Sintagma S.r.l. – Website PRIVACY section contents
Section title: INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to European Regulation (EU) 2016/679 (GDPR)
Regulation (EU) 2016/679 (GDPR), which defines the general rules for the protection of personal data, became fully applicable on 25 May 2018. This is an important step that sets the same rules for the processing of personal data for all European Union countries. Sintagma S.r.l. considers the protection of personal data of natural persons to be a core value, and respect is a primary objective that must serve as a basis for management. To this end, in compliance with current regulations, on 08/06/2021 the Sintagma Board of Directors approved the Document of Conformity for the processing of personal data as a documentary basis for designing, defining, setting up and conducting a compliant management system for processing personal data so as to ensure the transparency and fairness of the processing, starting from the planning of the processing, and to be able to demonstrate it at any time (accountability principle). The Company therefore maintains a record of processing activities pursuant to Art. 30 GDPR for the registering and analysis of the processing carried out and a specific set of information on the processing activities carried out in order to inform the data subjects, even before the processing begins, on the purposes and procedures of the processing.
CONTROLLER CONTACT DETAILS
Sintagma S.r.l., with registered office in Perugia, Via Roberta 1, 06132
Tel. 075-609071 – Fax: 075-6090722
certified email (pec): firstname.lastname@example.org
1) RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEM
The Regulation recognizes the following rights of the data subjects that they may exercise in respect of and against the controller and each joint controller.
- Right of access: Art. 15 of the European Regulation allows you to obtain from the controller confirmation as to whether or not personal data concerning you are being processed
- Right to rectification: Art. 16 of the European Regulation allows you to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: Art. 17 of the European Regulation allows you to obtain from the controller the erasure of personal data concerning you without undue delay if there is one of the grounds provided for by the Regulation.
- Right to restriction: Art. 18 of the European Regulation allows you to obtain from the controller restriction of processing where one of the cases provided for by the Regulation applies.
- Right to object: Art. 21 of the European Regulation allows you to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
- Right to data portability: Art. 20 of the European Regulation allows you to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, according to the conditions foreseen by the Regulation.
- Right to withdraw consent: Art. 7 of the European Regulation allows you to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint: Art. 77 of the European Regulation gives you the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes this Regulation.
The purposes and means of the processing of personal data are determined by Sintagma S.r.l., with registered office in San Martino in Campo (PG), Via Roberta 1, (06132) VAT number 01701070540, in the person of the legal representative pro tempore.
2. JOINT CONTROLLER – ENTRUSTING THIRD PARTIES
In the case of joint controllers, the controller ensures that compliance with the following principles is guaranteed through the joint controller agreement. In the event that personal data processing activities are entrusted to third parties, the controller ensures that compliance with the following principles is guaranteed through the service contract.
The controller organizes the resources and the processing of personal data so that the personal data comply with the requirements of the GDPR and of national laws. More specifically:
- Within the company
- the organization of privacy reflects the operational organization, and the attributions are consistent with the operational duties, powers and authority connected to them.
- The natural persons to whom important tasks and responsibilities are assigned (considering the number and categories of personal data, the risks to the rights and freedoms of natural persons) are selected, identified and appointed on the basis of objective criteria that define the needs of the enterprise in terms of knowledge, skills and experience. Lacking qualification titles, the requirements and evaluation weights are defined beforehand.
- Those who process the data act under the direct authority of the controller or of a manager appointed by the controller. The personnel is duly trained and informed by means of a continuous training program that takes into account the different needs in relation to the different roles covered.
- The controller directs and supervises all those who process personal data on its behalf.
- Outside the company
- the entities entrusted with the processing of personal data are selected, identified and appointed on the basis of a prior transparent process that guarantees the objectivity of the choice; the supplier’s possession of the skills and professionalism required by the organization; the supplier’s possession of sufficient guarantees to implement adequate technical and organizational measures so that the processing meets the requirements of the GDPR and guarantees the protection of the rights of the data subject.
- Relations with third parties that process data on behalf of the controller are always set out formally in writing. The related contract complies with the minimum requirements set out in Art. 28 GDPR.
- The controller directs and supervises all those to whom it delegates processing activities.
- The controller processes the personal data of the following categories of natural persons:
- freelance professionals
- Categories of persons or entities indirectly involved:
- family members of employees or users
- creditors of employees
- successors in title of employees
- Institutions / Bodies involved
5. THE CULTURE OF PRIVACY
For Sintagma S.r.l. the ability to protect personal data is not so much and not just a legal obligation, but is rather a preferential requirement, a competitive asset. In keeping with the perspective of accountability required by the GDPR, the Company handles the compliance of its personal data processing with the GDPR using an approach oriented towards risks and dealing with them. Respect for the rights, freedoms and data of individuals is a mandatory ethical imperative for the Company that guides all of its activities.
Sintagma S.r.l. carries out only the processing of personal data that is based on one of the legal bases referred to in Art. 6 GDPR (consent, performance of contract obligations, vital interests of the data subject or of third parties, legal obligations to which the controller is subject, public interest or the exercise of official authority, overriding legitimate interest of the controller or of third parties to whom the data are communicated).
The Company processes special categories of personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning the health or sexual life or sexual orientation of the person) only if one of the cases provided for by Art. 9.2 GDPR applies.
The Company processes personal data related to criminal convictions and offenses or related security measures only on one of the legal bases referred to in Article 6.1 GDPR, and only under the control of official authority or when the processing is authorized by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects.
The Company processes personal data exclusively for specific, explicit and legitimate purposes, without unfairness or deceit towards the data subjects, strictly following the legal bases that legitimize their processing.
The Company takes appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. In particular, for each processing the Company informs the data subjects of the modalities with which the personal data concerning them are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed. The information and communication relating to the processing of those personal data must be easily accessible and easy to understand.
9. PURPOSE LIMITATION
Sintagma S.r.l. processes personal data for specified, explicit and legitimate purposes, and ensuring that the processing is not incompatible with these purposes.
10. DATA MINIMIZATION
Sintagma S.r.l. processes personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Sintagma S.r.l. processes personal data that are accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
12. STORAGE LIMITATION
Sintagma S.r.l. keeps personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
13. INTEGRITY AND CONFIDENTIALITY
Sintagma S.r.l. processes personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
14. DATA PROTECTION BY DESIGN AND BY DEFAULT
Sintagma S.r.l. uses the methodological approach to any project, on the basis of which the protection of personal data must be assessed starting from the design stage. Therefore, for any project, whether structural or conceptual, the protection of personal data must be considered from the time it is designed, and solutions for the protection of personal data must be foreseen.
The Company implements appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed; in particular, the technical and organizational measures implemented have the purpose of guaranteeing that – by default –they are processed according to the specific purposes of the processing.
Failure to comply with the principles contained in this document, as well as with the directives, instructions, requests and orders that may be given by the Company for the protection of personal data and for compliance with the laws currently in force, constitutes a serious breach.
This document is approved by the Board of Directors and is prepared by the Controller, who is responsible for its updating and divulgation.
3. TEX/TS OF INFORMATIVE STATEMENTS
- INFORMATIVE STATEMENT ON PROCESSING THE PERSONAL DATA OF CANDIDATES (link)
- INFORMATIVE STATEMENT ON PROCESSING THE PERSONAL DATA OF SUPPLIERS (link)
- INFORMATIVE STATEMENT ON PROCESSING THE PERSONAL DATA OF CLIENTS (link)