PRIVACY NOTICE
(Revision 02 dated 16.11.2018)

Si&T is committed to protecting the personal data entrusted to it. Therefore, their management and security are guaranteed with the utmost attention, in compliance with privacy regulations.

Si&T S.r.l., with its legal and administrative headquarters at Via Gorizia, 83 – 63100 Chieti Scalo, VAT ID 02337470690 (hereinafter referred to as “Data Controller”), in its capacity as Data Controller, pursuant to Legislative Decree 196/2003 (hereinafter, “Privacy Code”) and EU Regulation No. 2016/679 (hereinafter, “GDPR”), informs you that these regulations provide for the protection of individuals and other parties regarding the processing of personal data and that such processing will be based on principles of fairness, legality, transparency, and the protection of your privacy and rights.

Subject of Processing

The Data Controller processes personal data, both identifying and non-sensitive (specifically, name, surname, tax code, VAT number, email, phone number, bank and payment references) provided by you during registration on websites and/or when entering into contracts for services provided by the Data Controller.

Purpose of Processing

The personal data collected, including any sensitive data that Si&T S.r.l. may possess at the client’s initiative in relation to specific operations or particular services requested by the client (e.g., for providing specific services in personnel management from which participation in union meetings may be inferred), will be processed for the following purposes:

• Compliance with obligations set by laws, regulations, community legislation, as well as instructions from authorities and supervisory bodies;
• Management and execution of pre-contractual and/or contractual relationships with clients both in Italy and abroad, through the input of provided data into the IT systems of the Data Controller and its subsidiaries/affiliates, as well as for quality control of the services offered and fraud risk management related to services provided, such as IT fraud;
• Communication of information and commercial promotions, including automated methods, via phone, SMS, MMS, and email, related to the offering of products and services, as well as for market research, surveys, and personalized or statistical analysis, including through electronic processing of obtained information.

Failure to provide data partially or wholly may result in the partial or total impossibility of achieving the above purposes. Si&T will process data based on the consent of the data subject.

We will not use personal data for purposes other than those described in this notice unless we inform you in advance and, where necessary, obtain the consent of the data subject.

Processing Methods

Personal data processing involves the operations indicated in Article 4 of the Privacy Code and Article 4 (2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Personal data are processed both manually and electronically/automatically. Processing is in compliance with principles of fairness, legality, transparency, and the protection of privacy and rights of the data subject. To comply with current regulations, Si&T has adopted the following measures:

• Encryption of data in transmission with HTTPS protocol;
• Cloud certification according to ISO 27001:2013;
• Process certification of Si&T according to ISO 27001:2013;

Data Access

In addition to the Data Controller, categories of data processors and third parties involved in the company organization (administrative, commercial, marketing staff, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies) may have access to the data. These are appointed as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Data Communication

Data will be stored at our headquarters and communicated only to competent parties necessary for the correct management of the relationship, ensuring the protection of the data subject’s rights. Data will be processed only by personnel expressly authorized by the Data Controller. Without the need for explicit consent (Article 6 (b) and (c) of the GDPR), the Data Controller may communicate the data in its possession for the purposes referred to in Article 2.a to supervisory bodies (such as IVASS), judicial authorities, and other entities to whom communication is mandatory by law for the fulfillment of these purposes. Such entities will process the data as autonomous data controllers.

Data Transfer

The management and storage of personal data will occur on servers located within the European Union of the Data Controller and/or third-party companies appointed and duly designated as Data Processors. Currently, the servers are located in Italy and at the operational headquarters of the Data Controller. Data will not be transferred outside the European Union. However, the Data Controller reserves the right to move server locations within Italy and/or the European Union and/or non-EU countries if necessary. In such cases, the Data Controller ensures that data transfer outside the EU will comply with applicable legal provisions by entering into agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

COOKIES

Si&T uses cookies to offer a better and more personalized service. This Privacy Notice (“Cookie Policy”) transparently informs you about how and for what purposes we use cookies.

What is a Cookie and Why is it Used?

We use cookies in certain areas of our site. Cookies are text files that store information on the user’s hard drive or browser and allow us to track if the user has previously visited the website, as well as the most visited pages, by recording which pages have been visited and the time spent on them. To modify cookie preferences, due to differences in settings across various browsers used to access the Internet, it is advisable to click on the Help menu of the browser used to understand how to proceed. Below is a list of links to the most commonly used browsers explaining how to manage or disable cookies:

• Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
• Google Chrome: https://support.google.com/chrome/answer/95647
• Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
• Opera: http://help.opera.com/Windows/10.00/it/cookies.html
• Safari: https://support.apple.com/kb/PH19255

Types of Cookies Used

The types of cookies used on the company website are:

• Technical session cookies for authentication (site management, restricted areas, cookie acceptance);
• Third-party cookies for monitoring (Google Analytics);
• Cookies from third parties represented by social plugins;
• Third-party cookies for displaying embedded videos (YouTube).

Technical Cookies

The use of technical cookies, i.e., necessary for transmitting communications over an electronic communication network, or cookies strictly necessary for the provider to deliver the requested service to the client, enables safe and efficient use of our site. Session cookies may be installed to allow access and stay in the restricted area of the portal as an authenticated user.

Technical cookies are essential for the proper functioning of our domain and are used to allow users to navigate normally and access advanced services available on our website. Technical cookies are distinguished between session cookies, which are stored only for the duration of the navigation until the browser is closed, and persistent cookies, which are saved on the user’s device until their expiration or deletion by the user. Our site uses the following technical cookies:

• Navigation or session cookies, used to manage normal navigation and user authentication;
• Functional technical cookies, used to store customizations chosen by the user, such as language;
• Analytics technical cookies, used to understand how users use our website in order to evaluate and improve its performance.

Third-Party Cookies for Monitoring (Google Analytics)

Third-party monitoring cookies can be disabled without affecting website navigation. This site uses Google Analytics provided by Google, Inc. (hereinafter, Google) to generate statistics on the use of the web portal. Google Analytics uses non-third-party cookies, which do not store personal data. The data processing location is in the United States.

For Google Analytics information, visit: http://www.google.com/intl/en/analytics/privacyoverview.html.

For Google privacy rules, visit: https://www.google.it/intl/it/policies/privacy.

Third-Party Cookies Represented by Social Plugins

Third-party cookies represented by social plugins relate to parts of the visited page generated by social network sites (e.g., Facebook, Twitter, LinkedIn) integrated into the hosting site page. The most common use of social plugins is to share content on social networks. The presence of these plugins results in the transmission of cookies to and from all sites managed by third parties. For greater transparency, below are the web addresses of different social networks’ privacy policies and ways to manage cookies:

• Facebook (information): https://www.facebook.com/help/cookies
• Facebook (configuration): Access your account, in the privacy section;
• Twitter (information): https://support.twitter.com/articles/20170514
• Twitter (configuration): https://www.twitter.com/settings/security
• LinkedIn (information): https://www.linkedin.com/legal/cookie-policy
• LinkedIn (configuration): https://www.linkedin.com/settings

Third-Party Cookies for Viewing Embedded Videos (YouTube)

Third-party cookies for viewing embedded videos can be disabled without affecting website navigation.

This site uses YouTube provided by Google, Inc. (hereinafter, Google) for video viewing. YouTube uses non-third-party cookies, which do not store personal data. The data processing location is in the United States. For YouTube’s privacy information, visit: https://www.youtube.com/static?template=privacy_guidelines.

For YouTube’s privacy rules, visit: https://www.google.it/intl/policies/privacy.

For Vimeo cookie policy, visit: https://vimeo.com/cookie_policy

For Vimeo’s privacy rules, visit: https://vimeo.com/privacy

How to Delete Cookies

Most browsers allow users to manage cookies through their settings. By deleting cookies, users may lose saved information or preferences.

Ecco la traduzione in inglese del testo fornito:

—

**Disclosure**

Your personal data will not be disclosed in any way.

**Rights of the Data Subject**

As a data subject, you have the rights under Article 15 of the GDPR, specifically:

1. **Right to Access**: To obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and to receive such data in an intelligible form.

2. **Right to Information**:
– The source of the personal data;
– The purposes and methods of processing;
– The logic applied in case of processing carried out with electronic tools;
– The identity of the Data Controller, the Data Processors, and the designated representative according to Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;
– The subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as representatives designated in the State, data processors, or persons in charge.

3. **Right to Rectification and Erasure**:
– To obtain the update, rectification, or, when relevant, the integration of data;
– To obtain the erasure, anonymization, or blocking of data processed in violation of the law, including data that is no longer necessary in relation to the purposes for which it was collected or subsequently processed;
– To receive confirmation that the operations referred to in the previous points have been notified, including their content, to those to whom the data has been communicated or disclosed, except where such notification proves impossible or involves a disproportionate effort compared to the protected right.

4. **Right to Object**:
– To object, in whole or in part, for legitimate reasons to the processing of personal data concerning you, even if relevant to the purpose of collection;
– To object to the processing of personal data concerning you for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communications, using automated calling systems without the intervention of an operator by email and/or traditional marketing methods by phone and/or postal mail. Note that the right to object to direct marketing by automated means extends to traditional marketing and that the data subject can also choose to receive only traditional communications, only automated communications, or none of these.

5. **Additional Rights**:
– As applicable, you also have the rights under Articles 16-21 GDPR (Right to Rectification, Right to Erasure, Right to Restriction of Processing, Right to Data Portability, Right to Object), and the right to lodge a complaint with the Supervisory Authority.

**How to Exercise Your Rights**

You can exercise your rights at any time by sending:

– A registered letter with return receipt to: Si&T srl, Contrada Frate Nardangelo 65019 PIANELLA (PE) Italy
– An email to: a.pavone@si-t.it

**Minors**

This site and the Data Controller’s services are not intended for individuals under 18 years of age, and the Data Controller does not intentionally collect personal information about minors. Should any information about minors be inadvertently collected, the Data Controller will promptly delete it upon request from users.

**Changes to This Policy**

The Data Controller reserves the right to make changes to this policy at any time, giving notice to users on this page. Therefore, please consult this page regularly, referring to the date of the last modification indicated at the bottom. If you do not accept the changes to this privacy policy, you are required to stop using this application and may request the Data Controller to delete your personal data. Unless otherwise specified, the previous privacy policy will continue to apply to the personal data collected up to that point.

**Data Retention Period**

For the entire duration of the relationship and for the time required by laws that impose the retention of accounting documentation. If the data processed is outside the scope of the aforementioned laws, retention is up to 24 months or, at the request of the data subject, until deletion upon the data subject’s request that demonstrates valid reasons for early erasure.

**Information Not Contained in This Policy**

Further information regarding the processing of personal data can be requested at any time from the Data Controller using the contact information provided.

**Data Controller**

Si&T S.r.l., Contrada Frate Nardangelo 65019 Pianella (PE) Italy.

**Data Processors**

The updated list of Data Processors, Third Parties/Designated Representatives of the Processing, and Data Protection Officer is kept at the registered office of the Data Controller.