Disclosure pursuant to Art. 13 of EU Regulation 2016/679 (GDPR)
This information is provided by Sis.Ter Srl, headquartered at Via Emilia 69, 40026 Imola (BO), as the Data Controller. This disclosure also applies to companies, portals and workshops controlled or participated in, specifically:
- UP Urban Planning Srl, headquartered at Via Emilia 67, 40026 Imola (BO).
- GeoSmart.Lab, owned by Sis.Ter Srl.
- Infocommercio.it, a web portal owned by Sis.Ter Srl.
The data collected are processed in a manner consistent with the principles of fairness, lawfulness, transparency, and protection of your privacy and rights.
Data processing is carried out by manual, telematic and computerized means; security measures are taken to avoid the risks of unauthorized access, destruction or loss, unauthorized processing or processing not in accordance with the purposes of collection.
The provision of personal data is necessary to ensure the sending of periodic company communications and the use of web services provided in SaaS. Such conferral is a necessary requirement and its absence may imply the inability to provide the relevant services.
Categories of personal data processed
Sis.Ter Srl will process the following personal data:
- First Name, Last Name, Referring Company/Entity, Company Location and Contact Information (phone, cell phone, email address), and in case of service delivery, Username and Password (encrypted), date-time last access, total number of accesses to the service, history of passwords used (encrypted).
Purpose and legal basis for processing
The data provided are processed for the following purposes:
1. the provision of services under the respective types of contracts entered into;
2. sending informative and promotional communications related to Sis.Ter’s services and main application areas, subject to consent;
The legal basis for processing is the contract for the provision of related services.
Categories of third parties to whom the data may be disclosed
For the execution of the contract and the fulfillment of legal obligations, Sis.Ter Srl may communicate personal data to the following categories of subjects:
- Subjects who perform services of a technical and organizational nature on behalf of Sis.Ter Srl;
- firms, consultants and companies as part of assistance and consulting relationships;
- public authorities, where the conditions are met.
These parties will process the data in their capacity as Joint Data Controllers or Data Processors on behalf of Sis.Ter Srl.
The updated list of Data Processors is available at the headquarters of Sis.Ter Srl and can be found through a special request made by email to the address indicated on the website www.sis-ter.it in the “Privacy” section.
Categories of third parties to whom data may be disclosed for business purposes
In order to send commercial communications or for profiling, with prior consent, Sis.Ter Srl may communicate personal data to the following categories of subjects:
- Entities or companies with which agreements and/or conventions are entered into
- other parties who are eligible
Duration of processing and retention period
Data will be processed only as long as necessary for the purposes listed.
Below are the periods of use and storage of personal data with reference to the different processing purposes:
1. The data processed for the provision of services will be retained by Sis.Ter Srl for the duration of the contract for the provision of the service and for a period of 10 years after the end of the contract, unless the need for further storage arises, to enable Sis.Ter Srl to defend its rights;
2. Data processed for the fulfillment of legal obligations will be retained by Sis.Ter Srl within the limits prescribed by law.
3. The data will be processed for sending informative, institutional and promotional communications until the consent given for this purpose is revoked;
4. The data will be subject to sending to subsidiary companies for the purpose of sending commercial communications until any withdrawal of consent given for this purpose;
Rights of access, deletion, limitation, and portability
Data subjects are granted the rights set forth in Articles 15 to 20 of the GDPR. By way of example, each interested party may:
1 .Obtain confirmation whether or not personal data concerning him or her is being processed;
2. Where a processing is taking place, obtain access to personal data and information about the processing as well as request a copy of the personal data;
3. Obtain rectification of inaccurate personal data and supplementation of incomplete personal data;
4. Obtain, if any of the conditions stipulated in Art. 17 of the GDPR, the deletion of personal data concerning him or her;
5. Obtain, in the cases provided for in Art. 18 of the GDPR, the limitation of processing;
6. Receive the personal data concerning him or her in a structured, commonly used, machine-readable format and request its transmission to another data controller, if technically possible.
Right of opposition
Each data subject has the right to object at any time to the processing of his or her personal data carried out in pursuit of a legitimate interest of the Data Controller. In the event of an objection, your personal data will no longer be processed, unless there are legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a legal claim.
Right to withdraw consent
Where consent is required for the processing of personal data, each data subject may, likewise, revoke the consent already given at any time. Consent can be revoked by emailing firstname.lastname@example.org.
Opposition to processing exercised through this mode also extends to the sending of commercial communications by postal service or telephone calls with an operator, without prejudice to the possibility of exercising this right in part, by objecting, for example, only to processing carried out through automated communication systems
Right to file a complaint with the Guarantor
In addition, each data subject may lodge a complaint with the Garante per la Protezione dei Dati Personali if he or she believes that his or her rights under the GDPR have been violated, in the manner indicated on the Garante’s website, accessible at: www.garanteprivacy.it.
Exercising the rights of the data subject is free of charge.
Where the person giving the data is under the age of 18, such processing is lawful only if and to the extent that such consent is given or authorized by at least one of the holders of parental responsibility for whom the identifying data and copy of the identification document are acquired.
Owner and Data Protection Officer (DPO)
The data controller of personal data is:
- Sis.Ter Srl, headquartered in Imola, Via Emilia 69, 40026 Imola (BO), in the person of President, Legal Representative and Data Protection Officer (DPO) Arch. Alessandro Seravalli.