PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA
Dear Customer,
In compliance with the obligations set forth by the European Privacy Regulation EU 2016/679 (GDPR) and Legislative Decree No. 196 of June 30, 2003 (Personal Data Protection Code), we hereby inform you that Sivit Srl, as the Data Controller, will process your personal data that has been or may be provided/communicated to us—by you or by other parties—during our relationship.
The processing of your data, whether freely provided by you or otherwise collected, will be carried out in accordance with current privacy laws; based on principles of fairness, lawfulness, and transparency; and conducted in observance of the principles of relevance, completeness, and non-excessiveness.
Therefore, pursuant to Article 13 of the European Regulation 2016/679 (GDPR), we inform you of the following:
Data Controller Identification
The Data Controller for all purposes specified in point 2 is:
Sivit Srl
Via Centallo 56, 10156 Turin (TO), Italy
VAT No.: 01012820013
Email: info@sivit.it
Purpose of Data Processing
The data you provide will be processed for the following purposes:
To address inquiries submitted through the website's contact form.
To manage requests related to courses offered by the company.
Categories and Nature of Data Processed
The categories of data processed include:
Personal identification data (e.g., name, surname, email address).
Data Retention Period
In accordance with Article 5, paragraph 1, letter e) of the GDPR, personal data is retained in a form that allows identification of the data subject for no longer than necessary for the purposes for which the data was collected or subsequently processed, or as required by law. The relevance and necessity of the data retained are periodically reviewed under the supervision of the Data Controller.
Specifically:
When processing is necessary for the execution of a contract and/or pre-contractual measures, data will be processed until the completion of the contract and retained for the subsequent 10 years, except in cases where the Data Controller has a legitimate interest, such as legal disputes.
When processing is necessary to comply with a legal obligation, data will be retained as long as permitted by law.
When processing is based on the legitimate interest of the Data Controller, data will be retained as long as permitted by law.
Personal data will, in any case, be retained to fulfill obligations (e.g., fiscal and accounting) that persist even after the termination of the contract (Article 2220 of the Civil Code); for these purposes, the Data Controller will retain only the data necessary for such compliance for the subsequent 10 years, except in cases of legitimate interest in legal disputes.
Processing Methods
Processing will be carried out manually and/or using electronic or telematic tools, in compliance with Article 32 of the GDPR, by authorized persons and in accordance with Article 29 of the GDPR. Appropriate security measures will be observed to prevent data loss, unlawful or incorrect use, and unauthorized access.
Nature of Data Provision
The provision and processing of data are:
Mandatory and do not require your consent for purposes related to legal obligations, regulations, or EU legislation.
Essential and do not require your consent for all personal data necessary for the proper establishment of the professional assignment and for the management and continuation of the professional service.
Optional and require your explicit consent for all personal data collected for purposes not directly or indirectly related to contractual, pre-contractual, legal obligations, protection of vital interests, public tasks, exercise of public powers, or pursuit of legitimate interests.
Any refusal to provide the above-mentioned data, even if legitimate, could compromise the regular conduct of the relationship with our company and, in particular, for the data defined as mandatory and essential, could make it impossible for us to carry out the professional assignment and provide the requested services.
Data Communication
The subjects or categories of subjects who may become aware of your data or to whom personal data may be communicated, in addition to the Legal Representative of the Data Controller, are as follows:
Authorized personnel (e.g., employees);
Data Processors (e.g., consultants, freelancers, software service providers).
The updated list of Data Processors and Authorized Persons is kept at the registered office of the Data Controller.
Your personal data will not be disseminated.
Your personal data may also be communicated to Public Administration, Social Security and Assistance Entities, Public Bodies, Police Forces, Judicial Authorities, or other Public and Private Entities, but exclusively for the purpose of fulfilling the professional assignment and legal obligations.
The data in question will not be communicated to other subjects beyond those specified in this notice, and data revealing the data subject's health status will not be disseminated under any circumstances.
Processing of Special Categories of Data
If the processing also concerns personal data falling within the special categories as per Article 9 of the GDPR (i.e., data revealing racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, trade union membership, as well as data concerning health or sex life) or "judicial" data (i.e., data revealing measures related to criminal records, administrative sanctions, or the status of defendant or suspect), the processing will be carried out within the limits and according to the methods provided by the GDPR and Legislative Decree 196/2003, and for purposes strictly necessary for the regular conduct of business activities, the execution of professional assignments, and compliance with contractual and/or legal obligations.
In such cases, the subjects or categories of subjects who may become aware of the sensitive data or to whom the data may be communicated, in addition to the Legal Representative of the Data Controller, are:
Authorized personnel (e.g., employees);
Data Processors (e.g., consultants, freelancers, software service providers).
The updated list of Data Processors and Authorized Persons is kept at the registered office of the Data Controller.
Data Storage Location
Your personal data is processed and stored at the operational headquarters of the Data Controller and is archived in both paper and electronic formats at the company's servers and archives, located at Via Centallo 56, Turin.
Data Subject Rights
You may, at any time, request from the Legal Representative of the Data Controller, using the contact details provided in this notice, a copy of your personal data, information about where your personal data is processed, and an updated list of all Data Processors and System Administrators authorized to process your data.
At any time, you may freely revoke the consent given, without any charge and without prejudice to the lawfulness of the processing carried out up to that point, and, as a data subject, exercise the rights of Access, Rectification, Erasure, Restriction, Objection, Data Portability, and Complaint to the Data Protection Authority against the Data Controller as provided by Article 15 of the GDPR.
Specifically, as a data subject, you have the following rights:
Obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
Obtain information about:
a) the origin of the personal data;
b) the purposes and methods of processing;
c) the logic applied in case of processing carried out with the aid of electronic tools;
d) the identification details of the data controller, data processors, and the representative designated as per Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;
e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as designated representatives in the State's territory, data processors, or authorized persons;
Obtain:
a) the updating, rectification, or, when interested, the integration of data;
b) the erasure, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed;
c) certification that the operations referred to in letters a) and b) have been notified, also regarding their content, to those to whom the data was communicated or disseminated, unless this requirement proves impossible or involves a disproportionate effort compared to the protected right;
Object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection;
b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, using automated calling systems without the intervention of an operator, via email and/or traditional marketing methods via telephone and/or paper mail. It is noted that the data subject's right to object, as set out in point b), for direct marketing purposes using automated methods, extends to traditional methods, and the data subject retains the possibility to exercise the right to object even in part. Therefore, the data subject may decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
Data Controller Contact Information
To exercise your rights, please contact:
Sivit Srl
Via Centallo 56, 10156 Turin (TO), Italy
VAT No.: 01012820013
Email: info@sivit.it
