This document describes the principles governing data processing carried out by iSemar S.r.l., via Sardegna 5, Castelfidardo (AN), hereinafter also referred to as the “Company,” as the data controller.

The data acquired by iSemar S.r.l. in the execution of the services performed, are processed in compliance with the provisions of EU Regulation no. 679/2016, "on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC” (hereinafter “Regulation” or “GDPR”).
Information regarding the cookie policy adopted by the company for this website is contained in the website's cookie policy section.

Data controller

The data controller is:

iSemar S.r.l., via Sardegna 5, Castelfidardo (AN).

You may contact iSemar at any time to exercise your rights as specified in this document at privacy@isemar.biz

Data controllers

To perform its services, the Data Controller uses Data Processors, external consultants, or companies appointed pursuant to Article 28 of EU Regulation 679/16.

1. Object of the treatment

Processing operations may concern:

• Personal data (name, surname, address, date and place of birth, CV)
• contact details (email and telephone number),
• customer data, supplier data, company data

2.Purpose of data processing (Article 24, letters a, b, and c, Privacy Code and Article 6, letters b and e, GDPR)

The data processed will be used for the purposes specified from time to time in the specific information provided before accessing each service. 
In particular, the personal data (Data) collected may be processed for the following purposes:

a) execute a specific request from the user, supplier or customer by providing the requested service;
b) allow the Company to carry out surveys aimed at improving the quality of the products and services provided, by virtue of the Company's legitimate interest (“Customer Satisfaction”);
c) with the prior consent of the interested party, send commercial and/or promotional communications on the Company's products and services, as well as carry out market research ("Marketing");
d) improve the user experience on the Company's websites;
e) send any request via the site's contact form.

The Data may be processed using paper, automated or electronic means and, in particular, by ordinary mail or email, telephone, fax and any other IT channel.

3. Data processing methods (Article 4 of the Privacy Code and Article 5 of the GDPR)

Personal data will be processed, including through the use of IT tools, in compliance with the methods indicated in the GDPR, which provides, among other things, that the data itself be:

• treated according to the principles of lawfulness, transparency and fairness;
• collected and recorded for specific, explicit and legitimate purposes (“purpose limitation”);
• adequate, relevant, and not excessive in relation to the formalities of the processing (“data minimization”);
• accurate and up-to-date (“accuracy”);
• stored for a period of time not exceeding the achievement of the purposes for which they are processed (“storage limitation”);
• processed using tools that are suitable to guarantee their security and confidentiality, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (“integrity and confidentiality”).

Personal data is retained for the duration necessary to fulfill the agreed contractual obligations and, in any case, for the purposes of maintaining accounting records and to withstand any disputes that may arise.

In the event that data is processed for marketing purposes, the Data Controller will process personal data for no longer than 36 months from the date of collection of consent to processing. Consent may be revoked at any time without affecting the lawfulness of the processing carried out prior to such revocation.  

4. Legal basis

The legal basis for the processing is the fulfillment of contractual obligations, pre-contractual measures, and legal requirements in order to manage the contract agreed with the client in execution of the specific project.

5. Transfer and/or communication of data

 
The processed data may be communicated to other companies within the group.

As part of the Company's contractual relationships, the Data may be transferred outside the European Economic Area (EEA), including by entering it into databases managed by third-party companies operating on the Company's behalf. Database management and data processing are limited to the purposes for which they were collected and are carried out in full compliance with applicable data protection laws.
Whenever the Data is transferred outside the EEA, the Company will adopt all appropriate and necessary contractual measures to ensure an adequate level of Data protection.
 

6. Rights of the interested party (Article 7 of the Privacy Code and Articles 15–21 of the GDPR)

For each service provided, it will be possible to exercise the following rights:

• access to personal data, requesting that this data be made available to him/her in an intelligible form, as well as the purposes on which the processing is based (pursuant to art. 15);
• to obtain the rectification (pursuant to art. 16) or erasure (pursuant to art. 17) of the same or the limitation of processing (pursuant to art. 18);
• to obtain data portability (pursuant to art. 20);
• to object to the processing of data (pursuant to art. 21);
• to lodge a complaint with the competent supervisory authority.

 
The above-mentioned rights can be exercised by sending requests to the following email address: privacy@isemar.biz

7. Nature of the provision of data and consequences of any failure to communicate the data

The provision of data is necessary for the correct execution of the Company's contractual and pre-contractual obligations, and failure to provide such data will make it impossible to conclude the contract.