Sigma Gi S.r.l., with registered office in Via V. Michelassi 4/6, village of Viottolone 50018 Scandicci (FI) Italy, Tax Code and VAT no. 00588190488 (hereinafter, "Controller"), in its capacity of data Controller, informs you, pursuant to art. 13 of Legislative Decree 30.6.2003 no. 196 (hereinafter, "Privacy Code") and art. 13 of Regulation (EU) no. 2016/679 (hereinafter, "GDPR") that your data will be processed lawfully, fairly and transparently with the methods and for the purposes set out below:
1.1 Your data are acquired by the company directly from the data subjects, and are processed: A) without your explicit consent (art. 24 a), b), c) Privacy Code and art. 6 b), GDPR), for the following Purposes: - to enter into contracts for the services offered by the Controller; - to fulfil pre-contractual and tax obligations deriving from the company’s relationships with you; - to comply with obligations laid down by law, regulations, European law or orders issued by the Authority (e.g. on anti-money laundering); - to exercise the Controller’s rights, for example the right of defence in Court;
B) with your prior, specific and separate consent (art.s 23 and 130 Privacy Code and art. 7 GDPR), for the following Marketing Purposes:
- to send you by email, mail and/or SMS text messages and/or phone calls, any newsletters, business communications and/or advertising material on products oir services offered by the Controller and for customer satisfaction surveys;
- to send you by email, mail and/or SMS text messages and/or phone calls, any business and/or promotional communications of third parties (e.g. business partners).
The data collected are processed as part of the ordinary activity of Sigma Gi S.r.l. for the following purposes: a) to establish relationships with its Customers (formalisation of Pre-orders), in particular to fulfil contractual, accounting and tax obligations established by law; b) to offer, promote and/or sell products and services of Sigma Gi S.r.l. and of any partner companies, whether using traditional communications or automated systems, in particular to send updated information on products bought.
1.2 Personal data are processed using manual, electronic, computerised and telematic tools, with logics that are strictly connected with the said purposes and, in any case, in compliance with the precautions, guarantees and necessary measures required by the applicable rules, designed to ensure the confidentiality, integrity and availability of Data and to avoid any material or non-material damages (e.g. loss of control over personal data or limitation of rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage). Personal data are processed on the basis of the data held by the company and with your commitment to report promptly any correction, addition and/or update.
You may withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of previous processing operations.
The Company, as far as necessary to pursue the purposes set out in paragraph 1, may acquire data which are defined by the Regulation as special data (e.g. data revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation). These special data may be processed: with the Data Subject’s explicit consent; to carry out the obligations or exercise specific rights of the Controller or of the Data Subject in the field of employment and social security and social protection law; to protect the vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving consent; where processing relates to personal data which are manifestly made public by the Data Subject; where processing is necessary for the assessment of the working capacity of the employee, or under the responsibility of a professional subject to the obligation of professional secrecy or by another person also subject to an obligation of secrecy; to establish, exercise or defend legal claims; In any case, any special data acquired will be processed in strict accordance with the Regulation and with any general and special measures adopted in this respect by the Supervisory Authority and, in any case, with the utmost confidentiality. Special data may not be disseminated and may communicated to the recipients referred to in paragraph 7 solely to pursue the declared purposes and in accordance with the obligations of confidentiality indicated above.
The Controller will process personal data for the time necessary to fulfill the purposes referred to above and in any case for no more than 10 years from termination of the relationship for Service and Marketing Purposes. Upon expiry of this period, the Data will be cancelled or transformed into anonymous form, unless they need to be kept to meet statutory obligations or to fulfil orders issued by Public Authorities and/or Supervisory Bodies.
Without prejudice to the data subject’s personal autonomy, the supply of data indicated as required in the form is strictly necessary to achieve the purposes referred to in paragraph a) point 1.1.
The refusal to supply data indicated as required will result in: the impossibility to establish or continue the relationship, or to carry out given operations, if your data are necessary to perform the relationship or the operation; the impossibility to carry out given operations that require the communication of data to subjects that are functionally related to the performance thereof; the non-communication of data to subjects who engage in further activities, not functionally related to performance of the relationship.
The personal data collected with the methods described herein may be communicated to companies related to Sigma Gi S.r.l, in particular to public Entities and Authorities, tax and labour advisors, in order to fulfil statutory obligations. People in charge of processing requests may acquire knowledge of such data. The said data shall not be disclosed.
Personal data are stored on physical or virtual servers, either internal or external, or on paper archives located at the offices of Sigma Gi S.r.l.. In so far as necessary to achieve the purposes referred to in paragraph 1, the Data Subject’s data may be transferred abroad to Countries/organisations outside the EU which ensure an adequate level of protection according to the European Commission or in any case on the basis of other appropriate safeguards, such as a contract or the Standard Contractual Clauses adopted by the European Commission for countries that do not ensure an adequate level of protection.
A copy of any Data transferred abroad and the list of Countries/organisations outside the EU to which Data have been transferred, can be requested to the Controller by using the contact details referred to in paragraph 8 below.
6.1 The supply of data for the purposes referred to in art. 1.1A) is required. In their absence, we will be prevented from ensuring the Services referred to in art. 1.1A).
6.2 The supply of data for the purposes referred to in art. 1.1B) is optional. You may thus decide not to supply any data or may subsequently refuse the processing of data previouly supplied; in this case, you will not receive any SMS text messages, newsletters, business communications and advertising material concerning the Services offered by the Controller. In any case, you will continue to be entitled to receive the Services referred to in art. 1.1A).
In your capacity of data subject, you may exercise the rights granted by art. 7 of the Privacy Code and art. 15 GDPR; specifically:
i. you may obtain confirmation as to whether or not personal data concerning you are being processed, even if not yet recorded, and their communication in an intelligible form;
ii. you may obtain information on: a) on the source of your personal data; b) the purposes and methods of processing; c) the logics applied in case of electronic processing; d) the identity details of the controller, processors and the designated representative within the meaning of art. 5, paragraph 2 of the Privacy Code and art. 3 paragraph 1 GDPR; e) the subjects or categories of subjects to whom personal data may be communicated or who may acquire them in their capacity of designated representative in the State territory, processors or persons in charge;
iii. you may obtain: a) the updating, rectification or, where interested therein, the integration of data; b) the cancellation, transformation into an anonymous form or blocking of data processed against the law, including those whose storage is not necessary for the purposes for which the data were collected or subsequently processed; c) the confirmation that the operations described in letters a) and b) have been brought to the knowledge, even as regards their content, of those to whom the data have been communicated or disseminated, unless this proves impossible or it involves a manifestly disproportionate effort compared to the protected right;
iv. you may object, in whole or in part: a) on legitimate grounds, to the processing of your personal data, even where pertaining to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for market surveys or commercial communications using automated call systems without an operator, emails and/or traditional marketing methods (phone and/or mail). It should be noted that the data subject’s right of objection, set out in point b) above, for the purpose of direct marketing using automated methods, extends to traditional ones; in any case, it does not prejudice the data subject’s right to object even only in part. Therefore, the data subject may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication. Where applicable, the data subject has the rights granted by art.s 16-21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge complaints with the Supervisory Authority.
The rights in question may be exercised, also through a representative of the data subject, by sending a request to the Controller, by registered letter or email, to the email address .
The Controller is: Sigma Gi S.r.l., acting through its legal representative, domiciled for his office at the registered office of the Company in Via V. Michelassi, 4/6, village of Viottolone 50018 Scandicci (FI) Italy. The up-to-date list of processors and persons in charge of processing is kept at the registered office of the Controller. The Controller has not appointed a Data Protection Officer since it is not required to do so.