Privacy Policy for the SCAI Group websites

In questa paginThis page describes how the SCAI Group websites are managed and how personal data belonging to users is processed. Pursuant to Article 13 of European Regulation No. 679/2016 (hereinafter referred to as the “GDPR”), this policy is provided to individuals who interact with SCAI Group web services, accessible online at www.grupposcai.com or via the Group’s individual company websites. This policy only covers the SCAI Group websites and does not cover external websites that may be navigated to by users via links.

Il “Titolare” del trattamento e il Responsabile della protezioThe Data Controller and the Data Protection Officer (DPO)

Data relating to identified or identifiable persons may be processed following visits to this website. The Data Controller is SCAI SpA for the SCAI Group website, which has its registered office at 223 Corso Tazzoli, Turin, 10137.

The Data Controller for subsidiary website(s) is the company that owns the website(s) in question.

Data connected to web services on these websites are only processed by employees of the SCAI Group appointed to process data. No personal data deriving from said web services are disclosed. Personal data provided by users is collected for the sole purpose of providing requested services, and are only sent to third parties if necessary for this purpose.

The contact details of the Data Protection Officer (DPO) are:

• Group DPO: Marco Zucchini (privacy@grupposcai.it)

Types of data processed

Web browsing data

The IT systems and software procedures used to run this website acquire various kinds of personal data during routine activities. The transmission of said data is implicit in the use of the Internet, which employs the TCP/IP protocol.

Said information is not collected with the intent of associating it with identified users. However, given its nature, visiting users could be identified through the processing of and/or association with data held by third parties.

This category includes the IP addresses or domain names of the computers used to connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, request timestamps, the method(s) used to submit requests to the webserver, the size of the file(s) obtained in response, numerical codes indicating the web server’s response status (successful, error etc.), and other parameters pertaining to the user’s operating system, and IT environment. Such data is only used to compile anonymous statistics on website use and to verify its proper operation.

Please note that the aforementioned data could be used to establish liability in the case of computer crimes committed against the SCAI Group website or other websites connected to it. Data on web contacts are only stored for a few days in all other situations.

Dati forniti volontariamente dall’utente

La richiesta di invio di posta elettronica agli indirizzi indicati nell’apposita sezione del sito web, comporta la successiva acquisizione di alcuni dati personali del richiedente, compreso l’indirizzo e
– m

The request to send emails to the email addresses provided in the appropriate section of this website involves the subsequent acquisition of some personal user data, including

email addresses, which are needed to respond to requests.

Cookies

The SCAI Group website uses “cookie” technology. For information on the cookies we use, their purposes of use, and our management methods, please refer to the Cookie Policy in the footer of the main www.grupposcai.it web page.

Facoltatività dell’inserimento dei dati personali

Aside from the indications provided on navigation data, users are free to provide the personal data requested in the online request forms housed in the special “on request” services section of this website. Please note that a failure to provide personal data might make it impossible for requests to be fulfilled.

Data processing methods and security measures

I dati personali sono trattati con strumenti automatizzati e non, per il solo tempo strettamente necessario a conseguire gli scopi per cui Personal data are processed using automated and non-automated methods, and only for the time strictly necessary to fulfil the purposes for which they were collected. Specific security measures have been put in place o prevent data loss, the illicit or incorrect use of data, and unauthorised access.

Rights of interested parties

The individuals to whom personal data refer – potentially collected in the aforementioned specific sections – have the right to obtain confirmation of the existence or otherwise of said data at any time and to know its content and origin, verify its accuracy, and request it be added to, updated or corrected pursuant to Article 15 et seq. of the GDPR. Interested parties have the right to request the erasure of their data or their transformation into anonymous form, or to oppose their processing for legitimate reasons. Any requests should be sent to privacy@grupposcai.it or SCAI SpA at 223, Corso Enrico Tazzoli, Turin, 10137, or to the registered office of the other SCAI Group companies, referring to the data collected by them.

Minors

Il Gruppo SCAI non utilizza consapevolmente il prThe SCAI Group does not knowingly use its website to request data from users under the age of eighteen.

PERSONAL DATA PROCESSING POLICY FOR  CUSTOMERS

We wish to inform you that European Regulation No. 679/16 (“GDPR”) protects persons and other individuals regarding the processing of personal data.

According to the aforementioned legislation, data processing carried out in relation to all relationships and services requested from SCAI SpA or its subsidiaries is based on the principles of fairness, lawfulness and transparency and the protection of your privacy and your rights.

Pursuant to Article 13 of the GDPR 2016/679, we hereby provide the following information:

1. The data you provide will be processed within the limits and for the purposes specified in this privacy policy and, in particular:
   1. to fully execute contractual relationships and to fulfil obligations established by law, regulations and community legislation (tax legislation, etc…)
   2. to collect the information required for the correct management of intercompany relations
   3. to perform post-sales assistance activities, to verify customer satisfaction, and to perform market analysis and statistics operations using anonymised data
   4. To send information relating to events organised by SCAI SpA and its subsidiaries, in addition to future sales initiatives, and to market products, services and offers similar to the existing customer contract
2. Personal data is processed using manual, IT and technology devices and using a logic that is strictly related to the purposes indicated above while guaranteeing data security and confidentiality in compliance with current regulations. Data is processed for the entire duration of the contractual relationship and subsequently thereto, in order to satisfy all legal requirements
3. Without prejudice to the personal autonomy of interested parties, personal data is required to carry out the activities referred to in Letters A, B, and C of Point 1. If you fail to provide said data or object to its processing, you will not be able to sign any contractual agreements with SCAI SpA. The formalisation of contracts and/or job orders constitutes your consent to data processing for the aforementioned purposes. On the contrary, your failure to provide data or your refusal to its processing for the purposes referred to in Letter D of Point 1 will have no consequences on your existing legal relationships or those in the process of being established, not including the potential sending of documentation and sales communications
4. Without prejudice to communications sent in compliance with legal or contractual obligations, all data collected or processed may also be disclosed to other SCAI Group subsidiaries, to auditing and consulting companies, and law firms
5. The Data Controller is the SCAI Group subsidiary with which the contract and/or job order is signed, in the person of its legal representative
6. You may exercise your rights at any time by making contact with the Data Controller, pursuant to Articles 15 et seq. of the GDPR

SENDING SALES AND MARKETING DOCUMENTATION

It should be noted that the data and email address you provide for contractual and sales relationships may be used to send marketing or advertising materials relating to the services requested in a manner that is consistent with the relationships established. If you do not wish to receive sales information, please opt-out by emailing privacy@grupposcai.it

PERSONAL DATA PROCESSING POLICY FOR SUPPLIERS

1. INTRODUCTION

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 concerning the protection of individuals with regard to the processing of personal data (hereinafter the “GDPR”), the Data Controller informs its suppliers – including consultants (hereinafter referred to as “Supplier(s)”) – of the processing1 of the personal data provided to the Group.

• NAME AND CONTACT DETAILS OF THE DATA CONTROLLER

Titolare del trattamento è la società del Gruppo SCAI titolare del rapporto contrattuale instaurato con il Fornitore, nella persona del The Data Controller is the SCAI Group subsidiary with whom the Supplier has established a contractual relationship, in the person of its pro tempore legal representative (hereinafter, the “Company”).

DPO contact details

The following Data Protection Officer has been appointed for the SCAI Group:

– Marco Zucchini, C.so Enrico Tazzoli n. 223, 10137 – Turin – ITALY  

Email address: privacy@grupposcai.it

Data categories and data sourceste dei dati

• Pursuant to Article 4.1 of the GDPR, “personal data” is “any information concerning an identified or identifiable natural person (i.e., an “interested party”)”.  As such, pursuant to this Privacy Policy, “data” refers to personal and/or contact information relating to natural persons processed by the Company in order to stipulate contractual relationships with Suppliers, including in the form of a natural person, a legal representative (who signs contracts in the name and on behalf of the latter), or an employee/consultant involved in the activities referred to in the contract. Personal data relating to natural persons involved in the execution of contracts or relating to contractual relationships may also be processed. In the latter case, the source from which the data originates is the Supplier.

Purpose of data processing and legal bases

• Data will be processed by the Company for purposes relating to the establishment and execution of contracts between the Supplier and the Company.

La base giuridica che legittima il trattamento da parte della Società dei Dati del legale rappresentante del Fornitore (persona giuridica) o del Fornitore (persona fisica) è l’esecuzione del contratto; la base giuridica che legittima il trattamento dei Dati dei dipendenti / consulenti del Fornitore, coinvolti nelle attività di cui al contratto, è il legittimo interesseThe legal basis for the processing by the Company of data belonging to the legal representative (legal person) or natural person is the execution of a contract. The legal basis for processing data belonging to employees/consultants involved in the activities referred to in the contract is the Company’s legitimate interest

• Data will also be processed for administrative and accounting obligations, such as accounting and treasury management, as well as invoicing (i.e., invoice verification and recording), in compliance with the requirements of current legislation, or to execute other obligations provided for by law, other regulations or community legislation.

¹ Pursuant to Article 4, Paragraph 1 of the GDPR, “data processing” refers to any operation or set of operations carried out with or without the use of automated tools and applied to personal data or groups of personal data, such as gathering, recording, organising, structuring, storing, adapting or modifying, extracting, consulting, using, sending, distributing or any other form of making available, comparing or inter-connecting, limiting, cancelling or deleting data.

In this case, the legal basis for data processing is the need to fulfil a legal obligation to which the Company is subject.

1. Data may also be processed by the Company and by SCAI SpA, where necessary, in the capacity of joint Data Controllers to assert and/or defend the Company’s rights in court. The legal basis for data processing in this instance is the legitimate interest of the Data Controller.

1. Your data will also be processed by the Company and by SCAI SpA, where necessary, as Joint Controllers in order to manage the process of verifying supplier requirements with respect to company policies.

In the instances listed above, the legal basis for data processing is the Company’s legitimate interest (which is considered – with reference to the balancing of interests – to prevail over the rights and freedoms of the data subjects). The provision of data is mandatory for the achievement of the purposes listed above and a failure to provide them, either partially or incorrectly, may result in the Company making it impossible to establish or regularly conduct the contractual relationship in question.

Data storage period

• Data collected for the purposes indicated in Article 5 will be stored for the entire duration of the contract and, after its termination, for a limit of 10 years. In the case of legal proceedings, data will be stored for their entire duration, and up to the end of the appeal period.

• Once the above storage terms have expired, your personal data will be destroyed, deleted or made anonymous, in line with the Company’s technical erasure and backup procedures.
  

Categories of recipients

• Data may be sent to entities operating as autonomous data controllers or may be processed on behalf of the Company by entities appointed as data processors, who are provided with appropriate operating instructions. The above covers the following categories of individuals:
  • customers
  • insurance companies
  • self-employed professionals
  • banks and credit institutions
  • Individuals to whom the right to access data is recognised by legal provisions, other regulations, or community regulations
  • Individuals to whom the sending of data is necessary or is in any case inherent to the management of contractual customer relationships
  • the holding company, as Joint Data Controller, for the purposes referred to in Point 5.1. and 5.2

Transfer of daa to non-EU Countries

• Data may be transferred abroad to non-European countries
  • In the absence of an adequacy decision by the European Commission regarding the level of protection of data subjects guaranteed by said countries pursuant to Article 45 of the GDPR, data transfers will take place after signing the standard contractual clauses approved by the European Commission pursuant to Article 46, Paragraph 2, Letters C and D
  • A copy of the standard contractual clauses can be obtained by writing an email to your contact person at the Company

DRights of data subjects

• Interested parties may ask the Data Controller for access to data concerning them, the correction of inaccurate data or the updating of incomplete data, the erasure of data, and the limitation of data processing in the cases provided for by Article 18 of the GDPR. Interested parties may also ask to receive said data in a structured format that is commonly used and readable by a digital device, as well as, if technically feasible, to send them to another data controller if the conditions for exercising the right to data portability referred to in Article 20 of the GDPR  exist (data processing is based on consent pursuant to Article 6.1, Letter A or Article 9.2, Letter A, or on the contract pursuant to Article 6.1, Letter B of the GDPR and is carried out using automated tools).

Interested parties have the right to oppose data processing for the pursuit of purposes based on the Company’s legitimate interest for reasons connected to their specific situation.

• These rights can be exercised by writing to the Company’s Data Controller at their registered office or by sending an email to privacy@grupposcai.it.

• Gli interessati hanno Interested parties also have the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR (in the Member State in which he or she habitually resides and/or works or in the place where the alleged violation has occurred)

INFORMATION ON THIRD PARTIES

Notice regarding the processing of personal data pursuant to Articles 13 et seq. of EU Reg. No. 679/2016 (GDPR)

Pursuant to and for the purposes of Article 13 et seq. of EU Reg. 679/2016 (GDPR), your data has been entered into our database for the purpose of sending newsletters and will be processed in accordance with current regulations.

Pursuant to Article 13 of the GDPR Regulation on personal data, please note that the processing of personal data, for the aforementioned purposes, will take place at the registered office of the Data Controller for the specific Group subsidiary, using computerised tools and in the ways and within the limits necessary to pursue the aforementioned purposes.

Data will be processed lawfully, fairly and with the utmost confidentiality, in full compliance with the general principles referred to in Article 5 of the aforementioned GDPR and will be stored for the time required for the aforementioned purposes.

If you do not wish to receive further communications, you can write to privacy@grupposcai.it. As a result, all personal data pertaining to you that has been previously collected will be deleted.

Rights of Interested Parties Interested parties possess the rights referred to in Article 15 et seq. of the aforementioned regulation, and in particular, the right to request access to personal data and the correction or erasure of the same, or the limitation of the processing of personal data concerning them, as well as to oppose their processing, in addition to the right to data portability. You can exercise your rights as an interested party by writing to privacy@grupposcai.it