Skip to main content

Sintagma S.r.l. - contents Section PRIVACY Website

 

Section title.: INFORMATION ON THE PROCESSING OF PERSONAL DATA in accordance with European Regulation 679/2016 (GDPR)

 

IMPORTANT COMMUNICATIONS.

As of May 25, 2018, European Regulation 679/2016 (GDPR) defining general rules for the protection of personal data became fully applicable. This is an important step that sets for all European Union countries the same rules in the processing of personal data. Sintagma S.r.l. considers the protection of personal data of individuals to be a founding value and compliance is a primary objective to which management must be guided. To this end, in compliance with current regulations, the Company has approved by resolution of the Board of Directors of 08/06/2021 the Document of Compliance of the processing of personal data, as a documentary basis for designing, defining, setting up and conducting a system of compliant management of the processing of personal data in order to ensure the transparency and fairness of the treatments from the design phase of the treatments themselves and to be able to prove it at any time (principle of accountability). The Company has, therefore, equipped itself with a Register of Processing pursuant to Article 30 GDPR aimed at the census and analysis of the processing operations carried out and a special set of disclosures on the processing operations carried out for the purpose of informing the interested parties, even before the processing begins, about the purposes and methods of the processing operations carried out.

 

CONTACT DETAILS OF THE OWNER

Sintagma S.r.l., based in Perugia, Via Roberta 1, 06132
Tel. 075-609071 - Fax: 075-6090722
email privacy@sintagma-ingegneria.it
PEC: sintagma@pec.sintagma-ingegneria.it

 

Subsections:

(1) RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEM.

The Regulations give data subjects the following rights, which they may exercise against and in relation to the owner and each joint owner.

  • Right of access: Article 15 of the European Regulation allows you to obtain from the data controller confirmation as to whether or not data processing is being carried out concerning you and if so, to obtain access to that data.
  • Right of rectification: Article 16 of the European Regulation allows you to obtain from the data controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
  • Right of deletion: Article 17 of the European Regulation allows you to obtain from the data controller the deletion of personal data concerning you without undue delay if one of the grounds provided by the regulation exists.
  • Right of Limitation: Article 18 of the European Regulation allows you to obtain from the data controller the limitation of the processing when one of the hypotheses provided for in the rule occurs.
  • Right to object: Article 21 of the European Regulation allows you to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f), including profiling on the basis of these provisions.
  • Right to portability: Article 20 of the European Regulation allows you to receive in a structured, commonly used and machine-readable format personal data concerning you that you have provided to a data controller and you have the right to transmit such data to another data controller without hindrance from the controller to whom you have provided it in accordance with the conditions set out in the regulation.
  • Right to withdraw consent: Article 7 of the European Regulation allows you to withdraw the consent you have given at any time. Revocation of consent does not affect the lawfulness of the processing based on the consent before revocation.
  • Right to Complaint: Article 77 of the European Regulation, if you believe that the processing concerning you is in violation of the regulation, grants you the right to lodge a complaint with a supervisory authority, namely in the member state in which you habitually reside, work, or of the place where the alleged violation occurred.

2) PRIVACY POLICY 

PRIVACY POLICY

1. HOLDER

The one who determines the purposes and means of the processing of personal data is Sintagma S.r.l., based in (06132) San Martino in Campo (PG), Via Roberta, 1, VAT No. 01701070540, in the person of the legal representative pro tempore.

2. CO-OWNERSHIP - THIRD-PARTY ENTRUSTMENTS

In the case of co-ownership, the owner shall ensure that compliance with the following principles is ensured through the co-ownership agreement.
Where personal data processing activities are outsourced to third parties, the owner shall ensure that compliance with the following principles is ensured through the service contract.

3. ORGANIZATION

The owner organizes the resources and processing of personal data so that they meet the requirements of the GDPR and national industry regulations. Specifically:

  1. within
    • privacy organization reflects the operational one, assignments are consistent with the operational tasks, powers and authority associated with them.
    • Individuals assigned significant tasks and responsibilities (given the number and categories of personal data, risks to the rights and freedoms of individuals) are selected, identified and assigned on the basis of objective criteria that define the needs of the entity in terms of knowledge, skills and experience. In the absence of qualifications, requirements and evaluation weights are predefined in advance.
    • Those who process the data act under the direct authority of the owner or a manager appointed by the owner. Personnel are duly trained and informed according to an ongoing training program that takes into account the different needs in relation to the different roles held.
    • The owner directs and supervises all those who process personal data on its behalf.
  2. outside
    • individuals who are entrusted with personal data processing activities are selected and identified and entrusted on the basis of a prior, transparent process that ensures the objectivity of the choice; possession by the provider of the skills and professionalism needed by the organization; and possession by the provider of sufficient guarantees to put in place appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and ensures the protection of the rights of the data subject.
    • Relationships with third parties that process data on behalf of the owner are always formalized in writing. The relevant contract complies with the minimum requirements of Article 28 GDPR.
    • The owner directs and supervises all those to whom he or she delegates processing activities.

4. STAKEHOLDERS

  1. The owner processes personal data of the following categories of individuals:
    • employees
    • freelancers
    • users
    • suppliers
  2. Categories of subjects indirectly affected:
    • family members of employees or users
    • creditors of employees
    • successors of employees
  3. Affected Institutions/Bodies
    • unions
  4. more

5. THE CULTURE OF PRIVACY

For Sintagma S.r.l., the ability to protect personal data represents not so much and not only a legal obligation but, rather, a preferential requirement, a competitive asset. In tune with the perspective of accountability required by the GDPR, the Company approaches the compliance of its personal data processing with respect to the GDPR with a risk-oriented approach to the risks and their processing. Respect for the rights, freedoms and data of natural persons for the Company is an imperative ethical imperative that guides all the activities it implements.

6. LICEITY

Sintagma S.r.l. only carries out the processing of personal data that is based on one of the legal bases referred to in Article 6 GDPR (consent, fulfillment of contractual obligations, vital interests of the data subject or third parties, legal obligations to which the data controller is subject, public interest or exercise of public authority, overriding legitimate interest of the data controller or third parties to whom the data is disclosed).

The Company processes special personal data, (i.e., data capable of revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to a person's health or sex life or sexual orientation), only if one of the cases provided for in Article 9.2 GDPR exists.

The Company processes personal data relating to criminal convictions and offenses or related security measures, only on one of the legal bases referred to in Article 6.1 GDPR, and only under the control of the public authority or, if the processing is authorized by Union or Member State law providing appropriate safeguards for the rights and freedoms of the data subjects.

7. CORRECTNESS

The Company processes personal data exclusively for determined, explicit and legitimate purposes, without any impropriety or deception towards the data subjects by strictly adhering within the limits of the legal bases that legitimize their processing.

8. TRANSPARENCY

The Company shall take appropriate measures to provide the data subject with all the information referred to in Articles 13 and 14 and the notices referred to in Articles 15 to 22 and Article 34 relating to the processing in a concise, transparent, intelligible and easily accessible form, in simple and clear language. In particular, the Company for each processing it carries out shall make known to the data subject the manner in which personal data are collected, used, accessed or otherwise processed as well as the extent to which personal data are or will be processed. Information and communications regarding the processing of such personal data shall be easily accessible and understandable.

9. LIMITATION OF PURPOSE

Sintagma S.r.l. processes personal data for specified, explicit and legitimate purposes, and ensuring that the processing operations are not incompatible with these purposes.

10. DATA MINIMIZATION

Sintagma S.r.l. processes personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

11. EXACTNESS

Sintagma S.r.l. processes personal data that is accurate and, if necessary, up-to-date; taking all reasonable steps to delete or rectify in a timely manner data that is inaccurate with respect to the purposes for which it is processed.

12. CONSERVATION LIMITATION

Sintagma S.r.l. stores personal data in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed.

13. INTEGRITY AND CONFIDENTIALITY

Sintagma S.r.l. processes personal data in a manner that ensures adequate security of those data, including protection, through appropriate technical and organizational measures, from unauthorized or unlawful processing and accidental loss, destruction or damage.

14. DATA PROTECTION BY DESIGN AND BY DEFAULT

Sintagma S.r.l. takes the methodological approach to any project, according to which personal data protection must be evaluated from the design stage. Therefore, for any project, whether structural or conceptual, personal data protection must be considered from the moment of its design and solutions for personal data protection must be provided.

The Company implements appropriate technical and organizational measures to ensure that - by default - only the personal data necessary for each specific purpose of processing are processed; in particular, the technical and organizational measures put in place are intended to ensure that - by default - only the personal data necessary for each specific purpose of processing are processed.

15. COMPULSORINESS

Failure to comply with the principles contained in this document, as well as directives, instructions, requests, orders that may be issued by the Company for the protection of personal data and compliance with current regulations constitutes a serious breach.

16. REVIEWS

This document is approved by the Board of Directors and is prepared by the Owner who ensures that it is updated and disseminated.

3. TEXTS OF DISCLOSURES

  • INFORMATION ON THE PROCESSING OF CANDIDATES' PERSONAL DATA(link)
  • INFORMATION ON THE PROCESSING OF PERSONAL DATA OF SUPPLIERS(link)
  • INFORMATION ON THE PROCESSING OF CUSTOMERS' PERSONAL DATA(link)