PRIVACY POLICY

Dear user, Simulo S.r.l. protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation. As required by the European Union Regulation no. 679/2016 (“GDPR”), and in particular to art. 13, below we provide the user (“Interested”) with the information required by law relating to the processing of their personal data. We provide this information not only to comply with the legal obligations regarding the protection of personal data provided for by Regulation (EU) 2016/679 or “Regulation”, but also because we believe that the protection of personal data is a fundamental value of our business and we want to provide you with any information that can help you protect your privacy and control the use made of your data in relation to the browsing experience on our site.

SECTION I.

Who we are and what data we process (Article 13, 1st paragraph, letter a, Article 15, letter b GDPR)

Simulo srl, in the person of its Legal Representative, with registered office in Viale dell'Atigianato,19 - 70026 Modugno (BA), which can be contacted at info@simulo.it , collects and / or receives information concerning the interested party for requests sent through the Web site. The data processed are so-called data. “Municipalities” and concern personal data such as name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile telephone, fax, tax code, e-mail address (es).
Simulo s.r.l. does not require the interested party to provide data so-called “Particular”, or, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the service requested from Simulo s.r.l. requires the processing of such data, the interested party will receive specific information in advance and will be asked to give appropriate consent.

SECTION II

For what purposes do we need the data of the interested party (Article 13, 1st paragraph GDPR)

The data are used by the Data Controller to follow up on the requests and reports sent by domestic and non-domestic users through the website, to manage and execute the contact requests sent by the Data Subject, to provide assistance, to fulfill the legal and regulatory obligations to which the Data Controller is held according to the activity exercised. In no case Simulo s.r.l. resells the personal data of the interested party to third parties or uses them for undeclared purposes.

Communication to third parties and categories of recipients (Article 13, 1st paragraph of the GDPR)
The communication of the data subject’s personal data takes place mainly towards third parties and / or recipients whose activity is necessary for the performance of the activities related to the relationship established and to respond to certain legal obligations, such as: Third party suppliers: Provision of services (assistance, maintenance, provision of additional services) related to the requested service External professionals / consultants and consultancy companies: Fulfillment of legal obligations, exercise of rights, protection of contractual rights, etc. The Data Controller requires its third party suppliers and data processors to comply with security measures equal to those adopted for the interested party by restricting the perimeter of action of the manager to the processing related to the requested service. The Data Controller does not transfer your personal data to countries where the GDPR is not applied (non-EU countries). The legal basis of these treatments is the fulfillment of the required services, compliance with legal obligations and the legitimate interest of Simulo s.r.l. to carry out treatments necessary for these purposes.

SECTION III
What happens if the interested party does not provide his data identified as necessary for the performance of the requested service? (Article 13, paragraph 2, letter and GDPR)
The collection and processing of personal data is necessary to follow up on the requested services as well as to provide the requested Service. If the interested party does not provide the personal data expressly provided as necessary, the Data Controller will not be able to process the processing related to the management of the requests and the services connected to it, nor the obligations that depend on them.

How we process the data of the interested party (Article 32 of the GDPR)
The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the data subject’s personal data and imposes similar security measures on third party suppliers and Managers.

How long are the data of the interested party kept? (Article 13, paragraph 2, letter a GDPR)
Unless they explicitly express their will to remove them, the personal data of the interested party will be kept as long as they are necessary with respect to the legitimate purposes for which they were collected.
Furthermore, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) that remain even after the termination of the contract (Article 2220 of the Italian Civil Code); for these purposes, the Data Controller will only keep the data necessary for its prosecution.
The cases in which the rights deriving from the contract and / or from the registration in the registry are valid, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time indispensable to their pursuit.

What are the rights of the interested party? (articles 15 – 20 GDPR)
The interested party has the right to obtain from the data controller the following:
a) confirmation as to whether or not personal data concerning him are being processed and, in this case, to obtain access to personal data and the following information:

1. 1. the purposes of the processing;
   2. the categories of personal data in question;
   3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations;
   4. when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
   5. the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
   6. the right to lodge a complaint with a supervisory authority;
   7. if the data are not collected from the data subject, all available information on their origin;
   8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject;
   9. the adequate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred;

b) the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; in case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs;
c) the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay;
d) the right to obtain from the data controller the deletion of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law always exist; and in any case if the processing is not justified by another equally legitimate reason;
e) the right to obtain from the data controller the limitation of processing, in the cases provided for in art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in a reasonable time, also of when the suspension period has been completed or the cause of the limitation of the processing has ceased, and therefore the limitation itself revoked;
f) the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort;
g) the right to receive personal data concerning him in a structured format, commonly used and readable by an automatic device and the right to transmit such data to another data controller without impediments by the data controller to whom he provided them , in the cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
For any further information and in any case to send your request you must contact the Data Controller at info@simulo.it. In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.

How and when can the interested party oppose the processing of their personal data? (Art. 21 GDPR)
For reasons relating to the particular situation of the interested party, the same may object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller at info@simulo.it.
The interested party has the right to have their personal data deleted if there is no legitimate overriding reason of the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for commercial promotion activities.

Who can the interested party lodge a complaint with? (Art. 15 GDPR)
Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Guarantor Authority for the protection of personal data) or the one that carries out its duties and exercises its powers. in the Member State where the violation of the GDPR took place.

SECTION IV
COOKIE
General information, deactivation and management of cookies
Cookies are data that are sent from the website and stored by the internet browser on the user’s computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed from our website or its subdomains. For the information on cookies click here.