SUMMARY OF THE PRIVACY POLICY
CONTACT DETAILS
THE CONTROLLER
S.I.C. S.R.L. SOCIETà DI INGEGNERIA (fiscal code, VAT number and Italian Business Register – Company Registration Office of Brescia registration number 02576490987, REA BS-461694, share capital Euro 25.000, fully paid-up) in the person of its legal representative and chief executive officer Mrs Sonia Gelpi (fiscal code GLPSNO71M55B149F)
Registered Address: Piazza Vittoria, nr. 19 - Breno (BS), zip code 25043 - Italy
E-mail address: privacy@sic-consulting.it
Registered e-mail address: sic-consulting@legalmail.it
Telephone contact: (+39) 036422523
THE PROCESSORS
- Cloudflare Inc.:
Used for hosting and web analytics service.
Contact details of the Data Processor:
Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107,
Data Protection Officer email address: sar@cloudflare.com
Cloudflare installs cookies. Cloudflare may transfer data outside the European Economic Area (EEA). For more information on the methods of processing personal data by Cloudflare and on the types of personal data processed, the User is invited to carefully read its privacy policy and its cookie policy and the terms of use, by clicking on the hyperlinks inserted here. - DECAP CMS (distribuited under MIT License)
it’s a content management System (a CMS software) used to create, manage and modify the contents of a website. DECAP CMS uses cookies and it may store and process personal data outside the European Economic Area (EEA). If you want to get more information on the methods of processing personal data by Decap CMS and on the types of personal data processed, the User is invited to carefully read its privacy policy and its terms of service, by clicking on the hyperlinks inserted here.
The updated list of any external Data Processors can be requested from the Data Controller.
PURPOSES AND SERVICES USED FOR PERSONAL DATA PROCESSING
Purpose of Personal Data processing:
The website www.sic-consulting.it installs Cookies (also possibly through third parties), may process contact data and usage data for the performance of the services performed also through the various functions present on the website.
Functionalities and services / Links to External Platforms / Third parties:
- Cloudflare:
Used for hosting and web analytics service. Cloudflare installs cookies. Cloudflare may transfer data outside the European Economic Area (EEA). For more information on the methods of processing personal data by Cloudflare and on the types of personal data processed, the User is invited to carefully read its privacy policy and its cookie policy and the terms of use, by clicking on the hyperlinks inserted here. - DECAP CMS (distribuited under MIT License)
it’s a content management System (a CMS software) used to create, manage and modify the contents of a website. DECAP CMS uses cookies and it may store and process personal data outside the European Economic Area (EEA). If you want to get more information on the methods of processing personal data by Decap CMS and on the types of personal data processed, the User is invited to carefully read its privacy policy and its terms of service, by clicking on the hyperlinks inserted here. - Termsfeed:
it is a tool/plug in used to create the cookie banner and to store the users' consent to the installation of cookies. If you want to get more information on the methods of processing personal data by LinkedIn and on the types of personal data processed, the User is invited to carefully read its privacy policy, its cookie policyand its terms of use, by clicking on the hyperlinks inserted here. - Widget / Redirect link to LinkedIn:
On this website www.sic-consulting.it there is a redirect link to LinkedIn, a social network that connects professionals from all over the world to help them be more productive and more successful. LinkedIn's privacy policy applies to your use of LinkedIn and related services, as well as LinkedIn-related sites, applications, , and services, including external services to the site, such as the related advertising services and the plugins. LinkedIn may transfer data outside the European Economic Area (EEA).
If you want to get more information on the methods of processing personal data by LinkedIn and on the types of personal data processed, the User is invited to carefully read its privacy policy and its cookie policyand user agreement. - Cloudflare, Termsfeed, Decap CMS, LinkedIN
Personal Data collected: Cookies; Usage Data; other types of Data.
PRIVACY POLICY
The Data Controller, as better defined below, takes care of its Users’ privacy and guarantees that the Personal Data processing is carried out in compliance with the privacy legislation in force, and in particular with the European Regulation no. 2016/679 and the national legislation on the personal data protection.
Therefore, the Data Controller has adopted the following Privacy Policy in order to regulate and inform the Users of the Website www.sic-consulting.it of the methods and purposes of processing Users Personal Data.
The User is kindly requested to read this document every time he connects to the Website, in order to update on any revisions, additions and / or modifications, occasioned by regulatory requirements and / or by changes and / or additions to the functionality of the Website itself.
THE DATA CONTROLLER
S.I.C. S.R.L. SOCIETà DI INGEGNERIA (fiscal code, VAT number and Italian Business Register – Company Registration Office of Brescia registration number 02576490987, REA BS-461694, share capital Euro 25.000, fully paid-up) in the person of its legal representative and chief executive officer Mrs. Sonia Gelpi (fiscal code GLPSNO71M55B149F)
Registered Address: Piazza Vittoria, nr. 19 - Breno (BS), zip code 25043 - Italy
E-mail address: privacy@sic-consulting.it
Registered e-mail address: sic-consulting@legalmail.it
Telephone contact: (+39) 036422523\
THE PROCESSORS
- Cloudflare Inc.:
Used for hosting and web analytics service.
Contact details of the Data Processor:
Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107,
Data Protection Officer email address: sar@cloudflare.com
Cloudflare installs cookies. Cloudflare may transfer data outside the European Economic Area (EEA). For more information on the methods of processing personal data by Cloudflare and on the types of personal data processed, the User is invited to carefully read its privacy policy and its cookie policy and the terms of use, by clicking on the hyperlinks inserted here. - DECAP CMS (distribuited under MIT License)
it’s a content management System (a CMS software) used to create, manage and modify the contents of a website. DECAP CMS uses cookies and it may store and process personal data outside the European Economic Area (EEA). If you want to get more information on the methods of processing personal data by Decap CMS and on the types of personal data processed, the User is invited to carefully read its privacy policy and its terms of service, by clicking on the hyperlinks inserted here.
The updated list of any external Data Processors can be requested from the Data Controller.
TYPES OF PROCESSED PERSONAL DATA
Among the Personal Data collected by www.sic-consulting.it as well as from all possible pages connected and / or correlated to it (hereinafter "the Website"), either independently or through third parties (please see their privacy policy), there are: various type of Personal Data as better specified below, cookies and Usage Data.
In the related sections of this Privacy Policy or through specific information texts displayed before the Data collection, the User can find all the details of each type of Data.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically by the Website and Personal Data may also be collected by third parties.
Unless otherwise specified, the Data requested are necessary to provide the Service.
In cases of optional Data, Users can refrain from communicating such Data, without any consequence on the availability of the Service or on its operation.
Users who have any doubt about which Data are mandatory are invited to contact the Data Controller.
The collection of any Cookies by the Website or by third party services used by the Website, unless otherwise specified, has the purpose of providing the Service requested by the User, and any other purposes described in this document and in the Cookie Policy, if available.
The User assumes liability for the third parties Personal Data obtained, published or shared through the Website and guarantees to have the right to communicate or share them, holding harmless the Data Controller for any related claim.
HOW AND WHERE WE PROCESS PERSONAL DATA?
The processing of Personal Data collected through this Website www.sic-consulting.it and/or through services connected to this Website takes place at the legal and operational headquarters of the Data Controller, and in any other place where the parties involved in the processing are located and possibly at other subjects or computer systems/servers of other third parties specifically designated as (external) Data Processors.
Notice: User's Personal Data might be transferred outside the European Economic Area (EEA).
The User has the right to obtain information regarding the legal basis of any transfer of Data outside the European Union or outside the European Economic Area, or to an international organization governed by public law or constituted by two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data. If one of the transfers described above takes place, the User can refer to the specific relative sections of the single service / third party in this Privacy Policy, or request information from the Data Controller by contacting him.
The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification and/or destruction of Personal Data.
The processing of Personal Data is carried out with IT and/or telematic and/or analogical tools, with organizational methods and with logics strictly related to the purposes indicated. In addition to the Data Controller and Data Processors indicated in the relevant section of this Privacy Policy, in some cases, other subjects involved in the organization of www.sic-consulting.it and/or external subjects (for example: third party technical service providers, hosting providers, IT companies, etc.) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processor can always be requested from the Data Controller.
For further information, the User is invited to contact the Data Controller (please see the section named "THE DATA CONTROLLER").
DATA PROCESSING LEGAL BASIS
The legal bases of the Data Controller processing of User’s Personal Data are specified below:
• the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes, pursuant to GDPR, art. 6, paragraph 1, letter a). Please note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User's consent or another of the legal bases specified below, as long as the User does not object ("opt-out") to such processing. However, this is not applicable if the Personal Data processing is governed by European legislation on the protection of personal data;
- Personal Data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, pursuant to GDPR, art. 6, paragraph 1, letter b);
- Personal Data processing is necessary for compliance with a legal obligation to which the Data Controller is subject, pursuant to GDPR, art. 6, paragraph 1, letter c);
- Personal Data processing is necessary in order to protect the vital interests of the Data Subject or of another natural person, pursuant to GDPR, art. 6, paragraph 1, letter d);
- Personal Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, pursuant to art. 6, paragraph 1, letter e) of the GDPR;
- Personal Data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a child, pursuant to GDPR, art. 6, paragraph 1, letter f).
Pursuant to GDPR, art. 6, the Personal Data collected from the Website without the consent of the User will be processed by the Data Controller to manage and maintain the Website, to allow the use of Services, to satisfy Users' requests, to fulfill legal obligation, regulations, community legislation or orders of the Authorities or in any case for purposes connected to the activities and functions of the Data Controller, or to prevent or discover fraudulent activities or abuses that can damage the Data Controller through this Website.
The User can always ask the Data Controller to specify the legal basis of each Processing and, in particular, whether the Processing is based on the law, or necessary to conclude a contract.
DATA STORAGE PERIOD
The Data are processed and stored for the time required by the purposes for which they are collected.
Therefore:
- Personal Data collected for purposes related to the execution of pre-contractual measures and/or a contract between the Company and the User will be kept in accordance with the law and, in any case, at least until the execution of the contract is completed
- Personal Data collected for purposes relating to the legitimate interest of the Data Controller will be kept until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
When the Data processing is based on the User's consent, the Data Controller can keep Personal Data for longer and that is until the consent is revoked. And in any case, in all the cases listed here, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the expiry of this term, the right of access, cancellation, rectification and the right to data portability, opposition, restriction of personal data processing, can no longer be exercised.
The User can contact the Data Controller (please see the section named "THE DATA CONTROLLER") to obtain further information regards the Personal Data processing retention period.
PURPOSE OF COLLECTED DATA PROCESSING
The User’s Personal Data are collected to allow the Data Controller to provide its Services, as well as for the following purposes:
- Web hosting: (Cloudflare);
- CMS: (DECAP Content Management System);
- Analytics service: (Cloudflare);
- Links to Third parties: (LinkedIn)
- Tools /plug in: (Termsfeed cookie banner)
To obtain further detailed information on these purposes and on the Personal Data processed for each purpose, see the following section.
DETAILS ON THE PERSONAL DATA PROCESSING
Services and / or Functionalities and/or Displaying content from external platforms and / or Third parties / Links to External Platforms:
- Cloudflare:
Used for hosting and web analytics service. Cloudflare installs cookies. Cloudflare may transfer data outside the European Economic Area (EEA). For more information on the methods of processing personal data by Cloudflare and on the types of personal data processed, the User is invited to carefully read its privacy policyand its cookie policy and the terms of use, by clicking on the hyperlinks inserted here. - DECAP CMS (distribuited under MIT License)
it’s a content management System (a CMS software) used to create, manage and modify the contents of a website. DECAP CMS uses cookies and it may store and process personal data outside the European Economic Area (EEA). If you want to get more information on the methods of processing personal data by Decap CMS and on the types of personal data processed, the User is invited to carefully read its privacy policy and its terms of service, by clicking on the hyperlinks inserted here. - Termsfeed:
it is a tool/plug in used to create the cookie banner and to store the users' consent to the installation of cookies. If you want to get more information on the methods of processing personal data by LinkedIn and on the types of personal data processed, the User is invited to carefully read its privacy policy, its cookie policyand its terms of use, by clicking on the hyperlinks inserted here. - Widget/ Redirect link to LinkedIn:
On this website www.sic-consulting.it there is a redirect link to LinkedIn, a social network that connects professionals from all over the world to help them be more productive and more successful. LinkedIn's privacy policy applies to your use of LinkedIn and related services, as well as your use of LinkedIn-related sites, applications, communications, and services, including external services to the site, such as the related advertising services and the plugins. LinkedIn may transfer data outside the European Economic Area (EEA).
Regarding the possible transfer of personal data outside the European Economic Area (EEA) and the EU,
If you want to get more information on the methods of processing personal data by LinkedIn and on the types of personal data processed, the User is invited to carefully read its privacy policy and its cookie policyand user agreement.
- Cloudflare, Termsfeed, Decap CMS, LinkedIN
Personal Data collected: Cookies; Usage Data; other types of Data.
DATA COMMUNICATION AND TRANSFER
We treat your Personal Data with the utmost care and confidentiality: it is one of our core values. If required by law, User data may be disclosed to third parties. We employ service providers and data processors to process data on our behalf. These services include, for example, booking services, authentication, maintenance, email messaging services, payment transaction management, creditworthiness, address and email checking. These third parties are our (external) data processors and may only process personal data to the extent necessary to provide their services. Our (external) data processors have a contractual obligation to treat this information in the strictest confidence. They are prohibited from using the data in any other way than necessary. The necessary measures are taken to ensure that our eventual (external) data processors, including service providers and other processors who work on behalf of S.I.C. S.R.L. SOCIETà DI INGEGNERIA preserve and protect the confidentiality of the User's data. In the event that our (external) processors are located outside the European Economic Area / European Union and the processing takes place outside this area, these processors will have to comply with the following necessary requirements, including:
- the country in question must be considered a safe third country;
- the supplier in question must adhere to the European Commission's model contracts relating to the transfer of personal data to third countries;
- the supplier in question is certified according to art. 40 et seq. of the GDPR or The supplier in question has a set of approved Binding Corporate Rules.
We may communicate your information to the extent that we are obliged to communicate or share your personal data in order to comply with any legal obligation or with the instructions of a court/judicial authority or any other competent body, or in order to enforce or apply our Privacy Policy and other agreements or to protect the rights, property or safety of S.I.C. S.R.L. SOCIETà DI INGEGNERIA and/or other third parties. This includes exchanging information with other companies and/or organizations for the purpose of fraud protection or reduce credit risk.
USER RIGHTS
With reference to the Data processed by the Controller, the User can exercise the following rights:
- right to withdraw consent at any time. The User can revoke the previously expressed consent to his/her Personal Data processing (see GDPR, art. 7);
- right of access. The User has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him/her are being processed, and, where that is the case, access to his/her Personal Data and receive all the information about them (including the purposes of the processing), as well a copy of the aforementioned Data (see GDPR, art. 15);
- right to rectification of his/her Personal Data. The User has the right to obtain from the Data Controller without undue delay the rectification of inaccurate Personal Data concerning him/her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal Data completed, including by means of providing a supplementary statement (see GDPR, art. 16);
- right to erasure (“right to be forgotten”). The User has the right to obtain from the Data Controller the erasure of Personal Data concerning him/her without undue delay in these events: if the Personal Data are no longer necessary or the User withdraws consent on which the processing is based and there is no other legal ground for the processing or if the User objects to the processing or the Personal Data have been unlawfully processed or if they have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject or if the Personal Data have been collected in relation to the offer of information society services (see GDPR, art. 17);
- right to restriction of processing. The User shall have the right to obtain from the Data Controller restriction of processing in these events: if the accuracy of the Personal Data is contested by the User or if the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use or if the User who has objected to processing is waiting for the verification whether the legitimate grounds of the Data Controller override those of the User (see GDPR, art. 18);
- right to data portability. The User has the right to receive the Personal Data concerning him/her, which he/she has provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those Data to another data controller without hindrance from the Data Controller to which the personal data have been provided (see GDPR, art. 20);
- right of object to Personal Data processing. The User can object at any time to processing of personal data concerning him/her (when it’s carried out on a legal basis other than consent).
When Personal Data is processed in the public interest, in the exercise of public powers vested in the Data Controller or to pursue a legitimate interest of the Data Controller or of third parties, Users have the right to object to the processing for reasons connected with their particular situation, unless the legitimate interests of the Data Controller or of third parties prevail over the interests or fundamental rights or freedoms of the Users. In particular, where Personal Data are processed for direct marketing purposes, the User has the right to object at any time to processing of Personal Data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Users are reminded that, in the event that their Data is processed for direct marketing purposes, they may object to the processing without providing any reasons. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document (see GDPR, art. 21) - right to lodge a complaint with the competent supervisory authority. The User can lodge a complaint with the competent Personal Data protection supervisory authority (in Italy: www.garanteprivacy.it) and before the competent courts of the Member States (see GDPR, art. 77 and following).
How to exercise your rights?
To exercise the aforesaid rights, the User, without paying any fees or charge (except for the provisions of GDPR, art. 12 paragraph 5), can address a request to the Data Controller.
Cookie Policy
The Website uses Cookies. For more detailed information, the User is invited to read the Cookie Policy.
FURTHER INFORMATION ON THE DATA PROCESSING
Defense in court
The User’s Personal Data may be used for defense by the Data Controller in judicial proceedings or in preliminary stages prior to their possible initiation, against abuses in the use thereof or in related Services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose / communicate the Personal Data by order of the public authorities.
Specific information
Upon a User’s request, in addition to the information contained in this Privacy Policy, the Website can supply additional and targeted information about special Services and about the collection and processing of Personal Data.
System log and maintenance
For needs related to operation and maintenance, the Website and any third-party Services it uses may collect system logs, which are files that record the interactions and which may also contain Personal Data, such as User IP address.
Information not contained in this Privacy Policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided in this Privacy Policy.
Changes to this Privacy Policy
The Data Controller reserves the right to modify or update, at any time, this Privacy Policy.
The User is invited to check this page regularly to ensure he/she always knows the latest version of this Privacy Policy (see the “Last update” date at the end of this page).
If the changes affect Personal Data processing whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.
DEFINITIONS AND LEGAL REFERENCES
Personal Data or Data
Any information relating to a Data Subject.
Usage Data
All the information collected automatically through the Website and/or by third-party applications, including: IP addresses or domain names of the computers used by the User to connect to the Website, addresses in URI (Uniform Resource Identifier), time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.), the country origin, browser and operating system features, time features (for example, time spent on each page), the details about the actions taken (sequence of the pages the User has visited, operational system parameters and IT environment).
User or Users
The individual or individuals who use the Website/application. Unless otherwise specified, he/she coincides with the Data Subject.
Data Subject
The identified or identifiable natural person to whom the Personal Data refers. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological genetic, mental, economic, cultural or social identity of that natural person.
The Data Controller /The Controller
The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data and the tools adopted, including the security measures relating to the functioning and use of www.sic-consulting.it The Data Controller, i.e. the company S.I.C. S.R.L. SOCIETà DI INGEGNERIA as better identified and identified above, unless otherwise specified, is the owner of www.sic-consulting.it
The Data Processor /The Processor
The natural person, legal person, public administration and any other body that processes personal data on behalf of the Data Controller, according to what is set out in this Privacy Policy.
Website
The website through which the Personal Data of Users is collected and processed.
measures relating to the functioning and use of www.sic-consulting.it. The Data Controller, i.e. the company S.I.C. S.R.L. SOCIETà DI INGEGNERIA as better identified and identified above, unless otherwise specified, is the owner of www.sic-consulting.it
Service or Services
The Service/Services provided by the Website as specified in the relative terms (if available) on this Website/application.
European Union or EU
Unless otherwise specified, any reference to the European Union contained in this document is intended to be extended to all current member states of the European Union and of the European Economic Area (so-called EEA).
Cookie or Cookies
Small portion/s of data stored in the User's device.
Processing or Data Processing
Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Legal references
This privacy statement has been prepared on the basis of multiple regulatory references, including, among others, article 13 et seq. of Regulation (EU) 2016/679, the Legislative Decree 196/2003 for what is still in force and the related adaptation legislation Legislative Decree 101/2018.
Unless otherwise specified, this privacy statement concerns only the website www.sic-consulting.it
Last update:6th July 2023