Privacy Policy

DISCLAIMER: Please be advised that this document is a literal translation of the original one that is written in Italian; in case of any difference between the two versions (Italian and English), the Italian version prevails over the English one.

Stefania Dei Rossi, with registered office in Piazza Benco, 4, 34122, Trieste (TS) tax code and registration number registred at the Registro delle Imprese della Venezia Giulia DRS SFN 91P65 L424Z, being the person in charge of the treatment of your personal data (from now on referred to as “SDR”), provides this information, as contemplated in the articles 13 and subsequent of the EU Regulation 2016/679 (from now on referred to as “Regulation”) which governs the protection of individuals with regard to the processing of personal data – in order to explain how we treat the personal data of our clients (from now on referred to as “Customer” and/or “Client” and/or “User”).

Legal basis of the data treatment

SDR processes the Customer’s personal data in order to execute the contract with the Customer or to execute pre-contractual measures that have been requested by the Customer, to fulfill legal obligations, to pursue legitimate interests of SDR.

Methodology of personal data collection and types of data

SDR collects personal data from the Customer both during the meetings aimed at understanding the product or service to which the Customer is interested, and in the subsequent formalization of the assignment/order with the Customer, and, finally, during the sale of the products and / or the provision of services to the Customer. The personal data provided by the Customer consist mainly in the identification data, such as name, surname, address, telephone number and e-mail address, VAT number and fiscal code of the Customer, or the contact details of who, in the context of the Customer organization/company, is the contact person for the activity requested from SDR. When executing the payment of the amount requested, the Client communicates to SDR also his own bank details. During the sale of the product and / or execution of the order conferred by the Customer, SDR may acquire personal data relating to natural persons operating in the client’s organization/company, limited to personal data of a non-sensitive nature similar to those indicated above. SDR does not intentionally collect sensitive data, or data that can reveal racial or ethnic origin, political, religious or other beliefs, registration with trade unions, health status, sexual orientation, judicial data. Should this happen, SDR will use its best efforts to protect the confidentiality and security of information of this type obtained during its activity. Access to such information is limited and there are rules and procedures in place to safeguard this information from loss, misuse, disclosure or communication to third parties.

Purposes and processing methods of the Customer’s personal data

The personal data provided by the Customer will be processed for the following purposes:
  1. a) collection of pre-contractual information, including financial and product evaluation;
  2. b) correct management of contractual / commercial relationships;
  3. c) fulfillment of legal, accounting, tax and administrative obligations;
  4. d) quality management of sales and / or services rendered by SDR;
  5. e) collection of useful information for the improvement of SDR products and services through, for example, activities to detect customer satisfaction with the quality of products and services;
  6. f) advertising of new products and services by forwarding of advertising material, commercial proposals or invitations to initiatives or events organized by SDR;
  7. g) publication of the identification data of the Customer, in particular name, logo, photographs, for reference purposes, on paper material and / or websites. In this case, SDR processes the Customer’s personal data to publish the reasons that led the Customer to choose the solutions/products proposed and provided by SDR as well as the relative advantages that the Customer achieves by adopting a similar choice. The publication could be made, for example, in communications external to the press, in marketing activities (brochures, flyers, events), in references for presentations and on SDR website. The processing of Personal Data is carried out with the aid of electronic and telematic tools and, in some cases, with the aid of paper supports, according to principles of correctness, lawfulness, transparency, with logic strictly related to the purposes indicated and suitable to safeguard the confidentiality of the data to be protected and the rights of the interested party in compliance with the provisions of current legislation. In order to protect the data from destruction or loss, even accidental, and against unauthorized access or disclosure, technical and organizational security measures have been adopted.

Entities to whom the User’s personal data may be communicated. Cases of disclosure of personal data

The data collected from the Customers and the information relating to products sold and / or services provided by SDR may be communicated to third parties for the performance of activities instrumental to the purposes of the processing indicated above or for the fulfillment of legal obligations or safeguards of a legitimate interest of SDR, in particular:
  • organizations and companies in the field of professional assistance and consulting based in Italy;
  • companies that carry out operations of control, revision and certification of the activities carried out by SDR and that are based in Italy;
  • banks and financial institutions in general, for the management of receipts and payments;
  • external consultants in charge of data processing for particular activities: IT consultants, security consultants, quality consultants, legal consultants; debt collection companies;
  • commercial agents/sales representatives exclusively for commercial purposes;
    • couriers, shippers and transporters in general exclusively for regulatory obligations.
Personal data may also be communicated in order to comply with legal provisions or requests by the judicial/legal authority.

With some of the categories of subjects who receives and treats the personal data of SDR’s Clients, SDR have stipulated a contract for their appointment as “External data processors” pursuant to the Regulation. If these subjects process the data of SDR’s clients, such processing/treatment can take place only for what concerns the type of service performed by them and in any case complying with the obligations imposed by SDR on the processing of personal data. The personal data collected are also processed by SDR staff who need to know the Customer’s personal data in the pre-contractual phase and for the execution of the professional assignment conferred by the Customer. In any case, the above said staff is authorized to process and acts, therefore on the basis of specific instructions provided for the purposes and methods of the treatment itself.

Nature of consent and possible consequences of refusal

The provision of data for the purposes referred to in points a), b), c) above in the paragraph “Purposes and processing methods of the Customer’s personal data” is mandatory, and their processing does not require the consent of the Customer; in the event that the Customer does not intend to provide the data requested for these purposes, it will not be possible to establish any business relationship in order to provide the services requested. The provision of data for the purposes referred to in points d), e), f), g) above in the paragraph “Purposes and processing methods of the Customer’s personal data” is not mandatory and their processing requires the consent of the Customer ; in the event that the Customer chooses not to consent to the processing for these purposes, this will not entail any consequences on the execution of any professional assignment, but SDR will not carry out such activities towards the Customer.

Period of retention of Customer’s personal data

SDR will take care of using the data for the purposes indicated in this informative for a period of time with respect to the purposes that justified the collection of the data and up to the limitation of the terms identified by civil and fiscal regulations in terms of accounting records, preparation of the financial statements of fiscal year and charges. In any case SDR will take every care to avoid the use of the data for an indefinite period of time and will limit the storage of data in its archives to the strictly necessary only based on the provisions of the law referred to above and the additional information that could, from time to time, govern the timing of storage of such personal data. If personal data is processed for commercial purposes, such as the improvement of SDR products and services through the detection of customer satisfaction, or to send advertising material or commercial proposals or invitations to initiatives or events, or to publish the identification data of the Customer for referential purposes, SDR will handle the personal data of Clients for such purposes for a period not exceeding 36 months, without prejudice to any legal provisions that involve the storage of such personal data for a longer time.

Entities responsible of the data treatment / Data Controller

SDR, as responsible of the data treatment, has designated external processors such as companies or organizations that provide services that involve the processing of personal data on behalf of the Data Controller, including Customer data. The updated list of Data Processors is available from SDR and may be requested by written notice sent to SDR’s registered office, or by sending a request by e-mail to the following address: s.deirossi@pec.it.

Rights of the interested party (Customer)

In relation to the aforementioned processing/treatment of personal data, as contemplated in the articles 13, subsection 2, letters (b) and (d), 15, 18, 19 and 21of the Regulation the Client, being the interested party, have the right to:
  1. a) ask SDR for access to personal data, the correction or cancellation of the same or the limitation of the processing that concerns him/her;
  2. b) propose complaints to the Guarantor for the protection of personal data in Italy following the procedures and indications published on the official website of the Authority on www.garanteprivacy.it., or the Guarantor of the country in which he habitually works, or, finally to the Supervisory authority of the country in which the violation occurred.
  3. c) oppose, in whole or in part and at any time:
    - for legitimate reasons, to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection;
    - to the processing of personal data concerning him/her for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication.
The interested party also has the right to withdraw the consent to the processing of data, at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation. Any adjustments or cancellations or limitations of the processing carried out at the request of the interested party, unless this proves impossible or involve a disproportionate effort, will be communicated by SDR to each of the recipients to whom the personal data were transmitted.

SDR may communicate these recipients to the interested party if the interested party requests so.

The exercise of rights is not subject to any form of restrictions and is free. These rights may be exercised with a written request sent to the address of the registered office of Stefania Dei Rossi, Piazza Benco, 4, 34122, Trieste (TS) Italy or by e-mail to the e-mail address: info@stefaniadeirossi.com.

Data Controller (SDR)

Stefania Dei Rossi