Information relating to
the processing
of personal data

pursuant to articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR")

Dear Sir/Madam,

The company S.I.P.A. S.p.A., having its registered office at Via della Liberazione 1, San Giuliano Milanese 20098 (MI), Tax Code and VAT Code no. 06488870152, in its capacity as Data Controller (hereinafter “Company” or “Data Controller”), as defined below, is committed, in the performance of its activities, to the protection and confidentiality of all personal data.

1. WHAT DATA CAN BE COLLECTED

The Data Controller can collect the following categories of data that relates to you (the term “Data” shall mean all the categories of data listed below, considered jointly):

  • Personal and contact details – name, surname, date of birth, tax code number, address, telephone number, email address;
  • Payment details – information regarding payments (e.g. information regarding methods of payment such as current account, credit cards, IBAN and others).

2.HOW DO WE COLLECT YOUR DATA

The Data Controller collects and processes your Data based on the relationship existing with you.

Should you provide personal data on behalf of third parties, you shall make sure that such third parties have previously read this Personal Data Protection Policy.

Please inform us of any change in your Data so that we can always keep them updated.

3. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS CAN YOUR DATA BE USED

The Data Controller may process your Data for any of the following purposes, on such legal basis as stated from time to time.

a) Establishing and managing a relationship.

The Data Controller may process your personal and contact data in order to establish and manage a relationship with you.

Legal basis for the processing of data: fulfilment of contractual/pre-contractual obligations (Art. 6 (1) (b) of the GDPR).

Provision of data is mandatory to manage your request; in the absence of this data, we will not be able to process your request.

b) Compliance with obligations provided for by law, regulations or EU legislation, instructions/requests from authorities duly authorised by law and/or supervisory and regulatory authorities.

The Data Controller may process your Data to comply with the obligations to which it is subject.

Legal basis for the processing of data: fulfilment of a legal obligation to which the Data Controller is subject (art. 6 (1) (c) of the GDPR).

Provision of data is mandatory since, in the absence of this data, we will not be able to fulfil specific legal obligations and form a relationship with you.

c) Protection of rights in legal, administrative, or out-of-court proceedings and in disputes regarding services/activities offered.

The Data Controller may process your Data to protect its rights or to act or make claims against you or any third parties.

Legal basis for the processing of data: legitimate interest of the Company (art. 6 (1) (f) of the GDPR) to protect its rights.

In this case, no data needs to be provided, since the Data Controller will pursue this additional purpose, if necessary, by processing the data collected for the purposes referred to above, which are considered compatible with this purpose (also by reason of the context in which the data was collected, the existing relationship between you and the Company, the nature of the data and of the guarantees regarding their processing, and the connection between the purposes referred to above and this additional purpose).

4. HOW DO WE PROTECT YOUR DATA

The Data Controller implements appropriate security measures to ensure the protection, safety, integrity, and accessibility of your Data.

All your Data is stored on our protected servers (or on paper-based filing systems) or on those of our providers and can be accessed and used in compliance with our standards and security policies (or with equivalent standards for our providers).

5. HOW LONG DO WE HOLD YOUR DATA

We will only hold your Data for as long as necessary to fulfil the purpose for which it was collected or any other connected legitimate purpose, and, in any event, for no longer than 10 years from the date of termination of our relationship.

With regard to the Authority’s requests or the fulfilment of legal obligations, or should we have to protect our rights in court proceedings, to prevent frauds under b) and c), your Data will be held for as long as necessary to fulfil such obligations or requirements or to protect our rights.

Your Data will be irreversibly anonymised or disposed of in a safe manner as soon as it is no longer needed or there is no longer a legal basis for holding it.

6. WHO MAY WE SHARE YOUR DATA WITH

Your Data can be accessed by duly authorised persons and by external providers that may be designated as data processors, if necessary. In addition, for the performance of some data processing activities that are strictly connected with the management of our relationship, we may disclose the Data to other companies of the group, especially for administrative and accounting purposes, to manage personnel and ensure compliance with applicable procedures, to reply to and satisfy requests and legal claims, etc..

If you wish to see the list of the data processors and other parties to whom your Data is disclosed, you can contact the Company as described in the “Contacts” section.

7. INTERNATIONAL TRANSFERS

The Data Controller herewith advises you that your Data will be processed, for the purposes described in paragraph 3 above, in the European Union (EU) and in the European Economic Area (EEA) exclusively.

8. YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY

In certain circumstances you have the right to obtain from the Company:

a. access to your data, in compliance with art. 15 of the GDPR;
b. rectification or completion of inaccurate Data in our possession, in compliance with art. 16 of the GDPR;
c. erasure of your Data where there is no longer a legal basis for processing, in compliance with art. 17 of the GDPR;
restriction of processing of your Data where one of the circumstances set out in art. 18 of the GDPR applies;
e. a copy of the Data provided by you, in a format that is structured, commonly used and machine readable, and transmission of such data to another controller (the so-called portability), in compliance with art. 20 of the GDPR.

Right to object to processing: you have the right to object at any time, for reasons based upon your particular situation, to the processing of your Data by the Company if the processing is for the purposes of the Company’s legitimate interests. You can make an objection at privacy@bindidessert.it

If you have any questions about the processing of your Data by the Company or if you want to exercise your rights, please contact us at the address below. In addition, should you exercise any of the above rights, the Data Controller will verify that you are actually entitled to exercise those rights and generally respond within a month.

Should you feel that your personal data is being processed in breach of the provisions of the GDPR, you can either lodge a complaint with the Italian Data Protection Authority, using the contact details available on the website https://www.garanteprivacy.it/, or take appropriate legal action.

9. CONTACTS

For more information on your rights, if you wish to exercise any right, or for any queries regarding the processing of your Data, please contact us at the following e-mail address privacy@bindidessert.it

Last update: May 2022