privacy policy

The user’s personal data are used by SCATRAGLI S.R.L., which is the data controller, in compliance with the principles of protection of personal data established by the GDPR Regulation 2016/679.

Data Controller

SCATRAGLI S.R.L. – Via Leopoldo di Toscana 15 Alberoro – 52048 Monte San Savino (AR) | C.F./P.IVA 02058290517 Owner’s email address: info@scatragli.it

Types of Data collected

The user’s personal data are used by SCATRAGLI S.R.L., which is the data controller, in compliance with the principles of protection of personal data established by the GDPR Regulation 2016/679. Among the personal data collected, independently or through third parties, there are: Cookies; Usage data; first name; last name; telephone number; company name; email; various types of Data; date of birth; address; username; password; Tax code; VAT number; profession; nation; state; province; ZIP code; city; place of work; sector of activity; User ID; website; billing address; shipping address; house number; prefix; point of sale data; language; Data communicated while using the service; unique device identifiers for advertising; number of Users; device information; session statistics; browser information; Data communicated in order to use the Service. Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific information texts displayed before the Data are collected.

METHODS AND PURPOSES OF DATA PROCESSING

1. We inform you that the data will be processed with the support of the following means:
  • Mixed – electronic and paper (including portable devices)
for the following purposes:
  • fulfillment of legal obligations related to commercial relationships
  • fulfillment of tax or accounting obligations
  • accounting or treasury management
  • cash data management
  • supplier management (contracts, orders, arrivals, invoices)
  • customer management (contracts, orders, shipments and invoices)
  • employment relationship management
  • internal network management
  • server management
  • website management
  • electronic payment instruments (credit cards and electronic money debt)
  • sending newsletters (via the platform MailChimp)
  • sending commercial or promotional material

LEGAL BASIS OF THE PROCESSING

2. The provision of data is mandatory for all that is required by legal and contractual obligations and therefore any refusal to provide them in whole or in part may result in the impossibility of providing the services requested and contractually subscribed to. The processing of personal data, which are collected by the Data Controller company, will be carried out according to lawfulness, correctness and transparency of the processing, towards the interested party. The legal basis of the processing will therefore be the legal obligation arising from the reference legislation that regulates the existing relationships. The legal basis of the data processing is the legitimate interest, pursuant to art. 6, co. 1, letter f), of the Data Controller, in pursuing all the purposes, indicated therein, that the law allows for the activity that is carried out by the same without requesting further legitimate guarantees for the processing. Finally, the legal basis of the processing, where it is required by law and explicitly communicated by the Data Controller, is an explicit or behavioral consent, pursuant to art. 6, co. 1, letter f), of the Data Controller. a), as in the context of communication and marketing activities for which it is necessary to send promotional messages and/or insert the interested party into automatic correspondence circuits (e.g. Newsletter) and/or if it is necessary, as indicated among the purposes of the Data Controller, the promotion of products through photos, images and videos. Data on health or ethnic origin, pursuant to art. 9 GDPR will not be processed solely for purposes related to the service and for this reason the legal basis is constituted by legal obligations and contractual interests. In the event that the Data Controller needs to process such data for other purposes, it will take care to receive the explicit consent of the interested parties.”

CONSEQUENCES OF FAILURE TO COMMUNICATE PERSONAL DATA

3. The provision of data is mandatory for all that is required by legal and contractual obligations and therefore any refusal to provide them in whole or in part may result in the impossibility of providing the requested services.

CATEGORIES OF RECIPIENTS

4. Without prejudice to communications carried out in compliance with legal and contractual obligations, all data collected and processed may be communicated exclusively for the purposes specified above to the following categories of interested parties: Public economic bodies, public administrations, Consultants and freelancers also in associated form, External managers as appointed, Supervisory and control authorities, Banks and credit institutions, Law firms, Insurance companies, RSPP.

STORAGE PERIOD

5. The data will be processed for the entire time necessary to carry out the existing commercial relationship and for the following ten years from the date of acquisition of the same. The data of those who do not purchase or use products/services, despite having had previous contact with company representatives, will be immediately deleted or processed anonymously, where their conservation is not otherwise justified, unless the informed consent of the interested parties has been validly acquired relating to a subsequent commercial promotion or market research activity.

OTHER DATA RECIPIENTS

6. The personal data communicated via the website and by signing the form for sending promotional material are accessible to a service provider appointed by the owner as External Data Processor, STUDIO ASTRA DI CROCIANI PAOLO. The data communicated by signing the online form for sending newsletters are also stored on the server MailChimp. Other data recipients are those required by law.

SECURITY MEASURES

7. The Data Controller declares that it has adopted suitable technical and organizational measures to fulfill the obligations set forth in the GDPR. In particular, the Data Controller declares that it has activated internal procedures to safeguard data security, through encryption, backup and disaster recovery measures and measures to protect its network through firewalls and antivirus software.

RIGHTS OF THE INTERESTED PARTY

8. Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the interested party may, in accordance with the methods and within the limits set forth in current legislation, exercise the following rights:
  • request confirmation of the existence of personal data concerning him/her (right of access), having the right to a copy of the same;
  • request the updating, rectification, integration and deletion of personal data, including those no longer necessary for the pursuit of the purposes for which they were collected;
  • right to limit and/or oppose the processing of data concerning him/her;
  • right to unconditional revocation of consent, when the processing is based on consent, with the warning that in the event of revocation, the processing remains lawful until the date of revocation;
  • right to data portability;
  • the right to lodge a complaint with the Supervisory Authority.
The data controller of your personal data is: SCATRAGLI S.R.L. – Via Leopoldo di Toscana 15 Alberoro – 52048 Monte San Savino (AR) | C.F./P.IVA 02058290517 Owner’s email address: info@scatragli.it