Privacy Policy

 

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“the Regulation”), we would like to inform users about the methods and purposes of processing the personal data of those who interact with our websites. This Web Privacy Policy is provided exclusively for https://www.sarlux.saras.it (hereinafter referred to as the “website”), and not for any other websites that may be consulted by the user. This Policy takes into account all relevant legislation, with particular reference to:

  • Recommendation No 2/2001 of the Article 29 Working Party certain minimum requirements for collecting personal data on-line in the European Union;
  • Directive 2009/136/EC, amending Directive 2002/58/EC (e-Privacy Directive), concerning the processing of personal data and the protection of privacy in the electronic communications sector;
  • General Measure of the Italian Data Protection Authority “Identification of the simplified procedures for disclosing the cookie policy and obtaining consent for the use of cookies” of 8 May 2014;
  • “Guidelines on cookies and other tracking tools” of the Italian Data Protection Authority of 10 June 2021.

 

Data Controller

The data controller is Sarlux S.r.l., with registered office in 09018 Sarroch (CA), S.S. 195 Sulcitana, Km 19.
You can contact the Privacy Office by writing to: privacy@saras.it.

 

What types of data do we process?

Consultation of this website does not involve visitor identification.

1) Tracking and statistical data

The applications used to operate this website use cookies or other tracking tools which, unless otherwise specified, have the general purpose of providing the service requested by the user or to customise it, and are detailed in the Cookie policy.

2) Browsing data

The computer systems used to operate the website acquire, in the course of their normal operation and for the sole duration of the connection, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but due to its nature it could enable user identification through processing and association with data held by third parties or this data controller. This category of data includes:

  • IP addresses or domain names of the computers of users visiting the website;
  • the URI (Uniform Resource Identifier) addresses of the pages visited;
  • the time of the request;
  • the method used to submit the request to the server;
  • the size of the file obtained in response;
  • the numerical code indicating the status of the response given by the server (successful, error, etc.);
  • the characteristics of the browser used;
  • the size of the window in which the browser runs on the device being used;
  • other parameters relating to the user’s operating system and computer environment.

These data are also processed to obtain statistical information on the use of the services (most frequently visited pages, number of hourly or daily visitors, geographical location, etc.) and to monitor the proper functioning of the services offered. All these data are always processed in an anonymous and aggregate form: no data that could make it possible to identify the users’ personal identity are processed. Your browsing data will be stored for no longer than is necessary for the purposes for which they are collected and processed, and in any case, for no longer than 12 months (except for the purpose of detection of offences by judicial authorities).

3) Data provided by the user

The optional, clear and voluntary sending of messages to the website’s contact addresses and private messages sent by users to official profiles/pages on social media (where this is possible) involve the acquisition of the sender’s contact data, which is necessary in order to provide a response, as well as all the personal data included in the message.

Personal data provided in this way are processed by the Data Controller only for the time necessary to achieve the purposes for which such data were acquired; once these purposes have been achieved, the personal data are deleted or made irreversibly anonymous.

 

Purpose of processing

The purpose of processing the user’s personal data is to offer better navigation through personalisation tools. Specifically, the personal data provided by the users are used:

  1. to guarantee data security and prevent unforeseen events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and to apportion liability in the event of any computer crimes against the website.
  2. to fulfil obligations required by law, by an authority, by a regulation or by European legislation.

In any case, when collecting the user’s personal data, the data controller will provide specific notices describing the purposes of the processing and, where required, will request your consent.

 

Cookies

Cookies are small text strings that a website sends and stores on the user’s device, for use by the website at the next visit by the user. During browsing, the user may also receive on his/her device cookies that are sent by different websites or web servers (belonging to “third parties”), which may have some elements (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the website visited. Cookies are used for different purposes such as, for example, monitoring sessions, storing information about specific configurations of users accessing the server etc.

For more information about cookies, please see the Cookie Policy.

 

Personal data processing methods

Personal data collected by the website are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. The data controller undertakes to respect and protect the confidentiality of the data provided, processing them in accordance with the provisions of the law and in such a way as to ensure the accuracy and updating of the data as well as its relevance to the purposes of the processing. Sarlux S.p.A. has taken appropriate security measures to prevent the unauthorised access, disclosure, alteration or destruction of personal data. Specifically, appropriate technical and organisational security measures have been implemented to prevent damage, whether material or non-material (e.g. loss of control of personal data or limitation of rights, discrimination, identity theft, financial loss, unauthorised decryption of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social damage).

 

Persons to whom personal data may be communicated

The data provided by the User and those collected by the Website as part of its services (e.g. IP address) will not be disclosed and may be communicated, for the purposes and in the manner described in this Privacy and Cookie Policy, to the categories of entities indicated below:

  • companies, collaborators, consultants or freelance professionals that the Company appoints to carry out tasks of a technical or organisational nature (such as, for example, IT service providers), or with whom the Company collaborates (including other companies in the Group), in order to provide and operate its services, or for any communication activities;
  • persons, companies or professional firms providing assistance and advice to the Company, particularly, but not exclusively in accounting, administrative, legal, tax and financial matters;
  • entities whose right to access the data is recognised by law or by orders of the Authorities.

 

The entities belonging to the above categories will use the data in their capacity as independent data controllers pursuant to the law or as data processors, duly appointed by the Company pursuant to Article 28 of the GDPR Regulation.

 

Transfer of data to non-EU countries/organisations

Where necessary for the purposes mentioned above, the data subject’s data may be transferred abroad, to non-EU countries/organisations which ensure a level of protection of personal data deemed adequate by the European Commission by a decision, or on the basis of other appropriate safeguards, such as the Standard Contractual Clauses adopted by the European Commission. A copy of any data transferred abroad, as well as the list of non-EU countries/organisations to which the data have been transferred, may be requested from the data controller by sending an e-mail request to privacy@saras.it.

 

Rights of the data subject

Articles 15 to 22 of the GDPR Regulation give data subjects the possibility of exercising specific rights. In particular, the data subject can obtain: a) confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data;  b) rectification of inaccurate personal data and the right to have incomplete personal data completed;  c) the erasure of personal data concerning him or her in the cases where the Regulation so allows;  d) restriction of processing, in the cases provided for by the Regulation;  e) the communication of any requests of rectification or erasure of personal data or restriction of processing made by the data subject to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort; f) receipt of the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller at any time, including upon cessation of any relationships held with the controller. The data subject also has the right to object at any time to the processing of personal data concerning him/her: in such cases, the controller is obliged to refrain from any further processing, except in the cases allowed by the Regulation. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless such a decision: a) is necessary for entering into, or performance of, a contract between the data subject and a controller; b) is authorised by Union or Member State law to which the controller is subject; c) is based on the data subject’s explicit consent. In the cases referred to in points (a) and (c) above, the data subject shall have the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. Requests can be submitted by e-mail to the following address privacy@saras.it. The data subject also has the right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR Regulation (EU) 2016/679, as well as to seek judicial remedy pursuant to Articles 78 and 79 of the said Regulation.

 

Last updated: 12/04/2022