INFORMATION PURSUANT TO ART. 13 OF EU REGULATION N. 2016/679 OF 27 APRIL 2016

This information is provided by SITAP S.p.A., Data Controller of the website www.sitap.it pursuant to art. 13 of EU Regulation no. 2016/679 of 27th April 2016 (hereafter also "GDPR") relating to the protection of individuals with regard to the processing of personal data.

  1. DATA CONTROLLER

The Data Controller for all personal data collected processed in relation to the management of the website, is the company Sitap S.p.A, with registered office in Via Giulio Natta, 37, (29010) Pontenure, Piacenza.
E-mail address of the Owner for e-commerce: assistenza@sitap.it
Telephone: +39 0523 519044
Fax: +39 0523 511655
  1. NATURE OF THE DATA PROCESSED AND PURPOSES OF THE PROCESSING

1. DATA PROCESSED
1.1 when a customer make a purchase on the website www.sitap.it, SITAP treats the following data:
a) a) Identification data (name, surname);
b) Contact data (e-mail)
c) Invoice data (name, surname, fiscal code, residential address in case of Customer - consumer, name, surname / company name, registered office and VAT number in the case of Customer - professional, bank account details, IBAN);
d) Credit card, as choosen as paymet method;
e) shipping data (name, surname/ company name, address, city, post code).
1.2 when the customer proceed to login to My Account, SITAP treats the following data:
a) identification data (name, surname);
b) contact data (e-mail);
c) password;
d) addresses (shipping and billing);
e) order history and details.
1.3 when the Customer agrees to receive newsletters in the registration form or at the time of purchase, SITAP treats the e-mail as contact data.
The payment management services allow this site to process payments by credit card, bank transfer, or other tools. The data used for payment are acquired directly by the payment service manager requested without being processed by SITAP.

2. TREATMENT PURPOSE
The data processing will be carried out for the following purposes:
2.1 please refer to 1.1 lett. B):
a) for the fulfillment and execution of the sales contract;
b) manage online purchases, process orders, returns and send notifications on the status of the shipment or in case of problems with the delivery of the items;
c) for the management of activities related to the contractual relationship and to any pathological or litigation phase related to it.
2.2 please refer to 1.2 lett. B):
a) to manage My Account page;
b) for the fulfillment and execution of the sales contract;
c) to view Order history and details;
d) for Wishlists;
e) manage online purchases, process orders, send notifications on the status of the shipment or in case of problems with the delivery of the items;
f) for the management of activities related to the contractual relationship and to any pathological or litigation phase related to it;
g) provide the user with order history and details on all orders placed.
The Customer is entitled to register and create a personal account, therefore the provision of such data is optional. In order to use My Account section, registration is required.
2.3 as for point 1.3 lett. B), the express consent of the Customer. The consent of the user is freely revocable upon each receipt of the newsletter by means of the appropriate "unsubscribe" function, i.e. cancellation of one's email address from the mail-list.
  1. LEGAL BASIS OF THE PROCESSING

The legal basis for personal data processing indicated above is:
- as for point 1.1 lett. B) the need for the execution of the sales contract by the Data Controller. Therefore, the provision of data is mandatory and any failure to provide it could result in the non-execution of the sales contract;
- as for point 1.2 lett. B) fulfillment of the Customer's registration request. Therefore, registration, as well as the creation of a personal account, is optional;
- as for point 1.3 lett. B) the express consent of the customer.
  1. PROCESSING METHODS

Personal data are processed with automated and non-automated tools, for the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The data collected may be used on behalf of the Data Controller by the administrators in charge of carrying out processing services and the correct performance of the site's activities.
The treatments connected to the web services of this site can also take place at the web service provider. It should be noted that personal data will be kept and controlled, also in relation to the knowledge acquired on the basis of technical progress, the nature of the data and the specific characteristics of the treatment, through the adoption of suitable and preventive security measures, both physical that of a logical type, so as to minimize the risks of destruction or loss of the data; of unauthorized access; of treatment not allowed or not in accordance with the purposes of the collection.
All data processing (hosting, newsletter, contact form) takes place in the Italian territory.
The treatment will be carried out by the Data Controller and by those specifically authorized by the Data Controller.
  1. DURATION AND DATA STORAGE

The data necessary for contractual purposes are kept for the entire period necessary to execute the contract. The tax data contained in the invoice will be kept for 10 years. A longer period of data retention may possibly be determined by requests made by the Public Administration or other judicial, governmental or regulatory body, or by the participation of the Data Controller in judicial procedures that involve the processing of personal data.
The personal data of registered customers will be kept as long as the customer has an active account. In the event that the Customer deletes his personal account, through the specific function present in My Account, "processing of personal data", the data will be definitively deleted. The customer can at any time make a new registration and must proceed to communicate all his data again.
The personal data of unregistered customers are kept for 2 years, with the exception of personal data necessary for tax and legal purposes.
The e-mail address spontaneously given for receiving the Newsletter will be kept for as long as the service will be provided, without prejudice to the withdrawal of consent by the user.
  1. COOKIE

Please refer to Cookie Policy
  1. DATA DISCLOSURE

Personal data provided by the Customer may be known by authorized employees, by the company that manages the website that is appointed as External Manager of the Treatment with a specific written contract, as well as by other third parties who support the Data Controller in the performance of the sales service, by way of non-exhaustive example, suppliers of logistics, transport and delivery services.
Furthermore, if the Customer makes the payment by Pay-Pal, the related payment data will be known by the same Pay-Pal as External Manager.
Should the Customer make the payment through NEXI, the related payment data will be known by NEXI as External Manager.
The list of persons appointed as external data processors is available at the following references Sitap SpA, with registered office in Via Giulio Natta, 37, (29010) Pontenure, Piacenza, or at sitap@sitap.it and export@sitap.it, as well as on 0523 519044 and fax 0523 511655
  1. USERS RIGHTS

The user has the right:
- upon access, rectification, cancellation, limitation and opposition to the processing of data. In particular, for the exercise of the right of access and rectification of data, the user accesses the specific function present in My Account, "Treatment of personal data".
- to obtain, without hindrance, from the Data Controller the data in a structured format commonly used and readable by an automatic device to transmit them to another data controller;
- to revoke the consent to the treatment, without prejudice to the lawfulness of the treatment based on the consent acquired before the revocation;
In this regard, we inform you that the deadline for replying to the user is, for all the rights of one month from the receipt of the request, extendable up to three months in cases of particular complexity.
The exercise of the right premises can be exercised by written communication to be sent by pec. to the address: sitap@pec-legal.it or registered letter with return receipt to the address: Via Giulio Natta, 37, (29010) Pontenure, Piacenza - Italy
  1. COMPLAINT AUTHORITY GUARANTOR AND RIGHT TO JURISDICTIONAL APPEAL

The user has the right to lodge a complaint with the Data Protection Authority.
The complaint is the tool that allows the user to contact the Guarantor to complain of a violation of the regulation on the protection of personal data pursuant to art. 77 of the GDPR and to request a verification from the Authority.
The complaint can be proposed by the user to the supervisory authority of the place where he resides, or in the place where he works or in the one where the alleged violation occurred.
The user also has the right to bring a judicial appeal before the ordinary court if he believes that the rights he enjoys have been violated following treatment.
  1. TRANSFER TO NON-EU COUNTRIES

The data will be stored and processed within the European Union. No data deriving from the web service is communicated or disclosed. The Data Controller may communicate the user's personal data to third parties who are also located outside the European Union in fulfillment of the execution of the sales contract, by way of non-exhaustive example, suppliers of logistics, transport and delivery services.