Privacy policy

Information pursuant to art. 13 of EU Regulation no. 679/2016 “GDPR”

SDA sas di Palmitessa Carlo protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation.

As required by European Union Regulation no. 679/2016 and in particular to art. 13 below, the user (“interested party”) is provided with the information required by law relating to the processing of their personal data.

Who we are and what data we process

SDA sas di Palmitessa Carlo, in the person of its legal representative pt, with headquarters in Via Fratelli Bandiera 7 – 80026 Casoria (NA), operates as data controller and can be contacted at info@unigom.it and collects and/or receives information concerning the interested party, such as:

  • Personal data (name, surname, physical address, nationality, province and municipality of residence, landline and/or mobile telephone, fax)
  • Telematic traffic data (log, IP address of origin)

SDA sas di Palmitessa Carlo does not require the interested party to provide “particular” data, that is, in accordance with the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious beliefs or philosophical, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to a natural person’s health or sexual life or sexual orientation. In the event that the service requested from SDA sas di Palmitessa Carlo requires the processing of such data, the interested party will receive specific information in advance and will be asked to give specific consent.

The owner has appointed a Data Protection Officer (DPO) who can be contacted for any information and requests at the email address info@unigom.it or by telephone at +39 081.5226769

For what purposes do we need the data of the interested party

The data is used by the owner to follow up on the request for registration and the contract for the supply of the chosen Service and/or the purchased Product, manage and execute the contact requests forwarded by the interested party, provide assistance, fulfill legal and regulatory obligations which the owner is required based on the activity carried out. Under no circumstances does SDA sas di Palmitessa Carlo resell the personal data of the interested party to third parties or use them for undeclared purposes. In particular, the data subject’s data will be processed for:

  1. Registration and requests for contact and/or information material. The processing of the interested party’s personal data takes place to carry out the preliminary and consequent activities to the request for registration, to manage requests for information and contact and/or to send information material, as well as for the fulfillment of any other obligation arising. The legal basis of such processing is the fulfillment of the services inherent to the request for registration, information and contact and/or sending of informative material and compliance with legal obligations.
  2. Management of the contractual relationship. The processing of the personal data of the interested party takes place to carry out the preliminary and consequent activities to the purchase of a Service and/or a Product, the management of the relevant order, the provision of the Service itself and/or the production and/or the shipment of the purchased Product, the related invoicing and payment management, the handling of complaints and/or reports to the assistance service and the provision of the assistance itself, the prevention of fraud as well as the fulfillment of any other obligation arising from the contract. The legal basis of such processing is the fulfillment of the services inherent to the contractual relationship and compliance with legal obligations.
  3. Promotional activities on Services/Products similar to those purchased by the interested party. The data controller, even without your explicit consent, may use the contact data communicated by the interested party, for the purposes of direct sales of its Services/Products, limited to the case in which they are Services/Products similar to those covered by the sale, unless the interested party explicitly objects.
  4. Commercial promotion activities on Services/Products different from those purchased by the interested party. The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regard to Services/Products that the owner offers only if the interested party has authorized the processing and does not object to this. This processing can take place, in an automated manner, via e-mail, text message and telephone contact and can be carried out in the event that the interested party has not revoked his consent for the use of the data or the processing takes place through contact with an operator. by telephone and the interested party is not registered in the opposition register referred to in DP no. 178/2010. The legal basis of such processing is the consent given by the interested party prior to the processing itself, which can be revoked by the interested party freely and at any time.
  5. Cyber ​​security. The owner, in line with the provisions of the GDPR, processes, also through its suppliers (third parties and/or recipients), the personal data of the interested party relating to traffic to a strictly necessary and proportionate extent to guarantee the security of the networks and the information, i.e. the ability of a network or information system to resist, at a given level of security, unexpected events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted. The owner will promptly inform the interested parties if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of the art. 33 of the GDPR relating to notifications of personal data breaches. The legal basis of such processing is compliance with legal obligations and the legitimate interest of the owner in carrying out processing relating to the protection of company assets and the security of the offices and systems of SDA sas di Palmitessa Carlo
  6. Profiling. The personal data of the interested party may also be processed for profiling purposes (such as analysis of the data transmitted and the chosen Services/Products, proposing advertising messages and/or commercial proposals in line with the choices expressed by the users themselves) exclusively in the case in which the interested party has provided explicit and informed consent. The legal basis of such processing is the consent given by the interested party prior to the processing itself, which can be revoked by the interested party freely and at any time.
  7. Fraud prevention. The personal data of the interested party, with the exception of particular data (art. 9 GDPR) or judicial data (art. 10 GDPR) will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a verification in an automated manner and prior to the negotiation of Services/Products. Passing these checks with negative results will make it impossible to carry out the transaction; the interested party will in any case be able to express their opinion, obtain an explanation or contest the decision by justifying their reasons to the Customer Support service at the e-mail address info@unigom.it. Personal data collected for anti-fraud purposes only, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.
  8. Protection of minors. The Services/Products offered by the owner are reserved for subjects legally able, on the basis of the relevant national legislation, to conclude contractual obligations. In order to prevent illegitimate access to its services, the owner implements prevention measures to protect his legitimate interest, such as checking the tax code and/or other checks, when necessary for specific Services/Products, the correctness of the data identifiers of identity documents issued by the competent authorities.

Communication to third parties and categories of recipients

The communication of the interested party’s personal data occurs mainly towards third parties and/or recipients whose activity is necessary for the performance of activities inherent to the established relationship and to respond to certain legal obligations, such as:

  • Administrative, accounting and related obligations to contractual performance
  • Provision of services (assistance, maintenance, delivery/shipping of products, provision of additional services, network providers and electronic communications services) connected to the requested service
  • Management of collections, payments, reimbursements connected to contractual performance
  • Fulfillment of legal obligations, exercise and defense of rights, protection of contractual rights, credit recovery, lists and registers kept by public authorities or similar bodies based on specific legislation, in relation to contractual performance

The owner requires his third party suppliers and data processors to comply with security measures equal to those adopted for the interested party, limiting the scope of action of the data controller to the processing connected to the service requested. The owner does not transfer the personal data of the interested party to countries in which the GDPR is not applied (non-EU countries) unless specifically indicated otherwise for which the same will be informed in advance requesting explicit consent. The legal basis of such processing is the fulfillment of the services inherent to the established relationship, compliance with legal obligations and the legitimate interest in carrying out processing necessary for these purposes.

Processing of data of the interested party

The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the Service and/or the supply of the requested Product. If the interested party does not provide the personal data expressly foreseen as necessary in the order form or registration form, the owner will not be able to carry out the processing related to the management of the requested services and/or the contract and the Services/ Products connected to it, nor to the obligations that depend on them. In the event that the interested party does not give his/her consent to the processing of personal data for commercial promotion activities on Services/Products different from those purchased, said processing will not take place for the same purposes, without this having any effect on the provision of services. requests, nor for those for which he has already given his consent, if requested. In the event that the interested party has given consent and should subsequently revoke it or oppose the processing for commercial promotion activities, his/her data will no longer be processed for such activities, without this leading to consequences or prejudicial effects for the interested party and for the required performances.

The owner arranges for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the interested party’s personal data and imposes similar security measures on third party suppliers and managers. The personal data of the interested party are stored in paper, computer and telematic archives located in countries where the GDPR is applied (EU countries) until they are necessary for the legitimate purposes for which they were collected. In particular, they will be kept for the entire duration of the registry registration and in any case no longer than a maximum period of 12 months of inactivity, or if, within this period, no Services are associated and/or Products purchased through the registry itself . In the case of data provided to the owner for the purposes of commercial promotion for services other than those already acquired by the interested party, for which he initially gave consent, these will be kept for 24 months, unless the consent given is revoked. In the case of data provided to the owner for profiling purposes, these will be kept for 12 months, unless the consent given is revoked.

In the event that a user forwards unsolicited or unnecessary personal data to SDA sas di Palmitessa Carlo for the purpose of carrying out the requested service or for the provision of a service strictly connected to it, SDA sas di Palmitessa Carlo cannot be considered the owner of these data, and will delete them as soon as possible. Regardless of the interested party’s determination to remove them, the personal data will in any case be stored according to the terms established by current legislation and/or national regulations, for the exclusive purpose of guaranteeing the specific obligations specific to some Services (by way of example but not limited to, Certified Email, Digital Signature, Substitutive Storage). Furthermore, personal data will in any case be kept for the fulfillment of obligations (e.g. fiscal and accounting) which remain even after the termination of the contract (art. 2220 cc); for these purposes the owner will only retain the data necessary for the relevant pursuit. This is without prejudice to cases in which the rights deriving from the contract and/or registration must be asserted in court, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time necessary for their pursuit.

Rights of the interested party

The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information:

  • purposes of the processing and categories of personal data in question
  • recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organizations
  • expected period of retention of personal data and the criteria used to determine this period
  • existence of the right to request rectification, cancellation or limitation of the processing of personal data and the possibility to oppose their processing
  • if the data are not collected from the interested party, all available information on their origin
  • existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and envisaged consequences of such processing for the interested party
  • guarantees provided by third countries (non-EU) or international organizations to protect any data transferred

The interested party has the right to:

  • lodge a complaint with a supervisory authority
  • obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others (the data controller may charge a reasonable fee based on administrative costs)
  • obtain without unjustified delay the rectification or cancellation of personal data concerning him if the reasons provided for by the art. exist. 17 of the GDPR
  • obtain the limitation of processing in the cases provided for by the art. 18 of the GDPR
  • obtain communication of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort
  • receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him and the right to transmit such data to another data controller without impediments in the cases provided for by the art. 20 of the GDPR

In order to guarantee that the above-mentioned rights are exercised by the interested party and not by unauthorized third parties, the owner may request the same to provide any further information necessary for this purpose.

How and when the interested party can object to the processing of their personal data

For reasons relating to the particular situation of the interested party, the same can object at any time to the processing of his/her personal data if it is based on legitimate interest or if it takes place for commercial promotional activities, by sending the request to the owner at the electronic address info@ unigom.it. The interested party has the right to have their personal data deleted if there is no overriding legitimate reason on the part of the owner compared to that which gave rise to the request, and in any case in the event that the interested party has objected to the processing for commercial promotion activities.

Without prejudice to any other administrative or judicial action, the interested party may submit a complaint to the competent supervisory authority on Italian territory (Personal Data Protection Authority) or to the one that carries out its tasks and exercises its powers. in the Member State where the violation of the GDPR occurred. Any update to this information will be communicated promptly and by appropriate means and will also be communicated if the owner processes the data of the interested party for purposes other than those referred to in this information before proceeding and following the manifestation of the relevant consent of the interested party. interested if necessary.

In addition to the information already reported, the interested party is also provided with details of the processing of personal data for the contact form and e-commerce. In relation to the provisions of sector regulations, personal data collected in the registration and information request form, electronic traffic data, message log and control journal will be kept for 20 years.

General information, deactivation and management of cookies

Cookies are data that are sent by the website and stored by the internet browser on the user’s computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed from our website or its subdomains. The user will be able to manage, or request the general deactivation or deletion of cookies, by changing the settings of their internet browser. This deactivation, however, may slow down or prevent access to some parts of the site. The settings for managing or deactivating cookies may vary depending on the internet browser used, therefore, for more information on how to carry out these operations, we suggest consulting the manual of your device or the “Help” function of your browser.

The use of technical cookies, i.e. cookies necessary for the transmission of communications on an electronic communications network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site. Session cookies may be installed in order to allow access and permanence in the reserved area of ​​the portal as an authenticated user.

Technical cookies are essential for the correct functioning of our website and are used to allow users normal navigation and the possibility of using the advanced services available on our website. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of navigation until the browser is closed, and persistent cookies which are saved in the memory of the user’s device until they expire or are deleted by the user. same. Our site uses the following technical cookies:

  • Technical navigation or session cookies, used to manage normal navigation and user authentication
  • Functional technical cookies, used to store customizations chosen by the user, such as, for example, the language
  • Technical analytics cookies, used to understand how users use our website so that we can evaluate and improve its functioning

Third-party cookies may be installed: these are analytical and profiling cookies from Google Analytics and Facebook. These cookies are sent from the websites of the aforementioned third parties external to our site. Third-party analytical cookies are used to detect information on user behavior on the site and are used to prepare detailed and real-time analysis reports relating to visitors to a website, search engines of origin, keywords used, language of usage and most visited pages. They may collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, browsing origin, pages visited and number of pages, duration of the visit, number of visits made. The detection takes place anonymously, in order to monitor performance and improve the usability of the site. Third-party profiling cookies are used to create profiles relating to users, in order to propose advertising messages in line with the choices expressed by the users themselves. The use of these cookies is governed by the rules established by the third parties themselves, therefore, users are invited to read the privacy information and instructions for managing or disabling cookies.

Google Analytics

  • Privacy policy: https://www.google.com/intl/en/policies/privacy/
  • Manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=en

Facebook

  • Privacy policy: https://www.facebook.com/privacy/explanation
  • Manage or disable cookies: https://www.facebook.com/help/cookies/