This information (hereinafter, also “Privacy Policy“) is provided pursuant to articles 13 and 14 of Regulation (EU) 2016/679 (also “GDPR” or “Regulation“) in order to inform the subjects (hereinafter the “Users” and/or the “User”) about the processing of personal data ( the “Personal Data“) carried out in the context of browsing the website (also the “Site“).

Data controller
The data controller is Sadas S.r.l. with registered office in via Napoli, 125 – Casalnuovo di Napoli (NA) 80013 | Tel. +39 081 17861214 and operational headquarters: Via Boschetti, 1 – Milan (MI) 20121 | Tel. +39 02 290174490, VAT number 03743011219, Fiscal Code 06228820632, as Data Controller (hereinafter “Data Controller” or also the “Company“).

Responsible for the protection of personal data
The Data Controller has appointed, pursuant to art. 38 of the Regulation, the person responsible for the protection of personal data (hereinafter, “DPO”) who can be contacted to obtain any clarification whatsoever regarding this policy by e-mail at the address:

Type of personal data being processed
The Company processes the Personal Data of Users collected from the registration forms on the Site and/or through the computer systems and software procedures used by the Site which automatically acquire some information from the User such as the IP address or other parameters related to the operating system. This information, through processing and association with other data, could allow the identification of the User. The Personal Data processed by the Data Controller includes:

  1. general contact data such as: name, surname, telephone number, e-mail address, residential and/or domicile address;
  2. data relating to navigation traffic and the type of devices used, such as the IP address or other parameters concerning the operating system of the device used by the User. This is information which, by its nature, could, through processing and association with other data, allow the identification of the User. For more information, consult the Cookie Policy.

Purpose of treatment and related legal basis
The provision of Personal Data is optional; however, failure to provide them could prevent the Company from delivering the services requested by the User and from fulfilling the obligations established by law. For these reasons, failure to provide such information will make it impossible for the User to use the services offered by the Company. In particular, the Data Controller processes the Personal Data of Users for the pursuit of the following purposes:

a. to allow access to and consultation of the Site and the management of contact and information requests (art. 6 (b) GDPR);
b. fulfill the legal obligations to which the Data Controller is subject, for example in the administrative, accounting and tax fields (Article 6 (c) GDPR);

Exclusively with the specific, free and informed consent of the User, pursuant to art. 6 (1), lit. a) of the GDPR, the Data Controller may process the User’s Personal Data for:

c. activities aimed at improving the services provided connected to the contractual relationship (e.g. surveys to evaluate customer satisfaction);
d. sending newsletters.

Processing methods
Users’ personal data can be processed – in compliance with the principles of correctness, lawfulness and transparency – with IT, manual and/or telematic supports and/or tools, suitable for guaranteeing confidentiality, security and avoiding unauthorized access, modifications and data theft. The availability, management, access, storage and usability of User data are guaranteed by the adoption of technical and organizational measures adequate for ensuring levels of security pursuant to articles 25 and 32 of the GDPR, as well as, in relation to the specific processing purposes identified by the legislation on the protection of personal data, to ensure compliance with the measures established by the Authority for the protection of personal data and with the relevant provisions contemplated by national and European Union legislation. The processing is carried out by specially appointed, authorized and trained personnel in full compliance with art. 29 of the GDPR and art. 2-quaterdecies of Legislative Decree 196/2003 and subsequent amendments and additions. In any case, the logical and physical security and confidentiality of the information processed will be guaranteed.

Data communication
The User’s Personal Data may be communicated, exclusively in relation to the purposes indicated above, to service companies used by the Data Controller, to supervisory and control authorities, to public administrations to whom the communication of Personal Data is mandatory for the fulfillment of a legal obligation. Without prejudice to the hypothesis in which the communication is necessary for the fulfillment of a legal obligation, the Personal Data of the Users will not be communicated (i.e. brought to the attention of third parties, in any way, even through the simple availability or consultation) to third parties without the prior specific consent of the User. The Data Controller ensures that the transfer of Personal Data outside the European Union takes place in full compliance with current legislation, guaranteeing an adequate level of personal data protection – equivalent to the one ensured by European legislation – based on the contractual data protection standards defined by the European Commission (also “SCC”) or on “Binding Corporate Rules (also “BCR” or “Binding corporate rules”), pursuant to articles 44 and following of the GDPR.

Data storage
The Personal Data of Users will be kept for the period necessary for the pursuit of the purposes for which such data were collected, as indicated in this statement. Upon expiry of the retention period, in accordance with the minimization principle pursuant to art. 5(1), lett. c) of the GDPR, Personal Data will be deleted or made anonymous, unless they are necessary for further purposes according to an adequate legal basis. For the purposes indicated in letters c) to d) of this Privacy Policy – ​​Personal Data will be processed until the specific consent given by the User is revoked. In each commercial communication sent to the User there will be clear, precise and specific indications to allow him to easily revoke his consent at any time. This does not affect the lawfulness of the processing of Personal Data carried out before the withdrawal of consent. For treatments carried out pursuant to art. 6(1), lett. c) GDPR, in fulfillment of a legal obligation, the Data Controller reserves the right to keep Personal Data for a period of 10 years.

Rights of the interested parties
Users, as interested parties in the processing, can freely and at any time exercise the rights provided for by articles 15-22 of Regulation (EU) 2016/679 as applicable. Therefore, the User has the right to:

  1. ask for confirmation as to whether or not personal data concerning him is being processed and, in this case, obtain access to such information in order to verify its accuracy and request its integration, updating or modification;
  2. obtain, without unjustified delay from the Data Controller, the cancellation, transformation into anonymous form or blocking of personal data concerning him;
  3. revoke, at any time, the consent given to data processing (relative to those treatments for which such consent is necessary), without this affecting the lawfulness of the processing already carried out on the basis of the consent given up until the moment of revocation;
  4. obtain the updated list of the categories of recipients to whom the personal data have been or will be disclosed;
  5. oppose all or part of the processing, unless there are overriding legitimate interests of the Data Controller which prevail over the interests, rights and freedoms of the interested party or which make the processing necessary for the assessment, exercise or defense of a right in court;
  6. request the limitation of the processing of your Personal Data pursuant to art. 18 of the GDPR;
  7. receive a copy, in a structured format commonly used and readable by an automatic device, of their Personal Data, where the User intends to acquire their personal data or transfer them to a different service provider, in the case of treatments based on consent of the User and/or carried out by automated means;
  8. not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way;
  9. if the Personal Data is transferred to a third country or to an international organization, the User has the right to be informed of the existence of adequate guarantees relating to the transfer pursuant to art. 46 of the Regulation.

For any request and/or communication regarding privacy and for the exercise of the rights described above, it is possible to contact the Data Controller at the e-mail address Users also have the right to contact the Personal Data Protection Authority to exercise the rights referred to in articles 12-22 of the GDPR and to lodge a complaint pursuant to art. 77 of the Regulation.

Changes and Updates
This information may be subject to changes and additions, also in relation to updates to current legislation.

Last update: August 3, 2023