About Data Protection
Sense cares about protecting your data. Protecting you in accordance with European law, with maximum clarity, effectiveness and at the lowest cost to all parties is an ongoing, continuous effort. Please read the following and kindly help us improve form, texts and content. Your cooperation will be greatly appreciated.
Customer data processing
We are committed to protecting your personal data and complying with applicable data protection laws, In particular, the Regulation (EU) 2016/679 on the protection of individuals for the processing of personal data and the free movement of that data, and which replaces Directive 95/46/EC (General Regulation on Data Protection or “GDPR”) and the respective Italian legislation concerning the protection of personal data, and we treat your personal data in accordance with statutory articles or if the subject of the data has expressed his consent.
In this data protection information, we explain what information (including personal data) is processed by us in connection with the business relationships between you and us.
- Who is responsible for processing personal data?
The holder responsible for the processing of personal data is Sense immaterial Reality srl based in Milan (MI) via Tortona, CF and P.IVA 10507870961. Any reference to “us” in this data protection information refers to the aforementioned institution. It is possible to get in touch with our data protection coordinator by means mentioned above or by writing to firstname.lastname@example.org.
- What data do we deal with?
The performance of our business relationships requires the processing of data about our customers. If these data relate to an individual person (e.g. if you are an individual company and initiate a business relationship with us), personal data is considered. Regardless of the legal form of our contractual partners, we treat data regarding contact persons acting for a customer. Please make this information about the protection of data available to people within your organization who are affected by the business relationship with us (“contact persons“)
- Basic data: We deal with some general data regarding customers and people of contact, as well as the business relationship with us, which we jointly call “basic data”. The basic data include
- any information provided to us during the definition of the business relationship or that is requested by our customers or a contact person (e.g. name, address and other contact details); And
- any information collected and dealt with by us in relation to the definition of the business relationship (e.g. details of the agreements signed)
- Performance data: We treat personal data collected during the business relationship as well as simply updating the basic data and refer to it as “performance data.” Performance data includes:
- information on the performance of contractual obligations by our customers on the basis of the agreements signed;
- information on the performance of contractual obligations on our part on the basis of the agreements signed;
- information provided by a customer or contact person during our business relationship, either spontaneously or at our request;
- confidential information disclosed to us at any time including, without limitations, software and technology, photographic and video material, process and method information, product design, prototypes, marketing plans, business models and opportunities,
- personal data that is provided to us during our business relationship by our client, a contact person or a third party.
- To the extent permitted by law, we can add to the basic data and personal data provided by third parties. This may include information regarding the situation/commercial rating of our customers, if necessary for the assessment of financial risks (e.g. delays in payments).
- Personal data sources
We collect personal data from various sources, including:
- via websites;
- contractual partners.
- For what purposes and on what legal basis do we process your personal data?
- We treat basic, performance and use data for the performance of contractual relations with our customers or for pre-contract measures on the basis of Article 6 para 1 b) GDPR. Regardless of the legal form of our customers, we treat basic and performance data regarding one or more contact persons for the purpose of our justified interest in the performance of the business relationship on the basis of Article 6 para 1 f) GDPR.
- We can process basic data, performance and usage to comply with our legal obligations; This treatment is based on Article 6 para 1 c) GDPR. In particular, legal obligations may include the mandatory disclosure of personal data to (tax) authorities.
- To the extent that it is necessary, we process personal data (in addition to processing for business reporting or for compliance with legal obligations) for the purpose of our justified interests or the justified interests of third parties on the basis of Article 6 para 1 f) GDPR. Justified interests may include:
- group-level processes for internal administration of customer data
- definition or defense in lawsuits
- prevention and investigation of criminal offences
- maintaining security for our computer systems
- maintaining the security of our offices and infrastructure
- management and further development of our business operations, including risk management.
- If we guarantee a physical person the ability to declare consent to the processing of personal data, we will process personal consent information for the purposes specified in that consent on the basis of Article 6 para 1 (a) GDPR. Please note that
- the declaration of consent is voluntary,
- however, failure to declare consent or withdraw consent can have consequences, and we will inform you of these consequences before you are given the opportunity to declare your consent.
- consent can be withdrawn at any time with effects for the future, for example by mail, fax and/or e-mail notification, using the contact information specified on the first page of this data protection notification
- Is there an obligation to provide personal data?
The provision of basic and performance data, specified in section II above, is required to initiate and maintain a business relationship with us, unless otherwise specified at or before the data is collected. Without the provision of such data, we cannot initiate and maintain a commercial relationship.
If we collect additional data, we will indicate whether the provision of that information is based on a legal or contractual obligation, or whether it is necessary for the provision of an agreement. We normally indicate what information can be provided voluntarily and is not a legal or contractual obligation, nor is it necessary for the purpose of an agreement.
- Who has access to personal data?
Personal data is normally processed within our company. According to the categories of personal data, access to your personal data is granted only to dedicated departments/organizational units. These units include, in particular, the Sales Service and, if the data is processed through our IT infrastructure, also our IT Service. On the basis of a concept of role and rights management, access to personal data is limited to functions and to the extent necessary for the respective purpose of the treatment. If and to the extent permitted by law, we may transfer your personal data to recipients outside our company. These external recipients may include
- public or private entities, to the extent that we are obligated to transfer your personal data in accordance with a legal obligation to which we are subject;
- service providers who, in accordance with separate agreements signed with us, provide certain services, including possibly the processing of personal data, and eventually also approved sub-suppliers of our service providers.
- Do we use automated decision-making processes?
In the course of the business relationship, we do not normally use automated decision-making processes (including profiling) under Article 22 GDPR. If we apply these processes in the future, we will separately inform the data subjects in accordance with applicable statutory rules.
- Is the data transferred to countries outside the EU/EEA?
Personal data is processed only within the European Union/European Economic Area; we do not intend to transfer personal data to other countries (“third countries”).
- How long is the data stored?
We generally retain personal data until we have a justified interest in maintaining that data and the interest of the data subject to forfeit further processing prevails.
Even without a justified interest, we can continue to retain data if there is a legal obligation (e.g. to comply with statutory conservation obligations). We delete personal data even without action from the subject of the data as soon as it is no longer necessary to retain it for the purposes for which the data had been collected or processed otherwise, or if further retention is not otherwise permitted by law.
In general, the basic data and additional data collected during the trade report are kept at least until the end of the respective business relationship. The data is deleted in any case if the purposes of collection and/or treatment have been obtained. This moment may be after the end of the business relationship with us. If personal data must be retained to comply with a legal obligation, the data is retained until the end of the respective retention period. If personal data is processed only to comply with a statutory retention requirement, access to such data is usually restricted, so that the data is accessible, only if necessary, for the purpose of the retention requirement.
- What are the rights of data subjects?
Under some conditions, a subject of the data may:
- request access to your personal data Article 15 GDPR
- request correction of incorrect personal data Article 16 GDPR
- request the deletion of your personal data Article 17 GDPR
- require the limitation of the processing of your personal data Article 18 GDPR
- exercise the right to data portability, Article 20 GDPR;
- object to the processing of their personal data Article 21 GDPR
The above rights can be asserted against us, for example by notifying us through the contact details specified on the first page of this data protection policy.
If you have any other questions, you can also contact our data protection coordinator.
In addition, the subject of the data has the right to file a complaint regarding the management of personal data with the relevant supervisory authority, Article 77 GDPR.