According to the provisions of the Regulation, the data processing carried out by Sprinx will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity and confidentiality.
The Controller of the data obtained on the Websites is Sprinx as defined above. The Controller is available for any information regarding the processing of personal data of Sprinx, including the list of data processors. It is possible to contact the Controller by writing to email@example.com
Through the expression "processing of personal data" we mean any operation or set of operations, performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, retention, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or combination, restriction, erasure or destruction.
We inform you that the personal data subject to the processing will be constituted - also depending on your decisions on how to use the Services - by an identifier such as the name, the email address, an identification number, location data, an online identifier, the purchases made, and other data suitable to identify you or make you identifiable, depending on the type of Services requested (hereinafter "Personal data"). In particular, the Personal Data processed through the Websites are the following:
The processing of data we intend to carry out, upon your specific consent where necessary, has the following purposes:
a) to allow the browsing and cosultation of Sprinx website;
b) to answer to requests for assistance or information, which we will receive via e-mail, telephone or chat through the "Contact Us" page of our Website. With particular reference to the replies to requests for assistance that come to Sprinx via telephone, we inform you that the calls will not be recorded;
c) to fulfill legal, accounting and tax obligations;
d) to conduct direct marketing via e-mail for services similar to those signed by you, unless you have objected to such processing initially or in case of subsequent communications, for the pursuit of the legitimate interest of Sprinx to promote products or services to which you can reasonably be interested;
e) to elaborate studies, researches, market analysis; to send you advertising and informative material, commercial information or surveys to improve the service ("customer satisfaction") via e-mail and/or through the official pages of Sprinx on social networks;
f) with reference to certain services only, data may be processed for purposes related to communication to third parties for their marketing purposes; in concrete, to provide information and/or make offers on products, services or initiatives offered or promoted by others business partners;
g) for exclusive security and prevention of fraudulent conducts purposes, the Controller establishes an automatic control system that involves the detection and analysis of users behavior on the website associated with the processing of Personal Data, including the IP address. The consequences of this processing are that if a person attempts to engage in fraudulents conduct on the Sprinx website, for example to benefit several times from the same promotion without having the right, Sprinx reserves the right to exclude this subject from the promotion or to adopt any another appropriate measure for its protection.
The legal basis for the processing of Personal Data for the purposes set out in Section 3 (a-b) is art. 6 (1) (b) of the Regulation as the processing is necessary and essential for the delivery of the contracted services. The missed provision of Personal Data for these purposes make it impossible to activate the requested Services.
The purpose of section 3 (c) represents a lawful processing of Personal Data pursuant to art. 6 (1) (c) of the Regulation. Once the Personal Data has been provided, the processing may indeed be necessary to comply with the legal obligations to which Sprinx is subjected.
The processing of data carried out for marketing purposes described in section 3 (e) and for communication to third parties described in section 3(f) are based on the release of your consent pursuant to art. 6 (1) (a) of the Regulation. The provision of your Personal Data for these purposes is entirely optional and does not affect the use of the Services. The processings set out in section 3 (d), carried out for the purpose of e-mail marketing on products or services similar to those purchased by you, find instead its legal basis under art. 6.1.f of the Regulation, in the legitimate interest of Sprinx to promote its products or services in a context in which the interested party can reasonably expect this type of processing. The processing set out in section 3 (g) is also based on the legitimate interest of the Controller to detect frauds committed against him, in compliance with art. 6.1.f of the Regulation. You can oppose to the processing of your data in every moment by emailing firstname.lastname@example.org. You can manage your consents for processing of your data for marketing purposes, as set out in sections 3 (e) and 3 (f), by sending an email to email@example.com.
Your Personal Data may be shared, for the purposes set out in Section 3 above, with:
a) subjects that typically act as Controllers, that is: i) persons, companies or professional firms that provide assistance and advice to Sprinx in accounting, administrative, legal, tax, financial and debt collection with regard to the delivey of the Services; ii) subjects with whom it is necessary to interact for the delivery of the Services, subjects that provide the payment service by credit card, etc. iii) subjects delegated to perform technical maintenance activities (including maintenance of hardware and software infrastructures and electronic communications networks) (collectively "Recipients");
b) subjects, entities or authorities of whom is mandatory to disclose your personal data by virtue of provisions laid down by law or by orders of the authorities;
c) persons authorized by Sprinx to process Personal Data necessary to perform activities strictly related to the provision of the Services, which are committed to confidentiality or have an appropriate legal obligation of confidentiality, such as Sprinx employees;
d) business partners for their own purposes, autonomous and distinct, only if you have given a specific consent.
The complete list of Controllers is available by sending a written request to firstname.lastname@example.org.
Some of your Personal Data are shared with Recipients that could be found outside the European Economic Area for technical support purposes. Sprinx ensures that the processing of your Personal Data by these Recipients takes place in compliance with the Regulation. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. Further information is available from the Controller.
Personal Data processed for the purposes set out in section 3 (a-b) will be kept for the time strictly necessary to achieve those same purposes. In any event, being these processings conducted for the delivery of Services, Sprinx will process Personal Data up to the time allowed by the Italian law to protect its interests (Article 2946 of the Italian Civil Code).
Personal Data processed for the purposes set out in Section 3 (c) will be kept until the time set out by the specific obligation or applicable law. By way of example, as already specified, traffic data will be kept for justice purposes for six years from their generation; otherwise, they will be kept for six months.
For the purposes set out in section 3 (d) (e), your Personal Data will be instead processed until your consent is revoked or up to three years after you have ceased to be a customer of Sprinx or in case you have simply registered on the Website without making any purchase of products or services. It is therefore subject to the possibility for Sprinx to keep your Personal Data until the time allowed by Italian law to protect its own interests (Art. 2947 (1) (3) cc). Further information about the data retention period and the criteria used to determine this period can be requested by writing to the Controller.
At any time, you have the right to ask Sprinx to access your Personal Data, to rectificate or cancel them or to oppose to their processing in the cases provided by Article 20 of the Regulation. You have the right to request the limitation of the processing in the cases provided by the art. 18 of the Regulation and to obtain your data(portability) in a structured and of common use format and in a format readable by automatic devices, as provided by art. 20 of the Regulation.
Article 20 of the Regulation introduces the right to data portability, which allows you to receive the personal data you have provided on Sprinx in a structured, commonly used and mechanically readable format and to transmit them to a different Controller.
All requests must be sent in writing to email@example.com.
In any case, you are always entitled to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data), under art. 77 of the Regulation, if you consider that the processing of your data violates the applicable law.