Privacy Policy

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

Dear Customer,

In compliance with the obligations established by the European Privacy Regulation EU 2016/679 (GDPR) and Legislative Decree No. 196 of 30 June 2003 (Personal Data Protection Code), we wish to inform you that Sivit srl, as the Data Controller, will process your personal data which have been or may be provided/communicated to us – by you or by other parties – during the course of your relationship with our organization.

The processing of data, freely provided by you or otherwise collected, will be carried out in compliance with the current privacy regulations; it will be based on principles of correctness, lawfulness, and transparency, and performed in accordance with the principles of relevance, completeness, and non-excessiveness.

Therefore, pursuant to Article 13 of the European Regulation 2016/679 (GDPR), we inform you that:

1. Identification of the Data Controller

The Data Controller, for all the purposes specifically indicated in point 2, is:

Sivit srl
Via Centallo 57 – 10156 Turin (Italy)
VAT No.: 01012820013
Email: info@sivit.it

2. Purpose of the Processing

The data provided by you will be processed for the following purposes:

• To handle the completion of contact forms on the company’s website for information or clarification requests;
• To manage requests related to courses offered by the company.

3. Category and Nature of Data Processed

The categories of data processed are:

• Personal data (e.g. name, surname, email address).

4. Data Retention Period

In accordance with Article 5(1)(e) of the GDPR, personal data are kept in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed or according to statutory deadlines. The relevance and necessity of the retained data are periodically reviewed under the supervision of the Data Controller.

Specifically:

• When processing is necessary for the performance of a contract and/or pre-contractual measures, data will be processed until such contract has been completed and retained for 10 years thereafter, except in cases of legitimate interest of the Data Controller (e.g. in the event of legal action);
• When processing is required to comply with a legal obligation, data will be retained for as long as permitted by law;
• When processing is necessary for the pursuit of the legitimate interests of the Data Controller, data will be retained for as long as permitted by law.

In any case, personal data will be retained to fulfil legal (e.g. tax and accounting) obligations that persist after termination of the contractual relationship (Art. 2220 of the Italian Civil Code). For such purposes, only the data necessary for compliance will be retained, for 10 years, except in cases of legitimate interest related to legal actions.

5. Processing Methods

Processing will be carried out manually and not through automated means.
Processing may include operations such as collection, recording, organization, storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection, transmission, communication, erasure, destruction, blocking, and restriction.

Data will be processed both on paper and using electronic, IT, and telematic tools suitable to ensure data security and confidentiality, in accordance with Article 32 of the European Regulation 2016/679.

All necessary technical, IT, organizational, logistical, and procedural security measures will always be adopted to ensure the appropriate level of protection required by law. The above-mentioned processing methods will ensure that data access is granted only to subjects specified in points 4 and 5.

6. Nature of the Provision of Data

The provision and processing of data are:

• Mandatory, and your consent is not required when processing is necessary to comply with legal, regulatory, or EU obligations;
• Essential, and your consent is not required for personal data indispensable for the correct establishment and management of the professional relationship;
• Essential, and your consent is not required for the performance of tasks carried out in the public interest or under official authority vested in the Data Controller;
• Essential, and your consent is not required for the pursuit of legitimate professional interests of the Data Controller or third parties;
• Optional, and your explicit consent is required for all personal data collected for purposes not directly or indirectly related to contractual, pre-contractual, or legal obligations, protection of vital interests, public tasks, or legitimate interests.

Any refusal to provide, in whole or in part, the above data may affect the proper conduct of the relationship with our organization and, in the case of mandatory data, may make it impossible for us to properly perform our professional duties or provide the requested services.

7. Data Communication

The subjects or categories of subjects who may become aware of or receive your data, in addition to the Legal Representative of the Data Controller, are:

• Authorized personnel (e.g. employees);
• Data Processors (e.g. consultants, freelancers, software service providers).

The updated list of Data Processors and Authorized Persons is kept at the registered office of the Data Controller.

Your personal data will not be disseminated.
However, they may be communicated to public authorities, social security entities, public institutions, police forces, judicial authorities, or other public or private entities, solely for the purpose of fulfilling professional duties or legal obligations.
Data revealing health status or other sensitive information will not be disclosed under any circumstances.

8. Processing of Special Categories of Data

If the processing concerns special categories of personal data under Article 9 of the GDPR (such as data revealing racial or ethnic origin, religious, philosophical or political beliefs, trade union membership, or data concerning health or sexual life) or judicial data, processing will be carried out within the limits and under the conditions set out by Regulation EU 2016/679 and Legislative Decree 196/2003, and only for purposes strictly necessary for business activities, professional duties, or legal compliance.

In such cases, the subjects who may become aware of such data include:

• Authorized personnel (e.g. employees);
• Data Processors (e.g. consultants, freelancers, software providers).

The updated list of Data Processors and Authorized Persons is available at the registered office of the Data Controller.

9. Data Storage Location

Your personal data are processed and stored at the operational headquarters of the Data Controller and are archived both in paper and electronic format on the company’s servers and archives located at Via Centallo 57, Turin (Italy).

10. Data Subject Rights

You may at any time request, from the Legal Representative of the Data Controller (using the contact details provided herein), a copy of your personal data, information about where they are processed, and an updated list of all Data Processors and System Administrators authorized to process your data.

You may freely withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal, and you may exercise your rights of Access, Rectification, Erasure, Restriction, Objection, Portability, and Complaint to the Privacy Authority pursuant to Article 15 of the European Regulation 2016/679.

More specifically, as a data subject, you have the right to:

• Obtain confirmation as to whether or not personal data concerning you exist, even if not yet recorded, and receive them in an intelligible form;
• Obtain information on:
  a) the origin of personal data;
  b) the purposes and methods of processing;
  c) the logic applied to processing carried out using electronic means;
  d) the identification details of the controller, processors, and designated representatives;
  e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them;
• Obtain:
  a) the updating, rectification, or, where interested, integration of data;
  b) the erasure, anonymization, or blocking of data processed unlawfully;
  c) confirmation that such operations have been notified to those to whom the data were communicated, unless this proves impossible or involves a disproportionate effort;
• Object, in whole or in part:
  a) on legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose of collection;
  b) to the processing of personal data for direct marketing, advertising, market research, or commercial communication purposes, using automated or traditional methods (email, phone, or post).

Please note that the right to object to direct marketing by automated means extends to traditional methods as well. You may exercise the right to object even partially (e.g. opting to receive only traditional communications, or none at all).

11. Data Controller Contact Information

For the exercise of your rights, please contact:
Sivit srl
Via Centallo 57 – 10156 Turin (Italy)
VAT No.: 01012820013
Email: info@sivit.it