Privacy Policy EN

SUMMARY OF THE PRIVACY POLICY

CONTACT DETAILS

Data Controller:

SIFRA S.R.L. (fiscal code, VAT number and Italian Business Register – Company Registration Office of Pistoia-Prato registration number 01441140470, REA PT-149831, share capital Euro 10.000,00, fully paid-up)

Registered Address: Viale dello Stadio, n. 20, 51100 Pistoia (PT) – Italy

E-mail address: info@sifra-srl.it

Registered e-mail address: sifrasrl@arubapec.it

PURPOSES AND SERVICES USED FOR PERSONAL DATA PROCESSING

Purpose of Personal Data processing:

Contact the User

Methods of Personal Data processing:

-Contact form

Personal Data: name, e-mail address, Cookies; Usage data; other types of Data.

Displaying content from external platforms / third parties

Tools:

-Google Fonts, Google Maps

Personal Data collected: Cookies; Usage Data; other types of Data.

M.S. (Content Management System) – installed plugins

Tools:

-WordPress.com

Personal Data: various types of Data.

***

PRIVACY POLICY

The Data Controller, as better defined below, takes care of its Users’ privacy and guarantees that the Personal Data processing is carried out in compliance with the privacy legislation in force, and in particular with the European Regulation no. 2016/679 and the national legislation on the personal data protection. Therefore, the Data Controller has adopted the following Privacy Policy in order to regulate and inform the Users of the Website www.sifra-srl.it of the methods and purposes of processing Users Personal Data.

The User is kindly requested to read this document every time he connects to the Website, in order to update on any revisions, additions and / or modifications, occasioned by regulatory requirements and / or by changes and / or additions to the functionality of the Website itself.

Data Controller:

Registered Address: Viale dello Stadio, n. 20, 51100 Pistoia (PT) – Italy

E-mail address: info@sifra-srl.it

Registered e-mail address: sifrasrl@arubapec.it

COLLECTED DATA TYPES

Among the Personal Data collected by www.sifra-srl.it as well as from all possible landing pages connected and / or correlated to it (hereinafter “the Website”), either independently or through third parties (see their privacy policy), there are: e-mails, various type of Personal Data as better specified below, cookies and Usage Data.

In the related sections of this Privacy Policy or through specific information texts displayed before the Data collection, the User can find all the details of each type of Data.

The Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically by the Website.

Unless otherwise specified, the Data requested are necessary to provide the Service.

In cases of optional Data, Users can refrain from communicating such Data, without any consequence on the availability of the Service or on its operation.

Users who have any doubt about which Data are mandatory are invited to contact the Data Controller.

The collection of any Cookies by the Website or by third party services used by the Website, unless otherwise specified, has the purpose of providing the Service requested by the User, and any other purposes described in this document and in the Cookie Policy, if available.

The User assumes liability for the third parties Personal Data obtained, published or shared through the Website and guarantees to have the right to communicate or share them, holding harmless the Data Controller for any related claim.

METHOD AND PLACE OF COLLECTED DATA PROCESSING

The Data Controller takes appropriate security measures to prevent Personal Data unauthorized access, disclosure, modification or destruction.

Data are processed by means of IT and/or telematic tools, by implementing organizational methods and strategies that are connected to the purposes of the activity.

Other subjects involved in the Data Controller organization and/or in the Website management (for example: administrative, commercial and marketing staff, lawyers, system administrators, etc.) or external subjects (for example: controlled and affiliated companies, accountants, external legal advisors, third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, e-mail marketing service providers, etc.) may have access to the Personal Data. These subjects may be also appointed Data Processors by the Data Controller, if necessary. The Processors updated list can always be requested to the Data Controller.

DATA PROCESSING LEGAL BASIS

The legal bases of the Data Controller processing of User’s Personal Data are specified below:

the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes, pursuant to GDPR, art. 6, paragraph 1, letter a). Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User’s consent or another of the legal bases specified below, as long as the User does not object (“opt-out”) to such processing. However, this is not applicable if the Personal Data processing is governed by European legislation on the protection of personal data;

Personal Data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, pursuant to GDPR, art. 6, paragraph 1, letter b);
Personal Data processing is necessary for compliance with a legal obligation to which the Data Controller is subject, pursuant to GDPR, art. 6, paragraph 1, letter c);
Personal Data processing is necessary in order to protect the vital interests of the Data Subject or of another natural person, pursuant to GDPR, art. 6, paragraph 1, letter d);
Personal Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, pursuant to art. 6, paragraph 1, letter e) of the GDPR;
Personal Data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a child, pursuant to GDPR, art. 6, paragraph 1, letter f).

Pursuant to GDPR, art. 6, the Personal Data acquired by the Website without the consent of the interested party will be processed by the Data Controller to manage and maintain the Website, to allow the use of Services, to satisfy Users’ requests, to allow effective communication with customers, to fulfill the obligations established by law, regulations, community legislation or orders of the Authorities or in any case for purposes connected to the activities and functions of the Data Controller, or to prevent or discover fraudulent activities or abuses to the detriment of the Data Controller through the Website.It is always possible to ask the Data Controller to specify the legal basis of each Processing and, in particular, whether the Processing is based on the law, provided for by a contract, or necessary to conclude a contract.

PLACE OF PERSONAL DATA PROCESSING

The Data are processed at Data Controller Offices and/or legal and/or operational headquarters and/or at any other place where the parties involved and/or (external) Data Processors or IT systems / servers are located.

For more information, the User is invited to contact the Data Controller.

The User’s Personal Data may be transferred to a different country from the User one. To obtain further information on the processing place, please see the Privacy Policy related section.

The User has the right to obtain information about the legal basis connected to any transfer of Personal Data to a third country outside the European Union or to any international organization governed by public international law or consisting of two or more countries (e.g. the UN) as well as regarding all the security measures adopted by the Data Controller to protect his/her Personal Data. Concerning such Personal Data transfers, please see the Privacy Policy related sections or request information to the Data Controller (see “CONTACT DETAILS” section).

DATA STORAGE PERIODThe Data are processed and stored for the time required by the collecting purposes.The User can contact the Data Controller (as specified in the “CONTACT DETAILS” section) to obtain further information regards the Personal Data processed retention period.At the end of the retention period, the Personal Data will be deleted.

Therefore, on expiry of that period, the right of access, erasure, rectification, data portability, object, restriction of processing can no longer be exercised.

PURPOSE OF COLLECTED DATA PROCESSING

The User’s Personal Data are collected to allow the Data Controller to provide its Services, as well as for the following purposes:

Contact the User
Displaying content from external platforms / third parties
M.S. (Content Management System) – installed plugins

To obtain further detailed information on these purposes and on the Personal Data processed for each purpose, see the following section.

DETAILS ON THE PERSONAL DATA PROCESSING

1) Contact the User:

In order to contact the User, the Data Controller may use the Personal Data collected with the following tools:

-Contact form

Personal Data: name, e-mail address, Cookies; Usage data; other types of Data.

Displaying content from external platforms / third parties

This service allows you to view content hosted on and interact with external platforms directly from the Website, by means of the Redirect / Sharing buttons.It may collect traffic data relating to the pages where it is installed, even if it is not actually used.

Google Fonts

Google Fonts is a font style displayer service owned by Google Ireland Limited, which allows this Web-Site to integrate them into its pages. For this purpose, if the User has not cached the specific fonts required by this Web-Site in his browser cache, your browser establishes a direct connection to Google’s servers to download the correct files.

In this case, Google can identify, for example, your IP address which receives the characters to be displayed.

For more information, please visit Google privacy policy: https://policies.google.com/privacy?hl=en .

Personal Data: Cookies; Usage data; other types of data.

Google Maps

Google Maps is a map viewing service managed by Google LLC or by Google Ireland Limited (it depends on the location in which the Website is viewed), which allows the Website to integrate such content within its pages.

Personal Data: Cookies; Usage data; other types of Data.

In relation to the Personal Data processing methods and place, the User is invited to carefully see the related Privacy Policy.

Please note that the data may also be processed outside the EEA.

Google uses the standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission.

M.S. (Content Management System) – installed plugins

The Website is created using C.S.M. WordPress.

The User is invited to read carefully the related privacy policy.

Personal Data: Cookies; Usage Data; other types of Data.

By means of the WordPress platform the following plugins have been installed:

Welcome Message and Disclaimer Plugin for WordPress

The CreativeMinds Plugin, specifically for WordPress, which allows you to add multiple welcome messages, custom messages, legal disclaimers and add new messages as needed while addressing any specific page or post on the WordPress site or apply popups on all pages of the site.

For further information, please visit and read the privacy policy at the following address:

https://www.cminds.com/privacy/

Complianz Privacy Suite (GDPR/CCPA) premium

The Plugin of Complianz B.V., specifically for WordPress, serves to create a cookie banner and a cookie policy in accordance with the results of the integrated cookie scan.

For further information, please visit and read the privacy policy at the following address: https://complianz.io/legal/privacy-statement/?cmplz_region_redirect=true&cmplz-region=eu

LiteSpeed Cache

Lite Speed Technologies Inc. plugin, specifically for WordPress, is an all-in-one site acceleration plugin, featuring an exclusive server-level cache and a collection of optimization features.

For further information, please visit and read the privacy policy at the following address: https://www.litespeedtech.com/company/privacy-policy

Polylang

The WP Syntex Plugin, specifically for WordPress, allows websites to publish content in multiple languages.

For further information, please visit and read the privacy policy at the following address: https://polylang.pro/privacy-policy/

Yoast SEO

Yoast plugin, specifically for WordPress, allows you to manage the technical SEO aspects of the Site in order to achieve a higher position in search engines.

For further information, please visit and read the privacy policy at the following address: https://yoast.com/privacy-policy/

DATA COMMUNICATION AND TRANSFER

The Data Controller processes Personal Data with the utmost care and confidentiality. User data may be disclosed to third parties.

The Data Controller may use (external) Data Processors and service providers during the Data Processing in order to provide the services such as, for example, authentication services, hosting and maintenance, data analysis services, e-mail messaging services, delivery services, payment transactions management, creditworthiness, address and e-mail checking.

Some of the Data Processors / service providers referred to in the sections above are located outside European Union (EU) / European Economic Area (EEA). In these cases, the Data Controller guarantees that:

• the country located outside EU/EEA is considered a safe third country;

• the Data Processor / service provider has adhered to the European Commission’s standard contracts relating to the Personal Data transfer to third countries;

• the Data Processor / service provider is certified according to art. 40 of the GDPR or

• the Data Processor / service provider has a set of approved binding corporate rules.

The User’s Personal Data may be communicated or shared in order to comply with a legal obligation or with the indications of a Court / Judicial Authority or any other competent body or in order to enforce or apply the Website Privacy Policy and / or other agreements or to protect any rights or safety of the Data Controller, Data Processors, service providers and / or other third parties or to protect against fraud or reduce credit risk.

USER RIGHTS

With reference to the Data processed by the Controller, the User can exercise the following rights:

• right to withdraw consent at any time. The User can revoke the previously expressed consent to his/her Personal Data processing (see GDPR, art. 7);

• right of access. The User has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him/her are being processed, and, where that is the case, access to his/her Personal Data and receive all the information about them (including the purposes of the processing), as well a copy of the aforementioned Data (see GDPR, art. 15);

• right to rectification of his/her Personal Data. The User has the right to obtain from the Data Controller without undue delay the rectification of inaccurate Personal Data concerning him/her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal Data completed, including by means of providing a supplementary statement (see GDPR, art. 16);

• right to erasure (“right to be forgotten”). The User has the right to obtain from the Data Controller the erasure of Personal Data concerning him/her without undue delay in these events: if the Personal Data are no longer necessary or the User withdraws consent on which the processing is based and there is no other legal ground for the processing or if the User objects to the processing or the Personal Data have been unlawfully processed or if they have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject or if the Personal Data have been collected in relation to the offer of information society services (see GDPR, art. 17);

• right to restriction of processing. The User shall have the right to obtain from the Data Controller restriction of processing in these events: if the accuracy of the Personal Data is contested by the User or if the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use or if the User who has objected to processing is waiting for the verification whether the legitimate grounds of the Data Controller override those of the User (see GDPR, art. 18);

• right to data portability. The User has the right to receive the Personal Data concerning him/her, which he/she has provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those Data to another data controller without hindrance from the Data Controller to which the personal data have been provided (see GDPR, art. 20);

• right of object to Personal Data processing. The User can object at any time to processing of personal data concerning him/her (when it’s carried out on a legal basis other than consent). In particular, where Personal Data are processed for direct marketing purposes, the User has the right to object at any time to processing of Personal Data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing (see GDPR, art. 21);

• right to lodge a complaint with the competent supervisory authority. The User can lodge a complaint with the competent Personal Data protection supervisory authority (in Italy: www.garanteprivacy.it) and before the competent courts of the Member States (see GDPR, art. 77 and following).

How to exercise your rights

To exercise the aforesaid rights, the User, without paying any fees or charge (except for the provisions of GDPR, art. 12 paragraph 5), can address a request to the Data Controller and precisely to:

CONTACT DETAILS

Registered Address: Viale dello Stadio, n. 20, 51100 Pistoia (PT) – Italy

E-mail address: info@sifra-srl.it

Registered e-mail address: sifrasrl@arubapec.it

Cookie Policy

The Website uses Cookies. For more detailed information, the User is invited to read the Cookie Policy.

Further information on the Data processingDefense in court

The User’s Personal Data may be used for defense by the Data Controller in judicial proceedings or in preliminary stages prior to their possible initiation, against abuses in the use thereof or in related Services by the User.The User declares to be aware that the Data Controller may be obliged to disclose / communicate the Personal Data by order of the public authorities.

Specific information

Upon a User’s request, in addition to the information contained in this Privacy Policy, the Website can supply additional and targeted information about special Services and about the collection and processing of Personal Data.

System log and maintenance

For needs related to operation and maintenance, the Website and any third-party Services it uses may collect system logs, which are files that record the interactions and which may also contain Personal Data, such as User IP address.

Information not contained in this Privacy Policy

Further information related to the Personal Data processing can be requested at any time at the Data Controller (see the “CONTACT DETAILS” section).

Changes to this Privacy Policy

The Data Controller reserves the right to modify or update, at any time, this Privacy Policy.The User is invited to check this page regularly to ensure he/she always knows the latest version of this Privacy Policy (see the “Last update” date at the end of this page).If the changes affect Personal Data processing whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.

DEFINITIONS AND LEGAL REFERENCES

“Cookie” or “Cookies”

Small portion/s of data stored in the User’s device.

“Personal Data” or “Data”

Any information relating to a Data Subject.

“Special categories of Personal Data”

Any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

“Usage Data”

All the information collected automatically through the Website and/or by third-party applications, including: IP addresses or domain names of the computers used by the User to connect to the Website, addresses in URI (Uniform Resource Identifier), time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.), the country origin, browser and operating system features, time features (for example, time spent on each page), the details about the actions taken (sequence of the pages the User has visited, operational system parameters and IT environment).

“Data Subject”

The identified or identifiable natural person to whom the Personal Data refers. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological genetic, mental, economic, cultural or social identity of that natural person.

“Profiling”

Any form of automated processing of Personal Data consisting of the use of Personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Service” or “Services”

The Service/Services provided by the Website as specified in the relative terms (if available) on this Website/application.

“Website”

The hardware and software tool through which the Personal Data of Users are collected and processed, and precisely www.sifra-srl.it, as well as all possible landing pages connected and / or correlated to it.

“Controller” or “Data Controller”

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.The Data Controller, as better identified above, unless otherwise specified, is the owner of the Website.

“Processing” or “Data Processing”

Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“European Union” or “EU”

Unless otherwise specified, any reference to the European Union contained in this document is intended to be extended to all current member states of the European Union and of the European Economic Area (so-called EEA).

“User” or “Users”

The individual or individuals who use the Website/application. Unless otherwise specified, he/she coincides with the Data Subject.

Legal references

This Privacy Policy has been drawn up on the basis of current legislation on the subject (including national legislation) and in particular in accordance with the provisions of Regulation (EU) 2016/679 (so-called GDPR), articles 13 and 14.

Last update: March 30, 2023.