In accordance with art. 13 of EU Regulation no. 2016/679 dated 27 April 2016 (hereinafter referred to as GDPR), Sealence SpA (hereinafter referred to as “Data Controller”) provides the Data Subject – an identified or identifiable natural person – with the following information concerning the way personal data are protected.
This information notice aims to describe the way personal data is processed and the measures adopted to protect the rights of data subjects. The notice is periodically updated
to comply with applicable legislation or to new ways of processing personal data.
The Data controller is Sealence SpA, domiciled and headquartered in Buccinasco (MI), San Giorgio n. 25/27 n. 7, – 20090 – (VAT 09927820960) –e-mail address: firstname.lastname@example.org.
Categories of Data
The Data Controller collects the following data:
– personal data
– Contact details
Purposes for the Processing of Personal Data
Your Personal Data will be processed for the following purposes:
A. Replying to a request filed by the Data Subject
B. With prior consent, send newsletter by email.
Legal grounds for the lawful processing of personal data
The legal grounds relied on to process your personal data are the following:
– Implementing pre-contractual measures
Data Retention Time
Your personal data collected by the Data Controller for the fulfilment of the Purpose referred to in letter (a) will be kept for a maximum of 12 months from the date of its entry.
With prior consent, Your personal data collected by the Data Controller for the fulfilment of the Purpose referred to in letter B, will be kept for a maximum period of 24 months, except for the early withdrawal of consent.
How your personal data is processed
Your personal data is processed with a view to fulfilling the purposes specified in this policy statement in digital format.
Mandatory or optional provision of personal data
The provision of personal data to fulfil the Purpose referred to in letter (a) is mandatory. The refusal to provide it will make the Data Controller unable to implement the pre-contractual measures.
The provision of personal data to fulfil the Purpose referred to in letter (b) is optional and the refusal to provide it will make Data Controller unable to send periodic communications.
Recipients of your Personal Data
The personal data you provide will be processed by the following parties according to the principle of strict indispensability:
• The Data Controller’s staff, who act and process data under the authority and instructions of the Data Controller, pursuant to Art. 29 of the GDPR, or the employees designated by the Data Controller in accordance with Art. 2 quaterdecies of Legislative Decree 101/2018.
• Individuals or legal entities whose right to access the personal information of the Data Subject is recognized by legal provisions provided for by European Union law or Italian law, such as, by way of example, the competent authorities and/or supervisory bodies for the purpose of fulfilling legal obligations, and public administrations for their institutional purposes.
• Individuals or legal entities resorted to by the Data Controller to perform activities that are instrumental to achieving its Aims (for example, software vendors, cloud partners, data centres, IT consultants). Third parties who access the information will do so in compliance with the current legislation on the protection of personal data and the instructions given by the Data Controller and will, in any case, be appointed Data Processors by the Data Controller.
A full list of our Data Processors is available at the headquarters of the Data Controller.
Dissemination of Data
Data will in no way be disseminated.
Rights of the Data Subject
The GDPR awards the Data Subject specific rights. The Data subject can exercise the following rights for each data processing operation:
• The right of access – You have the right to obtain a copy of your personal data in our possession subjected to processing.
• The right to rectification – You have the right to ask for the rectification of your personal data stored by the Data Controller if it is not correct or updated.
• The right to object – You have the right to object to the processing of your personal data for commercial purposes. You can ask the Data Controller to stop sending you ads at any time.
• The right to object – You have the right to object to any decision based on totally automated processes: you can ask not to be the recipient of decisions exclusively made on the basis of totally automated processes, including profiling activities.
• The right to withdraw consent – You have the right to withdraw the consent given to the processing of any information at any time.
• The right to lodge a complaint with the Data Protection Authority – You have the right to lodge a complaint with the Data Protection Authority to protect your personal data in case you have concerns about the way the Data Controller is handling your personal data.
In certain conditions, the Data Subject can also exercise the following rights:
• The right to erasure – You have the right to obtain the erasure of your personal data stored with the Data Controller if the purposes of data processing no longer exist, there is no legitimate interest on the Data Controller’s part and it is no longer necessary to comply with a legal obligation.
• The right to object – You have the right to object to the processing of your personal data and ask the Data Controller to discontinue a certain type of processing.
• The right to restrict processing – You have the right to restrict the scope of the Data Controller’s processing of your personal data.
• The right to data portability – You have the right to receive a copy of the Data in a structured, commonly-used and machine- readable format which can be accessed by another controller.
To exercise the aforesaid rights, the Data Subject can send an email or write to the following address, specifying his/her requests and providing the Data Controller with the information needed to correctly identify the sender (by also attaching thereto a copy of his/her ID document) to the following addresses:
• by e-mail: email@example.com.
• by ordinary mail: Sealence SpA, Buccinasco (MI), San Giorgio n. 25/27 n. 7, – 20090 – Italy
Sealence SpA will reply within a month. In the event that the Data Controller is unable to respond, it shall provide a detailed explanation as to why the Data Subject’s request cannot be met.