Privacy

pursuant to Articles 13 and 14 of EU Regulation 2016/679

Dear user,

Simplex Domus S.R.L. considers the protection of its users' personal data of fundamental importance.

This information is provided, in compliance with Articles 13 and 14 of EU Regulation 679/2016 (hereinafter "Regulation"), to ensure that the processing of your personal data collected through browsing the platform takes place in full compliance with the protections and rights recognized by Regulation (EU) 2016/679 ("GDPR" or " Regulation") and other applicable rules on personal data protection (the " Privacy Legislation"), including Legislative Decree 196/2003 and subsequent amendments (the " Privacy Code").

The term personal data refers to the definition contained in Article 4, paragraph 1 of the Regulation, namely " any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" (the " Personal Data").

This Privacy Policy aims to describe how the website https://www.simplexdomus.it/ (the " Site") is managed, with reference to the processing of your Personal Data that will be carried out in compliance with the principles of fairness, lawfulness, transparency, and protection of confidentiality and fundamental rights.

We will also provide you, in a simple and intuitive way, with all the useful and necessary information so that you can provide your Personal Data in a conscious and informed manner and, at any time, exercise your rights provided for by the GDPR.

DATA CONTROLLER

The company that will process your Personal Data for the purposes of this Privacy Policy and will therefore act as the data controller (" the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data") is Simplex Domus S.R.L., with its operational headquarters in Via Bardazzi no. 66, 50127 – Florence (the " Data Controller").

DATA PROTECTION OFFICER

To facilitate relations with the data subjects, the Data Controller has appointed its own Data Protection Officer (the " DPO"), identified as SAPG Legal Tech S.R.L. with headquarters in Corso Europa no. 7, 20122 – Milan (MI).

As provided for in Article 38 of the GDPR, you can freely contact the DPO for all matters relating to the processing of your Personal Data and/or if you wish to exercise your rights as provided for in this Privacy Policy by sending a written communication to the email address: dpo.privacy@sapglegal.com.

PURPOSES AND LEGAL BASIS OF THE PROCESSING

While browsing the Site, Personal Data may be processed according to the purposes and related legal bases set out below.

a) Improving the browsing experience and checking the correct functioning of the Site: The computer systems and software procedures used to operate the Site acquire, during their normal use, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, by way of example: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access or exit was made, information on pages visited within the Site, access times, time spent on a single page, internal path analysis and other parameters related to the operating system and the user's IT environment.

These technical/IT data are collected and used exclusively in an aggregated and non-identifiable manner and could be used to ascertain responsibility in case of hypothetical IT crimes against the Site.

The processing is legally based on the legitimate interest of the Data Controller to improve the functioning of its systems, optimize and enhance the browsing experience, prevent fraudulent activities, and improve the security of the Site ( Article 6(1)(f) of the Regulation).

b) Use of the Services offered: To allow the user to use the services offered through the website, it will be necessary for the user to provide the requested Personal Data in the appropriate forms. If any of the fields marked as mandatory are not filled out, it may not be possible to process the Personal Data and, consequently, provide the user with the requested information and services.

This purpose of the processing is legitimized by the execution of pre-contractual measures or the contract to which you are a party (under Article 6(1)(b) of the GDPR).

c) Direct Marketing of the Data Controller: This term refers to promotional activities (both automated and traditional) of the services of your interest provided by the Data Controller. Regarding this direct marketing purpose, it should be noted that, under Article 6(1)(f) of the Regulation and Article 130(4) of the Privacy Code (so-called soft spam exception), the Data Controller may carry out this activity based on its legitimate interest, regardless of your explicit consent. This will be possible following the assessments made by the Data Controller regarding the possible and potential prevalence of your interests, rights, and fundamental freedoms requiring the protection of Personal Data over its legitimate interest in sending direct marketing communications. Moreover, you can lawfully and at any time (even partially) object to receiving promotional communications, without this affecting the processing for other purposes.

This processing will therefore be legally based on the legitimate interest of the Data Controller under Article 6(1)(f) of the Regulation.

d) Contact us: If requested by you through the appropriate form, Personal Data will be processed to respond to your requests for information on the services provided by Simplex Domus S.R.L.

This purpose of the processing is legitimized by the execution of pre-contractual measures or the contract to which you are a party (under Article 6(1)(b) of the GDPR).

SUBJECTS WHO MAY PROCESS YOUR PERSONAL DATA

Your Personal Data may be processed, on behalf of the Data Controller, exclusively by personnel expressly authorized to process it (under Article 29 of the Regulation and Article 2 -  quarterdecies of the Privacy Code) and by third parties expressly appointed as data processors (under Article 28 of the Regulation), to correctly carry out all processing activities necessary to pursue the purposes of this Privacy Policy.

Your Personal Data may be communicated to subjects and authorities whose right to access Personal Data is expressly recognized by law, regulations, or orders from competent authorities.

If you wish to know which subjects have gained access to your Personal Data following your relationships with the Data Controller, you may contact the Data Controller by sending an email to the following address:

privacy@simplexdomus.it.

PERSONAL DATA RETENTION PERIOD

In compliance with the principle of limitation of the retention period (Article 5.1(e) of the Regulation), your Personal Data will be processed by the Data Controller only for as long as necessary to achieve the purposes set out in this Privacy Policy.

In particular, your Personal Data will be retained:

1. for the purposes set out in Point 3, letter a), for the time necessary to provide the services on the Site; in the case of purchasing products or services, the data will be retained for a further 10 years from the conclusion of the contract, in compliance with legal requirements;
2. For the purposes set out in Point 3, letter b), until your possible  opt-out, while the data relating to the details of the promotional and commercial activities carried out will be retained for 10 years from the collection of each data;
3. For the purposes set out in Point 3, letter d), regarding personal and contact data until your  opt-out, while the data relating to the details of the promotional and commercial activities carried out will be retained for 5 years from the collection of each data;
4. For the purposes set out in Point 3, letter e), after the request has been fulfilled, for the ordinary limitation period of 5 years.

Subsequently, Personal Data will be destroyed, deleted, or anonymized, in line with the technical procedures for deletion and  backup and the Data Controller's  accountability requirements. In particular, following your opposition and/or possible withdrawal of consent, the Data Controller will continue to process your Personal Data to record that you should no longer be sent marketing information and promotional material.

DATA SUBJECTS' RIGHTS AND EXERCISE METHODS

You may exercise your rights provided for by Articles 15 and following of the Regulation at any time against the Data Controller. In particular, you have the right to obtain:

• the  confirmation whether or not your Personal Data is being processed and to obtain access to the data and the following information: purposes of the processing, categories of personal data, recipients and/or categories of recipients to whom the data has been and/or will be communicated, as well as the retention period;
• the  rectification of your inaccurate Personal Data and/or the integration of incomplete Personal Data, even by providing a supplementary statement;
• the  deletion of your Personal Data and the  restriction of processing in the cases provided for by the GDPR and the current privacy legislation;
• if applicable, the  portability of your Personal Data and, in particular, the right to request the direct transmission of your Personal Data to another data controller;
• the objection to processing at any time, for reasons related to your particular situation, to the processing of your Personal Data in full compliance with the current privacy legislation.

To exercise your rights, you may contact the Data Controller at the following email address, attaching a copy of your identity document: privacy@simplexdomus.it.

In any case, if you believe that the processing of Personal Data is contrary to the Privacy Legislation, you will always have the right to file a  complaint with the competent supervisory authority (Data Protection Authority) under Article 77 GDPR.

LOCATIONS OF PROCESSING

Your Personal Data will be processed by the Data Controller within the territory of the European Union. 

Moreover, for technical and/or operational reasons, your Personal Data may be transferred and/or located in countries outside the territory of the European Union. 

In these cases, we inform you that the subjects located outside the European Union will be appointed (if the conditions apply) as Data Processors under Article 28 of the Regulation. Furthermore, the transfer of your Personal Data to these subjects, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation. 

All necessary precautions will be taken to ensure the highest protection of your Personal Data by basing such transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on appropriate safeguards expressed by the recipient third party under Article 46 of the Regulation; c) on the adoption of binding corporate rules, so-called  binding corporate rules; d) by adopting standard contractual clauses approved by the European Commission. 

In any case, you may request further details from the Data Controller if your Personal Data has been processed outside the European Union by requesting evidence of the specific safeguards adopted.