Privacy Client

Sibylla S.r.l. with registered office in Viale Luca Gaurico, 283, 00143 - Rome, P. IVA 15953321005, in the capacity of Data Controller (hereinafter "Data Controller"), provides you below, pursuant to and for the purposes of EU Regulation No. 2016/679 (hereinafter, "GDPR")some information regarding the processing of personal data collected during the signing and/or execution of the contract with the Data Controller.

1. Personal data processed and data source
As part of the signing and/or execution of the contract with the Data Controller, the Data Controller processes personal and contact data (e.g. name, surname, e-mail address, mobile phone number, company name, VAT number, etc.) relating to you and your collaborators.

2. Purpose, legal basis for the processing and nature of the transfer


3. Recipients of data
The data may be communicated for the pursuit of the above purposes to other subjects such as, for example, public authorities and law enforcement, law firms, accountants, etc. who will treat them as independent data controllers for their own purposes. They may also have access to the data: the staff of the Data Controller, which is expressly authorized to deal with them, in accordance with the instructions given, pursuant to Art. 29 and 32, par. 4 of GDPR and 2-quaterdecies of D.Lgs. n. 196/2003; Service providers in favor of the Data Controller, appointed Data Processors, including but not limited to IT providers, etc. The updated list of Data Processors can be consulted at the Data Controller. Personal data are not subject to disclosure.

4. Data retention period
Personal data processed for the purposes indicated in letters. a), b) and c) of point 2 above are kept only for the time strictly necessary for the accomplishment of the activities/purposes described above and, in particular, for the time required by the law on taxation (10 years) or the limitation period for possible legal proceedings. Personal data processed for the marketing purposes indicated at letter. d) of point 2 above will be kept until the withdrawal of consent or opposition to processing or for 24 months from the last renewal of consent and the will not to oppose the processing. It remains without prejudice to the right of the data subject to revoke consent or oppose the processing at any time, by contacting the Data Controller, resulting in the deletion of personal data processed for marketing purposes.

5. Data transfer outside the European Economic Area Personal data may be transferred to the United Kingdom on the basis of a specific adequacy decision taken by the European Commission. With regard to any further transfer of data to third countries outside the European Economic Area, the Data Controller informs that the transfer will take place according to one of the methods permitted by art. 44 et seq. of the GDPR, such as the adoption of Standard Clauses approved by the European Commission, the selection of subjects participating in international programs for the free movement of data or operating in countries considered safe by the European Commission, in compliance with the recommendations 01/2020 adopted on 10 November 2020 by the European Committee on Data Protection. In the alternative, the transfers may be necessary on the basis of one of the exceptions referred to in art. 49 GDPR, for example with the informed consent of the data subject or to execute a contract concluded between the data subject and the data controller or pre-contractual measures taken at the request of the data subject, or a contract concluded between the Data Controller and another natural or legal person in favour of the data subject, or for important reasons of public interest or to establish, exercise or defend a right in court or, Furthermore, to protect the vital interests of the data subject or other persons if the data subject is physically or legally incapable of giving his or her consent. It is possible to obtain more information, on request, about any transfers and the related guarantees implemented, at the Data Controller.

6. Rights of the data subject
The data subject may assert their rights and/or ask for information on the processing of their data, by contacting the Data Controller. The GDPR confers to the data subject: a) the right to revoke the consent granted, provided that the withdrawal of consent does not prejudice the lawfulness of the processing based on consent before the revocation; b) the right of access, that is, the possibility of obtaining a copy of the personal data and of knowing: the purposes of the processing; the categories of personal data in question; the recipients or categories of recipients to whom the personal data have been or will be communicated; in particular if they are recipients of third countries or international organisations; where possible, the envisaged period of storage of personal data or, if not possible, the criteria used to determine that period; the existence of the data subject’s right to ask the data controller to rectify or delete the personal data or to restrict the processing of personal data concerning him or her or to oppose their processing; the right to lodge a complaint with a supervisory authority; where the data are not collected from the data subject, all available information on their origin; the existence of an exclusively automated decision-making process, including profiling; and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject; c) the right to rectification and integration of inaccurate or outdated data; In cases of exercise of the rights referred to in paragraphs c), d), and e), the data subject has the right to know the recipients to whom the personal data have been transmitted and the right that the Data Controller communicates to them the corrections, cancellations or limitations of the processing, unless this proves impossible or involves a disproportionate effort. f) the right to data portability, that is, to receive in a structured, commonly used and machine-readable format the personal data concerning him, including the direct transfer of the same by the Data Controller to other Data Controllers, if the processing takes place by automated means and is based more on consent or contract; g) the right to oppose the processing if the processing is based on the legitimate interest of the Data Controller, as already specified in point 2 above; h) the right to lodge a complaint before the competent Supervisory Authority (for Italy, the Data Protection Authority, https//www.garanteprivacy.it). The data subject may assert their rights and/or ask for information on the processing of their data, by contacting the Data Controller. The GDPR gives the data subject: a) the right to revoke the consent given, provided that the revocation of consent does not affect the lawfulness of the processing based on consent before the revocation; b) the right of access, that is, the possibility to obtain a copy of the personal data and to know: the purposes of the processing; the categories of personal data in question; the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organisations; where possible, the envisaged period of storage of personal data or, if not possible, the criteria used to determine that period; the existence of the data subject’s right to ask the data controller to rectify or delete the personal data or to restrict the processing of personal data concerning him or her or to oppose their processing; the right to lodge a complaint with a supervisory authority; if the data are not collected from the data subject, all available information on their origin; the existence of a Proce significant on the logic used, as well as the importance and expected consequences of such processing for the data subject; c) the right to rectification and integration of inaccurate or outdated data; In cases of exercise of the rights referred to in paragraphs c), d), and e), the data subject has the right to know the recipients to whom the personal data have been transmitted and the right that the Data Controller communicates to them the corrections, cancellations or limitations of the processing, unless this proves impossible or involves a disproportionate effort. f) the right to data portability, that is, to receive in a structured, commonly used and machine-readable format the personal data concerning him, including the direct transfer of the same by the Data Controller to other Data Controllers, if the processing takes place by automated means and is based on consent or contract; g) the right to oppose the processing if the processing is based on the legitimate interest of the Data Controller, as already specified in point 2 above; h) the right to lodge a complaint before the competent Supervisory Authority (for Italy, the Data Protection Authority, https//www.garanteprivacy.it).


7. Contact details and channels for exercising data subjects' rights

The Data Controller can be contacted by e-mail at privacy@sibyllanetwork.com or by sending a registered letter a.r. to the Data Controller’s office in Viale Luca Gaurico 283, 00143. The same contacts can also be used to exercise the rights indicated in the paragraph above. d) the right to their cancellation, whenever the data are not necessary for the purposes pursued, or if the data subject decides to revoke the consent or opposes the processing and there are no other legal bases for their storage, or if the data are processed unlawfully, or must be deleted for a legal obligation; e) the right to restriction of processing if the data subject disputes the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such personal data; if the processing is unlawful and the data subject objects to the erasure of personal data and instead asks for its use to be restricted; although the data controller no longer needs it for the purposes of processing, if the personal data are necessary for the purpose of establishing, exercising or defending a right in court; if the data subject has opposed the processing, pending the verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the data subject.

Privacy ClientePunto8

Privacy ClientePunto8Testo