Sitra collects some Personal Data from its Users.
Owner and Data Controller
Sitra S.p.A. Via Visanna, 2 – 03038 Roccasecca (FR) – Italy
Owner contact email:: firstname.lastname@example.org
Types of Data collected
Among the types of Personal Data that Sitra collects, by itself or through third parties, there are: first name, last name, company name, email address, Cookies and Usage Data.
Users take responsibility for any third-party Personal Data which are obtained, published or shared through Sitra and guarantees to have the right to communicate and disclose them, releasing Sitra Owner from any liability to third parties.
Modalities and treatment place for collected Data
The Owner treats Users Personal Data adopting appropriate safety measures in order to block not authorized Personal Data access, disclosure and distribution. Treatment is carried out by using computer and/ or telematic tools, with organizational and logical modalities strictly tied to indicated purposes. Beyond Owner, in some cases, access to the Data may be available for other parties involved in the organisation of Sitra (administrative staff, commercial, marketing, legal, system administrators) and external parties (such as third party technical service providers, mail carriers, hosting provider, IT companies, communication agencies) named if necessary Treatment Responsibles by the owner, could have access to Data. Updated Responsible list could always be requested to Treatment Owner.
Legal basis of processing
The Owner may process Personal Data relating to the User if one of the following applies:
- User has given his consent for one or more specific purposes; Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- the processing is necessary for the execution of a contract with the User and / or for the execution of pre-contractual measures;
- the processing is necessary to fulfill a legal obligation to which the Owner is subject;
- the treatment is necessary for the execution of a task of public interest or for the exercise of public powers of which is invested with the Owner;
- the processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
However, it is always possible to ask the Owner to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided by a contract or necessary to conclude a contract.
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located. For further information, please contact the Owner. The Personal Data of the User could be transferred to a different country other than his own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the ONU, and about the security measures taken by the Owner to safeguard their Data.
If one of the transfers described above takes place, the User can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. The User may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
- The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Purpose of processing the collected data
The Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes: Contacting the User, Analytics, Displaying content from external platforms and SPAM protection.
Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
Contact form (Sitra)
By filling in the contact form with their data, the User consents to their use to respond to requests for information, quotes, or any other nature indicated by the form header.
Personal Data collected: surname, email, name and company name.
This type of service analyzes the traffic of Sitra, potentially containing Users' Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.
Google reCAPTCHA (Google Inc.)
Personal Data collected: Cookies and Usage Data.
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of Sitra, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Google Analytics with anonymized IP (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of Sitra, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
Personal Data collected: Cookies and Usage Data.
Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of Sitra and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Fonts (Google Inc.)
Google Fonts is a typeface visualization service provided by Google Inc. that allows Sitra to incorporate content of this kind on its pages.
Rights of Users
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to:
- withdraw their consent at any time. Users have the right to withdraw consent where they have previously given it to the personal data processing.
- object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- to log into their own data. The User has the right to obtain information on the Data processed by the Owner, on certain aspects of the processing and to receive a copy of the Data processed.
- verify and ask for rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- obtain the limitation of the processing. When certain conditions are met, the User may request the limitation of the processing of his Data. In this case, the Owner will not process the Data for any other purpose than their conservation.
- obtain the cancellation or removal of Personal Data. When certain conditions are met, the User can request the cancellation of his Data by the Owner.
- receive their Data and transferred them to another controller. Users have the right to receive their Data in a structured, commonly used and readable by automatic device, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable when Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- propose a complaint. The User can lodge a complaint with the competent personal data protection supervisory authority or take legal action.
Details about the right to object
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or with the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. In order to learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
To exercise the User’s rights, Users can direct a request to the contact details of the Owner indicated in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
Additional information about the processing
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of Sitra or the related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
System logs and maintenance
For operation and maintenance purposes, Sitra and any third-party services used, can collect system logs, that are files that record interaction and can contain Personal Data, such as the IP address.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time, using the contact information at the beginning of this document.
How “Do Not Track” requests are handled
Sitra does not support “Do Not Track” requests. To find out whether any of the third-party services used, support them, the User is invited to consult the respctive privacy policies.
Definitions and legal references
Personal Data (or Data) Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Usage Data Information collected automatically through Sitra (or third-party services employed in Sitra), which can include: the IP addresses or domain names of the computers utilized by the Users who connects to Sitra, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
User The individual using Sitra who, unless otherwise specified, coincides with the Data Subject.
Data Subject The natural person to whom the Personal Data refers.
Data Controller (or Owner) The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of Sitra. The Data Controller, unless otherwise specified, is the Owner of Sitra.
Sitra (or this Application) The hardware or software tool through which the Personal Data of Users are collected and processed.
Service The service provided by Sitra as described in the relative terms (if available) and on this site/application.
European Union (or EU) Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookie Small sets of data stored in the User's device.
Legal references This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13 and 14 of Regulation (EU) 2016/679.
Last modified: June, 12 2021