2. subject to your express consent, we may use the personal information provided for commercial communications about our products and services in order to update you on news, offers, promotions and other communications regarding the company;
3. tramite legittimo interesse e/o previo consenso trattiamo dati personali relativi alla navigazione, in misura strettamente necessaria e proporzionata in merito ai cookies.
4. through legitimate interest and / or prior consent, we process personal information relating to navigation, to the extent strictly necessary and proportionate extent with regard to cookies.
Providing personal data for these activities is absolutely optional, but without them it will not be possible for the Data Controller to carry out the activities in question.
COMMUNICATION AND ACCESS TO DATA
Personal data will be processed by the Data Controller's internal staff, who are specifically trained and authorized to process them.
Personal data may also be transmitted to third parties that we use to provide our services or carry out our activities; these subjects have been adequately selected and offer suitable guarantees of compliance with the rules on the processing of personal data. These subjects have been designated pursuant to art. 28 GDPR and carry out their activities according to the instructions given by the Data Controller and under its control.
EXTRA-EU DATA TRANSFER
Personal data will not be transferred outside the territory of the EU. In the event this should happen, all the measures required by the relevant legislation will be taken.
We retain personal data for a limited period of time, which varies depending on the type of processing.
Personal data are stored in compliance with the terms and criteria specified below:
1. data related to user requests: useful data will be kept until the request is satisfied;
2. data used for commercial communication activities will be kept for no more than 24 months from the date of registration to commercial communications, it is in the legitimate interest of the Data Controller to send commercial communications relating to the services and products of the Data Controller to those who are already Customers, similar to those already used, unless consent is revoked (Article 7 of the GDPR);
RIGHTS OF THE INTERESTED PARTIES
According to the provisions of the GDPR, the Data Controller guarantees the following rights:
-obtain confirmation as to whether or not personal data concerning you are being processed and, if so, obtain access to the data (Right of access art.15);
-obtain the rectification of inaccurate personal data concerning you without undue delay (Right of Rectification art.16);
-obtain the deletion of your personal data without undue delay, the Data Controller has the obligation to delete your personal data without undue delay, if certain conditions are met (Right to be forgotten, Article 17);
-obtain the limitation of treatment in certain cases (Right to limitation of treatment art.18);
-receive in a structured, commonly used and machine-readable format, the personal data you have provided to us and eventually be able to transmit them to another Data Controller (Right to data portability art.20);
-oppose at any time, for reasons related with your particular situation, the processing of personal data concerning you (Right to object, Article 21);
-receive without undue delay notice of a personal data breach suffered by the Data Controller and / or Data Processors if such violation represents a threat to the rights and freedoms of the data subject (Art. 34);
-revoke the consent given at any time (Conditions for consent art.7).
In order to ensure that our users' data are not violated or used illegitimately by third parties, before accepting your request to exercise one of the rights indicated, we will ask you for some information to be sure of your identity.
Where applicable, the interested party may exercise the aforementioned rights, by post or e-mail. The Data Controller reserves the right to verify the identity of the data subject before taking further actions based on his/her request. For any complaints, the interested party also has the right to submit a complaint with the Guarantor Authority for the protection of personal data.
AMENDMENTS TO THIS POLICY
This policy may be subject to changes and / or updates.