SYSDAT.IT Privacy Policy

INFORMATION ON THE PROTECTION OF PERSONAL DATA PURSUANT TO ART. 12 and following. EU REGULATION 679/2016

SYSDAT.IT has always been very attentive to the aspects of personal data protection and respect for the principles of privacy and personal dignity.

Pursuant to the new EU Regulation 679/2016, in accordance with the principle of accountability, any processing of personal data must be lawful and correct. It must be transparent for natural persons how the personal data concerning them is collected, consulted or otherwise processed, as well as the extent to which the same data is or will be processed.

The principle of transparency requires that information and communications relating to the processing of such data are easily accessible and understandable and that simple and clear language is used.

This principle requires, in particular, that data subjects are informed about the identity of the Data Controller, the purposes of the processing and further information (see articles 13 and 14 of EU Regulation 679/2016) necessary to ensure correct and data transparency. Interested parties must also be informed about their rights relating to the data themselves (on this point see Recital 39, EU Regulation 679/2016).

Therefore, please take note of the following.

WHO IS THE OWNER OF THE TREATMENT

SYSDAT.IT, with registered office in Via Antonio Meucci, n.22, Pisa, fraz. Ospedaletto (P.IVA 01207240506 and Fiscal Code 05009160150) in its capacity as Data Controller, in the person of its pro-tempore legal representative, pursuant to and for the purposes of EU Regulation 2016/679, hereby informs the interested party that the personal data concerning him, acquired by the Data Controller or which will be requested later and/or communicated by third parties, are necessary and will be used for the purposes indicated below.

TYPE OF DATA COLLECTED

SYSDAT.IT collects personal data, personal data and contact details through this website and/or paper media exclusively from those who wish to contact us for information, general questions, commercial requests, as well as from those who wish to subscribe to our newsletter.

PURPOSE AND LEGALITY OF THE TREATMENT

Pursuant to EU Regulation 679/2016, personal data:

They are processed in a lawful, correct and transparent manner in relation to the interested party (art. 5);

The same are collected for specific, explicit and legitimate purposes, and subsequently treated in a way that is not incompatible with these purposes (Article 5);

The purposes for which the data is collected are as follows:

Pursuit of instrumental and/or complementary purposes to the activities functional to the performance of the existing contractual/pre-contractual relationship. In particular, the data acquired allow us to fulfill the stipulated contract and the supply of the requested goods, and for the exercise of legitimate business interests, as well as fulfilling legal obligations.

General accounting, invoicing, credit management, civil and tax obligations required by law and for updating archives. In particular, the data collected is necessary to compile and send invoices, fulfill legal obligations.

Detection of the degree of satisfaction of the interested party on the quality of the product and services rendered by the writer, including statistical analysis;

The data is processed for sending service communications, for managing requests for clarification, reporting and handling complaints in relation to the contractual relationship established, as well as for its performance.

Any personal data referring to the interested party or collected from him, subject to the provision of consent, may be used for marketing purposes (i.e., by way of example, for the promotion of advertising and commercial events, the sending of advertising campaigns, promotions and offers), which can be exercised by the Data Controller both with automated methods, including profiling, but also through traditional methods.

Other purposes: in the event that the data collected is used in a different way from the one described, information will be given and consent will be requested where appropriate and necessary.

PROCESSING METHODS AND CONFIDENTIALITY OBLIGATION

Data processing is carried out using IT tools and/or paper supports, by subjects committed to confidentiality, with logics related to the purposes and in any case in order to guarantee the security and confidentiality of the data. The data collected will not be disclosed or disclosed to third parties in accordance with the law.

THIRD PARTY COMMUNICATION

Your personal data may be communicated by SYSDAT.IT to third parties known to us only and exclusively for the aforementioned purposes and, in particular, to the following categories of subjects:

External companies that perform services on our behalf and process data on behalf of SYSDAT.IT;

Institutions and Public Administrations for compliance with the law and to the extent necessary;

Professionals who can be of support in compliance with the law.

These subjects will process the personal data as external managers.

Other third parties will be notified only and solely with the explicit consent of the interested party.

STORAGE TIMES AND DATA PROTECTION

Pursuant to art. 5 of EU Regulation 679/2016, "Principles applicable to the processing of personal data", personal data are stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed.

The personal data of the interested parties can also be kept for longer periods in compliance with the obligations relating to the laws in force (by way of example in the field of accounting) and, in any case, by applying every technical-organizational measure suitable for activating data anonymization mechanisms .

Personal data is protected by adequate technical-organizational security measures that comply with the regulation under the responsibility of the Data Controller.

RIGHTS OF THE INTERESTED PARTY

Pursuant to current legislation, the interested party may assert their rights towards the Data Controller, as expressed by EU Regulation 679/2016, namely:

RIGHT OF ACCESS art. 15

The interested party has the right to obtain confirmation from the data controller as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:

a) the purposes of the processing;

b) the categories of personal data in question;

c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations;

d) when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period;

e) the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment;

f) the right to lodge a complaint with a supervisory authority;

g) if the data are not collected from the interested party, all the information available on their origin;

h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and envisaged consequences of such processing for the interested party.

1. If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to article 46 relating to the transfer.

2. The data controller provides a copy of the personal data being processed. In case of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.

The right to obtain a copy must not harm the rights and freedoms of others.

RIGHT TO RECTIFICATION art. 16

The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.

RIGHT TO CANCELLATION art. 17

1. The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay and the data controller has the obligation to cancel personal data without unjustified delay, if one of the following reasons exists:

a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;

b) the interested party revokes the consent on which the treatment is based in accordance with article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), and if there is no other legal basis for the treatment ;

c) the interested party opposes the treatment pursuant to article 21, paragraph 1, and there is no prevailing legitimate reason to proceed with the treatment, or he opposes the treatment pursuant to article 21, paragraph 2;

d) the personal data have been processed unlawfully;

e) personal data must be canceled to fulfill a legal obligation established by Union or Member State law to which the data controller is subject;

f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

2. The data controller, if he has made personal data public and is obliged, pursuant to paragraph 1, to delete them, taking into account the available technology and implementation costs, adopts reasonable measures, including technical ones, to inform the data controllers who are processing the personal data of the data subject's request to delete any link, copy or reproduction of his personal data.

3. Paragraphs 1 and 2 do not apply to the extent that the processing is necessary:

a) for the exercise of the right to freedom of expression and information;

b) for the fulfillment of a legal obligation which requires the treatment envisaged by the law of the Union or of the Member State to which the data controller is subject or for the execution of a task carried out in the public interest or in the exercise of public powers with which the data controller is invested;

c) for reasons of public interest in the field of public health in accordance with Article 9(2)(h)(i) and Article 9(3);

d) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing; or

e) for the assessment, exercise or defense of a right in court.

RIGHT TO LIMIT THE TREATMENT art. 18

1. The interested party has the right to obtain from the data controller the limitation of the treatment when one of the following hypotheses occurs:

a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

b) the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that their use be limited;

c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;

d) the interested party has opposed the treatment pursuant to article 21, paragraph 1, pending the verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

2. If the processing is limited pursuant to paragraph 1, such personal data are processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

3. The interested party who has obtained the limitation of treatment pursuant to paragraph 1 is informed by the data controller before said limitation is revoked.

RIGHT TO DATA PORTABILITY art. 20

1. The interested party has the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments by the data controller to whom they have been provided if:

a) the processing is based on consent pursuant to article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), or on a contract pursuant to article 6, paragraph 1, letter b); And

b) the processing is carried out by automated means.

2. In exercising their rights in relation to data portability pursuant to paragraph 1, the interested party has the right to obtain direct transmission of personal data from one data controller to another, if technically feasible.

3. The exercise of the right referred to in paragraph 1 of this article is without prejudice to article 17. This right does not apply to the processing necessary for the execution of a task in the public interest or connected to the exercise of public powers referred to the data controller is invested.

4. The right referred to in paragraph 1 must not harm the rights and freedoms of others.

RIGHT TO OBJECT TO THE TREATMENT art. 21

1. The interested party has the right to object at any time, for reasons connected to his particular situation, to the processing of personal data concerning him pursuant to article 6, paragraph 1, letters e) of), including profiling on the basis of these provisions. The data controller refrains from further processing the personal data unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court.

2. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to such marketing direct.

3. If the interested party opposes the processing for direct marketing purposes, the personal data are no longer processed for these purposes.

4. The right referred to in paragraphs 1 and 2 is explicitly brought to the attention of the data subject and is presented clearly and separately from any other information at the latest at the time of the first communication with the data subject.

5. In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the interested party can exercise his right of opposition by automated means that use technical specifications.

6. If personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to article 89, paragraph 1, the interested party, for reasons connected with his particular situation, has the right to object to the processing of personal data concerning him, unless the processing is necessary for the performance of a task in the public interest.

In addition to the aforementioned rights, the interested party has the right to revoke the consent upon appropriate request, as well as to lodge a complaint with the supervisory authority in the hypothesis of the law.

For further information in relation to the methods of exercising these rights, or requests for clarification, please contact the Data Controller at privacy@sysdat.it

OWNER, ANY DPO AND PRIVACY COMMUNICATIONS

The Owner is SYSDAT.IT, with registered office in Pisa, Via Meucci, n.22 fraz. hospital.

For any communication pursuant to the above articles of EU Regulation 679/2016, the Data Controller makes available the address privacy@sysdat.it