NOTICE ON THE PROCESSING OF PERSONAL DATA
The company Sferova Srl (hereinafter, for the sake of brevity, “Sferova”, or the “Company”) is aware of the importance of protecting the right to privacy of its users with regard to the processing of personal data. In compliance with European and Italian legislation in the matter, Sferova informs that the personal data collected during navigation of the website www.sferova.com will be processed in compliance with the law in matters of personal data protection.
With reference to the methods of control and processing of personal data of users who visit this website, in accordance with article 13, EU Regulation no. 679/2016, Sferova provides the following information:
1. Types of data collected, purpose and legal basis of the processing
The information systems and software procedures used to operate the website www.sferova.com acquire, during normal operation, certain personal data, the transmission of which is implicit in the use of communication protocols of the Internet. Entering in this data category are IP addresses or the domain names of the terminals of users that connect to the website, the MAC (Media Access Control) addresses, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method utilised to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the server data response status (successful, error, etc.) and other parameters related to the operating system and the IT environment of the user. These data are used for the sole purpose of gathering anonymous statistical information on the use of the website and to check that it functions properly, and are immediately deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website. The legal basis that legitimises the processing of personal data for this purpose is set out in the case referred to in art. 6 parag. 1, letter b) or EU Regulation no. 679/2016, in other words to allow the user to make use of the service requested. The same data may also be used to fulfil legal obligations or requests from the Judicial Authority. The legal basis that legitimises the processing of personal data for this purpose is set out in the case referred to in art. 6 parag. 1, letter c) of EU Regulation no. 679/2016, that is, whenever processing is necessary to fulfil a legal obligation to which the data controller is subject.
Data supplied voluntarily by the user
After voluntarily sending email messages to the email addresses on the website, Sferova may process the email address of the sender and further personal data contained in the message in order to answer, always by email, the requests of the user. The legal basis that legitimises the processing of personal data for this purpose is set out in the case referred to in art. 6 parag. 1, letter b) or EU Regulation no. 679/2016, that is, in order to supply the service requested to the user. The same data may also be used to fulfil legal obligations or requests from the Judicial Authority. The legal basis that legitimises the processing of personal data for this purpose is set out in the case referred to in art. 6 parag. 1, letter c) of EU Regulation no. 679/2016, that is, whenever processing is necessary to fulfil a legal obligation to which the data controller is subject.
The data subject is asked not to enter or send via the tools present on the website “special data”, “biometric data”, “genetic data”, “data concerning health”, “data relating to offences or criminal convictions” as defined by current legislation. Such data, if supplied by the data subject, will be immediately deleted.
2. Data retention period
The personal data collected and processed following browsing of the website will be retained for the entire period that the service is provided and in any case will be deleted or anonymised within 7 days. The personal data sent independently by the users through the tools present on the website will be deleted after the service requested has be provided or a reply has been given to the same, and in any case within the maximum period of 15 days from the cessation of such activity, with the exception of those necessary for compliance with tax, accounting or administrative regulations or to fulfil other legal obligations and to document the activities performed.
3. Method of processing
The personal data collected will be processed, stored and processed with electronic tools and will be saved on both electronic storage devices and in paper format, organised in databases, and on any other suitable format. Specific security measures have been observed to prevent the loss of data, their illicit or improper use, and unauthorised access. The processing of personal data performed by Sferova does not involve automated decision-making processes.
4. Communication and/or conferral of personal data
The communication and/or conferral of navigation data is a necessary requirement for providing the service requested (browsing on the website) and therefore mandatory for such purpose: a failure to communicate personal data by the data subject shall make it impossible for Sferova to permit navigation on the website www.sferova.com. The communication of data for other purposes is optional: a failure to communicate and/or confer data in this case will not have any consequences for the data subject, but could make it impossible to give the user the feedback requested.
5. Subjects to whom the personal data may be communicated
The personal data collected will not be disclosed, but may be communicated not only to subjects to whom the right and interest to access your personal data is recognised by law or by secondary and/or EU regulations, but also to authorised staff of the Data Controller, as well as companies, associations or professional firms that provide services and activities on behalf of the Data Controller as Processor to fulfil legal obligations, as well as for any organisational and administrative requirements necessary to provide the services requested. The names of other subjects to whom your personal data may be disclosed in their capacity as “Data Processors” are provided in the latest list available from Sferova (to be requested using the contact details given in point 9).
6. Transfer of data abroad or to international organisations
Sferova shall not transfer the data subject’s personal data collected through the website www.sferova.com, and the tools provided therein, to international organisations.
7. Connection to third-party websites or services
8. Rights of the data subject
In relation to the aforementioned processing of personal data, the data subject has the right to exercise, at any time, his or her rights pursuant to EU Regulation no. 679/2016, including, for example, to right to obtain information on:
- the source of the personal data;
- the purposes and method of processing;
- the logic applied in the case of processing carried out with aid of electronic tools;
- the identification details of the Data Controller, processors and appointed representative.
The data subject has the right to obtain:
- the access, updating, rectification or where interested therein, integration of data;
- the erasure, anonymisation or blocking of data that have been processed unlawfully;
- the restriction of processing of the data that concerns him or her, that is, request that the Data Controller or Processor limit the purposes or methods with which his or her data are processed.
The data subject may also request a copy of his or her data in standard form (so-called “Right to data portability”).
The Data Subject to whom the data refer, lastly, has the right to oppose, at any time and without any cost, in whole or in part:
- to the processing of his or her personal data for legitimate reasons, even if pertinent to the purpose of collection;
- to the processing of his or her personal data carried out in accordance with article 6, paragraph 1 GDPR, letter e. (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) or f. (“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”) including profiling on the basis of these provisions.
- to the processing of his or her personal data for the purpose of sending advertising or direct sales material or to perform market research or for commercial information purposes (direct marketing), including profiling insofar as it is connected.
The data subject has the right to withdraw his or her consent to processing, when this is based on the case envisaged by art. 6, paragraph 1, letter a. (when “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), or by article 9, paragraph 2, letter a. (the data subject has given explicit consent to the processing of those personal data for one or more specified purposes) of EU Regulation 679/2016, at any moment without affecting the lawfulness of the processing based on consent before the withdrawal.
The data subject, in the event it is deemed that the processing concerning him or her violates current legislation, has the right to make a claim to the control authority, notably in the member state in which he or she generally resides, works or in the place where the presumed violation took place. The Italian Control Authority may be reached at the contact details found on its website.
9. Data Controller - Contact Data