Synextra s.p.a., based in Via Privata Archimede n. 4/6 20094 Corsico (MI) (following “Synextra”), constantly strives to protect on-line privacy of its website www.synextra.com users (following the “Site”). This document (following the “Policy”) has been drawn up in order to allow you to understand how your personal data will be processed when using the Site. This Policy is intended to provide every information necessary to express an explicit and informed consent to the processing carried out by means of the Site.
In general, any information or personal data provided to Synextra through the Site, or that is collected in other ways through the Site when using Synextra branded services (following the “Services”) and better defined in Paragraph 3 below, will be treated according to internationally recognized principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
INDEX
1.Data Controller and Data Protection Officer
SYNEXTRA, as identified at the beginning of this Information, is the Data Controller with regard to all personal data that are processed through the Site.
Contact the Data Protection Officer of SYNEXTRA at: privacy@synextra.com.
2. The personal data being processed
As a result of browsing the Site, SYNEXTRA will process information about you, which can consist -also depending on how you use the Services, in an identifier such as a name, an ID number, an online identifier, as well as one or more characteristic elements of your physical, physiological, psychological, economic, cultural or social identity suitable for identifying you (following “Personal Data”).
Your Personal Data may be collected either because you voluntarily provide them (asking to be contacted by SYNEXTRA in order to receive information on the services offered) or just analyzing your behavior on the Site).
The Personal Data processed through the Site are the following:
Nome, dettagli di contatto e altri Dati Personali
When browsing the Site, included, in particular, the contact section, or in case of sending applications, you will be asked information as to your name, telephone number, email address, date of birth, country of residence, address and so on.
The Personal Data provided for this purpose will be processed by SYNEXTRA as described in the Policy provided.
Special categories of personal data
By submitting a contact request or an application you can provide to SYNEXTRA some free information, which may contain Personal Data.
Because some sensitive categories of Personal Data can be contained in these free information (voluntarily or not) communicated, for example the ones capable of revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data to uniquely identify a natural person or relating to the health or sexual life or sexual orientation of the person, SYNEXTRA invites not to send such Personal Data unless strictly necessary.
Please note that providing these special categories of Personal data is totally optional and can be processed only with your explicit consent and in compliance with the current pro tempore legislation. SYNEXTRA emphasizes the importance of explicitly expressing consent to processing of special categories of Personal Data, whenever you decide to share them, and that such data will not be processed if they are not strictly related to specific purposes.
Data of third parties submitted by the data subject
In some parts of the Site it is possible to post text messages to SYNEXTRA that could contain (voluntarily or not) Personal Data of third parties.
In this case, the submitter sets itself as independent data controller, assuming all legal obligations and responsibilities. This means, that they grant to SYNEXTRA the widest indemnity against any third party (whose Personal Data were processed through the use of the functions of the Site in violation of the applicable data protection rules) complaint, claim or claim for compensation for the damage arising from unlawful processing, etc.
In any case, anybody providing or processing Personal Data of Third Parties when browsing the Site, will grant -taking all related responsibilities, from the beginning that this use is based on a consensus by the third party or appropriate legal basis which legitimize the processing at stake.
Navigation data collected anonymously
The computer systems and software procedures that operate the Site capture, during normal operations, personal data the transmission of which is implicit in the use of the Internet communication protocols. These data are not gathered to be related to identified interests but, by their very nature, could allow identification of users through processing and association with data held by third parties.
This category includes IP addresses or domain names of computers of users who connect to the Site; the addresses in URI (Uniform Resource Identifier) notation of the required resources, time of request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and the other parameters related to the operating system and the user’s IT environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and check on its proper functioning, identify anomalies and/or abuse. Except in cases where the data are used to ascertain alleged computer crimes responsibility against the Site or third parties, such data do not persist for more than seven days.
Cookies
Information about the use of cookies are available in the Cookie Policy.
3. Purpose of the processing
SYNEXTRA will use the personal data collected through the Site for the following purposes:
Verifying the identity and helping the user, sending on request the newsletter with informational and no commercial material of SYNEXTRA, sending any other explicitly requested information; processing orders and delivering the requested services; allowing the request of a quote, finding the nearest SYNEXTRA site or providing any other Service needed (following “Provision”);
Creating a user’s profile by means of profiling cookies, if accepted, collecting and analyzing information from general activities, selections and choices when browsing the Site. This profile is to be used to customize information on other websites/services that SYNEXTRA deems of the interest of the user, and adverts possibly on tailored needs. Any algorithm involved, is routinely tested to verify the process and prevention of faults (following “Profiling”);
Complying legal obligations on SYNEXTRA about collecting and processing specific Personal Data (following “Compliance”);
Preventing and detecting any abuse of the Site or any fraudulent activity (following “Abuse/Fraud).
4. Legal basis and mandatory or optional nature of the treatment
Legal bases used by SYNEXTRA to process your Personal Data, according to the purposes previously listed in paragraph 3:
Provision: to provide Services, personal data processing is required, from the pre-contractual phase to the performance of the contract. Providing SYNEXTRA with your personal data for this purpose is not mandatory but without, performing our Service will not be possible.
Marketing: personal data processing builds on consent. It’s not mandatory and can be recalled anytime without any consequence (except no longer receiving marketing news from SYNEXTRA). To recall consent, follow directions in Information, Paragraph 8.
Soft Spam: for this purpose, data processing is based on the interest of SYNEXTRA to send via email marketing news about services and products similar to those already purchased. Receipt of these news can be stopped without any consequence (except no longer receiving similar news from SYNEXTRA), just sending an email to privacy@synextra.com;
Profiling: for this purpose, data processing is on consent, given via banner cookie and/or dedicated checkbox. It is not mandatory to consent and it is any time possible to recall the agreement without any consequence (except no longer receiving customized sales offers from SYNEXTRA). To recall a former agreement, follow directions as to Information, Paragraph 8.
Compliance: for this purpose, data processing is required for SYNEXTRA to comply to any legal obligations. SYNEXTRA processes the Personal Data provided in accordance with the applicable rules, this could cover their retention and disclosure to the Authorities for accounting, tax or other obligations.
Abuse/Fraud: all information collected for this purpose are to be used exclusively to prevent / detect any fraudulent activity or abuse in the use of the Site, if constituting criminal offence.
5.Recipients of Personal Data
Personal Data can be shared with (following “Recipients”):
Anyone typically acting as data controller, like officers, companies or professional practices providing assistance and advice to SYNEXTRA in matters of accountancy, administrative, legal, taxation, finance, debt collection related to its Provision;
Anyone with whom it is necessary to interact for the Provision (like hosting providers or providers of email platforms);
Anyone appointed to carry out technical maintenance activities (including network devices and electronic communication network maintenance);
Personnel authorized by SYNEXTRA to process Personal Data strictly needed for Provision, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (SYNEXTRA employees);
Companies of the SYNEXTRA Group for administrative purposes, including the process of customers and employees Personal Data;
Officers, institutions or authorities to which disclosure of Personal Data is mandatory for the purpose of Compliance, Abuse/Fraud or requests by the authorities;
6.Transfers of personal data
Personal Data are stored on servers in the EU. It is clear that SYNEXTRA, as Data Controller, if necessary can relocate the servers out of the EU. In this case, the Controller assures that this relocation, subject to stipulation along the standard contractual clauses provided by the European Commission, will happen in compliance with applicable legal provisions. SYNEXTRA ensures that Personal Data are to be processed by these Recipients in compliance with applicable law and with appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses approved by the European Commission or other appropriate guarantees.
Further information from SYNEXTRA are available from: privacy@synextra.com.
7.Storage of personal data
Personal Data processed for Provision are to be stored by SYNEXTRA for the time strictly necessary for the pursuit of this objective. Anyway, SYNEXTRA can store them for longer time where they are requirement for the Provision and this could be necessary to protect the interests of SYNEXTRA from responsibility for the Provision.
Personal Data processed for the purposes of Marketing and Profiling will be stored by SYNEXTRA until the withdrawal of consent, which is to be periodically renewed. Once consent is recalled, SYNEXTRA can no longer use the Data for these purposes; it may anyway store them longer, if necessary to protect the interests of SYNEXTRA for responsibilities from these processes.
Personal Data processed for the purposes of Soft Spam will be stored by SYNEXTRA until the withdrawal of consent by means of the link at the bottom of each Soft Spam email.
Personal Data processed for the purposes of Compliance will be stored by SYNEXTRA for the time provided for by specific legal obligations or applicable legislation.
Personal Data processed for the purposes of Abuse/Fraud Prevention will be stored by SYNEXTRA for the time strictly necessary for that purpose, this means until SYNEXTRA must keep them for legal purposes and communicate them to the competent authorities
8. Rights of the data subject
In relation to the processing of personal data carried out by Synextra, anytime can be requested:
accessing, correcting or cancelling of Data pursuant to art. 17 of the GDPR, completing of incomplete Data, restriction of processing;
Receiving Data in a structured, commonly used and machine-readable format and, if technically possible, the transmission to other data subject without hindrance when conditions for exercising the right to portability referred to in art. 20 of the GDPR occur (processing based on consent according to art. 6.1 lett.a) or 9.2 lett.a) of the GDPR or the contract according to art. 6.1 lett.b) and performed by authomatic device);
Recalling of consent released for the previous art. 3 and opposing in whole or in part, to the treatment in the allowed cases;
Complaint lodging with the Guarantor, as well as exercising the other rights recognized by the applicable law (art. 16-21 GDPR).
PAny right can be exercised by writing to SYNEXTRA at: privacy@synextra.com.
It is always possible to lodge a complaint with the competent Supervisory Authority if Data processing is deemed non- compliant to the regulation in force.
9. Changes
This Policy is in force since 05/25/2018.
SYNEXTRA reserves itself the right to modify or simply update the content, in part or in full, also due to changes in the applicable legislation: SYNEXTRA will give notice of the changes as soon as they are implemented and they are binding as soon as published on the Site.
SYNEXTRA suggests to regularly visit this page to stay informed of the Policy updates, so to be aware of the Personal Data collected and their use by SYNEXTRA.