GDPR

Data Controller

Types of data collected

SICOM S.R.L. protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation. As required by the European Union Regulation
n. 679/2016 (“GDPR”), and in particular to art. 13, below we provide the user (“Interested”) with the information required by law relating to the processing of their personal data.

SECTION I

Who we are and what data we process (Article 13, paragraph 1 letter a, Article 15, letter b GDPR) SICOM SRL, in the person of its legal representative pt, based in Montegranaro, Via Veregrense, 78, operates as Data Controller and can be contacted at amministrazione@sicom-srls.it and collects and / or receives information concerning the interested party, such as:

Personal data: name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile telephone, fax, tax code, e-mail address (es);
Bank details: IBAN and bank / postal details (with the exception of the credit card number);
Telematic traffic data: Log, IP address of origin.

SICOM S.R.L. does not require the interested party to provide data so-called “Particular”, or, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.
In the event that the service requested from SICOM S.R.L. requires the processing of such data, the interested party will receive specific information in advance and will be required to give appropriate consent.
The Data Controller has appointed a Data Protection Officer – DPO who can be contacted for any information and request: e-mail: amministrazione@sicom-srls.it – ​​Telephone +39.0734894006.
For any information or request, the interested party can contact the e-mail address: amministrazione@sicom-srls.it – ​​Telephone +39.0734894006

SECTION II

For what purposes do we need the data of the interested party (Article 13, 1st paragraph GDPR) the data are used by the Data Controller to follow up the request for registration and the supply contract of the chosen Service and / or the Product purchased, manage and execute contact requests sent by the interested party, provide assistance, fulfill the legal and regulatory obligations to which the Data Controller is required in relation to the activity exercised.
In no case SICOM S.R.L. resells the personal data of the interested party to third parties or uses them for undeclared purposes.
In particular, the data of the interested party will be processed for:

a) Registration and requests for contact and / or information material.
The processing of the personal data of the interested party takes place to carry out the preliminary activities and consequent to the request for registration, the management of requests for information and contact and / or sending of informative material, as well as for the fulfillment of any other obligation. resulting.
The legal basis of these treatments is the fulfillment of the services related to the request for registration, information and contact and / or sending information material and compliance with legal obligations.
b) Management of the contractual relationship.
The processing of the personal data of the interested party takes place to carry out the preliminary activities and consequent to the purchase of a Service and / or a Product, the management of the related order, the provision of the Service itself and / or the production and / or the shipment of the purchased Product, the relative invoicing and payment management, the handling of complaints and / or reports to the assistance service and the provision of the assistance itself, the prevention of fraud as well as the fulfillment of any other obligation arising from the contract.
The legal basis of these treatments is the fulfillment of the services inherent to the contractual relationship and compliance with legal obligations.
c) Promotional activities on Services / Products similar to those purchased by the interested party. (Recital 47 GDPR).
The data controller, even without your explicit consent, may use the contact details communicated by the interested party, for the purpose of direct sales of their Services / Products, limited to the case in which they are Services / Products similar to those covered by the sale, unless the interested party explicitly objects.
d) Commercial promotion activities on Services / Products other than those purchased by the interested party.
The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regard to the Services / Products that the Data Controller offers only if the interested party has authorized the processing and does not object to this.
This treatment can take place, in an automated way, in the following ways:
e-mail;
sms;
telephone contact, and can be done:
1. if the interested party has not revoked his consent for the use of the data;
2. if, in the event that the processing is carried out through contact with a telephone operator, the interested party is not registered in the register of oppositions referred to in the Presidential Decree n. 178/2010;
the legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (Section III).
e) IT security.
The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and / or recipients), the personal data of the interested party relating to traffic to an extent strictly necessary and proportionate to guarantee the security of networks and information, i.e. the ability of a network or information system to withstand, at a given level of security, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted.
The Data Controller will promptly inform the Data Subjects, if there is a particular risk of violation of their data, without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to notifications of personal data breaches.
The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out treatments related to the purposes of protecting the corporate assets and security of SICOM S.R.L. offices and systems.
f) Profiling.
The personal data of the interested party may also be processed for profiling purposes (such as analysis of the data transmitted and the selected Services / Products, proposing advertising messages and / or commercial proposals in line with the choices made by the users themselves) exclusively in the event that the interested party has provided explicit and informed consent. The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (Section III).
g) Fraud prevention. (recital 47 and article 22 GDPR)
– the personal data of the interested party, with the exception of particular (Art 9 GDPR) or judicial (Art 10 GDPR) data, will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a verification in automated way and prior to the negotiation of Services / Products;
– passing these checks with a negative result will make it impossible to carry out the transaction; the interested party may in any case express their opinion, obtain an explanation or contest the decision giving reasons for their reasons to the Customer Service or to the contact amministrazione@sicom-srls.it;
– personal data collected for anti-fraud purposes only, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.
h) The protection of minors.
The Services / Products offered by the Data Controller are reserved for subjects legally able, on the basis of the relevant national legislation, to conclude contractual obligations.
The Data Controller, in order to prevent illegitimate access to its services, implements preventive measures to protect its legitimate interest, such as checking the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.
i) Communication to third parties and categories of recipients. (article 13, 1st paragraph GDPR)
The communication of the data subject’s personal data takes place mainly towards third parties and / or recipients whose activity is necessary for the performance of the activities related to the established relationship and to respond to certain legal obligations, such as:
any associated companies or companies belonging to the corporate group as present;
administrative, accounting and related obligations to the contractual service;
third party Suppliers Provision of services (assistance, maintenance, delivery / shipment of products, provision of additional services, suppliers of networks and electronic communication services) connected to the requested service;
external professionals / consultants and consultancy companies fulfillment of legal obligations, exercise of rights, protection of contractual rights, credit recovery;
financial administration, public bodies, judicial authorities, supervisory and control authorities, fulfillment of legal obligations, defense of rights; lists and registers kept by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual service;
subjects formally delegated or having a recognized legal title legal representatives, curators, guardians, etc.

The Data Controller does not transfer your personal data to countries in which the GDPR is not applied (non-EU countries) unless specifically indicated otherwise for which you will be informed in advance and your consent will be requested if necessary. The legal basis of these treatments is the fulfillment of the services inherent to the relationship established, compliance with legal obligations and the legitimate interest of SICOM S.R.L. to carry out treatments necessary for these purposes.

SECTION III

What happens if the interested party does not provide his data identified as necessary for the performance of the requested service? (article 13, paragraph 2, letter and GDPR)
The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the Service and / or the supply of the requested Product.
If the interested party does not provide the personal data expressly provided as necessary in the order form or the registration form, the Data Controller will not be able to process the processing related to the management of the requested services and / or the contract and the Services Products connected to it, nor to the obligations that depend on them.
What happens if the interested party does not provide his data identified as necessary for the performance of the requested service? (Article 13, paragraph 2, letter and GDPR)
In the event that the interested party does not give his consent to the processing of personal data for these purposes, said processing will not take place for the same purposes, without this having effects on the provision of the requested services, nor for those for which he already has given their consent, if required. In the event that the interested party has given consent and should subsequently revoke it or oppose the processing for commercial promotion activities, his data will no longer be processed for these activities, without this having consequences or prejudicial effects for the interested party and for the required performance.
How we process the data of the interested party (Article 32 of the GDPR)
The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the interested party’s personal data and imposes similar security measures on third party suppliers and Managers.

Where we process the data of the interested party
The personal data of the interested party are stored in paper, computer and electronic archives located in countries where the GDPR is applied (EU countries). How long are the data of the interested party kept? (Article 13, paragraph 2, letter a GDPR)
Unless they explicitly express their will to remove them, the personal data of the interested party will be kept as long as they are necessary with respect to the legitimate purposes for which they were collected.
In particular, they will be kept for the entire duration of your registry registration and in any case no later than a maximum period of 12 (twelve) months of inactivity, or if, within this period, they are not associated with the Services and / or purchased the Products through the registry itself.
In the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already acquired by the interested party, for which he initially gave his consent, these will be kept for 24 months, unless the consent given is revoked.
In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless the consent given is revoked. It should also be added that, in the event that a user forwards SICOM S.R.L. unsolicited or unnecessary personal data in order to perform the requested service or to provide a service strictly connected to it, SICOM S.R.L. cannot be considered the owner of these data, and will delete them as soon as possible.
Regardless of the determination of the interested party to remove them, personal data will in any case be stored according to the terms provided for by current legislation and / or national regulations, for the exclusive purpose of guaranteeing the specific obligations of some Services (by way of example but not exhaustive, Certified Electronic Mail, Digital Signature, Substitutive Conservation). Furthermore, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes, the Data Controller will only keep the data necessary for its prosecution.
The cases in which the rights deriving from the contract and / or from the registration in the registry are valid, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time necessary to their pursuit.

Where do we process the data of the interested party? (art. 15-20 GDPR)
The interested party has the right to obtain from the data controller the following: a) confirmation as to whether or not personal data concerning him are being processed and, in this case, to obtain access to personal data and the following information:

a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
d) when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period; 5. the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
e) the right to lodge a complaint with a supervisory authority;
f) if the data are not collected from the interested party, all available information on their origin;
g) the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject;
h) the adequate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred;
i) the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; in case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs;
j) the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay;
k) the right to obtain from the data controller the cancellation of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law always exist; and in any case if the processing is not justified by another equally legitimate reason;
l) the right to obtain from the data controller the limitation of processing, in the cases provided for in art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy.
The interested party must be informed, in a reasonable time, even when the suspension period has been completed or the cause of the limitation of the processing has ceased, and therefore the limitation itself has been revoked;
m) the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort;
n) the right to receive personal data concerning him in a structured format, commonly used and readable by an automatic device and the right to transmit such data to another data controller without impediments by the data controller to whom he provided them , in the cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.

For any further information and in any case to send your request, you must contact the Data Controller at amministrazione@sicom-srls.it.
In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.
How and when can the interested party oppose the processing of their personal data? (Art. 21 GDPR)
For reasons relating to the particular situation of the interested party, the same may object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller at the address amministrazione@sicom-srls.it.
The interested party has the right to delete their personal data if there is no legitimate overriding reason of the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for commercial promotion activities.

Who can the interested party lodge a complaint with? (Art. 15 GDPR)
Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or the one that carries out its duties and exercises its powers. in the Member State where the violation of the GDPR occurred.
Any update of this Information will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the data of the interested party for purposes other than those referred to in this Information before proceeding and following the manifestation of the relative consent of the ‘Interested if necessary.

SECTION IV

This section provides the interested party with particular information relating to the processing of their personal data for each of the services listed below, in addition to those reported in the previous Sections.

HOSTING SERVICES
Communication to third parties and categories of recipients in the context of the provision of registration services of a domain name with an extension (TLD) that does not belong to the following list .at.be.bg.cz.de.dk.ee .es.eu.fi.fr.gr.hr.hu.ie.it.lt.lu.lv.mt.nl.pl.pt.ro.se.si.sk.uk personal data, for strictly related purposes upon the provision of the service, they will be communicated to third parties (Registration Authorities and related accredited subjects) based in countries where the GDPR is not applied (non-EU countries), and in any case for which a provision of adequacy on the level of data protection by the European Commission.
Furthermore, the interested party is informed that the registration of a domain name involves the insertion of personal data in a publicly accessible register (“Whois”) kept at the Registration Authority competent for the chosen extension, except cases in which the interested party has requested the obscuring of personal data in the manner provided by the competent Registration Authority or by the contractual conditions relating to the Service.
The legal basis of these treatments is the fulfillment of the services inherent to the established relationship, compliance with legal obligations and regulations and the legitimate interest of SICOM S.R.L. to carry out treatments necessary for these purposes.

CERTIFIED MAIL
which data we process (Article 13, paragraph 1 letter a, Article 15, letter b GDPR) Personal data> Copy of identity document Data of telematic traffic> LOG of PEC messages for how long the data of the Interested? (Article 13, paragraph 2, letter a GDPR) In relation to the provisions of current sector legislation, the personal data listed below will be kept for the period indicated: Copy of the identity document> in accordance with Section III PEC messages LOG> 30 months from the date of the message
Certification Authority services (digital signature, qualified certificates) which data we process (Article 13, paragraph 1 letter a, Article 15, letter b GDPR) Personal data> Applicant’s registration data and documents, qualified certificate data and data contained in the qualified certificate Telematic traffic data> LOG of the control journal how long are the data of the interested party kept? (Article 13, paragraph 2, letter a GDPR)
In relation to the provisions of current sector legislation, the personal data listed below will be kept for the period indicated: Applicant registration data and documents, qualified certificate data and data contained in the qualified certificate> 20 (twenty) years audit log and certificate life cycle> 20 (twenty) years.

SECTION V

General information, deactivation and management of cookies Cookies are data that are sent from the website and stored by the internet browser on the user’s computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed from our website or its subdomains.
In any case, the user can manage or request the general deactivation or deletion of cookies by changing the settings of their internet browser. This deactivation, however, may slow down or prevent access to some parts of the site.
The settings to manage or disable cookies may vary depending on the internet browser used, therefore, for more information on how to perform these operations, we suggest that the User consult the manual of his device or the “Help” function or “Help” of your internet browser. Below are the links that explain how to manage or disable cookies for the most popular internet browsers:
– Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
– Google Chrome: https://support.google.com/chrome/answer/95647
– Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione dei cookie
– Opera: http://help.opera.com/Windows/10.00/it/cookies.html
– Safari: https://support.apple.com/kb/PH19255

Technical cookies
The use of technical cookies, ie cookies necessary for the transmission of communications over an electronic communications network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site. Session cookies may be installed in order to allow access and stay in the reserved area of ​​the portal as an authenticated user. Technical cookies are essential for the proper functioning of our website and are used to allow users to navigate normally and to take advantage of the advanced services available on our website. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of the navigation until the browser is closed, and persistent cookie that are saved in the memory of the user’s device until their expiry or cancellation by the user. same. Our site uses the following technical cookie:

• technical navigation or session cookies, used to manage normal navigation and user authentication;
• functional technical cookie, used to memorize customizations chosen by the user, such as, for example, the language;
• technical analytics cookie, used to know the way in which users use our website so as to be able to evaluate and improve its functioning.

Third party cookie
Third-party cookie may be installed: these are cookies, analytical and profiling, of Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookie are sent from the websites of the aforementioned third parties external to our site.
Third-party analytical cookie are used to detect information on user behavior on the site. The survey takes place anonymously, in order to monitor performance and improve the usability of the site. Third-party profiling cookie are used to create profiles relating to users, in order to propose advertising messages in line with the choices made by the users themselves.
The use of these cookie is governed by the rules set up by the third parties themselves, therefore, Users are invited to read the privacy policies and instructions for managing or disabling the cookie published on the following web pages:
For Google Analytics cookies: – privacy policy: https://www.google.com/intl/it/policies/privacy/ – instructions to manage or disable cookies: https://support.google.com/accounts/answer / 61416? Hl = it
For Google Doubleclick cookies: – privacy policy: https://www.google.com/intl/it/policies/privacy/
– instructions to manage or disable cookies: https://www.google.com/settings/ads/plugin
For Criteo cookies: – privacy policy: http://www.criteo.com/it/privacy/
– instructions to manage or disable cookies: http://www.criteo.com/it/privacy/
For Facebook cookies: – privacy policy: https://www.facebook.com/privacy/explanation – instructions to manage or disable cookies: https://www.facebook.com/help/cookies/ For CrazyEgg cookies: – privacy policy: https://www.crazyegg.com/privacy/
– instructions to manage or disable cookies: https://www.crazyegg.com/cookies/
For Rocket Fuel cookies: -privacy policy: http://rocketfuel.com/it/privacy/ – instructions to manage or disable cookies: http://rocketfuel.com/it/cookie-policy/ For Youtube cookies: -privacy policy: https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines
– instructions to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
For Yahoo cookies: -privacy policy and instructions to manage or disable cookies: https://policies.yahoo.com/ie/it/yahoo/privacy/euoathnoticefaq/
For Bing cookies: -privacy policy and instructions to manage or disable cookies https://privacy.microsoft.com/it-it/privacystatement.

Profiling Cookie

They can be installed by the Owner (s), using the so-called software. web analytics, profiling Cookie, which are used to prepare detailed and real-time analysis reports relating to information on: visitors to a website, search engines of origin, keywords used, language of use, most visited pages.
They can collect information and data such as IP address, nationality, city, date / time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits made.
These data may be transferred to each of the SICOM S.R.L. Group Companies, in compliance with and with the limitations imposed by current legislation and by the provisions of this Information.
Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Website.
Unless otherwise specified, all data requested by this website are mandatory.
If the User refuses to communicate them, it may be impossible for this Website to provide the Service. In cases where this Website indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or on its operation.
Users who have doubts about which data are mandatory are encouraged to contact the owner.
Any use of Cookie – or of other tracking tools – by this Website or by the owners of third-party services used by this Website, unless otherwise specified, has the purpose of providing the Service requested by the User, as well as for the additional purposes described in this document and in the Cookie Policy, if available.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Website and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

SICOM SRL – Via Veregrense, 78 – 63812 Montegranaro (FM) – Italy – VAT number 02209380449 – Tel. +39.0734894006 – Owner contact email: amministrazione@sicom-srls.it