Sogefi Group is an international Group of companies that commits to ensure an adequate level of protection for personal information in compliance with the obligations established by the General Data Protection Regulation (UE) 2016/679 (hereinafter, the "GDPR").
This Privacy notice is provided pursuant to Art. 13 GDPR and refers to the personal data pertaining to the users of the websites sogefigroup.com and united-springs.com (hereinafter, respectively, the “Data Subject(s)” and the “Website”).
- Who is in charge of data processing activities?
- Why is the information processed?
- What are the methods and place of processing?
- With whom will the information be shared?
- How long will the information be kept?
- What are your rights? How to contact us?
Who is in charge of data processing activities?
The Data Controller is Sogefi S.p.A. (hereinafter “Sogefi”) with registered office in Milan (MI) via Ciovassino 1/A, tax code, VAT number and Milano Monza Brianza Lodi Business Register no. 00607460201 (hereafter referred to using “We”, “Us”, “Our”, “Sogefi” or the “Controller”).;
As Data Controller, we guarantee conformity with the GDPR, the national data protection legislations and the provisions of the Code of Ethics adopted by Sogefi Group.
Why is the information processed?
We may collect the following categories of personal data for the purposes and according to the legal bases listed below:
1/ Navigation data. By way of example and without limitation, the following data may be processed: information about the pages and sections of the Website visited, geographical region of the visitors, language of browser used, date and time of visit.
Purpose: allow the Data Subject to browse the Website, obtain anonymous statistical information on its use, carry out monitoring activities to support its security and identify actions aimed at its improvement.
Legal basis: our legitimate interest, namely the proper functioning and security of the Website and its improvement.
3/ Personal and contact details: name, surname, e-mail address, company and job (for accuracy’s sake, only few categories of job are envisaged)
Purpose: enable the “Alerting System”, a service providing the Data Subject for press releases, invitation to events and financial communications.
Legal basis: consent of the Data Subject.
4/ Personal data collection options
We may also process the personal data above for the following further purposes and legal bases:
Purpose: comply with any legal obligation imposed upon the Controller (e.g.: reply to the requests made by administrative, judicial or public security authorities).
Legal basis: compliance with a legal obligation to which the Controller is subject.
Purpose: allow the Controller to ascertain, exercise or defend its own rights in or out of court.
Legal basis: our legitimate interest, namely the protection of our rights in case of disputes.
- Personal data collection options
The provision of personal and contact details is necessary to enable the Alerting System. Subscription to the Alerting System service is free and optional.
What are the methods and places of processing?
Personal data collected by the Controller are not transferred outside the European Economic Area.
Data are mostly processed by automated systems under the provisions of law and only for the specified purposes. Specific security measures are adopted to prevent/avoid data loss and/or illegal, incorrect and unauthorized use of data.
Processing operations by means of automated decision-making processes, including profiling pursuant to art. 22.1 and 22.4 of the GDPR, are not envisaged.
With whom will the information be shared?
Your personal data will be processed by Sogefi’s authorized personnel and may also be processed by third parties other than the Controller.
Such processing will be carried out by Sogefi’s suppliers providing services such as technical administration of the Website (in this case, they will act on behalf of the Controller as Data Processors, pursuant to Art. 28 GDPR).
Information of Data Subjects may be disclosed with public bodies or competent authorities in compliance with law provisions if necessary and with professionals whose involvement is needed to enable the Controller to ascertain, exercise or defend its rights (in this case, they will process them as independent controllers).
How long will the information be kept?
Personal data collected by the Controller will be retained until the fulfillment of the above-described purposes. Without prejudice to the above, the Data Controller specifies that:
- Navigation Data
Navigation data will be retained for no more than 7 (seven) days.
- Personal and contact details
Data collected to provide the Alerting System (name and surname; email address; company and job categories) will be kept for 24 months, starting from collection.
These terms may be extended in the event of disputes, requests made by the competent authorities, when required by the applicable law or in case of renewal of consent by the Data Subject.
Personal data will be deleted, or in any case made unintelligible by the Controller, for example by means of appropriate encryption techniques or pseudonymization.
What are your rights? How to contact us?
According to Articles 15 to 22 of the GDPR, you have the right to:
- obtain access to your personal data and receive information about how we process it;
- have your personal data rectified if inaccurate and to have incomplete personal data completed;
- have your personal data erased;
- obtain restriction of processing;
- move, copy or transfer your personal data;
- object to processing of your personal data; and
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her.
If you have any question on how Sogefi processes your data, or you would like to exercise one of the above-mentioned rights, please do not hesitate to contact our Data Protection Officer at the following address: firstname.lastname@example.org.
Finally, if you consider that your rights under the GDPR have been infringed as a result of the processing of your personal data in non-compliance with the GDPR itself, you have the right to lodge a complaint with a Supervisory Authority (as provided for under art. 77 GDPR – you can find the name and contact details of all EU Supervisory Authorities here), or to bring an action before the courts of the Member State where the Controller has an establishment, or where Data Subject has his/her residence (pursuant to art. 79 GDPR).
This privacy notice may be subject to changes and integrations, even in case of amendments of the applicable law.
If changes in this Privacy notice were significant, users would be notified in advance through:
- Our website (e.g. via a pop-up notice)
- Other communication channels (e.g. by e-mail).
This privacy notice was last updated on March 2022.