HOW WE USE YOUR DATA

(Article 13 of Decree Law 196/2013 and articles 13 and 14 of EU Regulation 2016/679)

Dear guests, we wish to provide some necessary information about the methods and purposes related to the processing of your personal data.

1. Nature and provision of data

The provision of personal data to SIGMA L2 PAOLO GRANCHI SRL is an essential fulfillment for the execution of the contract / mandate. If, therefore, you refuse to provide the necessary data, the contract / mandate cannot be processed or will be immediately resolved by your fact and fault.

2. Purpose of the processing

We inform you that your personal data will be used for the following purposes of processing:

Active invoicing (Estimates, Contracts, Orders, DDT, Mandates, Parcel notices, Invoices), Data retention period: 10 years
General accounting and VAT management, Data retention period: 10 years
Transmission of separate receipts and bank advances, Data retention period: 10 years
Management of depreciable assets, data retention period: 10 years
Management of financial statements (operating and consolidated), data retention period: 10 years
Inventory Book Management, Data Retention Period: 10 Years
Customer accounting management and credit recovery, Data retention period: 10 years
Telematic transmission Invoice data communication, Data retention period: 10 years
Telematic transmission Declaration of intent supplier of regular exporters, Data retention period: 10 years
Telematic transmission Intrastat model, Data retention period: 10 years Customer Relationship Management (CRM), Data Retention Period: Undefined
Direct Marketing, Data Retention Period: Undefined connected to the implementation of obligations related to legislative or contractual obligations: The interested party has given his consent to the processing of his personal data for specific purposes
Treatment for the execution of a contract of which the person concerned is a party or pre-contractual measures
Treatment to fulfill a legal obligation to which the data controller is subject

2.A. For Customers and Subscribers to the Newsletter

The interested parties, through a special form located at the bottom of the site will provide E-MAIL ADDRESS:

General information on services and products.
News concerning the sigmal2.it website.
Promotional / commercial communications.

The Data Controller SIGMA L2 PAOLO GRANCHI SRL will process your personal data only insofar as they are indispensable for the purpose of the aforementioned purposes, in compliance with the provisions of current legislation regarding the protection of personal data and in accordance with the provisions of the general authorizations of the Authority for the protection of personal data.

3. Methods of processing

The personal data of the interested party, in particular:

Name, Fiscal Code, VAT number, addresses, e-mails, credentials, other identifying elements - Data category: Identifiers - Personal data: common
Economic and financial data - Data category: Economic - Personal data: common
Bank references - Data category: Identifiers - Personal data: common
Name, addresses, e-mails, credentials, Web limits - Data category: Identifiers - Personal data: common they will be treated with a very high level of security.

All the protection measures indicated by the legislation on personal data protection and by the applicable legislation as well as those determined by the Data Controller are implemented. In particular, your data will be processed by:

Technological device, Server
Technological device, Desktop computer
Technological device, Virtual machine
Technological device, Backup system

The data will be processed by the authorized categories indicated below:

External manager / sub-manager of the treatment
Internal manager / sub-manager of the treatment In charge of processing
Manager in charge of processing

3.A. Processing of personal data through the website www.sigmal2.it

We inform you that the personal data object of treatment will be constituted - also according to its decisions on how to use the services made available - by an identifier such as the name, the email address, an identification number, and other data suitable to make it identified / identifiable, depending on the type of services requested.

The computer systems and software procedures used to operate the site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected identify users, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and the sites of our customers and to check its correct functioning, to identify anomalies and / or abuse, and are deleted immediately after processing.

3.B. Navigation data

The computer systems and software procedures used to operate the site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and the sites of our customers and to check its correct functioning, to identify anomalies and / or abuse, and are deleted immediately after processing.

3.C. Traffic data

NAs part of the e-mail service, SIGMAL2 Paolo Granchi srl processes some data for the purpose of transmitting communications on the electronic communications network. These data are those listed in the Legislative Decree 30 May 2008, n. 109, and in particular they are:

IP address used and e-mail address and possible further identification of the sender;
IP address and fully qualified domain name of the email exchanger host, in the case of SMTP technology or any type of host related to a different technology used for the transmission of communication; e-mail address, and possible further identification, of the recipient of the communication;
IP address and fully qualified domain name of the email exchanger host (in the case of SMTP technology), or any type of host (relative to a different technology used), which provided the delivery of the message;
IP address used for receiving or consulting the e-mails by the recipient regardless of the technology or protocol used;
date and time (GMT) of the connection and disconnection of the user of the e-mail service on the Internet and the IP address used, regardless of the technology and the protocol used;
the internet service used.

4. Communication and data transfer

The data collected by the Data Controller may be disclosed, in addition to those indicated above, also:

To the categories of subjects for whom communication is strictly necessary, functional and compatible with the legal basis governing the processing of your data:
- Revenue Agency
- Banks, lenders and post offices Customs agency Interchange system (SDI)
- Professionals external to our organization, where communication is essential for the fulfillment of the mandate you entrust (eg notaries, accountants, accounting firms, labor consultants)

As part of the processing carried out by the subjects described above, your data will not be transferred to third countries.

5. Automated decision making and profiling

The processing of your data doesn’t happen:

with the help of automated decision-making processes
with the use of profiling techniques

6. Rights of the interested party

In your quality of Interested parties, the subjects enjoy the rights set out in Section 2, 3 and 4 of Chapter III of Regulation (EU) 2016/679 (eg ask the Data Controller: access to personal data and the correction or the cancellation of the same, the limitation of the treatment that concerns you, to oppose their treatment). The interested party has in particular the right to:

obtain from the data controller confirmation that it is or is not undergoing treatment of personal data concerning him and, in this case, to obtain access from personal data and information provided for by art. 15 of EU regulation no. 679 of 2016;
obtain from the data controller the correction of inaccurate personal data concerning him; obtain the deletion of personal data concerning him where these are no longer necessary with respect to the purposes for which they were collected or otherwise processed, or where they resort to further conditions as per art. 17 EU regulation no. 679/2016 and provided that the conditions set forth in art. 17, paragraph 3, EU regulation no. 679/2016;
obtain from the data controller the limitation of processing when: a) the data subject confirms the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful but the interested party opposes the cancellation and instead requests the application of limitation measures or requests that the processing of the same occurs for the assessment or defense of his right in court;
receive in a structured format, in common use and readable by an automatic device, by the personal that concerns him; in the case of exercising this right, the data subject will have the right to request that the data controller transmit the aforementioned data directly to another data controller; oppose the processing of personal data concerning him in the event that the conditions of Art. 21 EU regulation no. 679/2016, paragraph 2.
propose a complaint to a supervisory authority.

Data controller

SIGMA L2 PAOLO GRANCHI SRL
VIA DEGLI OLMI 145
CF 03666460484 - P.IVA 03666460484
Tel. 0554207107 - Fax 0554207158
E-Mail info@sigmal2.it - PEC pec@pec.sigmal2.it

7. Data retention

The personal data that you provide us will be kept for the purpose of carrying out the agreed service and will be kept for the time necessary to complete the service. The conservation can be done through:

storage within the hardware systems of the data controller or its managers;
archiving in accordance with the Digital Administration Code; in this case, the holder will resort exclusively to subjects accredited pursuant to art. 29 CAD where it is not performed directly on its application systems

SESTO FIORENTINO, 4/06/2018

Definitions that help to understand the activity carried out by our firm / firm and the relationships between it and the data it has provided us. It is therefore appropriate that you know that pursuant to art. 4 EU regulation no. 679 of 2016 means:

personal data: any information concerning an identified or identifiable natural person ('concerned'); an identifiable natural person can be identified, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social; particular categories of data (or sensitive data):
personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sex life or sexual orientation of the person;
processing: any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation o the modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction;
Data controller: the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or specific criteria applicable to his designation may be established by Union or Member State law;
Controller: the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller;
profiling: any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health, preferences personal, interests, reliability, behavior, location or movement of that physical person pseudonymisation: the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures to ensure that such personal data are not attributed to an identified or identifiable natural person.

Date of Last Change: 4/06/2018 - n° Version 7