Sibill S.r.l., with registered office in viaMattine 5, 84043 Agropoli (SA), VAT/CF: 06027580650, in its capacity as data controller (the "Owner" o "Sibill"), wishes to inform you, pursuant to Article 13 of European Regulation 679/2016 concerning the protection of personal data (the "GDPR") and national legislation, including Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (the "Privacy Code") and the individual measures of the Supervisory Authority (Garante perla Protezione dei Dati Personali), where applicable, regarding the processing of your personal data.
- Scope of Application
The purpose of this Privacy Policy is to provide information on how the Data Controller processes the personal data you provide when (i) either filling out an online form in order to be placed on the waiting list referred to in the web www.sibill.com/waitlist (the "Waiting List"); (ii) or the signing of the terms and conditions relating to the use of the Software As a Service called Sibill(the "Software"). - Type of personal data processed
The Data Controller informs you that, according to what is specified in point 1 above, the following personal data will be processed by theTitleholder:
i. personal identification data, such as first and last name;
ii. personal contact data, such as, but not limited to, your address e-mail;
iii. personal banking data, such as, for example, IBAN, of employees, suppliers, customers. - Purpose and legal basis for processing
The processing of your personal data is aimed at:
(a) the execution of pre-contractual and contractual measures. In particular, your personal data will be processed in order to: (i) get in touch with you following the completion of the form on the Sibill website; (ii) execute the contract having as its object the use of the Software. For these purposes, the legal basis for the processing is found within the scope of Article 6.1 letter b) of the GDPR, as necessary to perform obligations of a contractual or pre-contractual nature;
b) to the performance of activities of marketing consisting in sending commercial communications, advertising as well as promotional material relating to, by way of example, offers and services promoted by the Data Controller. In order to inform you about the performance of the aforementioned activities, you may be contacted by telephone or you may receive the relevant material at the e-mail address you have provided.For this purpose, the legal basis for the processing is found within the scope of Art. 6.1 letter a), as these activities of marketing may be carried out by the Controller subject to your express, free and specific consent, which may be revoked at any time;
c) the fulfillment of obligations under laws, regulations and EU legislation, provisions issued by authorities empowered to do so by law.For these purposes, the legal basis for the processing is found within the scope of Art. 6.1 letter c) of the GDPR, as the processing is necessary for the fulfillment of legal obligations. - Method of processing and nature of conferment
Your personal data will be processed by the Data Controller and its data processors in accordance with the principles of fairness, loyalty and transparency referred to in Article 5of the GDPR as well as protecting your confidentiality and your rights through the adoption of appropriate technical and organizational measures that allow d guarantee a level of security appropriate to the risk. Your personal data will also be processed with the help of computer and manual systems.
The provision of your personal data for the purposes referred to in paragraph 3, letter a) above is necessary as it is strictly functional to the performance of pre-contractual and/or contractual activities and the execution of legal and regulatory obligations, therefore, your consent is not required. Otherwise, failure to provide personal data will result in the impossibility of establishing or - in certain circumstances - continuing this relationship.
The provision ofYour personal data for the purposes referred to in paragraph 3, letter b) above, is optional and any refusal will have no consequence on the execution of the contractual relationship but will result in the impossibility of sending you and, therefore, for you to receive communications and information of a commercial and advertising nature. Therefore, the collection of your personal data for such activities and the sending of commercial communications will only be possible after the acquisition of your consent. - Place and duration of storage of personal data
Your personal data will be processed at the operational offices of the Data Controller. The Owner informs you that your personal data will not be transferred outside the territory of the European Union.
Your personal data processed for the purposes referred to in paragraph 3(a) above will be kept for the time required for the performance of the pre-contractual and/or contractual measures for which it was collected. Accordingly, your personal data will be kept for the entire duration of the pre-contractual and/or contractual relationship as well as, thereafter, for the period of time required for the fulfillment of legal obligations, including those of an accounting nature and, in any case, for a time not exceeding 10 years (prescriptive period).
At the end of this period, the data will be deleted. At the end of the retention period, your personal data will be deleted. Should the Data Controller be interested in the retention of your personal data for a further period of time, it will take care to inform you of this intention, requesting your express consent for this purpose.
Your personal data processed for the purposes referred to in paragraph 3(b) above will be stored at the Controller's premises until your consent is revoked. It is understood that revocation of consent will in no way affect the lawfulness of the processing based on the consent prior to such revocation. - Communication, dissemination and transfer of data
In addition to the Data Controller, in some cases, your personal data may be accessed by employees and/or collaborators of Sibill involved in the provision of pre-contractual and/or contractual services and who will be adequately and duly authorized and instructed to do so by the Data Controller, in accordance with the provisions of art.29 GDPR as well as art. 2-quaterdecies of the Privacy Code.
In addition, third parties, such as, but not limited to, technical service providers, may have access to your personal data, hosting providers and IT companies, either in their capacity as autonomous data controllers or in their capacity as external data processors duly instructed and appointed by the Data Controller, pursuant to Article 28 GDPR. The updated list of autonomous data controllers and/or data processors appointed by the Data Controller can always be requested from the Data Controller. - Identity and contact details of the Holder
The Data Controller is Sibill S.r.l., headquartered at Via Mattine 5, 84043 Agropoli(SA), VAT/CF: 06027580650, contactable at the following e-mail address: privacy@sibill.it. - Rights of the data subject
In connection with the processing of your personal data,you may exercise your rights under Articles 15-21 GDPR, including the rights to:
- receive confirmation of the existence ofYour personal data and access to its content (access rights);
- update, amend and/or correct your personal data (right of rectification);
- request the deletion or restriction of the processing of your personal data carried out in violation of the law, including the limitation of the storage of personal data that need not be kept in relation to the purposes of the processing itself(right to deletion and right to limitation);
- receive a copy of the data in electronic format concerning you and request that such data be transmitted to another data controller (right to data portability);
- object to the processing (right to object).
To exercise these rights, or to withdraw consent to the processing for marketing, you may contact the Controller, by sending an e-mail to: sibill@legalmail.it, or a registered letter with acknowledgment of receipt to the addresses in Article 7. - Right of complaint
Should you believe that the processing of personal data relating to you is in violation of the provisions of the GDPR, you have the right to lodge a complaint with theGarantee for the Protection of Personal Data, as provided for in Articles 13 and 77of the GDPR itself, as well as in Article 140 bis of the Privacy Code, or to take appropriate legal action pursuant to Article 79 GDPR.
Document updated to March 15, 2022.