SECTION II

Purpose of Data Processing

(Art. 13, paragraph 1, GDPR)

The data are required by the Data Controller in order to process the request for registration and to execute the contract for the selected service and/or purchased product, to manage and fulfill contact requests submitted by the Data Subject, to provide customer support, and to comply with legal and regulatory obligations to which the Data Controller is subject in relation to its business activities.

Under no circumstances does Servizi di Ingegneria Integrata by Alessandro Scarpulla sell the personal data of the Data Subject to third parties, nor does it use them for purposes other than those expressly stated.

Purposes of Personal Data Processing:

a) registration of personal data and management of contact requests and/or information material requests

b) the management of the contractual relationship

The processing of the Data Subject’s personal data is carried out in order to perform the preliminary and subsequent activities related to the purchase of a Service and/or Product, the management of the related order, the provision of the Service and/or the production and/or shipment of the purchased Product, the related invoicing and payment management, the handling of complaints and/or reports to the customer support service, and the provision of customer assistance through active channels (e.g., web recall, email, telephone, remote support), as well as for fraud prevention and the fulfillment of any other contractual obligations.

The legal basis for such processing lies in the performance of the activities related to the contractual relationship and in compliance with legal obligations.

The processing of the Data Subject’s personal data is carried out in order to perform the preliminary and subsequent activities related to the request for registration, to manage requests for information and contact, and/or to send informational material, as well as to fulfill any other resulting obligations.

The legal basis for such processing lies in the performance of the services related to the request for registration, information, and contact, and/or the sending of informational material, as well as in compliance with legal obligations.

e) the protection of minors

The Services/Products offered by the Data Controller are reserved for individuals who, under the applicable national legislation, are legally capable of entering into contractual obligations.
To prevent unauthorized access to its services, the Data Controller adopts preventive measures to protect its legitimate interests, such as verifying the tax identification number and/or other checks—when necessary for specific Services/Products—to ensure the accuracy of identification data and documents issued by the competent authorities.

c) promotional activities and/or general communications regarding Services/Products similar to those already purchased by the Data Subject (Recital 47 GDPR)

d) commercial promotion activities concerning Services/Products different from those purchased by the Data Subject

With regard to the purposes of sending promotional messages and/or for profiling activities, personal data are processed only if the Data Subject has given specific consent.
The Data Subject’s personal data may also be processed for commercial promotion purposes, market surveys, and research related to Services/Products offered by the Data Controller, only if the Data Subject has authorized such processing and has not objected to it.

Such processing may take place, in an automated manner, through the following channels:

email;
SMS;
telephone contact.

Processing may be carried out:

if the Data Subject has not withdrawn consent for the use of the data;
if, in the case of processing carried out through telephone contact with an operator, the Data Subject is not registered in the “Do Not Call” Register pursuant to Italian Presidential Decree No. 178/2010.

The legal basis for such processing is the consent provided by the Data Subject prior to the processing itself, which may be freely withdrawn at any time (see Section III).

The Data Controller, even without the Data Subject’s explicit consent, may use the contact details provided by the Data Subject for the purpose of direct marketing of its own Services/Products, limited to cases involving Services/Products similar to those subject to the existing sale and contractual relationship (unless the Data Subject explicitly objects).

The Data Controller may also use such contact details for sending email communications related to the provision of the service, the management of any service disruptions, and/or for the transmission of service notices and related updates.

Disclosure to Third Parties and Categories of Recipients

(Art. 13, paragraph 1, GDPR)

The disclosure of the Data Subject’s personal data mainly takes place with third parties and/or recipients whose activities are necessary for carrying out the operations related to the established relationship and for fulfilling specific legal obligations, such as:

Third-party providers

Provision of services (support, maintenance, delivery/shipment of products, provision of additional services, suppliers of electronic communication networks and services) connected to the requested performance.

Credit and digital payment institutions, banking and postal institutions

Management of collections, payments, and refunds related to the contractual performance

External professionals/consultants and consulting firms : Fulfilment of legal obligations, exercise of rights, protection of contractual rights, debt recovery

Public Authorities, Judicial Authorities, and Supervisory and Regulatory Bodies

At the express request of Judicial Authorities in the context of investigations into crimes against the State, terrorism, human rights violations, or mafia-related offences.

The Data Controller requires its third-party suppliers and Data Processors to comply with security measures equivalent to those adopted for the protection of the Data Subject, limiting the scope of each Processor’s activity to the processing operations related to the requested service.

The Data Controller does not transfer your personal data to countries where the GDPR does not apply (non-EU countries), except in specific cases for which you will be duly informed in advance and, where necessary, your consent will be requested.

The legal basis for such processing lies in the performance of activities related to the established relationship, compliance with legal obligations, and the legitimate interest of Servizi di Ingegneria Integrata by Alessandro Scarpulla in carrying out the processing necessary for these purposes.