Privacy Policy of the website www.seppi.com
SEPPI M. SPA explains, on this page, how it processes the data of users who visit its site and how the cookies that are installed by the site act.
This Privacy Policy is made in compliance with Article 13 of the GDPR 2016/679 (General Data Protection Regulation, European Data Protection Regulation), the Privacy Guarantor’s Guidelines of June 10, 2021, the EDPB Guidelines 5/2020 referring to consent, the ECJ Judgment October 1, 2019 C-673/17, the General Measure of the Privacy Guarantor on Cookies of May 8, 2014, no. 229, the «Working Document 02/2013 providing guidance on obtaining consent for cookies,» WP 29 Opinion No. 4/2012 On Cookie Consent Exemption, Directive 2002/58/EC, and Recommendation No. 2/2001 of the Working Group Article 29.
The following applies only to the site www.seppi.com; the Data Controller is not responsible for the data entered and cookies installed by other sites that may be consulted through links.
Information about the data controller and data protection officer
The Data Controller is SEPPI M. SPA, with registered office in Via Trento 111, 38017 Mezzolombardo (Italy). To exercise your rights under the regulations, you can contact the Data Controller at its office or by calling 0039 – 0461 / 178 7500 or writing to privacy@seppi.com.
Purpose and legal basis for processing
The Data Controller explains below for what purposes it processes site user data.
| Purpose of processing | Fulfilling legal obligations |
|---|---|
| Description | Data processing is necessary for the fulfillment of obligations required by law, regulation, or EU legislation. |
| Legal Basis | Fulfillment of a legal obligation to which the data controller is subject (Art. 6 para. 1 lit. c) GDPR 2016/679). |
| Nature of conferment | The provision of data is necessary to fulfill a legal obligation. |
| Consequences of failure to confer | N.A. |
| Storage time | That required by the relevant legislation. |
| Effective retention time | From the provision of data. |
| Purpose of processing | Statistical analysis on aggregated or anonymized data |
|---|---|
| Description | The processing does not allow user identification, but serves to verify the adequacy of the web marketing campaigns adopted and/or the proper functioning of the site, measuring the user traffic it generates. The processing of aggregated or anonymous data, which do not allow the identification of the user, does not fall under the scope of the legislation on the protection of personal data and therefore no consent is required for their processing. |
| Legal Basis | N.A. |
| Nature of conferment | N.A. |
| Consequences of failure to confer | N.A. |
| Storage time | N.A. |
| Effective retention time | N.A. |
| Purpose of processing | Information Request/Contacts |
|---|---|
| Description | Data processing is necessary to provide feedback to your request. |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR 2016/679). |
| Nature of conferment | The provision of data is necessary to fulfill a contractual obligation. |
| Consequences of failure to confer | Failure to provide data may result in the total or partial inability to respond to the submitted request. |
| Storage time | Depends on the request. |
| Effective retention time | From the provision of data. |
| Purpose of processing | Account creation/Registration area |
|---|---|
| Description | Data processing is necessary to create the account and access the restricted area. |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR 2016/679). |
| Nature of conferment | The provision of data is necessary for the conclusion of a contract. |
| Consequences of failure to confer | Failure to provide data may result in the total or partial inability to respond to the submitted request. |
| Storage time | Until account closure. |
| Effective retention time | Since the provision of the data. |
| Purpose of processing | Newsletter |
|---|---|
| Description | Processing is required to subscribe to the newsletter and receive commercial communications. |
| Legal Basis | Consent of the data subject (Art. 6 para. 1 lit. a) GDPR 2016/679). |
| Nature of conferment | The provision of data is optional. |
| Consequences of failure to confer | Failure to provide data will only result in non-subscription and inability to receive the newsletter. |
| Storage time | Until consent is revoked. |
| Effective retention time | From the consent. |
| Purpose of processing | Marketing in general |
|---|---|
| Description | The processing is necessary to receive commercial communications in the manner provided by the Data Controller, which may be, by way of example, e-mail, SMS, paper material etc. |
| Legal Basis | Consent of the data subject (Art. 6 para. 1 lit. a) GDPR 2016/679). |
| Nature of conferment | The provision of data is optional. |
| Consequences of failure to confer | Failure to provide data will only result in the inability to receive commercial communications. |
| Storage time | 7 years. |
| Effective retention time | From the consent. |
| Purpose of processing | Product/service purchase |
|---|---|
| Description | Data processing is necessary to purchase the requested product/service. |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR 2016/679). |
| Nature of conferment | The provision of data is necessary for the conclusion of a contract. |
| Consequences of failure to confer | Failure to provide data may result in total or partial inability to respond to the submitted request. |
| Storage time | 10 years. |
| Effective retention time | From the provision of data. |
| Purpose of processing | Order management (shipping and logistics) |
|---|---|
| Description | The processing is necessary to handle the order placed. |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR 2016/679). |
| Nature of conferment | The provision of data is necessary to fulfill a contractual obligation. |
| Consequences of failure to confer | Failure to provide data may result in total or partial inability to respond to the submitted request. |
| Storage time | 10 years. |
| Effective retention time | From the provision of data. |
| Purpose of processing | Billing/contract management |
|---|---|
| Description | The processing is necessary to handle the order placed. |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR 2016/679). |
| Nature of conferment | The provision of data is necessary to fulfill a contractual obligation. |
| Consequences of failure to confer | Failure to provide data may result in total or partial inability to respond to the submitted request. |
| Storage time | 10 years. |
| Effective retention time | From the provision of data. |
| Purpose of processing | Additional warranty activation purchased products |
|---|---|
| Description | Data processing is necessary to purchase the additional warranty. |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR 2016/679). |
| Nature of conferment | The provision of data is necessary to fulfill a contractual obligation. |
| Consequences of failure to confer | Failure to provide data may result in the total or partial inability to respond to the submitted request. |
| Storage time | 10 years or a longer time, where the warranty covers a longer time. |
| Effective retention time | From the provision of data. |
Methods of processing, automated decision making
Data processing is carried out in computer-based mode, although potential processing in paper-based mode is not excluded. No automated decision-making processes are used to process your personal data.
Any profiling by cookies is done against specific user consent: more information is available in the cookie policy and/or information banner at first access.
User profiling carried out by means other than cookies is described in the section «Purposes of processing,» where carried out.
Target audience
Your data may be disclosed to the following categories of recipients:
- Computer service providers and hosting companies to ensure the operation of the site and other explicit purposes.
- Communications companies, agencies, marketing consultants and platform providers for sending promotional communications.
- Couriers and logistics partners for sending products or other materials purchased or otherwise requested by the user.
- Platforms that enable the use of specific services (e.g., e-commerce, courses, electronic payment systems, etc.).
- Public authorities, administrations and agencies.
- Commercial partners and resellers.
Transfer of data to third countries or international organizations
Data disclosed may be transferred to third countries and/or international organizations outside the EU. The transfer is legitimized by the presence of an adequacy decision and/or the adoption of the guarantees, precautions and security measures.
The service providers listed below may transfer your personal data outside the European Union. In detail:
| Supplier | Data transfer status | Adequacy decision |
|---|---|---|
| Mailchimp | USA | EU-US Data Privacy Framework of 10.07.2023 |
| Google (e.g. GPay, Font etc.) | USA | EU-US Data Privacy Framework of 10.07.2023 |
The hosting of the site is within the European Union.
Rights of the data subject and complaint to the Privacy Guarantor
You have the right to ask us at any time for access to the data concerning you, their amendment, supplementation or deletion, the restriction or opposition to their processing, where there are legitimate reasons, as well as the portability of these data to another Data Controller. We will provide you with a response in writing within 30 days. You may revoke, at any time, the consents you have given on this site, by contacting one of the contact details given within this Privacy Policy. You may also lodge a complaint with the Control Authority, where you believe that your data has been processed unlawfully.