SDR PACK S.p.A.

POLICY RELATING TO THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 – 14 OF EU REGULATION 2016/679 AND CONSENT

Pursuant to EU Regulation 2016/679 (hereinafter Regulation or "GDPR") and the national legislation in force regarding the protection of personal data, this policy is provided: to natural persons operating in the name and on behalf of the Customers, to the Customer - if a natural person (e.g. sole proprietorship or professional), potential customers, site users hereinafter also Data Subjects.

 

1.Data Controller:

SDR PACK S.p.A, with registered office in via Segafredo no. 6 in Rosà (VI), Tax Code 01447990282 –

VAT no. 02485550244 Tel 0424 581990 fax. 0424 858323, e-mail: info@sdrpack.com

 

2.Type of data processed

Data provided voluntarily by users

The personal data processed are collected directly from the Data Subjects or from the company for which they work, on the occasion of pre-contractual activities, the stipulation and execution of the contract. These common data are personal data (name and surname, …), contact details (telephone number, e-mail address, …). The Data Controller does not process any “sensitive” or “special” data (see art. 9 of the GDPR). The processing of personal data takes place, in compliance with the provisions of the GDPR and the current Privacy Regulations, using manual, paper, IT and telematic tools, also automated and according to the principles of fairness, lawfulness and transparency in order to guarantee safety and confidentiality of the data. In particular, the processing can take place through automated systems (such as e-mail or other types of electronic communication) and traditional systems.

 

Browsing data

During normal use, the computer systems and software procedures used to run this website acquire certain personal data (so-called log files), which are implicitly transmitted through the use of Internet communication protocols. This information is not collected in order to identify interested parties but, due to its nature, it might help to identify users through the processing and grouping of data held by third parties.

This data category includes IP addresses or computer domain names employed by users who access the website, as well as the URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the method used to submit the request to a server, the size of the file obtained as a response, the numerical code indicating the response status given by the server (successful, error, etc.) and other parameters concerning the operating system and the user’s computer environment. Such data are used for the sole purpose of obtaining anonymous statistical information on website use and to check that the website is functioning properly. Such data may be used to ascertain responsibility in the event of any cyber crimes committed against the site and may be disclosed to Judicial Authorities, if explicitly requested.

This site uses Lead Champion, a service provided by ADChange Srl. Lead Champion collects and analyses data relating to legal entities in order to offer a Business Lead Generation and Marketing Business Intelligence service that automatically recognises the company name and profile of those visiting a website. 

 

3. Purpose, legal basis of the processing and mandatory provision of data – The Data Controller processes the personal data:

  1. for purposes strictly related to the management and execution of contracts with Customers (e.g. acquisition of information prior to the conclusion of a contract, provision of services, management of evolutionary requests, support, …) and for the offer management. The provision of personal data for this purpose and the related processing are necessary to the extent that the Data Subjects deem it is necessary to disclose them, to ensure the effectiveness of the pre-contractual, provision and assistance activities carried out by the Data Controller. Such processing operations do not require the consent of the Data Subjects. The legal basis of the processing is identified in the need to stipulate or execute a contract;
  2. in the case of a sole proprietorship or professional, for the purpose of protecting the Data Controller’s assets and rights, such as the acquisition of information relating to the solvency of the same or debt collection. The data are necessary for stipulating the contract. The legal basis of the processing is identified in the legitimate interest of the Data Controller and consent is not required;
  3. for direct/indirect marketing purposes (non-exhaustive example list): sending commercial information and newsletters, communication of promotional initiatives and events organised by the Data Controller or industry partners.

The provision of personal data for these purposes is not mandatory and the related processing requires the consent of the data subjects. Failure to give consent will not affect the service provided but will make it impossible for the Data Controller to send you commercial communications. The legal basis of the processing is identified in the express consent.

 

4. Categories of recipients of personal data: personal data, within the limits and for the purposes indicated, may be disclosed or become known and therefore be processed by:

  1. employees and consultants of the Data Controller, agents, companies that provide IT services (site management, internet services, companies specialising in marketing-related data, …), possibly in their capacity as external data processors;
  2. forwarders or carriers for the goods to be delivered;
  3. companies specialised in systems to provide information on the solvency of Customers, debt collection companies and/or professionals;
  4. manufacturers of the goods supplied by the Data Controller;
  5. subjects who may access the data under the provisions of the law, or of EU regulations, within the limits established by law;

The complete list of recipients is available at the Data Controller’s registered office.

 

5. Data retention period: the personal data in question are processed for the entire duration of the commercial relationship and even subsequently for a maximum of 10 years; for marketing purposes, the data are processed and stored until the consent is revoked.

 

6. Transfer of data abroad: the processing is normally carried out in Italy, for specific business processes personal data may be transferred to non-EEA countries, in such cases data protection is assured by specific contractual clauses.

 

7. Automated decision-making processes: any automated decision-making process including profiling is excluded.

 

8. Rights of the data subject: the Data Controller hereby informs that, with reference to the data provided, as a Data Subject you have the following rights:

  1. access to data and acquisition of a copy: obtain confirmation from the Data Controller that the processing of your Personal Data is in progress and, in this case, obtain access to the Personal Data and the information required by art. 15 of the GDPR, including, by way of example: the purposes of the processing, the categories of Personal Data processed, etc.;
  2. rectification: obtain from the Data Controller the correction of your inaccurate Personal Data as well as, taking into account the purposes of the processing, the integration of the same, if they are incomplete, providing adequate documentation;
  3. erasure of personal data: ask the Data Controller to delete your Personal Data, if one of the reasons provided for by art. 17 of the GDPR exists, including, by way of example, if the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed or if the consent on which the processing of your Personal Data is based has been revoked by you and there is no other legitimate reason for the processing. The Data Controller may not delete your Personal Data: if the processing is necessary, for example, for the fulfilment of a legal obligation, for the assessment, exercise or defence of a right in court;
  4. restriction of processing: obtain the restriction of processing of your Personal Data where one of the following cases provided for by art. 18 of the Regulation applies, including, for example: the dispute regarding the accuracy of your Personal Data, for the period necessary for the Data Controller to carry out the appropriate checks; the right to object to the processing, pending the appropriate checks by the Data Controller on the prevalence of the reasons that legitimise the processing;
  5. the portability of electronic data that are subject to automated processing: obtain from the Data Controller a copy of the Personal Data provided by you in a structured, commonly used and machine-readable format by an automatic device (example: computer and/or tablet); transmit your Personal Data to another subject, Data Controller, without hindrance from the Data Controller and on the basis of your precise authorisations and indications;
  6. object to the processing: stop the processing if this is carried out for the pursuit of a legitimate interest of the Data Controller (including profiling activities), unless there are legitimate reasons to proceed with the processing (reasons prevailing on the interests, rights and freedoms of the data subject), or the processing is necessary for the ascertainment, exercise or defence in court of a right;
  7. revocation of consent to processing, without prejudice to the lawfulness of the treatment based on the consent acquired before the revocation;
  8. to submit a complaint to the competent supervisory authority: (Italian) Data Protection Authority.

 

9. Contact information: for any clarification and to exercise their rights, data subjects may contact the Data Controller by writing to:

SDR PACK SpA

Via Segafredo, 6 - 36027 Rosà (VI)

or by writing an email to

sacchettificiodirosa@pec.it