Privacy Policy

Subject: Information Notice on the Processing of Personal Data Pursuant to Article 13 of EU Regulation No. 2016/679 – “GENERAL DATA PROTECTION REGULATION” (hereinafter “GDPR”) and Legislative Decree 196/2003, as supplemented by Legislative Decree 101/2018

With this notice, we wish to inform you about how our Company, SIMIC S.p.A., processes your personal data, which you provided while browsing our company’s website.

1. Data Controller
The Data Controller is SIMIC S.p.A., headquartered at Via Vittorio Veneto snc, Camerana (CN – 12072), VAT number: 02121640045, represented by Ferruccio Boveri, legal representative.

2.DPO Appointment

The Data Controller, not falling within the cases indicated by Art. 37 of the GDPR, nor in the interpretations provided by the Supervisory Authority, has deemed it unnecessary to appoint a Data Protection Officer.

3. Subject of Processing

  1. Browsing Data
    The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
    This information is not collected to be associated with identified data subjects but, by its very nature, could, through processing and association with data held by third parties, allow users to be identified.
    This category of data includes IP addresses or domain names of the computers used by users who connect to the website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters related to the user’s operating system and IT environment.
  2.  Data Provided Voluntarily by the User
    The optional, explicit, and voluntary sending of emails to the addresses indicated on this site, the completion of an information request form, or the sending of a message via WhatsApp chat entails the subsequent acquisition of the sender’s address and/or telephone number, necessary to respond to the requests, as well as any other personal data included in the request.
    The processing of your data will be carried out in accordance with the principles of fairness, lawfulness, transparency, and protection of your privacy, and will be processed and stored using computer systems for the time strictly necessary to achieve the purposes for which they were collected.
    Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access.
  3. Cookies

    Cookies are small text files that the websites visited send to the user’s device, where they are stored and then retransmitted to the same sites during subsequent visits.
    The type of cookies and their management are detailed in the relevant policy available on the company’s website and managed via a dedicated banner, which allows you to enable/disable cookies individually.
    Users can choose to enable or disable cookies by adjusting their browser settings, following the instructions provided by the respective vendors at the links below:

    • Chrome

    • Firefox

    • Safari

    • Internet Explorer/Edge

    • Opera

4. Purpose of Processing, Legal Basis, and Nature of Provision

The purpose of processing under point 3.1 is to obtain anonymous statistical information on site usage and to check its correct operation. The data may also be used to ascertain responsibility in the event of possible cybercrimes against the site. Processing is lawful under Art. 6(1)(b) and (f) of the GDPR. Provision of this data is mandatory; otherwise, it would not be possible to correctly manage contractual aspects.
The purpose of processing under point 3.2 is always connected and/or instrumental to site consultation (thus excluding any use that differs from or conflicts with that of the data subject). Specifically, this processing is limited to responding to the data subject’s inquiries. Processing is lawful under Art. 6(1)(b) of the GDPR and does not require the explicit consent of the data subject. The provision of data is optional; however, refusal to provide data relevant to the purpose of collection will prevent the fulfillment of the request.
The purpose of processing under point 3.3 is to enhance the user’s browsing experience and collect aggregate information for statistical purposes. Provision of this data is optional; cookie management is handled through the browser settings.

5. Methods of Processing and Duration of Processing

Processing of your personal data under point 3.1 is carried out through the operations indicated in Art. 4(2) of the GDPR, specifically: collection, recording, organization, use, and erasure. Your personal data is processed electronically and/or automatically and is erased immediately after processing.
Processing of your personal data under point 3.2 is carried out through the operations indicated in Art. 4(2) of the GDPR, specifically: collection, recording, organization, use, and erasure. Your personal data is processed electronically and/or automatically and is erased once the purpose for which it was collected is fulfilled. Your personal data will not be disclosed.
Processing of your personal data under point 3.3 is carried out according to the policies and methods of the respective service providers and is detailed in the relevant cookie policy as indicated under point 3.3. The expiration of cookies is defined by you via your browser settings but in any case will not exceed six months.

6. Data Communication

Without the need for express consent (pursuant to Art. 6(b) and (c) of the GDPR), the Data Controller may disclose your data to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, and to parties to whom the data must be disclosed by law for the performance of the purposes outlined. These parties will process the data as independent data controllers. Your data will not be disseminated.

7. Data Transfer to Non-EU Countries

The data provided under point 3) is stored electronically on dedicated company servers, provided by external data processors, or on cloud platforms adopted by the Data Controller.
It is understood that the Data Controller, where necessary, may transfer the servers outside the EU, for example, when using cloud services. In such cases, the Data Controller ensures that the transfer of personal data outside the EU will be carried out in accordance with applicable legal provisions, including the execution of standard contractual clauses as provided by the European Commission.

8. Rights of the Data Subject

As the data subject, you have the rights set out in Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR, namely:

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to notification regarding rectification or erasure of personal data or restriction of processing

  • Right to data portability

  • Right to object

  • Rights concerning automated decision-making, including profiling

9. Exercising Data Subject Rights

You may exercise your rights at any time by:

  • Sending a registered letter with return receipt to the Data Controller indicated under point 1);
  • Sending an email to: privacy@simic.it.