Privacy Policy

Privacy Notice for the processing of personal data of users of the website
Articles 13 and 14 of Regulation 2016/679/EU
(hereinafter also referred to as "GDPR")

• 1 - Why this notice
• 2 - Data controller
• 3 - Browsing data
• 4 - Data provided by the user
• 5 - Purposes of processing and legal basis
• 6 - Methods, processing logic, retention times, and security measures
• 7 - Communication scope and data transfer
• 8 - Retention period for your data
• 9 - Rights of data subjects
• 9.1 Right to object
• 10 - Changes to this notice
• COOKIE POLICY

1 - Why this notice.

On this page, you can find the necessary information to understand how we process your personal data, as a "User" or "Data Subject."

Regarding the offered content and provided information, we strive to keep the offered content updated and reviewed, without providing any guarantee regarding the adequacy, accuracy, or completeness of the information provided, explicitly disclaiming any responsibility for any errors/typos contained in the provided information.

2 - Data controller.

The website www.sestertivm.com is the proprietary online platform of the company SESTERTIVM SP.ZO.O, with its registered office at Bartycka 228/21 WARSAW 00-173 POLAND KRS: 0001051154, represented by the sole administrator Dr. Valeriano Lisanti, phone +48 223 988 114.

Sestertivm sp.zo.o is the data controller (hereinafter also referred to as the "Controller") of your personal data collected through the web platform (hereinafter also referred to as the "Platform") accessible from the address https://sestertivm.com/, to which this notice exclusively applies.

The email address for any requests is: info@sestertivm.com

3 - Browsing data.

The Data Controller informs that the personal data provided by you and acquired concurrently with requests for information and/or contact, registration on the website, and the use of services via smartphones or any other tool used to access the Internet, as well as data necessary for the provision of such services, including navigation data and data used for the possible purchase of products and services offered by the Controller, and also, if present, only the so-called "browsing" data of the site by you, will be processed in compliance with applicable regulations.

The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of the Internet. These are pieces of information not collected to be associated with identified individuals, but which, by their nature, could, through processing and association with data held by third parties, allow the identification of browsing users. This category of data includes "IP addresses" or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.), and other parameters related to the user's operating system and computer environment.

These data are used solely for the purpose of obtaining anonymous statistical information on the use of the site and to ensure the proper functioning of the Controller's website. It is emphasized that the aforementioned data could be used to ascertain responsibility in case of computer crimes against the Controller's site or other connected or linked sites: except for this possibility, currently, web contact data do not persist for more than a few days.

4 - Data provided by the user.

The Controller collects, stores, and processes your personal data for the purpose of providing the products and services offered on the site or for legal obligations. Regarding specific services, products, promotions, etc., the Controller may also process your data for commercial purposes. In such cases, specific, separate, optional, and revocable consent will be requested, as outlined in the following.

The optional, explicit, and voluntary sending of personal data via email to the addresses indicated in the dedicated section of the website, as well as the possible completion of questionnaires (e.g., forms) or the use of other channels made available by the Controller, involves the subsequent acquisition of some of your personal data necessary to respond to requests.

The personal data subject to processing are those freely provided to the Controller or those to which you have allowed access, mainly through cookies, if present. The provided data can be of a personal or non-personal nature.

Specifically, for individuals, the following data are required:

• Name and surname
• Date of birth
• Nationality
• Complete address
• Email
• Phone number
• Copy of an identification document (passport, ID card, or driver's license)
• Copy of a utility bill or bank statement for residency verification.

For businesses, the following data are required:

• Company name
• Country
• Phone number
• Complete address
• Email
• Copy of the good standing document (certifying the company's legal status) or the register extract document (extract from the business register)
• Copy of the Memorandum of Association
• Copy of the identification document of the director(s) of the company (passport, ID card, or driver's license)
• Copy of the residence document of the director(s) of the company (utility bill or bank statement).

The Controller does not process personal data of individuals under 18 years of age.

5 - Purposes of processing and legal basis.

The data are processed for the following purposes:

1) Strictly connected and necessary for your registration, services, and/or applications/software developed or made available by the Controller, for the use of related informational services, and for managing your requests for contact or information;

2) Related to the fulfillment of obligations under community and national regulations, public order protection, and investigation and suppression of crimes;

3) Direct marketing, i.e., for the sending of advertising material, direct sales, conducting market research, or commercial communication of products and/or services offered by the Controller.

The provision of data for the purposes mentioned in points 1) and 2), related to a pre-contractual and/or contractual phase or functional to a user request or required by a specific legal provision, is mandatory. In case of non-provision, it will not be possible to receive the requested information or access the requested services. Regarding point 3), your free, optional, and revocable consent is necessary, without consequences on the usability of products and services, except for the Controller's inability to keep you updated on new initiatives or specific promotions or benefits that may be available.

The Controller may send commercial communications regarding products and/or services similar to those already provided, under Directive 2002/58/EC, using the contact details provided by you, to which you can object through the methods described below, at the Controller's contact details.

6 - Methods, processing logic, retention times, and security measures.

Processing is mainly carried out with the aid of electronic or automated means and is performed by the Controller and/or third parties authorized by the Controller to store, manage, and transmit the data.

The processing of data will be carried out, with organizational and processing logic of your personal data, in a way that ensures a reasonable level of security and confidentiality of the data. The processed personal data will be stored for the times provided for by the regulations applicable over time.

Data sent through the Controller's Platform are encrypted using a security technology called Secure Sockets Layer, abbreviated as SSL. SSL technology encrypts information before it is exchanged over the Internet between the user's computer and the Controller's central systems, making it incomprehensible to unauthorized individuals and ensuring the confidentiality of the transmitted information.

Specifically regarding the protection of personal data, you are invited to report to the Controller any circumstances or events that may result in a potential "personal data breach" at info@sestertivm.com. This is to enable an immediate evaluation and the adoption of any actions to counter such an event.

The measures adopted by the Controller do not exempt the user from paying necessary attention to the use, where required, of passwords/PINs of adequate complexity, which should be updated periodically, especially if the user suspects they have been violated/known by third parties. Additionally, the user should carefully safeguard and make them inaccessible to third parties to prevent improper and unauthorized use.

7 - Communication Scope and Data Transfer.

For the pursuit of the aforementioned purposes, the Controller may communicate and have personal data of users/customers processed, both in Italy and abroad, to third parties with whom it has relationships, provided that these third parties offer services to the Controller. The Controller only discloses to these third parties the information necessary to perform the requested services, taking all security measures appropriate to protect your personal data. Data may be transferred outside the European Economic Area if necessary for the management of your contractual relationship. In this case, data recipients will be required to comply with protection and security obligations equivalent to those guaranteed by the Controller.

In the case of using services directly offered by partners, only the data strictly necessary for their execution will be provided. In any case, only the data necessary for the pursuit of the intended purposes will be communicated, and applicable guarantees for data transfers to third countries will be applied, if required.

Access to data is also granted to categories of individuals appointed by the Controller involved in data processing (administrative, commercial, marketing, customer service, system administrators). The updated list of Data Processors can always be requested from the Controller.

The right to communicate to other third parties remains, subject to specific and optional consent.

The categories of recipients to whom data may be communicated are available by contacting the Controller at the above contact details.

Additionally, your personal data may be communicated to competent public entities and authorities for compliance with regulatory obligations or for the ascertainment of responsibilities in case of computer crimes against the Controller. They may also be communicated to third parties (as either controllers or, in the case of providers of electronic communication services, as independent controllers) providing IT and telematic services (e.g., hosting services, website management and development) that the Controller uses for the performance of technical and organizational tasks instrumental to the operation of the website. Entities in the above categories operate as separate data controllers or as Data Processors separately appointed by the Controller.

8 - Retention Period of Your Data.

Information associated with your account, if present, will be stored until the account is active. If you decide to request the deletion of the account, your data will be deleted within 30 days at the latest.

In any case, for the purposes of point 5 - Purposes of processing and legal basis, points "1)" and "2)", information related to requested services and your interactions with us will be processed for no more than 12 months from the date of collection, unless a different retention period is required by law (e.g., data contained in fiscal documents - invoices - will be retained for 10 years).

9 - Rights of Data Subjects.

You can exercise at any time the rights recognized to you by law, including the right:

• a) to access your personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to whom they can be communicated, the applicable retention period, and the existence of automated decision-making processes;
• b) to obtain without delay the rectification of inaccurate personal data concerning you;
• c) to obtain, in cases provided for, the erasure of your data;
• d) to obtain the restriction of processing or to object to it, where possible;
• e) to request the portability of the data you provided to the Controller, i.e., to receive them in a structured, commonly used, and machine-readable format, also to transmit such data to another controller, within the limits and constraints provided for by Article 20 of the GDPR.

9.1 Right to Object

• f) You have the right to object at any time to the processing of personal data concerning you when the processing is based on the legitimate interest of the Controller, including profiling. As a Data Subject, you have the right to object at any time to the processing of personal data concerning you carried out for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing.

Furthermore, you can lodge a complaint with the Data Protection Authority following the procedures indicated on the page: https://www.uodo.gov.pl/pl/526/2464

For the processing purposes specified in point 3), the data subject can always revoke consent and exercise the right to object to direct marketing (in "traditional" and "automated" form). The objection, in the absence of a contrary indication, will apply to both traditional and automated communications.

The aforementioned rights can be exercised upon request by the Data Subject by sending an email to: info@sestertivm.com or by writing to the address of the Controller, as mentioned above.

10 - Changes to this Notice.

This notice may be modified without prior notice, and therefore, periodic reading is recommended.

This privacy notice was last updated on January 18, 2024.

COOKIE POLICY

The website only uses cookies necessary for basic functionality ( "technical" cookies).