POLICY RELATING TO THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 – 14 OF REGULATION (EU) 2016/679 AND CONSENT
Pursuant to Regulation (EU) 2016/679 (hereinafter Regulation or "GDPR") and the national legislation in force regarding the protection of personal data, this policy is provided: to natural persons operating in the name and on behalf of the Customers, to the Customer - if a natural person (e.g. sole proprietorship or professional), potential customers, users of the website (www.sdrpack.com), hereinafter also Data Subjects.
SDR PACK S.p.A, with registered office in via Segafredo no. 6 in Rosà (VI), Tax Code 01447990282 – VAT no. 02485550244 Tel 0424 581990, e-mail: email@example.com
2.Type of data processed
Data provided voluntarily by the user
The personal data processed are collected directly from the Data Subjects or from the company for which they work, on the occasion of pre-contractual activities, the stipulation and performance of the contract. These common data are personal data (name and surname, etc.), contact details (telephone number, e-mail address, etc.). The Data Controller does not process any “sensitive” or “special” data (see art. 9 of the GDPR). The personal data are processed in compliance with the provisions of the GDPR and those of the current Privacy Regulations, using manual, paper, IT and data transmission tools, also automated and in accordance with the principles of fairness, lawfulness and transparency in order to guarantee the security and confidentiality of the data. In particular, the processing can take place through automated systems (such as e-mail or other types of electronic communication) and traditional systems.
During normal use, the computer systems and software procedures used to run this website acquire certain personal data (so-called “log files”), which are implicitly transmitted through the use of Internet communication protocols. This information is not collected in order to identify interested parties but,due to its nature, it might help to identify users through the processing and aggregation of data held by third parties.
This data category includes IP addresses or domain names of the computers employed by users who access the website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the method used to submit the request to a server, the size of the file obtained in reply, the numerical code indicating the response status given by the server (success, error, etc.) and other parameters concerning the operating system and the user’s computer environment.
Such data are used for the sole purpose of obtaining anonymous statistical information on website use and to check that the website is functioning properly. The data may be used to ascertain responsibility in the event of any cybercrimes committed against the website and may be disclosed to Judicial Authorities, if explicitly requested thereby.
This website uses Lead Champion, a service provided by ADChange Srl. Lead Champion collects and analyses data relating to legal entities in order to offer a Business Lead Generation and Marketing Business Intelligence service that automatically recognises the company name and profile of those visiting a website.
3. Purpose, legal basis of the processing and mandatory provision of the data – The Data Controller processes the personal data:
The provision of personal data for these purposes is not mandatory and the related processing requires the consent of the data subjects. Failure to give consent will not affect the service provided but will make it impossible for the Data Controller to send you commercial communications. The legal basis of the processing is the consent expressed.
4. Categories of recipients of the personal data
The personal data, within the limits and for the purposes indicated, may be disclosed or become known to and therefore be processed by:
The complete list of recipients is available at the Data Controller’s registered office or may be requested therefrom by e-mail.
5. Data retention period
The personal data in question are processed for the entire duration of the commercial relationship and even subsequently for a maximum of 10 years; for marketing purposes not based on the Controller’s legitimate interest, the data are processed and retained until the consent is revoked. Data used to obtain anonymous statistical information on the use of the website and to check that it is functioning properly are retained for 12 months.
The data used to ascertain liability in case of any cybercrimes against the website and shared with the Judicial Authorities (purpose of protecting the Controller’s assets and rights, in the case of a sole proprietorship or professional) will be retained until the end of the related litigation, without prejudice to further retention, possibly until the deadline envisaged by mandatory legal rules.
Data processed for pre-contractual purposes (e.g. for the management of offers and estimates, pre-contractual support) are processed until the possible objection of the data subject, if the Controller deems that its interest does not prevail over that of the counterparty.
6. Transfer of the data abroad
The processing is normally carried out in Italy; for specific business processes personal data may be transferred to non-EEA countries, in which case data protection is assured by specific contractual clauses.
In the case of transfer to the USA, the transfer is guaranteed by the Adequacy Decision of the EU Commission with regard to the US legislation including the EU-USA Convention with the title Trans-Atlantic Data Protection Framework.
7. Automated decision-making processes
8. Rights of the data subject
The Data Controller hereby informs you that, with reference to the data provided, as a Data Subject you have the following rights:
9. Contact information
For any clarification and to exercise their rights, the data subjects may contact the Data Controller by writing to:
SDR PACK SpA
Via Segafredo, 6 - 36027 Rosà (VI)
or by writing an e-mail to