PERSONAL DATA PROCESSING NOTICE
WEBSITE NAVIGATION
Sirus S.r.l. (hereinafter also the Data Controller or Sirus) issues to the Data Subject or the User, i.e. the person to whom the personal data refers, the following information pursuant to Article 13 of EU Regulation no. 2016/679 of 27 April 2016 (hereinafter GDPR) on the protection of natural persons with regard to the processing of personal data. The purpose of this notice is to describe the characteristics of the processing carried out in relation to the personal data provided by the Data Subject and the measures adopted to protect the data subject’s rights. This notice is released on the Sirus website (https://www.sirussrl.it hereinafter referred to as the Site), in the Privacy Policy section on the home page. Data Controller The Data Controller is Sirus S.r.l. a socio unico, with registered office in via Mario Idiomi no. 10 – 20057 Assago (MI) – VAT no. 09725910963 – Data Controller’s e-mail: privacy@sirussrl.it Data subject to processing The Data Controller essentially collects the following personal data:
- User identification data, such as, for example, IP addresses and computer domain names
- Data relating to use of the Site by the User
- Data provided voluntarily by the User (identification information) for access to certain services offered through the Site, for which reference should be made to the information provided in the relevant sections
- The latter consist of text files that are automatically generated in the User’s computer following a visit to certain pages of the Site. Some of these files (session cookies) are automatically removed when the browser is closed. Another type of cookie, on the other hand, is recorded and stored on the User’s computer (e.g. in order to make the access procedure to the reserved area automatic, the User may choose for his User-id and password to be stored in one of these files).
For more information on cookies, their use and how to disable them, please refer to the cookie policy. Purposes of processing and storage time Personal data will be processed for the following purposes:
- Managing the correct use of the Site.
- Evaluating, in statistical form, the use of the Site by users.
- Both direct and profiled marketing by means of third-party cookies.
- Investigating any offences committed by users to the detriment of third parties or to the detriment of the Data Controller.
- Complying with European and national legislation, as well as with the provisions of the Italian Data Protection Authority.
The data processed for the above-mentioned Purposes will be stored as better specified in the relevant information (e.g. cookie policy). Lawfulness of processing The processing is lawful because it is based on the following legal bases:
- Legitimate interest of the Data Controller (managing the proper use of the website and ascertaining any offenses committed by users to the detriment of third parties or to the detriment of the Data Controller).
- Consent of the Data Subject given during the browsing experience.
Method of processing The personal data are processed for the pursuit of the Purposes indicated in this information sheet using an electronic medium. Compulsory or optional nature of data provision If the User prefers not to receive cookies, he/she can prevent their transmission by the website by configuring his/her Internet browser accordingly. In some cases, however, the use of certain parts of the Site may be conditioned by the storage of cookies on the User’s computer. Categories of persons to whom personal data may be disclosed The processing of the personal data provided to us may be carried out in accordance with the principle of strict necessity of processing:
- By employees of the Data Controller, who act and process the data under the authority and instructions of the Data Controller, pursuant to Article 29 of the GDPR or employees designated by the Data Controller, pursuant to Article 2 quaterdecies of Legislative Decree no. 101/2018.
- By natural or legal persons whose right of access to the Data Subject’s personal data is recognized by legal provisions provided for by European Union law or Italian law, such as, by way of example, competent authorities and/or supervisory bodies for the fulfillment of legal obligations, and public Administrations for their institutional purposes.
- By natural or legal persons used by the Controller for the performance of activities instrumental to the achievement of the Purposes (such as, for example, software suppliers, cloud partners, data centers, IT consultants). Third parties who access the data will do so in compliance with the applicable data protection regulations and the instructions given by the Data Controller and will in any case be appointed as External Data Processors by the Data Controller.
A list of Data Processors is available at the Controller’s premises. Data dissemination The data will not be disseminated under any circumstances. Rights of the Data Subject The GDPR guarantees the Data Subject specific rights. For each processing operation, the Data Subject may exercise the following rights:
- Right of access: they have the right to obtain a copy of the personal data we hold and process.
- Right to rectification: they have the right to rectify the personal data stored by the Data Controller if these are not up to date or correct.
- Right to object to the processing of personal data for commercial purposes: they may request that the Data Controller cease sending commercial communications at any time.
- Right to object to decisions based on purely automated processes: they may request not to be the addressee of decisions made based on purely automated processes, including profiling.
- Right to revoke a consent given: they have the right to revoke the consent given for a given processing operation at any time.
- Right to apply to the Data Protection Authority: they have the right to apply to the Data Protection Authority if they have any doubts about the processing of personal data by the Data Controller.
The Data Subject may also exercise the following rights under certain circumstances:
- Right to erasure: the Data Subject may request that the Data Controller erase their personal data if the purposes of the processing have ceased to exist and there are no legitimate interests or legal provisions requiring its continuation.
- Right to object to processing: they may request that the Controller cease to carry out a particular processing operation on their personal data.
- Right to restrict processing: they have the right to request that the Controller restrict the processing operations on their personal data.
- Right to data portability: they have the right to obtain a copy of their data in a commonly used, machine-readable, structured format from another Data Controller.
To exercise each of the aforementioned rights, the Data Subject may send an e-mail or write to the following address specifying the request and providing the Data Controller with the information necessary for the correct identification of the sender (also attaching a copy of the identity document, if not already at the Data Controller’s disposal) using the following addresses:
- by mail: Sirus S.r.l., with registered office in via Mario Idiomi no. 10 – 20057 – Assago (MI)
- by e-mail: privacy@sirussrl.it
Sirus will reply within a month. If for some reason the Data Controller is unable to respond, it shall provide a detailed explanation as to why it cannot comply with the request. This notice may be amended or supplemented over time, so we invite you to periodically consult the Data Controller’s website – https://www.sirussrl.it – to remain constantly updated.
Version 01 – May 2022