Privacy policy
This privacy policy includes important information on the protection of your personal data processed by us through our website (hereinafter “Website”), as data controller, pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”).
Data Controller
The data controller is Seda International Packaging Group S.p.A., with registered office in Corso Salvatore D'Amato 73, Arzano (NA), tax code 04384310639 and VAT number 02594801215 (hereinafter “Controller” or “Data Controller” or “SEDA”). The Controller can be contacted at the following e-mail address: privacy@sedagroup.com.
Personal data processed
For the purposes pointed out in this policy, the Controller will process the personal data that you voluntarily provide through the “Contact” form on the Website, such as personal data and contact details, as well as data collected automatically during navigation.
-
a. Browsing data
Computer systems and software procedures used for the functioning of the Website may acquire, during their normal operation, some personal data, the transmission of which is an integral part of Internet communication protocols. This information is not collected to be associated with identified data subjects, but, by its very nature, might allow data subjects to be identified by processing and associating it with data held by third parties. Among the Personal Data of this category there are IP addresses or the domain names of the devices used by users to connect to the Website, the URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received as a reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding your operating system and device environment.
These data are processed for the sole purpose of obtaining statistical information on the use of the Website and to check its proper functioning, to allow the proper provision of the various features you requested, to ascertain any liability in case of hypothetical computer crimes against the Website or third parties; except in this case, these data are deleted after 7 days.
With reference to personal data collected through cookies, please see our Cookie Policy.
b. Personal data provided by you
We collect your personal data and contact details that you voluntarily provide to us, such as your name, surname and e-mail address, to respond to your requests for information submitted through the form "Contact" of the Website, and the data included in your CV.
Purposes and legal basis for the processing
Personal data will be processed by the Controller to allow you to navigate on the Website and to check its proper functioning, manage and respond to your requests for information, as well as for the purpose of protecting our rights before the judicial authorities or in legal proceedings.
In relation to the purposes, the legal grounds for the processing are: the performance of a contract or pre-contractual measures in response to your request, and our legitimate interest.
-
I
Allow you to navigate the Website and check its proper functioning. The legal basis of the processing is the performance of a contract or of pre-contractual measures in response to your request.
The provision of personal data for this purpose is necessary to allow you to navigate on the Website and to check its proper functioning.II
Manage and respond to your requests for information received through the "Contact" form of the Website. The legal basis of the processing is the performance of a contract or pre-contractual measures in respond your requests.
You are not obliged to communicate your data for the above-mentioned purpose, however, failing this, the consequence is the impossibility to follow up on your requests.III
Manage your application received through the e-mail address on the Website. The legal basis of the processing is the performance of pre-contractual measures in respond your application.
You are not obliged to communicate your data for the above-mentioned purpose, however, failing this, the consequence is the impossibility to follow up on your application.IV
To exercise or defend a right before the judicial authorities or in legal proceedings. The legal basis of the processing is the legitimate interest of the Controller to exercise or defend its rights; the Controller has considered that this legitimate interest does not prejudice your rights and freedoms.
Methods of processing and data retention period
The processing of your personal data will be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, data minimisation, accuracy, integrity and confidentiality, in accordance with the GDPR and current national legislation on the protection of personal data. Your data will be processed through computer and telematic means and are protected by adequate technical and organizational security measures to ensure confidentiality, integrity and availability.
We retain personal data only for the time necessary for the purposes for which they were collected or for any other legitimate related purpose. Therefore, if personal data are processed for two different purposes, we will retain the aforementioned data until the purpose with the longer-term ends. In any case, we will no longer process personal data for that purpose for which the retention period has expired. Personal data that are no longer necessary, or for which there is no longer a legal basis for its retention, will be irreversibly anonymised (and thus can be retained) or deleted.
-
The browsing data are deleted after 7 days except for any possible detection of crimes by the judicial authority.
Personal data processed to manage and respond to your requests are stored for the entire period of time necessary to manage your request and then they are erased.
Personal data processed to manage your applications are stored for the entire period necessary to manage your application and then erased within 6 months.
Where the data processing is necessary for the purposes of judicial protection, these data are stored for the period for which any claims may be pursued by law.
Categories of data recipients
Your personal data will be processed by persons authorised and trained to process data, who will operate in accordance with the principles of fairness, lawfulness and transparency and will protect the confidentiality of your data through adequate technical and organisational measures to ensure a level of protection adequate to the risk. In some cases, your personal data will be communicated to other parties who/which act on our behalf as data processors to whom specific instructions on the processing of your data have been given. You can request the list of the abovementioned third parties to the Data Controller writing to privacy@sedagroup.com (e.g. companies that provide us with IT support services, cloud services, etc.).
-
In particular, your data may be communicated solely for the purposes specified above to the following recipients:
— employees as persons authorised to process personal data under the direct authority of the Controller;
— contractors, consultants and third-party service providers, as well as other companies in the SEDA Group which will process your personal data as Data Processors or as autonomous Data Controllers in the event that your application or C.V. is sent for recruitment or for entering into of a work relationship with one of the companies in the SEDA Group
— other data controllers, public or private, to which the communication of data is instrumental or compulsory;
— companies that provide us with IT support services for our systems;
— companies that provide us with cloud services;
— authorities to which the right of access is granted by law or regulations (e.g. law enforcement)
Extra-EU Data transfer
The Controller stores personal data on servers located within the European Union.
-
The Data Controller does not transfer personal data outside the European Union, in any case, where the Data Controller, due to any requirements related to the location of service providers, needs to transfer data outside the European Union to Countries for which the European Commission has not issued an Adequacy Decision, the Data Controller undertakes to ensure adequate levels of protection and safeguards, including contractual ones, compliant with the applicable laws, including the adoption of standard contractual clauses pursuant to art. 46, par. 2, letter c) of the GDPR, supplemented if necessary by additional technical, legal and organisational measures necessary to ensure that the level of protection of personal data is equivalent to the one of the European Union.
For any further information on the transfer of your personal data, you can send an e-mail to the following address: privacy@sedagroup.com.
Rights of Data Subjects
In relation to the processing of your personal data you will always be able to exercise your rights under the GDPR (Articles 15-21):
obtain confirmation of the existence of your personal data and access to their content (right of access);
update, amend and/or correct your personal data (right to rectification);
request the erasure or restriction of processing of data processed in breach of law, including those that are no longer necessary in relation to the purposes for which data were collected or otherwise processed (right to erasure and right to restriction);
object to the processing at any time where the processing is based on our legitimate interest (right to object);
in the cases provided for, receive a copy of the data in electronic format concerning you rendered in the context of the contract and request that such data be transmitted to another data controller (right to data portability).
To exercise your rights, you may send a request to the following e-mail address: privacy@sedagroup.com.
Further Rights
If you consider that the processing of your personal data through the website is in violation of the provisions of the legislation on the protection of personal data, you always have the right to lodge a complaint with the Italian Data Protection Authority for the protection of personal data or lodge a judicial remedy to the competent judicial authority.
Last update: June 2022