Privacy Policy

We care about the privacy and safety of our users. For this reason, we are happy to announce that we have adapted our privacy policy to the Regulation (EU) 2016/679 (GDPR or “Regulation”) that, from march 2018, is in force and directly applied in the member countries of the European Union.

It is therefore pursuant to the GDPR that this page describes the processing of personal data of those who visit our website, with the clarification that the information contained here does not concern other sites, pages or online services accessible via hypertext links that eventually appear in our site but that refer to resources outside the SCIC domain.

1. Identity and contact details of the Data Controller

The Data Controller is SCIC spa, located in 43126 – Parma, Via Cremonese, 135/A, that determines the purposes and means of the processing of personal data (email: info@scic.it; tel: 0521.6655);

The Data Protection and Processing Officer can be reached at the following email address: privacy@pec.scic.it

2. The type of data collected

By browsing on SCIC website, the computer system and its software acquire a series of personal data (identifying and non-sensitive) including not only name, surname, company name, address (communicated when signing a contract with SCIC and/or requesting services and/or produced and provided by SCIC itself), but also the IP addresses or domain names of computers, terminals and any other parameters relating to the operating system and the computer environment of the user (Personal Data).

3. The use of the given information

When it is necessary for the website use, personal data can also be treated in the following way:

1. Without express consent (art. 24 lett. a), b) and c) Privacy Code and art.6 lett b) and e) of the GDPR for the following Service Purposes:
   • providing the services requested by the user through the relevant section of the reference website;
   • respond to user requests;
   • comply with legal obligations;
2. Only after specific and separate consent to be expressed by means of a specific “Flag” (art. 23 and 130 Privacy Code and art. 7 GDPR), for the following Marketing Purposes:
   • direct and indirect marketing related to projects promoted;
   • send Newsletters about products;
   • send Newsletters about events;
     send Newsletters with corporate communications;
   • profiling activities, where profiling means the collection of information on the profiles of companies and subjects actively participating in events and projects and fairs promoted by Scic S.p.A. in order to improve the product and services offered according to customer needs;

Please note that the purpose of direct marketing is to collect and use relevant data and limited to what is necessary with respect to the purpose for which they are processed.
In particular: to process studies, research, send advertising and information, send commercial information, make interactive commercial communications. Customers who have already received information under the previous legislation may receive commercial communications related to services and products of the Data Controller similar to those they have already used, unless they disagree (ex art. 130 c. 4 Privacy Code).

4. Processing of Personal Data

The processing of Personal Data is carried out, electronically and on paper, by means of the operations of collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data also using CRM systems, mailing lists, chatbots.

5. Period of storage of Data

Personal Data will be stored for a period of time necessary to pursue the specific purposes of the processing for which the user has given his consent.
In particular:

1. for at least 10 years from the end of the relationship for the purposes of the service referred to in paragraph a) of point 3.-;
2. until the exercise of the right to withdraw consent for the marketing purposes described in paragraph b) of point 3.-.

6. Access to data

The Data may be made accessible for the above purposes to employees and/or collaborators of the Data Controller, in their capacity as data processors and/or internal data processors and/or system administrators; third-party companies that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors (for example, companies, including management, for marketing activities, credit institutions, professional studios, etc.).

7. Data Transfer Abroad

The Data Controller is not part of a group and, therefore, does not plan to transfer your data to other companies having their headquarters in countries outside the European Union.

8. Rights of the data subject

The Data Subject may, at any time, exercise the rights indicated below.

1. Access to Personal Data: to obtain confirmation whether or not data concerning them are being processed and, if so, access to the following information: purposes, categories of data, recipients, retention period, the right to lodge a complaint with a supervisory authority, the right to request the rectification or cancellation or limitation of the processing or opposition to the processing itself and the existence of an automated decision-making process.
2. Request for rectification or cancellation (to be forgotten) of the same or limitation of the processing concerning it; “limitation” means marking of the data stored with the aim of limiting its processing in the future.
3. Objection to processing: Object on grounds relating to your particular situation to the processing of data for the performance of a task in the public interest or for the pursuit of a legitimate interest of the Data Controller.
4. Data portability: in the case of automated processing carried out on the basis of consent, to receive in a structured, commonly used and readable format, the data concerning him; in particular, the data will be provided by the Data Controller.
5. Withdrawal of consent to processing for marketing, market research and profiling purposes; the exercise of this right in no way prejudices the lawfulness of the processing carried out before the withdrawal.
6. Lodge a complaint pursuant to art. 77 GDPR to the competent supervisory authority on the basis of his habitual residence, his place of work or the place of violation of his rights; for Italy the Data Protection Authority is competent, can be contacted via the contact details on the website www.garanteprivacy.it.

9. How to exercise the rights of the data subject

These rights may be exercised by sending a specific request to the Data Controller through the contact channels indicated in point 1.- of this information.
Requests relating to the exercise of your rights will be processed without undue delay and, in any case, within 30 working days of the application; only in cases of particular complexity and the number of requests, this period may be extended by a further 60 days.

10. Communication and provision of data

The provision of data by the user is necessary for the fulfilment of orders and the provision of services requested. Therefore, any refusal by the user to provide the data could result in the failure to process the order and/or provide the requested service, insofar as such data are necessary for those purposes.

11. Changes to the privacy policy of Scic S.p.A

The applicable law and practices of Scic S.p.A. change over time. Should Scic S.p.A. decide to update its privacy policy, it will publish the changes on its Sites and will give notice through newsletters.

12. Questions and feedback

Scic S.p.A. welcomes questions, comments and concerns about its privacy policy and privacy practices.
If you wish to provide feedback or if you have any questions or concerns or wish to exercise your rights relating to your personal data, please contact the Data Controller
Scic S.p.A. with registered office in Viarolo, Via Cremonese 135/A, 43126 Parma (PR), VAT and C.F. 02801370343
You can also send an e-mail to privacy@pec.scic.it.
Privacy complaints will be evaluated in order to resolve the issue in a timely and effective manner. This is without prejudice to the right to lodge a complaint with the Supervisory Authority of your country of residence. As already pointed out above, for Italy is competent the Guarantor for the protection of personal data, contactable through the contact data reported on the website www.garanteprivacy.it.