The company SIPA S.p.A. (hereinafter the “Service Provider”), located in Vittorio Veneto (TV), Italy, via Caduti del Lavoro 3, the controller of the personal data, pays the utmost attention to the security and confidentiality of personal data in the performance of its business activities.

TYPES OF PERSONAL DATA RELATING TO YOU THAT CAN BE COLLECTED

The following categories of personal data relating to you may be collected (the term “personal data” is understood to refer jointly to all the categories outlined below):

• Biographical and contact data (e.g. information relating to name, telephone number, email address);
• Payment details: (e.g. IBAN code).

HOW WE COLLECT YOUR PERSONAL DATA

The Service Provider collects and processes your personal data on the basis of the relationship existing with you. If you provide personal data on behalf of someone else you must make sure, in advance, that the interested have read this document. The Service Provider asks for your help to maintain your personal data up-to-date, informing us of any changes.

PURPOSES YOUR PERSONAL DATA CAN BE USED FOR

Service Provider may process your personal data for one or more of the following purposes, for the specified basis:

1. Establishment of the relationship: the Service Provider may process your personal and contact data in order to proceed with the establishment and management of the resulting relationship. Processing Assumption: the provision of data must be considered mandatory for the execution of contractual / pre-contractual measures. Failure to provide such data may result in the inability to carry out your request.
2. Compliance with legally binding requests to to meet legal obligations, rules and regulations as well as to defend a right in court: the Service Provider may process your personal data to fulfill a legal obligation and / or to defend its rights in court. Processing Assumption: legal obligations to which the Service Provider is obliged to comply.

HOW WE KEEP YOUR PERSONAL DATA SECURE

The Service Provider uses suitable security measures in order to guarantee protection, security, integrity and accessibility of your personal data. All of your personal data is stored on our protected servers (or on suitably stored paper copies) or on the servers of our suppliers, and are accessible and usable on the basis of our standards and security policies (or equivalent standards for our suppliers).

HOW LONG WE STORE YOUR DATA FOR

The Service Provider only stores your personal data for the period of time necessary for fulfilling the purposes the data was collected for or for fulfilling any other legitimate connected purpose. Your personal data which is no longer necessary, or for which there is no longer any legal basis for storage, will be irreversibly anonymised or destroyed in a secure manner.

PARTIES YOUR PERSONAL DATA MAY BE SHARED WITH

Your personal data may be accessed by duly authorised employees, as well as external suppliers, where necessary, appointed data processors. Please contact the Service Provider by email sipaprivacy@zoppas.com if you wish to request a list of the data controllers and the other subjects to whom your data are communicated.

CONTACTS

For any doubts or comments as well as to exercise your rights you can write to sipaprivacy@zoppas.com. For any complaints or recommendations regarding the processing procedures of your data the Service Provider will make every effort to address your concerns. However, if you wish, you may forward your complaints or recommendations to the data protection supervisory authority using the contact details on the website www.garanteprivacy.it.

YOUR DATA PROTECTION RIGHTS AND RIGHT TO MAKE CLAIMS TO THE SUPERVISORY AUTHORITY

Under certain conditions you have the right to ask to Service Provider:

• to access your personal data;
• for a copy of the personal data you supplied us with (so-called data portability);
• to correct data in our possession;
• to delete any data the Service Provider has no legal basis to process;
• to object to processing where provided by the applicable legislation;
• to revoke your consent, where processing is based on your consent;
• to limit the way in which the Service Provider processes your personal data, up to the limits provided by the applicable legislation.

The exercising of the above rights is subject to certain exceptions relating to the safeguarding of the public interest (e.g. the prevention or identification of crimes) and certain interests of the Service Provider. In the event of you exercising any of the above mentioned rights, the Service Provider will be required to verify that you are entitled to exercise the respective right and the Service Provider will generally respond to any requests within a month.