Privacy Policy

PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

PRIVACY POLICY regarding Website Users, Customers and Suppliers, Candidates of SATFERR Srl

We inform you that, pursuant to EU Regulation 2016/679 (hereinafter: “Regulation”), the Personal Data that you have provided us or will provide us directly, through this site, directly or through third parties, will be processed by the following Companies, owner and co-owner of the processing.

1. Owner of the Processing of Data regarding Website Users, Customers and Suppliers:

SATFERR Srl - Largo Leopardi, 17 - 43036 Fidenza (PR)

Dati di contatto: info@satferr.it

Sito Web: www.satferr.it (this website)

The complete list of Data Processors and Sub-Data Processors is available upon request by writing to info@satferr.it

INTERESTED PARTIES, PROCESSED DATA, PURPOSES AND SUB-PURPOSES, STORAGE AND METHODS

I – INTERESTED PARTIES

This information concerns data that is processed through this site relating to: site users (this website), job candidates (resumes), potential customers, employees, subordinates, apprentices and trainees as well as self-employed workers (continuous as well as casual contract).
Moreover, the same information also indicates how data is processed for its Customers, Suppliers and Clients for subcontracted activities and subcontractors/subcontracted.

II - PROCESSED DATA

Information provided by the website users (this website), Customers, Potential Customers, Suppliers, candidates for a job position (resumes) or by users of the site, through the email addresses indicated on the contact page, provided directly by the interested party and/or through third parties (i.e. the company for which they work), include but are not limited to: Cookies relating to navigation data, Company Name, Name and Surname, Email Address, Telephone number, Mobile number, Personal and contact data, Bank data, User and Password (reserved area only), Data contained in the resume and other types of data.

Notice: in the event that the user communicates, by email or by the “message” and “application” fields in the contact forms, specific data categories (e.g. data relating to health, data of racial or ethnic origin, political and sexual orientations, judicial data contained in CVs) pursuant to art. 9 of Regulation (EU) 2016/679, this represents a manifestation of free, specific, informed will, through an unequivocal positive action through which the User expresses his/her explicit consent for the personal data concerning him/her to be processed by the Data Controller.

However, the Owner and the Manager(s) will do everything possible to delete this data once the required purpose has been achieved.

III – PURPOSES AND LEGAL BASES

The Data Controller directly or indirectly, also making use of other Processors and Sub-Processors whose references are available upon request at the indicated references, uses personal data for the purposes, sub-purposes and according to the legal bases specified below:

a) REQUEST FOR CONTACT, QUOTATION, PURCHASE ORDER (customers and potential customers):

The personal data provided through the compilation of a quote/order of product/service are processed in order to satisfy your contact or quote request or order fulfilment or a requested service or to contact the customer/supplier or its employees or appointed for the performance of the purposes linked to the contractual relationship.

The data are mandatory to fulfil these purposes, without which we will not be able to finalise your request.

The legal basis of this data processing is the contractual and pre-contractual obligation.

b) LEGAL AND ADMINISTRATIVE PURPOSES (customers and suppliers):

The personal data collected are aimed at carrying out all administrative, accounting and tax activities related to the active and/or passive invoicing of the services/products requested. It is understood that any refusal to provide such data and failure to consent to their processing will make it impossible to achieve the purpose. The data will be processed for the time and in the manner required by current regulations. Moreover, the data may be processed to:

i. execute legal obligations, regulations, national and community regulations and regulations deriving from provisions issued by authorities legitimised by law;

ii. ascertain, exercise and/or defend a right in the court of law of the Data Controller.

Legal bases for this processing are the Contractual and pre-contractual Obligation, Legal Obligations (i), Legitimate Interest for Common Data (ii).

c) SALES and MARKETING

The personal data listed above provided directly or through third parties (e.g. the company with which you collaborate) by the Data Controller also allow us to subscribe you to our Commercial and Marketing services by automated means (e.g. Email, Newsletter, text message, online messaging, social media, web advertising, re-marketing etc.) and/or by other non-automated means (i.e. dedicated sales staff, email, paper mail) updating you on news, initiatives, offers, events and other marketing activities organised directly or indirectly by the Data Controller.

For this purpose, if you are already a Customer, the legal basis for the processing is Legitimate Interest, on the basis of which the Data Controller can send commercial and marketing communications related to products/services that you have already purchased (art 47 GDPR).

We also inform you that, as per art. 21 of the GDPR, you always have the right to object at any time to the processing of your personal data for such purposes and that if you decide to exercise this right (see also point VIII), your personal data may no longer be processed for such purposes.

If you have not had any “Contact” with the Data Controller (SATFERR SRL) or any of its employees, including participation in an event or exhibition, the use of a product or service, the opening of an email or a direct  contact for a period of time consistent with the durability of the goods we manufacture and sell (concept of “Last Contact”), the only legal basis for this purpose remains the Consent collected through this site(s), or directly though the data subject, through third parties (i.e. the company with which you collaborate) or through our technical, sales or administrative staff.

d) WEBSITE NAVIGATION DATA (Cookies)

Cookies are portions of code installed in the user’s browser that assist the Data Controller in providing the services on the website or detecting navigation data for statistical and marketing purposes.

To find out how navigation data related to cookies are processed, please refer to the specific information on cookies available at the bottom of the page of this site

Legal bases: for this data processing, express consent is required via the cookie banner

e) DATA which can be found in the Area dedicated to employees/ self-employed workers/customers

Only the employees/ self-employed workers/customers previously registered (with their own account and password) can access this area of the website in order to access/upload documents relating to the working activity.

Legal basis for this data processing is the contractual obligation.

f) APPLICANTS for a job posting (CV and resumes)

Through the contact email on this website, we collect data provided spontaneously and voluntarily by the candidates for the evaluation of a job description and contained in the resumes sent as attachments or by email.

Should the CVs sent by candidates contain data that is not relevant to the purpose pursued, the authorized persons or Managers in charge of the recruiting process will refrain from using such information.

Therefore, candidates are advised not to enter in the free fields and/or CVs irrelevant or specific data (i.e. sensitive data) unless strictly necessary for the evaluation of the application.

Legal bases for this processing are the pre-contractual obligation (upon receipt of the resume) and the consent in case you spontaneously want to provide us with Particular Personal Data (e.g. sensitive data) as per art. 9 GDPR.

IV - DATA STORAGE

Personal data will be stored for a period not exceeding that necessary for the achievement of the purposes for which they were collected and subsequently processed. More specifically:

i. within the terms established by current legislation, i.e. 10 years for administrative and compensation data for the (b) and (e) purposes;
ii. within the deadlines established by secondary legislation that require the retention of data (for example, tax returns) for the (b) and (e) purposes;
iii. within the period necessary to protect the rights of the data subject in the event of any legal disputes related to the service provided for the (a=), (b) and (e) purposes on the basis of Legitimate Interest;
iv. The data processed deriving from the customer/supplier relationship for commercial and marketing purposes based on the Legitimate Interest referred to in letter c) will be retained until this interest is satisfied and in any case no longer than a period appropriate to the durability of the purchased good(s).
v. Where other Legal Bases do not apply, the data processed by informed consent for the purposes referred to in letters (c) and (d) will be kept until revocation of the same or exercise of another right of the User (see rights of the data subject);
vi. For the purposes referred to in letter f), the data will be retained for the time necessary for the evaluation and in any case no longer than 36 months since the receipt.

V - PROCESSING METHODS

The data provided will be processed with digital and paper tools, exclusively by our staff, specifically authorised and trained for this processing, and/or by other Data Processors selected according to the requirements and appointed by the Data controller itself.

The list of Processors and any Sub-Processors can be provided upon request by sending an email to info@satferr.it

The data will be processed with adequate organisational and instrumental security and protection measures in order to reduce risks, prevent and mitigate any breach due to loss, illicit use, incorrect or unauthorised access in compliance with Article 32 of the GDPR.

VI - MANDATORY OR OPTIONAL NATURE OF THE PROVISION OF DATA AND LEGAL BASIS FOR PROCESSING

While some data are necessary to the functioning of the site, others are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing (session cookies).

For the purposes referred to in points (a) and (b) of the previous paragraph II, the provision of personal data by Users/Customers/Suppliers is mandatory since, without them, the requested services cannot be provided.

On the other hand, the provision of personal data and consent to their processing are not mandatory but optional for the purposes referred to in points (c) and (d) of the previous paragraph and failure to consent to the processing will not prevent you from receiving the other services referred to in points (a) and (b) for the sole common data.

VII - COMMUNICATION AND TRANSFER OF DATA

i – Communication of data to third parties
Your data, limited to the purposes indicated, may also be communicated to third parties such as, but not limited to:

Banking institutions for the management of payments, Financial and Leasing Companies, Public Institutions, Judicial Authorities, Police Forces and other supervisory authorities, the Ministry of Health and public local health companies, Tax and legal consultants, IT Assistance, Web & Marketing Agencies, professionals and authorised cinema/photo-operators, authorised employees and collaborators, Processors and Sub-Processors and/or those appointed by the Data controller/Owner/Co-owners, suppliers, Transport companies, travel agencies, taxis and couriers as well as companies that we can use to provide our services.

Please note that, for no reason the data you provide, directly or through third parties (company with which you collaborate), will be transmitted to third parties, not expressly indicated in this statement, for Commercial or Marketing purposes (letter c)

ii - Transfer of Data outside the EU
Pursuant to the General Data Protection Regulation or GDPR, the transfer of such data to a third country can, in principle, take place only if such third country guarantees such data an adequate level of protection. According to that regulation, the Commission may find that, by virtue of its national legislation or international commitments, a third country ensures an adequate level of protection. In the absence of such an adequacy decision, such a transfer may be made only if the exporter of the personal data, established in the Union, provides adequate safeguards, which may result, in particular, from standard data protection clauses adopted by the Commission, and if the data subjects have enforceable rights and effective remedies. The GDPR also sets out precisely under what conditions such a transfer can take place in the absence of an adequacy decision or adequate safeguards.

The data Processor states that data are never transferred outside the European Union apart from some navigation data (marketing) for which consent is required (see cookie policy).

VIII - RIGHTS OF THE DATA SUBJECT

Individuals concerned may exercise, at any time, the rights of the Privacy Regulation, by sending a written communication to one of the addresses indicated in this privacy policy statement.

In particular, the data subject can ask the Data Controller the access to and rectification or erasure of personal data, restrictions on the data processing, or can object to the processing in addition to the right to data portability. Moreover, the data subject has the right to withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation and has the right to lodge a complaint with a supervisory authority.

It is understood that the User/Customer/Supplier exercises their rights in compliance with the conditions established in paragraph 4 and the EU Privacy Regulation 2016/679.

If, in any case, you wish to object to the processing of your data for the purposes referred to in points c) and d) carried out by the means indicated herein, as well as to revoke the consent given, you may do so at any time, by clicking on the “Unsubscribe” link at the bottom of the email or by contacting the Data Controller at the addresses indicated in this privacy policy, without prejudice to the lawfulness of the processing based on the consent given before the revocation.

If you wish to complain to the Supervisory Authority, you can do so by following the instructions at the following link: https://www.garanteprivacy.it/home/modulistica-e-servizi-online/reclamo

IX - CHANGES AND ADDITIONS TO THE PRIVACY POLICY STATEMENT

Transparency about how we treat data and keep it safe is part of our commitment to ensuring and strengthening privacy rights. For these reasons, this information may be subject to updates to the Processing; for minor changes it is advisable to periodically consult this web page.

Last update: 28.02.2025