Privacy Policy

Content

The purpose of this Privacy Policy is to describe how, SYSTEM DATA CENTER S.P.A. Registered and Corporate Office, in Rome, n.198 Acilia street, 00125, vat No.00963321005, manages its website www.sdcnet.it referring to the personal data process of Users who consult it.




This Privacy Policy constitutes the Privacy Statement provided pursuant to Art. 13 of Legislative Decree no. 196 of 30 June 2003, bearing the "Italian Personal Data Protection Code" (hereinafter the "Privacy Code"), and Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter also the "Regulation"), to users who connect to the WebSite, The Privacy Statement is provided only for it and not also for other WebSites that may be consulted by the User through appropriate links.

The Privacy Statement takes into account the content of Recommendation no. 2/2001 that the European Data Protection Authorities gathered in the WP (Working Party) 29 Group, established by Art. 29 of Directive No. 95/46/EC, adopted on May 17, 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the manner, timing and nature of the information that data controllers must provide to Users when they connect to web pages, regardless of the purposes of the connection.

Users must carefully read this Privacy Policy before submitting any type of personal information and/or filling out any company WebSite’s web form.

For the use of certain services by Users, specific information will be provided and, if necessary, also specific consents about the processing of their personal data. The Privacy Statement is provided only for the corporate Website and not also for other WebSites that may be consulted by the User through links.

SYSTEM DATA CENTER S.P.A. may change the content of these Privacy Policies at any time by posting the new version on its Corporate WebSite. All new privacy terms and conditions will be effective at the date of publication.

Data Controller

SYSTEM DATA CENTER S.P.A. - Registered and Office, Via di Acilia, 198 00125 Rome, P.IVA 00963321005, is the Controller of Users' personal data, who access the corporate WebSite. The Data Controller manages the WebSite and processes the Users’ data who browse within it and/or access the following sections:

  • "Reserved Area," for consultation of the company intranet and reporting inherent services provided;
  • "Carriers" to submit job applications;
  • "Contact Us," for sending messages and communications.

The Data Controller ensures compliance with their own rules set forth by the Regulation, the Privacy Code and the measures of the Italian Data Protection Authority. Any information and requests, pursuant to Art. 7 of the Privacy Code and Articles 15 to 22 and 34 of the Regulation may be submitted by contacting the Data Controller SYSTEM DATA CENTER S.P.A. or the designated DPO at the following address:

  •  Posta elettronica certificata:   Systemdatacenter@pec.it 
  • Registered mail: to ATTN of the DPO c/o System Data Center Rome, No.198 Acilia Street 00125.

SYSTEM DATA CENTER S.P.A collects, manages, processes, stores, and deletes the personal data of the website's users, availing itself of the collaboration of internal and external Processors, specifically appointed, in compliance with the provisions of the law and regulations. The full list of Appointees and Data Processors can be known by contacting the address above mentioned.

Data Protection Officer (DPO) 

In order to comply with the provisions of the "European Data Protection Regulation 2016/679/EU" (GDPR), the Board of Directors has designated the "Data Protection Officer" (DPO), responsible for the protection of personal data, to facilitate the respect of the measures of the GDPR, to carry out the essential elements of the regulation.

The data protection officer (DPO) is Alessio Maria Ciavardini. Data subjects to exercise their rights over their personal data, according to Chapter III of the European Regulation - Rights of the Data Subject, may write to the DPO at one of the following email addresses:

  • Certified Email: Systemdatacenter@pec.it  
  • Registered mail: to ATTN of the DPO c/o System Data Center Rome, No.198 Acilia Street 00125.

Place of Processing

The processing of Users' personal data, acquired by browsing the WebSite, takes place in Italy, through servers located at the aforementioned headquarter of SYSTEM DATA CENTER S.P.A and other branch offices; and is handled only by department technical personnel authorized, or by any persons in charge of occasional maintenance operations.

Personal data are processed based on their storage in computer files kept at the Company whose access to the data is limited to maintenance procedures in accordance with the provisions of Annex B of the Privacy Code. No data processed through the WebSite is transmitted or disseminated.

Purpose and Method of Processing

The WebSite provides information about SYSTEM DATA CENTER S.P.A. and about the services  that it offers. In addition to browsing data, the Controller may process Users' personal data, voluntarily provided in the "Carriers" or "Contact us" sections.

The User expressly authorizes the Data Controller to use the personal data received for the following aims:

  • Account management of the "Reserved Area," for consultation of the corporate intranet and reports regarding the services produced;
  • To review and respond to job applications received in the "Carriers" area;
  • To respond to messages received in the "Contact Us" area.

The personal data provided by Users accessing the "Reserved Area", "Carriers" or "Contact Us" sections are used only with the aim of performing the service and/or managing and/or taking charge of the request. They are transmitted to third parties only if it is strictly necessary, in compliance with applicable legal provisions. Aforementioned data are not used for direct marketing purposes.

Personal data are processed by automated tools, using computers (e.g., using electronic procedures and devices) and/or manually (e.g. paper records) for as long as is strictly necessary to achieve the purposes for which the data were collected and in accordance with the relevant regulations. After that, the data is deleted.

Types of data processed

Browsing Data

During normal use, the electronic systems and software procedures enabling this WebSite to operate, acquire certain personal data, so-called log files which the transmission is implicit in the use of internet communication protocols.

This information is not being collected in order to be associated with well-identified data subjects, but its nature, by means of processing and associations with data held by third parties, could make the User's identification possible.

The category of data could be listed as follow: IP addresses or domain names of computers used by Users connecting to the WebSite, addresses in URI (Uniform Resource Identifier) notation for resources requested, the time of request, the method used to submit the request to the server, the dimension of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error etc) and other parameters regarding the User’s operating system and the IT environment.

For any access to the website, regardless of the presence or not of a cookie, the Website may perform  recording of the following information: browser type (e.g. Internet Explorer, Netscape), operating system (e.g. Windows, Macintosh), the visitor's host and URL, as well as data about the requested page. This data is used for the sole purpose of obtaining anonymous statistical information about the use of the WebSite and to check that it is working properly and is erased immediately after processing. Data could be used to ascertain liability in case of hypothetical computer violation against the WebSite or third parties: except for this eventuality, web contacts’ data are not stored permanently, unless explicitly requested by the user.

Data voluntarily provided by the User

The User can browse the WebSite without revealing his or her personal identity to the Data Controller. However, if he/she chooses to provide personal information, he/she consents the collection and use as described in that Privacy Policy.

In case the User, connecting to this WebSite, sends - optionally, explicitly and voluntarily - his/her personal data in the "Carrier" section or by sending a message in the "Contact Us" section, this will result in the acquisition by the Data Controller of the sender's address and/or any other personal data,which will be processed exclusively to respond to the requests received.

Personal data provided voluntarily means:

  • Personal details (first name, last name, date of birth), identification data (tax code), location information (address, etc.), contact information (telephone number, email).

The Data Controller of website’s Users does not process special categories of personal data, referred to in Art. 9 of the Regulation.

Cookies  

No cookies are used to forward personal information, nor are any systems used to track users, identifying and profiling them.

The use of c.d. cookies are strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the website and used for statistical purposes for the detection of Monthly Unique Visitors. The User may also provide for outright cancellation of cookies through the functionality of his/her browser.

Non mandatory nature of the provision data

Except for browsing data, the User is free to provide the personal data requested in the section "Carriers" "Contact us" and/or "Reserved Area".

Personal data voluntarily provided in the "Carriers" section or by sending a message in the "Contact us" section are necessary in order to obtain a response from the Data Controller. Failure to provide them will, in fact, inhibit the forwarding of the relevant request in the appropriate section.

Failure to provide the data necessary to open the "Reserved Area" account will inhibit the Data Controller from providing the relative service to the Client, as well as from fulfilling contractual requirements and accessing the corporate intranet.

Must be agreed that in some certain established cases (not subject to the ordinary management of the WebSite) the Italian Protection Data Authority may request news and information, pursuant to art 157 of Legislative Decree no. 196/2003, for data process control purposes. In these cases providing data is mandatory and any refusal may lead to a sanction.

Scope of data communication

No personal data derived from WebSite browsing or sent by the User, accessing the Sections  "Carriers" or "Contact us", or "Reserved Area" is divulgated.

Personal data provided by Users who submit job requests, messages or requests about informative material (newsletters, answers to queries, etc.) are only used for the aim to answer and perform the service. Personal data provided by Users will be disclosed to third parties only if it is necessary to comply with Users' requests.

The User's personal data are known, processed and managed by employees and by Data Controller staff, for this purpose in charge of the Processing, in compliance with the applicable legal requirements, as well as by the specifically appointed internal and external Data Processors and their employees and collaborators.

The User acknowledges and accepts that the Data Controller has the right to disclose personal data at the request of the Judicial Authority, within the limits required by law, as well as in cases of violation of the Privacy Policy, civil and criminal proceedings, including for violation of the rights of third parties, in order to protect the rights, property or safety of each User, pursuant to Articles 24 of the Privacy Code and 6 of the Regulation.

The Privacy Policy refers only to the use and divulge of User’s data directly provided. If personal data is disclosed to others on other Websites, they may be subject to other rules. SYSTEM DATA CENTER S.P.A is not a participant and it does not control the privacy policies or rules of any third party. In respect to other browsing User is advised that is subject to the privacy rules of such third parties, if applicable. We exhort User to find out information before transmitting his or her personal data to others.

Marketing

The Data Controller does not transfer or rent personal data to third parties for marketing purposes without the express consent of the Users.

The Data Controller may associate Users' data with information that will be collected by other  companies in order to improve and personalize the services offered and the content of the WebSite.

International data transfer

User’s personal data processed by the Data Controller and by each Data Processor, appointed for this  purpose in accordance with applicable Italian and European regulatory requirements, are not transferred abroad to other EU countries or Third Countries.

Rights of Data Subject:

Transparent Communications: Pursuant to Art. 7 of the Code for the Protection of Personal Data and Articles 12 , 15-22, and 34 of the Regulation, data subjects by contacting the Controller or the DPO may obtain all necessary communications related to the processing in a concise, transparent, intelligible, and easily accessible way, with simple and clear language, particularly in the case of  sinformation regarding minors. Information shall be provided in writing or by other means, including, where appropriate, by electronic means. If requested by the data subject, the information may be provided orally, once its identity is proven by other means. 
The Data Controller cannot refuse to comply with the data subject's request in order to exercise his or her rights, except for failure identify it.
The Data Controller shall provide to the data subject information regarding the action taken in relation to request, without unjustified delay and, in any case, within one (1) month from the receiving.

Except as provided in Art. 12, clause 5 of the Regulation, the information is made free of charge.

The right of the Data Controller, to request documents proving the identity of the information  applicants, remains unaffected, referred to in Art. 7 of the Privacy Code and Articles 15-22 and 34 of the Regulation, should it have reasonable doubts about the identity of the individual making the request under the applicable regulatory requirements, mentioned above.

Right of Access: The User expressly take note that he/she has the right to obtain information concerning:

  • the origin and category of personal data;
  • the purposes and methods of processing;
  • the logic applied in the case of processing carried out by electronic instruments;
  • the identification details of the Controller and of his appointees;
  • the subjects or categories of subjects to whom the personal data have been or will be communicated, particularly in case of third countries or international organizations, or who may find out about them as designated delegate of managers or persons in charge in the State territory;
  • the personal data conservation period, or if not possible the criteria used to determine it;
  • the update and rectification of data, otherwise the integration of them;
  • the deletion of his/ her personal data or the restriction of their processing, also the right to object;
  • the conversion into anonymous form or the blocking of personal data processed in legal violation, including for whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  • the knowing of all available information about the origin of the personal data;
  • the existence of automated decision-making, including profiling, and at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

The Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

The User always has the right to lodge a complaint with the Italian Data Protection Authority.

Where personal data is transferred to a third country or international organization, the data subject has the right to be informed of the existence of adequate safeguards in accordance with Regulation (EU) 2016/679.

Right of rectification: The User shall have the right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data.

Right to Erasure ("right to be forgotten"): The User shall have the right to obtain from the Data Controller the erasure of personal data concerning him/her without undue delay, and the Controller shall have the obligation to erase personal data without undue delay, according to the Regulation, the Privacy Code conditions and the DPA provisions.

Right to Restriction of Processing: The User shall have the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;(c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to Data Portability: The User shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the controller to which the personal data have been provided.

Right to Object: The User shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless he demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing, to be understood as any processing of data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.

Ban on spamming

The Data Controller and Users do not tolerate "spamming," that is, the unsolicited and unwanted sending of commercial and advertising material and information. The Data Controller periodically performs automatic tests of messages and may use manual filters to check for spamming, viruses, attempts to acquire personal data, actualize other illegal activities, or transmit illegal or prohibited content. He does not permanently archive messages sent through these tools. Emails sent to the Data Controller will not be permanently stored, the email address will not be used for marketing purposes nor will it be ceded away or sold.

WebSite Reserved Area

The login and password are the only "key" that allows the User to access his/her "Reserved Area". The User is suggested to use complex numbers, letters and special characters and not to divulge said information to third parties. Should he/she decide to provide login and password or personal information to a third party, he/she will be responsible for all acts performed with the use of your account. If he/she loses control of his/her password, he/she may no longer be able to control the use that is made of personal information and be subject to legally binding actions taken on his/her behalf. Therefore, if for any reason the password will be compromised, it is necessary to warn the Data Controller in order to change it immediately.

Security

The Data Controller guarantees the security of Users' personal data in accordance with Articles 31 et seq. of the Privacy Code and Annex B thereto, and Article 32 of the Regulation.

Principles of relevance and non-excess of processing.

Users’ Data collection takes place in compliance with the principles of relevance, completeness and non-excess in relation to the purposes for which they are processed. Personal data will be kept for as long as is strictly necessary for the purposes pursued by the processing of such data.

Right of Appeal

The User expressly acknowledges that the processing of data by the Data Controller is subject to the control of the Guarantor for the Protection of Personal Data, to whom all complaints about the collection, management and processing of data in compliance with Privacy Code.

Prohibition of Profiling

Users’ personal data are neither profiled nor processed by automated decision-making.