Privacy disclosure in accordance with Regulation (EU) 2016/679 (the “GDPR”), Articles 13 and 14
The correct management of your data and the trust you place in our products and services, are a priority. To give you the best we can in everything we do, we strive towards continuous improvement; and this is precisely why we collect, use, transfer and store your data. You are entitled to receive transparent information about how we process and protect this data; please spend just a few minutes reading our privacy disclosure and do not hesitate to contact us if you have any questions or doubts. When you visit our website, we may ask you to provide us with some basic personal information, like your name, telephone number, e-mail and address. We keep your contact details to hand so as to be able to identify you the next time you visit and you will therefore only need to provide this information once. This document (the “Disclosure”) provides indications only as to how SIVER SRLand/or other subjects identified for the purposes set out below, process information – relating to users of our services available from the website www.siver.it. The disclosure has specifically been provided in accordance with Regulation EU 679/2016 (the “GDPR”) and only regards said website; it does not, therefore, regard any websites that can be reached by the user through the links featured there.
1. Identity and contact details of the Data Controller
The Data Controller – i.e. the legal entity that determines the purpose and means of personal data processing – is: Siver s.r.l.
2. Categories of personal data processed
Below is the information that Siver s.r.l.may process through the website, within the limits of the purposes and methods described in this Disclosure, and which can be considered as personal data in accordance with applicable legislation. In particular:
During normal operation, the computer systems and software procedures used to allow this website to function acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected for association with identified data subjects, but its nature may, through processing and association with data held by third parties, enable the users to be identified. This category of data includes the IP addresses or domain names of the computers used by the users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources required, the time of the request, the method used to submit the request to the server, the dimension of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user. This data is used purely to check that the website is functioning correctly.
Data supplied voluntarily by the user
The optional, specific and voluntary sending of e-mail to the addresses given on this website entails the subsequent acquisition of the e-mail address and any personal data included in the electronic communication, as well as data of the sender/user, necessary in order to reply to requests or supply the service. Specific full or summary disclosures will be given for specific services, where offered.
3. Purpose and legal basis for processing
The personal data supplied by users submitting requests for the sending of informative materials is used purely in order to provide the service requested and may be disclosed to employees and collaborators of Siver s.r.l. who have been duly instructed as to the cautions and guarantees to be adopted in processing the information in question and third parties providing accessory or instrumental services to the activity of Siver s.r.l. with which specific agreements have been stipulated in fulfilment of the legislative requirements. Additional purposes will be indicated to users according to specific services, where proposed, as used starting from the dedicated pages and available on this website.
4. Processing methods
Personal data will be processed using manual, computerised or electronic tools able to guarantee its security and confidentiality, by staff who have been duly instructed in respect of the legislation. With the user’s consent, contact may therefore be made by e-mail, text message or using any equivalent electronic means or by post or an operator call to all the contact details supplied. If you prefer to be contacted using only one or some of these means, please specifically request this by e-mailing email@example.com
The Company uses IT techniques for the direct acquisition of personal data that identifies the user. For information on the types of cookies used, please read our “Cookies Policy”, available at the following link.
5. Scope of communication of personal data
Depending on the processing the user may authorise, personal data may be disclosed to subjects providing services relating to the activities of Siver s.r.l. as indicated in the specific disclosures. The information may also be disclosed each time communication is necessary in order to fulfil requests made by the legal authority or public security. Under no circumstances will the personal data collected be disseminated.
6. Data storage period (criteria for determination)
Except for personal data supplied voluntarily by the user and for which specific disclosures will be provided, information relating to browsing will be kept for up to six months from when it is collected; this is without prejudice to where needing to be used to assess liability in the event of cyber crime to the detriment in the website, in which case the information will be kept available to the authority for the time necessary to guarantee Siver s.r.l. the right to a defence.
7. Your rights
Applicable legislation grants users a series of rights, including, merely by way of example, the right:
- to access your personal data
- to request that it be rectified
- to have it updated and erased, if incomplete, incorrect or collected in breach of the law
- to ask that processing be limited to part of the information regarding you
- to have information regarding you sent to yourself or third parties indicated (termed “data portability”)
- to object to processing on legitimate grounds
- to revoke consent at any time by submitting an informal written request to this end to any of the contact details given under points 1 and 2.
Siver s.r.l.reminds you that if dissatisfied with the response received to a request, the user can contact and make a complaint to the Data Protection Authority (www.garanteprivacy.it) in the manner envisaged by applicable legislation.
CLIENT PRIVACY DISCLOSURE
in accordance with Regulation (EU) 2016/679 (the “GDPR”), Articles 13 and 14 This document (the “Disclosure”) intends to provide you with information on the processing, as specified hereto, of the data you supply to Siver s.r.l., by itself and/or other subjects identified for the purposes set out below. The Disclosure is made pursuant to EU Regulation no. 679/2016 (the “GDPR”).
1. Who is the Data Controller and how can it be contacted? Are there any joint data controllers?
Siver s.r.l. Via S.di Giacomo, 30 06073 – Corciano PG – Tel. +39 0755068008 – firstname.lastname@example.org – VAT no. 02290010541 There are no joint data controllers. This means that there are no other controllers that jointly determine the methods and purposes of the processing of your personal data.
2. How do we collect personal data?
If you contact us directly, for example via our website, e-mail or over the telephone, using our direct line, to ask for information about our products. If you are aged under 18 years old, please do not provide us with any personal data.
3. What categories of personal data do we collect?
The following categories of personal data regarding you can be collected using the various contract services and channels described in this Privacy Disclosure:
- Contact data – information such as name, address, telephone number and e-mail address.
- Payment data – information about the payment systems you have chosen, such as credit card number, debit card, IBAN details, etc.
Therefore, in accordance with the terms and conditions described in this Disclosure, information can be processed that may be considered as “Simple or common personal data”; this includes your general details, bank details and contact details (such as, for example, mobile telephone number and e-mail address, hereinafter, jointly, the “Personal Data”) and as “Special Data”, insofar as characterised, in accordance with the GDPR, by a specific nature; it may refer, in fact, to physical health and, more generally, offer information about the user’s health. For ease of reference, and unless otherwise specified, in this Disclosure, the expression “Personal Data” is used with reference to all your personal data.
4. What is the purpose and legal basis for processing your personal data (purpose and legal basis for processing)?
The Personal Data collected will be processed for the purposes and in accordance with the following legal basis:
|Purposes||Legal basis for processing|
|Categories a), b) (where relevant): to manage your contract or implement pre-contractual measures (such as, for example, a request for information or preventively to the purchase of a product). In this case, you are free to choose whether or not to confer your Personal Data, including any special data, however failure to do so will make it impossible to establish said contract and therefore fulfil your request.||The processing is necessary in connection with the fulfilment of a contract to which you are party.|
5. How is your Personal Data processed?
Personal data will be processed using manual, computerised or electronic tools able to guarantee its security and confidentiality, by staff who have been duly instructed in respect of applicable legislation. In addition to cases where we may need to contact you for needs relating to the management of the contract, if you agree to the processing of your data for the purposes described under point 3, you may be contacted by e-mail, text message or any equivalent electronic means or by post or called by an operator, using all the contact details supplied. If you prefer to be contacted using only one or some of these means, please specifically request this by e-mailing email@example.com
6. To whom do we disclose your data?
Your Personal Data may be transferred to:
|Recipients of the Personal Data||Purpose|
|Authorised internal staff who have been specifically instructed||Operative management of activities|
|Third party subjects or companies supplying services in support of the company’s activities or professionals with whom specific agreements have been stipulated.||Support in activity management|
|Any bodies and/or authorities appointed by the law||Legislative obligation|
The information may also be disclosed each time communication is necessary in order to fulfil requests made by the legal authority or public security. The data collected will not, under any circumstances, be disseminated. No transfers will be made outside EU territory, not even in order to use cloud services.
6. Data storage period (criteria for determination)
Below is a table showing the length of storage time (or criteria for determining such) of the Personal Data:
|Categories a), b)||For the entire duration of the contract and thereafter for 10 years (ordinary provision)|
In any case, where envisaged, data will be stored for the length of time prescribed by relevant legislation.
7. What are your rights?
Below are the rights assigned to data subjects: requests for access, correction and erasure; you have the right to:
- ask us to confirm whether or not we are processing your personal data
- receive information about how we process your data
- obtain a copy of your personal data
- ask us to update or correct your personal data
- ask us to erase personal data, in certain circumstances
Right to oppose processing; you have the right to ask that processing be ceased of your personal data:
- for marketing purposes
- for statistical purposes
- where said processing is based on our legitimate commercial interests and save where we can show a legitimately grounded reason for said processing or if processing of your personal data is necessary in order to assess, exercise or defend a right in a court of law.
Right to restriction of processing; you have the right to ask that processing be restricted of your personal data:
- if a request you have made to update or correct your personal data is being assessed or answered
- if such processing is in conflict with the law and you do not wish your data to be erased
- if we no longer need your data but you wish us to store your data in order to assess, exercise or defend a right in a court of law
- if you have sent an objection to processing on the basis of our legitimate commercial interests and are awaiting an answer from us.
If we should restrict processing of your personal data in accordance with your request, we will inform you before involving you once again in such types of processing. Requests for data portability: you have the right to ask us to provide you or a third party you designate some of your personal data in a commonly-used electronic format. However, please note that the rights of data portability only apply to personal data we have obtained directly from you and only where our processing is carried out in an automated manner, based on consent or the enforcement of a contract. Sending of requests: your requests can be sent to firstname.lastname@example.org. We will answer all requests of this type within 30 days of receipt, unless attenuating circumstances apply, in which case it may take up to 60 days to receive a reply. Please note that we will advise you if we expect it to take us more than 30 days to provide you with an answer However, some personal data may be excluded from these rights in accordance with applicable data protection legislation. Moreover, we will not answer any request if we are unable to suitably identify the party making the request. Where envisaged by legislation, we may charge you a reasonable sum for subsequent copies you may request of the data. Right of revocation of consent: you have the right to revoke consent to any processing we carry out exclusively on the basis of your consent (such as, for example, the sending of direct marketing materials to your personal e-mail address). You can revoke your consent to marketing activities by following the instructions given in any marketing e-mail or by writing to…. Revocation of consent will not, in any case, prejudice the lawful nature of processing carried out on the basis of the consent given prior to said revocation. Right to make a complaint to the supervisory authority: you have the right to make a complaint in accordance with the terms and conditions of the law to the supervisory authority (the Data Protection Authority). We do not use automated decision-making systems and we do not profile.
SUPPLIER PRIVACY DISCLOSURE
in accordance with Art. 13 and 14 of Regulation (EU) 2016/679 Dear Supplier, As Data Controller, and in accordance with Articles 13 and 14 of Regulation (EU) 679/2016 relative to personal data protection (hereinafter the “Regulation”), SIVER s.r.l.hereby informs you of the following.
Type of personal data
The data you send in connection with your staff involved in the execution and management of contracts with the Company, including name, surname, contact details, e-mail addresses, professional qualifications, where relevant, any data relating to payslips and contributions paid and up-to-date in regard to staff you employ to carry out services for the Company, where such data is necessary in order to verify compliance with regulations protecting workers included in tender contracts, any data pertaining to legal representatives, including any legal data necessary in compliance with the law (hereinafter the “Data Subjects”) – whether supplied directly by yourselves or obtained from public sources (such as chambers of commerce) – will be processed by the Company in compliance with the Regulation and national legislation, including any provisions as may be issued by the supervisory authority, where applicable. In the event of suppliers that are natural persons, in addition to the data highlighted above, data relating to invoicing and payments may also be processed (including VAT number and tax code), bank data, registration with official rolls or registers and economic-financial data (e.g. financial statements).
Purpose of processing
The Company processes the data of Data Subjects in going about its economic and commercial business for purposes connected with the potential selection, establishment, management and execution of contracts (including the management of pre-contractual relations and/or inclusion on the Company’s vendor list). More specifically, data will be processed in order to fulfil legal obligations (such as tax and accounting obligations, obligations deriving from the regulations of tender contracts and health and safety at work), to open the supplier database, for the administrative management of contracts, including the management of payments and invoices, for obligations relating to the supply of goods or services and to handle any disputes, carry out internal controls (safety, productivity, quality of service, equity integrity) and certification. Data of Data Subjects may also be processed for periodic assessments of the existence of ethical and legal requirements established by the Company in its Code of Ethics and during audits, also at your offices, of quality, process, product or sustainability. For the above purposes, specific consent must be acquired insofar as the Company can avail itself of the exonerations pursuant to Art. 6, paragraph 1, letters b) and c) of the Regulation. In the event of suppliers that are natural persons, for the processing of economic-financial data, as well as commercial information and financial statements, the Company avails itself of the exoneration pursuant to Art. 6, paragraph 1, letter f) (legitimate interest of the Company in verifying the economic-financial solidity of its business partners).
Nature of conferral and methods of the processing
Conferral of the data of the Data Subjects is necessary and, for lack thereof, no commercial relations can be established, pre-contractual obligations cannot be correctly fulfilled and, if a contract has already been stipulated, it will be impossible to fulfil the ensuing obligations and commitments. Data of the Data Subjects will be processed by the Company and its authorised staff, mainly staff of the Purchases Department and Administration and Finance Department but also by other staff departments as may be necessary, using electronic and manual systems, in accordance with principles of correctness, loyalty and transparency as envisaged by applicable legislation on personal data protection and protecting the confidentiality of the subject to whom the data refers using technical and organisational security measures such as to guarantee a suitable level of security (for example preventing access to unauthorised subjects except in cases where this is a legal obligation, or the capacity to restore access to data in the event of physical or technical incidents).
Data will be stored in compliance with applicable legislation for personal data protection, for as long as is necessary to fulfil the above purposes. More specifically, data will be stored for the entire term of the contract and after its termination, in compliance with statutory and tax obligations (e.g. the statutory obligation to keep invoices and corporate documentation for at least 10 years). Data acquired during the selection process, if no contract should subsequently be stipulated with the Company, will be kept for 5 years from when it was acquired.
Data communication, dissemination and transfer
Without prejudice to communications made in the fulfilment of legal and contractual obligations, data may be disclosed to tax or legal consultants, Company collaborators, credit institutes, public entities and administrations, where necessary, and to subjects legally entitled to receive such information, Italian and foreign legal authorities and other public authorities, for purposes connected with the fulfilment of legal obligations or in order to comply with commitments made and ensuing from the contract, including to ensure a proper defence in legal proceedings. Such subjects shall operate as autonomous data controllers. Contact details may, on an occasional basis, be disclosed to additional clients and/or suppliers of the Company, for example where needing to collaborate with such subjects in order to fulfil contractual obligations. The Company also uses third parties to provide some services that entail the processing of personal data, such as, for example, suppliers of replacement archiving services or quality, process and product audit services. Such subjects operate as data supervisors on the basis of specific, appropriate instructions in terms of the method of processing and security measures indicated in specific contractual documentation. A complete, up-to-date list of subjects processing personal data as data supervisors is available on request from the Company, by contacting us at the details given below. Data may be disclosed to other group companies, including investees and subsidiaries, both within the European Union and outside it, where necessary for internal administrative purposes and group coordination, or where they need to collaborate in the fulfilment of contractual obligations. In this case, in respect of transfers outside the European Union, the company undertakes to guarantee suitable contractual levels of protection and safeguarding, in accordance with applicable legislation, including the stipulation of typical contractual clauses (A copy can be requested of the commitments made with group companies in the context of such clauses, by sending a request to the Company to this end, at the contact details given below). Personal Data will not be disseminated.
Rights of the data subjects
In connection with the processing of the data described therein, data subjects can exercise the rights envisaged by the Regulation (Articles 15-21), including:
- receive confirmation of the existence of personal data and access its content (right to access);
- update, amend and/or correct personal data (right to rectification);
- request the erasure or restriction of processing of data processed unlawfully, including that not needing to be stored in connection with the purposes for which the data was collected or otherwise processed (right to be forgotten and right to restriction):
- except where processing is envisaged in fulfilment of a legal obligation, to object to processing, in the cases envisaged by the Regulation (right to object);
- revoke consent, where given, without prejudice to the lawful nature of the processing, based on consent given prior to revocation;
- receive a copy of data regarding you in electronic format, given in the context of the contract or ask that such data be transferred to another data controller (right to data portability).
In order to exercise such rights or to request additional information in relation to this disclosure, the Data Subject may contact the Data Protection Officer or legal representative, by e-mailing email@example.com or sending a letter recorded delivery with advice of receipt to the registered office of the Company, at the addresses given, sending the request to the attention of the Data Protection Officer or legal representative pro-tempore of SIVER s.r.l. In order to exercise such rights or to request additional information in relation to this disclosure, the Data Subject may contact the Data Protection Officer or legal representative, by e-mailing firstname.lastname@example.org or sending a letter recorded delivery with advice of receipt to the registered office of the Company, at the addresses given, sending the request to the attention of the Data Protection Officer or legal representative pro tempore of SIVER s.r.l. Name and contact details of the Data Controller Siver srl – Via S.di Giacomo, 30 – 06073 – Corciano (PG) – Tel. +39 0755068008 – email@example.com – VAT no. 02290010541 Data Subjects may also make a complaint to the Authority at any time in the event of any breach of personal data protection regulations.