We would like to thank you for having provided your personal data and give you the following information pursuant to the General Data Protection Regulation (GDPR) of the European Union.
Subject of the data processing and scope of application
The Data Controller shall process the “personal data” (specifically forename, surname, tax ID, VAT no., email address and phone number – hereinafter referred to as the “personal data” or “data”) communicated in the data subject when filling out the information request form and/or when signing up for the newsletter service offered by the Data Controller.
The personal data, pursuant to Article 2, paragraph 1, of the GDPR, shall be subject to fully or partially automated processing and to non-automated processing, if stored in an archive or intended to be included therein.
The “Controller” of the personal data processing is SICMI S.r.l – Via IV novembre 33, 43018 Sissa Trecasali (PR), Italy, hereinafter identified as the DATA CONTROLLER.
Following consultation of the website www.sicmi.it, hereinafter referred to as the SITE, the “personal data” communicated by the data subject when registering on the Data Controller’s website and/or when signing up for the newsletter service offered by the Data Controller shall be processed by the Data Controller in accordance with Regulation EU 2016/679.
Where processing must be carried out on behalf of the DATA CONTROLLER, the latter may appoint a DATA PROCESSOR, pursuant to Article 28 of the GDPR, which shall make sure to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject. The DATA PROCESSOR may, pursuant to Article 28, paragraph 4, of the GDPR, appoint SUB-PROCESSORS for the performance of specific processing activities on behalf of the DATA CONTROLLER.
Purposes of and legal basis for the processing
In its capacity as Data Controller, SICMI hereby informs all data subjects, pursuant to Article 13 of Regulation EU 2016/679 (hereinafter referred to as the “GDPR”), that the personal data provided by the data subject when filling out an information request form shall be processed for the purposes of services related to the production, distribution and sale of latex, nitrile, polyethylene and vinyl gloves, as well as for commercial purposes.
The data shall also be processed, subject to specific, dedicated consent pursuant to Article 7 of the GDPR, for marketing and sales purposes, including the sending of newsletters, event invitations, text messages, emails, post and telephone communications and/or advertising material about products or services offered by the Data Controller. In any case, pursuant to Article 7 of the GDPR, the data subject shall have to right to revoke their consent at any time.
Recipients or possible categories of recipients of the personal data
The personal data may be disclosed to:
employees or workers of the Data Controller who, operating under the direct authority of the latter, are appointed as data processors or persons authorised to perform processing, who shall receive adequate operating instructions to manage data processing practices; the same thing will take place – under the responsibility of the Data Processors appointed by the Data Controller – in relation to the employees or workers of the Data Processors; the staff have been duly trained in personal data security and privacy rights.
Data storage period
The data shall be stored for two years from the filling out of the information request form.
Rights of the data subject
Pursuant to Article 15 of the GDPR, the data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, the right to obtain access to the personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
if the data were not collected from the data subject, all information available about their origin;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
Where applicable, the data subject shall have the rights pursuant to Articles 16 (Right to rectification), 17 (Right to be forgotten), 18 (Right to restriction of processing), 19 (Notification obligation regarding rectification or erasure of personal data or restriction of processing), 20 (Right to data portability) and 21 (Right to object) of the GDPR, as well as the right to complain to the competent supervisory authority.
Methods of processing
The personal data shall be subject to fully or partially automated processing or, if subject to non-automated processing, the personal data shall be stored in an archive or intended to be included therein.
Processing linked to web services on the WEBSITE (physically resident on servers connected to the network) shall be carried out at the offices of the DATA CONTROLLER and shall be performed exclusively by employees and/or workers, or by any persons responsible for occasional maintenance operations. No data deriving from browsing on the WEBSITE shall be disclosed or communicated to third parties whose operations are not inherent to the management, functioning or control of the operations of the WEBSITE itself.
Pursuant to Article 8 of the GDPR, in the event of the application of Article 6, paragraph 1, letter a) (“the data subject has expressed his/her consent to the processing of his/her personal data for one or more specific purposes”), with regard to the direct offering of company services to minors, the processing of the personal data of the minor is lawful where the minor is at least 16. Where the minor is under 16, the processing is lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility.
Member States may establish a younger age for such purposes by law, provided that it is no younger than 13.
- The Data Controller shall use all reasonable means to verify in such cases that consent has been given or authorised by the holder of parental responsibility over the minor, in consideration of the available technologies.
3. Paragraph 1 is without prejudice to the general provisions of contract law of the Member States, such as rules on the validity, formation or effectiveness of a contract in relation to a minor.
Transfer of the data
The management and storage of the personal data shall take place on servers, located within the European Union, belonging to the Data Controller and/or to third-party companies duly appointed as Data Processors. The servers are currently located in Italy. The data shall not be transferred outside of the European Union. It is understood, in any case, that the Data Controller, where it deems it necessary, shall be entitled to change the location of its servers in Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller hereby guarantees that the transfer of the data outside of the EU shall take place in accordance with the applicable provisions of law, if necessary entering into agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
In order to exercise the aforementioned rights provided for by the GDPR, the data subject must send a written request by recorded-delivery letter with acknowledgement of receipt to the company.