Sitip S.p.A. Privacy and Social Media Policy

GENERAL INFORMATION

This is to inform customers/suppliers (data subjects) and their representatives (hereinafter, the “data subjects” pursuant to Art.4.1 of the GDPR) that the professional relationships established with the undersigned Controller may involve the processing of personal data, in accordance with the following general principles:

all data is processed lawfully, correctly and transparently with the data subject in accordance with the general principles set out in Art. 5 of the GDPR;
specific security measures are taken to prevent the loss of data, illicit or incorrect use and unauthorized access;
the Data Controller is the undersigned Company: Sitip S.p.A. – Via Vall’Alta, 13 – 24020 – Cene (BG)
data subjects may contact the Controller to exercise all the rights under Articles 15-21 of the GDPR (right to access, rectification, erasure, restriction of processing, portability and right to object), and to withdraw previously granted consent or to submit a complaint to the Data Protection Authority.

SUBJECT OF THE PROCESSING

The Controller processes personal data identifying the customer/supplier (e.g. name, last name, company name, personal/tax data, address, telephone number, email address and bank and payment information) and its representatives (name, last name and contact details) acquired and used in the context of the provision of services by the Controller.

PURPOSE AND LEGAL BASIS OF PROCESSING

The data is processed to:

conclude contractual/professional relationships;
fulfil the pre-contractual, contractual and tax obligations deriving from relationships in place and to manage the necessary communications related to them;
comply with the obligations established by law, a regulation, European Community regulations or an order by the Authority
exercise a legitimate interest or right of the Controller (e.g. the right of defence in court, the protection of credit positions and ordinary internal operating, management and accounting requirements).
failure to provide such data will make it impossible to establish a relationship with the Controller. The above-mentioned purposes are, in accordance with Art. 6.b/c/f, suitable legal bases for lawful processing. The data subjects shall be asked to give specific consent should the Controller intend to carry out processing for other purposes.

MEANS OF PROCESSING

The personal data is processed by way of the operations indicated in Art. 4.2) of the GDPR, i.e.: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data; Personal data is processed using hard copy and electronic and/or automated operations. The Controller will process personal data for the amount of time necessary to fulfil the purposes for which it was collected and to meet the related legal obligations.

PURPOSE AND LEGAL BASIS OF PROCESSING

SCOPE OF PROCESSING

The data is processed by internal subjects regularly authorized and trained in accordance with Art. 29 of the GDPR. Data subjects may also ask about the scope of communication of their personal data and receive specific information on any third parties operating as Data Processors or independent Controllers (consultants, technicians, banks, forwarding agents, etc.). In addition, the personal data may be disclosed between the group companies. The data is not disseminated or transferred to non-EU countries. If it becomes necessary, in the context of tenders/contracts or to fulfil regulatory obligations (e.g. joint and several liability and anti-corruption, anti-mafia, anti-money laundering reporting obligations, etc.), to acquire the personal data of customers’/suppliers’ employees from such customers/suppliers, the parties agree that the undersigned company shall be entitled to process such data in its capacity as Processor (Art. 28 GDPR) or processor acting under the authority of the Controller or Processor (Art. 29 GDPR). As part of this relationship, the undersigned company undertakes to process such data in accordance with the requirements of the GDPR, ensuring that any disclosure to other third parties shall occur exclusively within the scope of specific legal obligations.

SOCIAL MEDIA POLICY FOR FACEBOOK AND INSTAGRAM

Policy for the Sitip S.p.A. Facebook fanpage and Instagram account.

Sitip S.p.A. hereby establishes the essential rules for the correct use of its fanpage by the company and the people who interact with the page.

We have created our Facebook page and Instagram account to engage with people interested in our activities and, accordingly, we are interested in reading our fans’ ideas, comments and suggestions. The page is managed during office hours from 8:30 a.m. to 5:30 p.m., Monday through Friday. The staff that manage the page will handle users’ requests and try to respond as soon as possible, ensuring that requests are handled (initial feedback) within 24 hours.

If it takes longer to respond, this is because the topic requires further analysis in order to provide users with all the information they need.

Sitip S.p.A. informs all users that the use of the page and its contents is strictly dependent on compliance with the provisions of current law and with the rules of etiquette and upstanding conduct with the page administrators and other users.

Sitip S.p.A. has established the following code of conduct, what constitutes a violation and the consequent actions envisaged by the page administrators.

CODE OF CONDUCT

We ask users to follow these rules of good conduct on the page:

respect for the ideas and actions of others, as all users are entitled to express their opinions in accordance with the rules defined herein;
maintain polite conduct and language with respect to the activities of page administrators and other users;
comply with all applicable legal requirements.

DELETION OF MESSAGES AND ANY FAN BLOCKING/REPORTING TO FACEBOOK AND INSTAGRAM

The following constitute violations of the rules of use for the Sitip S.p.A. page and will therefore be handled by deleting the messages and/or by blocking the users from the page:

inappropriate content concerning Sitip S.p.A.;
personal insults, offensive, disparaging, defamatory, confrontational or vulgar comments or comments that incite any kind of violence;
racist comments, political or religious activism;
spam or automatically-generated content or repetitive comments in the same or separate messages;
advertising messages or those that generally offer services or goods for commercial purposes;
messages that violate the rights of third parties (copyright).

Sitip S.p.A. reserves the right to report to the competent Authority any abuse or violation of the law, providing the information (messages, comments etc.) and any data that is useful and/or expressly requested by the Authority to prevent and repress any alleged offences.

We remind you that users who publish and/or share their own content on the official page thereby authorise Sitip S.p.A. to use, publish and disseminate the same and also grant the right to use such content exclusively within the scope of the management of the Facebook page and Instagram account to develop and improve its business and meet the needs expressed by users.

Lastly, users waive any possible claims for compensation from Sitip S.p.A. for the rights to photographs, images, names, videos and any other content published and/or shared by users on Sitip S.p.A.’s official Facebook page and Instagram account.