www.sixtus.it Privacy Policy

Last modified date: May 18, 2018.
This Application collects certain types of Personal Data relating to its Users.

Data Controller

Sixtus Italia srl
Via Tourcoing 23, 59100 Prato (Italy)
VAT Number: IT 03495810487

Data Controller’s email address: info@sixtus.it

Types of Data collected

The types of Personal Data collected by this Application, autonomously or through third parties, include: cookies, usage data, email address, name, surname and gender.

Full details about each type of data collected are provided in the dedicated sections of this Privacy Policy or thorough specific informative displayed before the collection of the data.
Personal Data may be freely provided by the User or, in the case of Usage Data, automatically collected when using this Application.
All data requested by this Application is mandatory and, in its absence, this Application may not be able to provide the service intended. In cases where this Application specifies certain Data as optional, Users are free to refrain from providing such information, without this having any effect on the availability of the service or on its operation.
Users who have questions concerning required Data are encouraged to contact the Data Controller.
Unless otherwise stated, any use of Cookies - or other tracking tools - by this Application or by owners of third party services used by this Application, aims to provide the service requested by the User, in addition to any other purposes described in this document and in the Cookie Policy, if available.

The User assumes full responsibility for the Personal Data of third parties published or shared using this Application and warrants to have the right to communicate or disseminate such Data, releasing the Data Controller from any liability towards third parties.

Method and place of processing of the Data collected

Data processing method

The Data Controller processes the Users’ Personal Data by taking appropriate security measures aimed at preventing the unauthorised access, disclosure, modification or deletion of Personal Data.
The personal data is processed using electronic and/or telematic tools, based on organisational procedures and logic strictly related to the purposes specified above. In addition to the Data Controller, in some cases, other parties may have access to the Data, such as employees involved in the organisation of the website (administrative personnel, sales staff, marketing staff, legal staff, system administrators, etc.) or external parties (third party technical service providers, mail carriers, hosting providers, IT companies, media agencies, etc.), even appointed as Data Processors by the Data Controller as necessary. The updated list may be requested from the Data Controller.

Place

The Data is processed at the Data Controller’s operating locations and in any other place where the parties involved in the processing of the Data are located. For more information, please contact the Data Controller.

Retention period

The processed Data is kept for the time strictly necessary to perform the service requested by the User, or as required for the purposes described in this document. The User can, at any time, request the interruption of processing or the deletion of the Data.

Data transfer

In compliance with the reference standard, the personal data provided may be transferred for the purposes indicated to the countries of the European Union or to Third Countries as compared with the European Union. Sixtus ensures that the processing of your Personal Data by these Recipients takes place in accordance with the Regulation. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual clauses approved by the European Commission. More information is available from the Owner.

Managers and Appointed/Authorised Subjects

The list, constantly updated, of the managers and subjects appointed/authorised to process data shall be kept at the registered office of the data Controller.

Data collection purpose

User Data is collected in order to allow the Data Controller to provide its services, as well as for the following purposes: statistics, interaction with social networks and external platforms, displaying content from external platforms, contacting the User and payment management.

The types of Personal Data used for each purpose are indicated in the specific sections of this document.

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Contacting the User

Mailing list or newsletter (this Application)

By registering to the mailing list or newsletter, the User’s email address is automatically entered in a list of contacts to whom email messages may be sent that contain information, including of a marketing and promotional nature, related to this Application. The User’s email address may also be added to this list as a result of registering to use this Application or after making a purchase.

Personal data collected: surname, first name, email address and gender.

Contact form (this Application)

By filling out the contact form with their personal data, the User agrees to its use for responding to requests for information, for quotations or for any other purposes specified by the form header.

Personal data collected: surname, first name, email address.

Statistics

The services contained in this section allow the website Owner to monitor and analyse traffic data and can be used to track User behaviour.

Google Analytics (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and examine the use of this Application, to prepare reports on the corresponding activities and to share them with other Google services.
Google may use the Personal Data collected to contextualise and personalise the advertisements of its own advertising network.

Personal Data collected: Cookies and Usage Data.

Place of processing: USA – Privacy PolicyOpt Out

Interaction with external social networks and platforms

This type of service facilitates interactions with social networks or other external platforms, directly from the pages of this Application.
The interactions and the information acquired though this Application are subject to the User’s privacy settings for each individual social network.
In the event that a social network interaction service has been installed, it is possible that, even in the case of Users who do not use the service, the latter shall collect traffic data relating to the pages on which it is installed.

AddThis (Addthis Inc.)

AddThis is a service provided by Clearspring Technologies Inc. that displays a widget which facilitates the interaction with external social networks and platforms and the content sharing of this Application.
Depending on the specific configuration, this service can display widgets belonging to third parties, such as operators of social networks on which to share the interactions. In this case, the third parties providing the widget shall also become aware of the interactions made and of the Usage Data relating to pages on which this service is installed.

Personal Data collected: Cookies and Usage Data.

Place of processing: USA – Privacy Policy

Displaying content from external platforms

This type of service facilitates the display of content hosted on external platforms, directly from the pages of this Application and interacting with them.
In the event that a service of this type has been installed, it is possible that, even in the case of Users who do not use the service, the latter shall collect traffic data relating to the pages on which it is installed.

Widget Google Maps (Google Inc.)

Google Maps is a map display service provided by Google Inc. which allows this Application to integrate such content on its pages.

Personal Data collected: Cookies and Usage Data.

Place of processing: USA – Privacy Policy

Google Fonts (Google Inc.)

Google Fonts is a service for displaying character styles provided by Google Inc. which allows this Application to supplement such content on its pages.

Personal Data collected: Usage Data and various types of Data as specified by the Privacy Policy of the service.

Place of processing: USA – Privacy Policy

YouTube Video Widget (Google Inc.)

YouTube is a video content display service provided by Google Inc. which allows this Application to integrate such content on its pages.

Personal Data collected: Cookies and Usage Data.

Place of processing: USA – Privacy Policy

Payment management

Payment management services allow this Application to process payments by credit card, bank transfer or other tools. The data used for the payment is captured directly by the payment service provider of requested without being in any way processed by this Application.
Some of these services may also send automated emails to the User, such as emails containing invoices or notifications regarding the payment.

PayPal (Paypal)

PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.

Personal Data collected: various types of Data as specified by the Privacy Policy of the service.

Privacy Policy

Stripe (Stripe Inc)

Stripe is a payment service provided by Stripe Inc.

Personal Data collected: various types of Data as specified by the Privacy Policy of the service.

Place of processing: USA – Privacy Policy

Additional information on Personal Data

The sale of goods and services online

Personal Data collected is used for the provision of services to the User or for the sale of products, including the payment and the eventual delivery. Personal Data collected to facilitate the payment process may be related to the credit card, to the bank account used for the transfer or to other accepted payment tools. Payment Data is collected by this Application in function of the payment system used.

Cookie Policy

This Application makes use of cookies. For additional information, please refer to the Cookie Policy.

Additional information concerting the processing of Personal Data

Legal defence

User Personal Data may be used by the Data Controller for legal defence purposes or in stages leading to possible legal action, in relation to the improper use of this Application or of the related services by the User.
The User declares to be aware that the Data Controller may be required to disclose the Data in question at the request of public authorities.

Specific information

At the User’s request, in addition to the information contained in this Privacy Policy, this Application may provide the User with additional and contextual information about specific services, or the collection and processing of Personal Data.

System logs and maintenance

For needs related to operation and maintenance, this Application and any third party services it uses might collect system Logs, files that store the relative interactions and that can also contain Personal Data such as the User’s IP address.

Information not contained in this Privacy Policy

Further information relating to the processing of Personal Data may be requested at any time from the Data Controller using the contact information provided.

Exercising Users’ rights

The subjects to whom the Personal Data refers have the right, at any time, to obtain confirmation of the existence or otherwise of such Data from the Data Controller, to be informed of the content and source, to verify its accuracy or to request the integration, updating, transformation into anonymous format or the blocking of Personal Data processed in violation of the law, or, in any event, for legitimate reasons, to oppose to the processing of the Data. Such requests should be directed to the Data Controller.

This Application does not support “Do Not Track” requests.
In order to determine whether any third party services used support such requests, please refer to the relative Privacy Policies.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time, disclosing such changes to the Users on this page. Users are therefore encouraged to check this page often, referring to the last modified date shown at the bottom of the page. In case the User rejects the changes made to this Privacy Policy, the latter is required to discontinue using this Application and may request the deletion of their Personal Data by the Data Controller. Unless otherwise specified, the previous Privacy Policy shall continue to apply to Personal Data collected up to that time.

Information about this Privacy Policy

The Data Controller is responsible for this Privacy Policy.

Definitions and legal references

Personal Data (or Data)

Any information regarding the natural person, identified or identifiable, also indirectly, through reference to any other information, including a personal identification number constitutes personal data.

Usage Data

The information automatically collected by this Application (or by third party services used by the Application), including: IP addresses or domain names of computers used by Users connecting using this Application, URI addresses (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server’s response (successful outcome, error, etc.) the country of origin, the features of the browser and the operating system used by the visitor, the various time details relating to the visit (for example the time spent on each page) and details about the path / breadcrumb trail followed within the Application, with particular reference to the sequence of pages visited and to the User’s operating system and computer environment parameters.

User

The individual who uses this Application, which must coincide with the Interested Party or be authorised by the latter and whose Personal Data is being processed.

Interested Party

The natural or legal person to whom the Personal Data refers.

Data Processor (or Processor)

The natural or legal person, public administration or any other organisation, association or body designated by the owner to the processing of Personal Data, as provided for by this Privacy Policy.

Data Controller (or Controller)

The natural or legal person, public administration or any other organisation, association or body which, even in collaboration with another data controller, are entrusted with decisions relating to the purposes and modes of processing of personal data and on the tools to be used, including the relevant security profiles, in relation to the functioning and use of this Application. Unless otherwise specified the Data Controller is the owner of this Application.

This Application

The hardware or software tool through which Users’ Personal Data is collected.

Cookies

Small pieces of data stored on the User’s device.

Legal references

Notice to European users: this Privacy Policy has been drafted in fulfilment of the obligations set out in Article 10 of Directive no. 95/46/EC, as well as in accordance to the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC concerning Cookies.

This Privacy Policy only covers this Application.

Legal basis and mandatory or optional nature of treatment

The legal basis for the processing of personal data for the purposes indicated is Art. 6 (1) (b) of Regulation (EU) 679/2016 (General Data Protection Regulation) as treatments are necessary for the provision of services agreed by contract. The provision of personal data for these purposes is optional, but any failure to provide it would result in the impossibility to supply the services you requested.

The purpose relating to legal obligations is a legitimate processing of personal data falling under Art. 6 (1) (c) of Regulation 679/2016 GDPR. Once the personal data have been provided, processing is necessary for compliance with the legal obligations  to which Sixtus is subject.

The data treatments performed for the marketing and newsletter purposes described above are based on your consent under Art. 6 (1) (a) of the above-mentioned Regulation. The provision of your personal data for these purposes is altogether optional and shall not affect the use of services. The subsequent treatments, carried out for the purposes of e-mail marketing on products or services similar to those you have purchased, find instead their legal basis, according to Art. 6.1. F of the above-mentioned Regulation, in the legitimate interest of Sixtus to promote its products or services in a context where the person concerned may reasonably expect such kind of processing, which he may also refuse at any time. If you wish to refuse the processing of your data for these marketing purposes, you can do so at any time by using your control panel or by sending a request to Sixtus at the address info@sixtus.it or by using the mechanism proposed in the email marketing itself.