Privacy Policy

Information is pursuant to art. 13 of Regulation (EU) no. 2016/679 (“GDPR”)

-Leggi Privacy Policy in Italiano-

Protection, confidentiality, guarantee and protection of personal data.

We protect the confidentiality of personal data and guarantee the necessary protection so that they are not at risk of violation. In relation to the provisions of the legislation in reference in the title, the user (hereinafter referred to as “Interested”) is provided with information on the processing of his personal data.

  1. Holder and responsibility of the treatment – (art.13, 1st comma letter a, art.15, letter b GDPR)

Sanaden di Panarello Andrea (hereinafter “Sanaden”) is a production and sales activity company with the activity-based in Milan (MI), via Massarenti 15, Zip Code 20148, and Panarello Andrea (Owner), acts as the owner for any reference for this purpose, it can be contacted at info@sanaden.com. In order to carry out the activity in the most efficient and regular way, the information concerning the interested party is received and collected and consequently processed by the Data Controller.

  • Type of data processed

In relation to the types of data processed, readability and clarity are proposed by proposing the following scheme:

Data Category Exemplification of the types of data (which can be collected in whole or in part and adequately protected)
Personal data Name, surname, physical address, municipality of residence, province and nationality, landline and / or mobile phone, fax, tax code / VAT number, e-mail address (s); possible copy of identity card.
Banking Data IBAN and Postal and bank Data (except credit card)
Telematic traffic data Log, Incoming IP address.

Sanaden does not ask the interested party to provide so-called data “Details”, that is, according to the provisions of art. 9 of the GDPR, i.e. data such as racial or ethnic origin or political, sexual, religious orientations as well as biometric and health data.

The Data Controller is responsible for personal data protection (Data Protection Officer -DPO) and can be contacted for any information and request at the following email: info@sanaden.com. In relation to the data collection of the data subject, the websites directly or indirectly connected are www.sanaden.comwww.sanaos.comwww.andreapanarello.com. All the abovementioned domains refer to the “Owner”.

For any information or request, the interested party may also contact the owner at the following address: Tel: 0 0 3 9 3 4 0 5 3 6 0 7 8

  • 3.     Purpose of data collection (art.13, 1st paragraph GDPR)GDPR)

The data are used by the Data Controller are used  to follow up on the registration request and the supply contract for the chosen Service(s), manage and execute the contact requests sent by the Data Subject, provide assistance, fulfill the legal and regulatory obligations to which the Data Controller is required to function of the activity carried out. In no case Sanaden resells the personal data of the interested party to third parties or uses them for undeclared purposes.

In particular, the data of the involved party will be processed for:

personal registration and requests for contact and/or information material. The processing of the personal data of the interested party takes place to carry out the preliminary activities which are consequent to the request for registration, the management of requests for information and contact, and/or sending information material, as well as for the fulfillment of any other obligation arising.

The legal basis for these treatments is the fulfillment of the services inherent in the request for registration, information, and contact and/or sending information material and compliance with legal obligations.

Management of a communication/contract relationship.

The processing of the personal data of the interested party takes place to carry out the preliminary and consequent activities to the purchase of a Service, the management of the related order, the provision of the Service itself, the relative billing and the payment management, the handling of complaints and/or reports to support service and the provision of assistance itself, the prevention of fraud and the fulfillment of any other obligation deriving from the contract. The legal basis for these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.

  • Promotional activities on Services / Products similar to those purchased by the interested party (Recital 47 GDPR)

The data controller, even without the explicit consent of the interested party, may use the contact data communicated by the interested party, for the purpose of direct sale of their services, limited to the case in which they are services similar to those being sold, to unless the interested party explicitly opposes it.

  • The commercial promotion activities on services different from those purchased by the interested party

The personal data of the interested party may be processed, subject to consent, also for commercial promotion purposes, for surveys and market research with regard to services offered by the owner and different from those purchased by the interested party. This treatment can take place, in an automated way, in the following ways: e-mail, sms, telephone contact, social media can be carried out:

e può essere svolto:

  • If the interested party has not revoked his consent for the use of the data;
  • in the event that the processing takes place by contacting the telephone operator, if the interested party has not registered in the register of oppositions referred to in Presidential Decree n. 178/2010;

The legal basis for these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time.

  IT Security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the personal data of the interested party relating to traffic to a strictly necessary and proportionate extent to ensure the safety of the networks and information, i.e. the ability of a network or information system to withstand, at a given level of security, unexpected events or illegal or malicious acts that compromise availability, authenticity, integrity, and confidentiality of personal data stored or transmitted. The Data Controller will promptly inform the interested parties if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to personal data breach notifications.

The legal basis for these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out treatments relating to the purpose of protecting the corporate assets and security of the Sanaden offices and systems.

  • Profiling
  • The personal data of the interested party may also be processed for profiling purposes (such as analysis of the data transmitted and the chosen Products / Services, to propose advertising messages and / or commercial proposals in line with the choices expressed by the users themselves) only in the event that the interested party has provided explicit and informed consent. The legal basis for these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time.
  • Fraud prevention (recital 47 and art.22 GDPR)

The personal data of the interested party, with the exception of particular (Art 9 GDPR) or judicial (Art 10 GDPR) will be processed to allow checks for monitoring and prevention of fraudulent payments, by software systems that carry out a verification in a way automated and prior to the negotiation of Services; passing these checks with a negative result will make it impossible to carry out the transaction; in any case, the interested party may express their opinion, obtain an explanation or contest the decision by motivating their reasons to the Customer Support service or to the contact info@sanaden.com;

the personal data collected for anti-fraud purposes only, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.

  • the protection of minors

The services offered by the Data Controller are reserved for subjects legally able, on the basis of the national reference legislation, to conclude contractual obligations. In order to prevent illegitimate access to its services, the Data Controller implements preventive measures to protect his legitimate interest, such as checking the tax code and/or other checks, when necessary for specific Services, the correctness of the identification data of the identity documents issued by the competent authorities.

Communication to third party recipients and categories of recipients (art.13, 1st paragraph GDPR)

The personal data of the interested party are communicated to third parties whose activity is necessary for the execution of the established contractual relationship and to respond to certain legal obligations; in particular :

Categories of recipients Purposes
Sanaden di Panarello Andrea. (“Sanaden “) Administrative purposes, accounting and contractual performance obligations,
Third party suppliers of Sanaden Provision of the requested services and services, assistance, maintenance, provision of additional services, connected to the requested service
Credit and digital payment institutions, Bank / postal institutions to the requested service Management of collections, payments, related refunds
External professionals / consultants and Companies of consulting Provision of the services and services requested, Fulfillment of legal obligations, exercise of rights, protection of contractual rights, credit recovery
Financial administration, public bodies, judicial authorities, supervisory and control authorities Provision of the services and services requested, Compliance with legal obligations, defense of rights; lists and registers kept by public authorities or similar bodies on the basis of specific regulations, in relation to the contractual performance
Formally delegated subjects or with recognized legal title Legal representatives, curators, guardians, etc.
  • The Data Controller requires all the aforementioned subjects and Data Processors to comply with security measures equal to those adopted by him for the processing of the Data Subject’s data; the perimeter of action of the Manager is in any case restricted to the treatments connected to the requested service.

The Data Controller does not transfer the personal data of the interested party to countries where the GDPR is not applied (non-EU countries) unless specific consensual request by the interested party.

The legal basis for these treatments is the fulfillment of the services inherent in the relationship established, compliance with legal obligations, and the legitimate interest of Sanaden to carry out treatments necessary for these purposes.

  • Methods of data processing

What happens if the interested party does not provide his data indicated as necessary for the execution of the requested service? (Art. 13, 2nd paragraph, letter And GDPR)

To give rise to the requested services and the subsequent provision of the service, the collection and processing of personal data is necessary. The Data Controller will not be able to carry out the treatments related to the management of the requested services and / or the contract and the Services connected to it, nor to the obligations that depend on them and therefore, in essence, will not be able to carry out the contract or provide the requested service , if the interested party does not provide the personal data specifically provided as necessary in documents such as the order form, registration form and the like.

What happens if the interested party does not provide consent to the processing of personal data for commercial promotion activities on services other than those purchased?

In the event that the interested party does not give his consent to the processing of personal data for these purposes, said treatment will not be carried out for the same purposes, without this having effects on the provision of the requested services, nor for those for which the concerned has already given his consent if requested. In the event that the interested party has given consent and should subsequently revoke it or oppose the processing for commercial promotion activities, your data will no longer be processed for these activities, without this leading to consequences or detrimental effects for the interested party and for the performance required.

How do we process the data of the interested party (art. 32 GDPR)?

The Data Controller arranges for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the Data Subject’s personal data and imposes similar security measures on third party suppliers and Managers.

  • Where and for how long we process the data of the interested party (place and duration of data processing)

The personal data of the interested party are stored in paper, IT and telematic archives located in countries where the GDPR (EU countries) is applied.

How long are the data of the interested party kept? (art.13, 2nd paragraph, lett. a GDPR)

Unless they explicitly express their will to remove them, the personal data of the interested party will be kept until they are necessary with respect to the legitimate purposes for which they were collected.

In particular, they will be kept for the entire duration of your personal registration and in any case no longer than a maximum period of 12 (twelve) months of inactivity, or if, within this term, there are no associated Services through the personal data.

In the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already acquired by the Data Subject, for which he initially gave consent, these will be kept for 24 months, unless the consent given is revoked.

In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless always revocation of the consent given.

It should also be added that, in the event that a user forwards unsolicited or unnecessary personal data to Sanaden in order to perform the requested service or to provide a service strictly connected to it, Sanaden cannot be considered the owner of this data. , and will delete them as soon as possible.

Regardless of the determination of the interested party to remove them, personal data will in any case be kept according to the terms provided for by current legislation and / or national regulations, for the exclusive purpose of guaranteeing the specific fulfilments specific to some Services (for example but not limited to, Certified Electronic Mail, Substitute storage – in this regard, see the related section above).

Furthermore, personal data will in any case be kept for the fulfillment of the obligations (e.g. tax and accounting) that remain even after the termination of the contract (art. 2220 of the Italian Civil Code); for these purposes, the Data Controller will retain only the data necessary for the relative pursuit.

This is without prejudice to cases in which the rights deriving from the contract and / or from the personal registration should be brought to court, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time necessary for their pursuit.

 

Occorre inoltre aggiungere che, nel caso in cui un utente inoltri a Sanaden  dati personali non richiesti o non necessari al fine dell’esecuzione della prestazione richiesta ovvero all’erogazione di un servizio ad essa strettamente connessa, Sanaden  non potrà essere considerata titolare di questi dati, e provvederà alla loro cancellazione nel più breve tempo possibile.

  • Rights of the interested party (articles 15 – 20 GDPR)

The interested party has the right to obtain the following from the data controller: confirmation as to whether or not personal data concerning him are being processed and, in this case, to obtain access to personal data and the following information: the purposes of the treatment;

  • the purposes of the treatment;
  • the categories of personal data in question;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular, if recipients from third countries or international organizations;
  • when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
  • the existence of the right of the interested party to ask the data controller to correct or delete personal data or to limit the processing of personal data concerning him or to oppose their treatment;
  • the right to lodge a complaint with a supervisory authority;
  • if the data are not collected from the data subject, all information available on their origin;
  • the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
  • the adequate guarantees provided by the third country (outside the EU) or an international organization to protect any data transferred
  • the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In the event of further copies requested by the interested party, the data controller can charge a reasonable fee contribution based on administrative costs.
  • the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay
  • the right to obtain from the data controller the cancellation of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law always exist, and in any case, if the treatment is not justified by another equally legitimate reason;
  • e) the right to obtain the limitation of processing from the data controller, in the cases provided for by art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in reasonable times, also of when the suspension period has been completed or the cause of the limitation of the treatment has ceased, and therefore the limitation itself revoked;
  • the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been sent unless this proves impossible or involves a disproportionate effort.
  • the right to receive personal data concerning him in a structured, commonly used, and machine-readable format and the right to transmit such data to another data controller without hindrance by the data controller to whom he has provided them, in cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
  • For any further information and in any case, to send your request you must contact the Data Controller at info@sanaden.com. The Data Controller may request further information from the interested party to ensure that he and not others can exercise the rights mentioned above.
  • How and when can the interested party object to the processing of their personal data? (Art. 21 GDPR)

For reasons relating to the particular situation of the interested party, the same can object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller at info @ sanden .com.

The interested party has the right to delete their personal data if there is no legitimate prevailing reason of the owner compared to the one that gave rise to the request, and in any case in the event that the interested party has opposed the treatment for commercial promotion activities.

  • To whom can the interested party submit a complaint? (Art. 15 GDPR)

Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Guarantor Authority for the protection of personal data) or with the one that carries out its duties and exercises its powers in the Member State where the violation of the GDPR occurred.

Each update of this information will be communicated promptly and by suitable means and will also be communicated if the Data Controller performs processing of the data of the interested party for purposes other than those referred to in this information before proceeding and following the manifestation of the relative consent of the ‘Interested if necessary.

 

  • Applicable law
  • This privacy policy is made up of the EU Regulation n. 679/2016 and national legislation on the matter.

In this paragraph 9. the interested party is provided with the particular information relating to the processing of their personal data processed below, in addition to that reported in the previous sections.

In compliance with the laws, the data of the interested party can be sent to the bodies responsible for judicial and fiscal control:

With reference to the Revenue Agency ( tax controller authorities) what data we process (art. 13, 1st paragraph, letter a, art. 15, letter b GDPR)

Data category: Personal data contained in the documents relating to the requested service.   

Exemplification of the types of data: Data contained in the deed due to tax purposes e.g. invoice, delivery note, etc.

Certified mail (where applicable)

what data we process (art.13, 1st comma letter a, art.15, letter b GDPR)

Data category Master data, Telematic traffic data.             

Exemplification of the types of data Possible copy of the identity document – LOG of the PEC messages.

how long are the data of the interested party kept? (art.13, 2nd paragraph, lett. a GDPR)

In relation to the provisions of current sector legislation, the personal data shown below will be kept for the period indicated:

 

Type of data (Duration)

Copy of identity document (as provided in section 5). Messages LOG of Certified mail (PEC;30 30 months from a sent message).

  1. COOKIE POLICY

Informazioni generali, disattivazione e gestione dei cookie

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

 

Di seguito si indicano agli Utenti i link che spiegano come gestire o disabilitare i cookie per i browser internet più diffusi:

  • Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
  • Google Chrome: https://support.google.com/chrome/answer/95647
  • Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
  • Opera: http://help.opera.com/Windows/10.00/it/cookies.html
  • Safari: https://support.apple.com/kb/PH19255

Cookie tecnici

  • Cookie tecnici di navigazione o di sessione, utilizzati per gestire la normale navigazione e l’autenticazione dell’utente;
  • Cookie tecnici funzionali, utilizzati per memorizzare personalizzazioni scelte dall’utente, quali, ad esempio, la lingua;
  • Cookie tecnici analytics, utilizzati per conoscere il modo in cui gli utenti utilizzano il nostro sito web così da poter valutare e migliorare il funzionamento.

Third party cookies

Third-party cookies may be installed: these are analytical and profiling cookies, Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Instagram, Yahoo, Bing, Facebook and Youtube. These cookies are sent from the websites of the aforementioned third parties external to our site.

The detection takes place anonymously, in order to monitor performance and improve usability of the site Third-party profiling cookies are used to create user profiles, in order to propose advertising messages in line with the choices expressed by the users themselves.

For Google Analytics cookie:

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

  • Per cookie di Youtube:

-privacy policy: https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines

  • indicazioni per gestire o disabilitare i cookie: https://support.google.com/accounts/answer/61416?hl=it Per cookie di Yahoo:

-privacy policy e indicazioni per gestire o disabilitare i cookie: https://policies.yahoo.com/ie/it/yahoo/privacy/euoathnoticefaq/

Per cookie di Bing:

-privacy policy e indicazioni per gestire o disabilitare i cookie https://privacy.microsoft.com/it- it/privacystatement

Profiling cookies

They can be installed by the Owner (s), through so-called software. web analytics, profiling cookies, which are used to prepare detailed and real-time analysis reports relating to information on visitors to a website, search engines of origin, keywords used, the language of use, most visited pages. The same can collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation origin, pages visited and number of pages, duration of the visit, number of visits made.

  1. Review clause

Sanaden reserves the right to revise, modify or simply update – in whole or in part, in its sole discretion, in any way and / or at any time, without notice – this Privacy Policy. This in light of s.m.i. of laws or regulations regarding the protection of personal data. Changes and updates to the Privacy Policy will be notified to users through:

1. sending e-mails to users registered on the Site , and

2. publication on the Site Home Page, and will be binding as soon as they are published and communicated.

 

it_ITIT