Privacy Policy
(pursuant to Articles 13 and 14 of Regulation (EU) 679/2016) rev. 1.2
This Privacy Policy, pursuant to EU Regulation 679/2016 (GDPR), describes how Sinte processes personal data. In compliance with the regulation and the rights and obligations it entails, we provide the following information:
1. Data Controller
The Data Controller, i.e., the entity responsible for decisions regarding the purpose, methods, and security of personal data processing, is:
Sinte Srl
VAT and Tax Code 13295960150
Registered office: Via Monte Grappa 4 – 20900 Monza (MB), Italy
2. Data Protection Officer
The Data Protection Officer (DPO) can be contacted by appointment at:
Sinte Srl
VAT and Tax Code 13295960150
Via Monte Grappa 4 – 20900 Monza (MB), Italy
or by email: dpo@sinte.net
3. Types and Purposes of Data Processing
3.1 Processing Required by Contractual Obligations (no consent required)
Personal data, whether collected verbally or in writing before, during, or after the establishment of a contractual relationship, will be processed—without requiring your consent—pursuant to Article 6 (b) and (f) of the GDPR.
These include but are not limited to:
3.2 Processing Required by Legal Obligations (no consent required)
Common and/or sensitive personal data, requested and/or provided even verbally, prior to the establishment of the contractual relationship, or during or after its termination, will be subject, even without your consent pursuant to Article 6, letter c) of the GDPR, to:
3.3 Processing Requiring Prior Consent
Any data processing under this category will be performed only upon your explicit consent, pursuant to Article 6(1)(a) GDPR. This includes, for example, marketing communication. Data will be retained until the user opts out or revokes consent.
The "processing" of personal data is defined by Article 4 of the GDPR as “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
This includes the collection, recording, organization, storage, consultation, processing, modification, selection, retrieval, alignment, use, combination, blocking, communication, dissemination, erasure, and distribution of the data itself.
Processing of Special Categories of Data (Sensitive Data)
Special categories of data as defined by Article 9 of the GDPR, and in particular personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data relating to health, fall under the processing described above and will be used solely for purposes connected to the provision of assistance, consultancy, or representation as entrusted. Such data may only be used with your consent.
Processing of Judicial Data
Judicial data, including information from the criminal record, the register of administrative sanctions resulting from criminal offences and related pending charges, or the status of defendant or suspect under Articles 60 and 61 of the Code of Criminal Procedure, will not be processed.
4. Consent of the data subject
The provision of personal data (both common and special categories) as explained so far, as well as their communication to the categories of recipients listed, is mandatory under the laws and contracts that regulate, for example, purposes connected to the execution of the contractual relationship. In particular, please note that:
a) By signing a contract with Sinte, the data subject is informed that processing is lawful as it is necessary for the activities, and therefore undertakes to provide the data for processing for the purposes set out in points 3.1 and 3.2 and to consent to their transfer to the parties referred to in point 7 so that they may process them in turn. Any subsequent refusal to provide consent, in whole or in part, will result in the inability, on one hand, to fulfill legal obligations and thus to continue the contractual relationship, and on the other, to carry out the typical activities;
b) It is optional to provide data for the processing referred to in point 3.3 and to consent to their transfer to the parties referred to in point 7, although in this case the controller may assess on a case-by-case basis whether it is possible to continue the contractual relationship under the less favorable conditions resulting from the lack of consent;
c) It is optional to provide judicial data.
5. Source of personal data
Provision of Data and Refusal
Personal data are collected from the data subject, at the controller’s premises, through the controller’s website/app, or in other forms provided by law. The data are processed in compliance with the obligations of fairness, lawfulness, and transparency imposed by the aforementioned regulations, protecting the confidentiality and rights of the data subjects.
6. Methods of processing and storage of personal data
Personal data are processed using manual, IT, and electronic tools (web management software), with logic strictly related to Sinte’s purposes and, in any case, in a manner that guarantees their security and confidentiality in compliance with current regulations. The controller undertakes to store and monitor personal data by adopting appropriate technical and organizational measures necessary to counter the risks of destruction or loss, unauthorized access, or processing that is not permitted or not in line with the purposes for which they were collected. In compliance with the principles of lawfulness, purpose limitation, and data minimization, the data will be retained for the entire duration of the processing and also subsequently for the time necessary for the extinction of the obligations incumbent on the controller and for the fulfillment of all legal requirements connected to or arising from them, including with regard to the management of public archives in compliance with the Code of Ethics and Good Conduct for the processing of personal data for historical and statistical purposes.
7. Recipients
Personal data processed may be communicated to public bodies and entities as provided by current legislation, as well as to consultants appointed by the controller. Data provided by the data subject may also be communicated to external parties such as consultants, legal professionals, as well as patronages, organizations, associations, companies, and in general public or private entities involved in the activities for the purposes mentioned above, mainly for the following activities: compliance, administrative communications or those required by law; assistance in the fiscal, legal, insurance, accounting, social security, advertising, logistics, IT sectors in relation to the activities used by the data subject.
8. Transfer of data abroad
Personal data will not be transferred to third countries outside the European Union or to international organizations.
9. Rights of the Data Subject
The Regulation grants you the following rights:
10. Further Information
The privacy policy will be constantly updated at the following web address:
https://www.sinte.net/it/privacy.html
Any explanations you may need to exercise your rights can be requested in writing, accompanied by a valid identification document, at the following email address: info@sinte.net
11. Changes to the Privacy Policy
The controller reserves the right to modify, update, add, or remove parts of this privacy policy at its discretion and at any time. The data subject may check for any changes at any time. To facilitate this verification, the policy will indicate the date of the latest update.
Date of update: Nov. 14, 2023
This Privacy Policy, pursuant to EU Regulation 679/2016 (GDPR), describes how Sinte processes personal data. In compliance with the regulation and the rights and obligations it entails, we provide the following information:
1. Data Controller
The Data Controller, i.e., the entity responsible for decisions regarding the purpose, methods, and security of personal data processing, is:
Sinte Srl
VAT and Tax Code 13295960150
Registered office: Via Monte Grappa 4 – 20900 Monza (MB), Italy
2. Data Protection Officer
The Data Protection Officer (DPO) can be contacted by appointment at:
Sinte Srl
VAT and Tax Code 13295960150
Via Monte Grappa 4 – 20900 Monza (MB), Italy
or by email: dpo@sinte.net
3. Types and Purposes of Data Processing
3.1 Processing Required by Contractual Obligations (no consent required)
Personal data, whether collected verbally or in writing before, during, or after the establishment of a contractual relationship, will be processed—without requiring your consent—pursuant to Article 6 (b) and (f) of the GDPR.
These include but are not limited to:
- invoice registration,
- certification processing,
- insurance agreements,
- communication with third parties (e.g., accountants, lawyers, consultants, technicians, medical staff, hospitals, banks, insurance companies) for services related to the contract.
3.2 Processing Required by Legal Obligations (no consent required)
Common and/or sensitive personal data, requested and/or provided even verbally, prior to the establishment of the contractual relationship, or during or after its termination, will be subject, even without your consent pursuant to Article 6, letter c) of the GDPR, to:
- processing related to fiscal/tax/contributory purposes;
- processing related to legal obligations in connection with the provision of services;
- processing related to legal obligations concerning the protection of life and health;
- processing consisting of transfer to third parties for backup purposes on external servers, in any case located within the territory of the EU. The data transferred to such servers will be encrypted so that only the data controller and authorized persons can access them. The data may also be temporarily transferred to parties responsible for the maintenance of hardware and software equipment, through backup copies necessary for data storage and recovery;
3.3 Processing Requiring Prior Consent
Any data processing under this category will be performed only upon your explicit consent, pursuant to Article 6(1)(a) GDPR. This includes, for example, marketing communication. Data will be retained until the user opts out or revokes consent.
The "processing" of personal data is defined by Article 4 of the GDPR as “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
This includes the collection, recording, organization, storage, consultation, processing, modification, selection, retrieval, alignment, use, combination, blocking, communication, dissemination, erasure, and distribution of the data itself.
Processing of Special Categories of Data (Sensitive Data)
Special categories of data as defined by Article 9 of the GDPR, and in particular personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data relating to health, fall under the processing described above and will be used solely for purposes connected to the provision of assistance, consultancy, or representation as entrusted. Such data may only be used with your consent.
Processing of Judicial Data
Judicial data, including information from the criminal record, the register of administrative sanctions resulting from criminal offences and related pending charges, or the status of defendant or suspect under Articles 60 and 61 of the Code of Criminal Procedure, will not be processed.
4. Consent of the data subject
The provision of personal data (both common and special categories) as explained so far, as well as their communication to the categories of recipients listed, is mandatory under the laws and contracts that regulate, for example, purposes connected to the execution of the contractual relationship. In particular, please note that:
a) By signing a contract with Sinte, the data subject is informed that processing is lawful as it is necessary for the activities, and therefore undertakes to provide the data for processing for the purposes set out in points 3.1 and 3.2 and to consent to their transfer to the parties referred to in point 7 so that they may process them in turn. Any subsequent refusal to provide consent, in whole or in part, will result in the inability, on one hand, to fulfill legal obligations and thus to continue the contractual relationship, and on the other, to carry out the typical activities;
b) It is optional to provide data for the processing referred to in point 3.3 and to consent to their transfer to the parties referred to in point 7, although in this case the controller may assess on a case-by-case basis whether it is possible to continue the contractual relationship under the less favorable conditions resulting from the lack of consent;
c) It is optional to provide judicial data.
5. Source of personal data
Provision of Data and Refusal
Personal data are collected from the data subject, at the controller’s premises, through the controller’s website/app, or in other forms provided by law. The data are processed in compliance with the obligations of fairness, lawfulness, and transparency imposed by the aforementioned regulations, protecting the confidentiality and rights of the data subjects.
6. Methods of processing and storage of personal data
Personal data are processed using manual, IT, and electronic tools (web management software), with logic strictly related to Sinte’s purposes and, in any case, in a manner that guarantees their security and confidentiality in compliance with current regulations. The controller undertakes to store and monitor personal data by adopting appropriate technical and organizational measures necessary to counter the risks of destruction or loss, unauthorized access, or processing that is not permitted or not in line with the purposes for which they were collected. In compliance with the principles of lawfulness, purpose limitation, and data minimization, the data will be retained for the entire duration of the processing and also subsequently for the time necessary for the extinction of the obligations incumbent on the controller and for the fulfillment of all legal requirements connected to or arising from them, including with regard to the management of public archives in compliance with the Code of Ethics and Good Conduct for the processing of personal data for historical and statistical purposes.
7. Recipients
Personal data processed may be communicated to public bodies and entities as provided by current legislation, as well as to consultants appointed by the controller. Data provided by the data subject may also be communicated to external parties such as consultants, legal professionals, as well as patronages, organizations, associations, companies, and in general public or private entities involved in the activities for the purposes mentioned above, mainly for the following activities: compliance, administrative communications or those required by law; assistance in the fiscal, legal, insurance, accounting, social security, advertising, logistics, IT sectors in relation to the activities used by the data subject.
8. Transfer of data abroad
Personal data will not be transferred to third countries outside the European Union or to international organizations.
9. Rights of the Data Subject
The Regulation grants you the following rights:
- Right of Access: Article 15 of the European Regulation allows you to obtain confirmation from the data controller as to whether or not personal data concerning you are being processed and, if so, to access such data.
- Right to Rectification: Article 16 allows you to obtain from the data controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to Erasure: Article 17 allows you to obtain from the data controller the erasure of personal data concerning you without undue delay if one of the grounds provided by the regulation applies.
- Right to Restriction of Processing: Article 18 allows you to obtain from the data controller restriction of processing when one of the conditions provided by the regulation applies.
- Right to Object: Article 21 allows you to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you pursuant to Article 6(1)(e) or (f), including profiling based on those provisions.
- Right to Data Portability: Article 20 allows you to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to whom the data have been provided, under the conditions set out in the regulation.
- Right to Withdraw Consent: Article 7 allows you to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to Lodge a Complaint: Article 77 allows you to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the regulation.
10. Further Information
The privacy policy will be constantly updated at the following web address:
https://www.sinte.net/it/privacy.html
Any explanations you may need to exercise your rights can be requested in writing, accompanied by a valid identification document, at the following email address: info@sinte.net
11. Changes to the Privacy Policy
The controller reserves the right to modify, update, add, or remove parts of this privacy policy at its discretion and at any time. The data subject may check for any changes at any time. To facilitate this verification, the policy will indicate the date of the latest update.
Date of update: Nov. 14, 2023
