{"id":22899,"date":"2026-03-25T15:39:44","date_gmt":"2026-03-25T14:39:44","guid":{"rendered":"https:\/\/sismadev.net-informatica.it\/full-privacy-statement-suppliers\/"},"modified":"2026-03-25T16:59:36","modified_gmt":"2026-03-25T15:59:36","slug":"full-privacy-statement-suppliers","status":"publish","type":"page","link":"https:\/\/sismadev.net-informatica.it\/en\/full-privacy-statement-suppliers\/","title":{"rendered":"Full Privacy Statement \u2013 Suppliers"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"22899\" class=\"elementor elementor-22899 elementor-22833\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a099279 e-flex e-con-boxed wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-parent\" data-id=\"a099279\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cb599a8 elementor-widget elementor-widget-spacer\" data-id=\"cb599a8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5bc14e1 e-flex e-con-boxed wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-parent\" data-id=\"5bc14e1\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0bf1cdd elementor-widget elementor-widget-text-editor\" data-id=\"0bf1cdd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About us and what we do with your personal data<\/strong><br>Sisma S.p.A., with registered office in Via Industria 1, (36013) Piovene Rocchette (VI) (hereinafter also the Data Controller), in its capacity as data controller, is concerned with the confidentiality of your personal data and guarantees that they will be protected against any event that may put them at risk of breach.<br>To this end, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of the rights recognised by the applicable legislation. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that could affect the processing of your personal data.<br> <br>The Data Controller has appointed a Data Protection Officer (DPO) who you can contact if you have questions about the policies and practices adopted: dpo@sismadev.net-informatica.it <br><strong>How and why does the Data Controller collect and process your personal data?<\/strong><br>The Data Controller collects and\/or receives information about you, such as:<\/p><ul><li>name, surname<\/li><li>tax code or VAT number<\/li><li>place and date of birth<\/li><li>address<\/li><li>email<\/li><li>telephone number<\/li><li>identification code<\/li><li>current account number<\/li><li>data relating to criminal convictions and\/or offences exclusively in the case of litigation<\/li><\/ul><p>The personal data concerning you will be processed for the following purposes:<\/p><p> <\/p><p><strong>1) the management of the contractual supply relationship and the consequent obligations, including regulatory<\/strong><\/p><p><strong> <\/strong><\/p><table><tbody><tr><td width=\"307\">Purpose<\/td> <td width=\"307\">Legal basis<\/td><\/tr><tr><td width=\"307\"><p>\u2013 the management of the contractual relationship in all its phases, from negotiations to its definition, whatever the cause<\/p><p>\u2013 monitoring and updating of supply conditions and\/or services and assignments<\/p><p>\u2013 registration, invoicing and accounting<\/p><\/td><td width=\"307\"><p>Carrying out contractual and pre-contractual activities<\/p><p> <\/p><p>Adempimento di obblighi di legge e dipendenti dal contratto e dal rapporto instaurato, quali, tra gli altri, quelli discendenti da:<\/p><p>\u2013 Presidential Decree n. 633\/1972 and subsequent amendments. <\/p><p>\u2013 Presidential Decree n. 600\/1972 and subsequent amendments. <\/p><p>\u2013 Code of Ethics of the Owner<\/p><p>Fulfillment of economic, financial and social reporting obligations<\/p><\/td><\/tr><\/tbody><\/table><p> <\/p><p>Your data may also be collected from third parties such as, for example:<\/p><ul><li><ul><li>other data controllers, for example companies in the Group to which the Data Controller belongs;<\/li><li>IT service provider.<\/li><\/ul><\/li><\/ul><p>I dati che La riguardano possono essere ottenuti mediante la consultazione di:<\/p><ul><li>lists kept by public or equivalent bodies or under the control of the public authority on the basis of specific national legislation.<\/li><\/ul><p> <\/p><p><strong>2) for communication to third parties and for dissemination<\/strong><\/p><p> <\/p><table><tbody><tr><td width=\"307\">Purpose <\/td><td width=\"307\">Legal basis<\/td><\/tr><tr><td width=\"307\"><p>comunicazione a terzi quali:<\/p><p>\u2013 societ\u00e0 del Gruppo a cui appartiene il Titolare<\/p><p>\u2013 Suppliers possibly involved in administrative and accounting management<\/p><p>IT consultants<\/p><p>\u2013 Public bodies<\/p><p> <\/p><\/td><td width=\"307\"><p>Carrying out contractual and pre-contractual activities<\/p><p> <\/p><p>Fulfillment of obligations arising from the contract<\/p><p> <\/p><p>Compliance with legal obligations, including those deriving from:<\/p><p>\u2013 Presidential Decree n. 633\/1972 and subsequent amendments. <\/p><p>\u2013 D.P.R. n. 600\/1972<\/p><p>Fulfillment of transparency and economic-social reporting obligations<\/p><\/td><\/tr><\/tbody><\/table><p> <\/p><p>The Data Controller does not transfer your personal data abroad (non-EU countries). Your personal data may be disseminated and disclosed through the Data Controller&#8217;s websites, where lists of suppliers and consultants are published in accordance with the Code of Ethics and the obligations of transparency and economic-social reporting.<br>Disclosure and disclosure concern the categories of data whose transmission and\/or disclosure are necessary for the performance of the activities and purposes pursued by the Data Controller in managing the established relationship. The relevant processing does not require the data subject&#8217;s consent if it is required by law or to fulfill obligations arising from the contractual relationship,<br>or if another exclusion applies (in particular, application of the provisions of the Code of Ethics and\/or the Data Controller&#8217;s legitimate interest), expressly provided for or dependent on the laws and regulations applied by the Data Controller, or through third parties identified as data processors;  <\/p><p> <\/p><p><strong>3) for IT security activities<\/strong><\/p><p><strong> <\/strong><\/p><table><tbody><tr><td width=\"307\">Purpose <\/td><td width=\"307\">Legal basis<\/td><\/tr><tr><td width=\"307\"><p>\u2013 control and monitoring of the services displayed online and on the platforms belonging to the Data Controller and made available to you also by virtue of the activities carried out on behalf of the Data Controller (access to reserved areas, websites, email inbox, administration of the systems in use, etc.)<\/p><p> <\/p><p>\u2013 implementation of procedures for detecting and notifying personal data breaches<\/p><\/td><td width=\"307\"><p>Carrying out activities dependent on the established relationship<\/p><p> <\/p><p>Fulfillment of legal obligations (detection and notification of data breach events)<\/p><p> <\/p><p>Legitimate interest<\/p><\/td><\/tr><\/tbody><\/table><p> <\/p><p><strong>How, where and for how long is your data stored?<\/strong><br><strong>How<\/strong><br>Data processing is carried out using paper or computerized procedures by specifically authorized internal personnel. These personnel are granted access to your personal data to the extent and within the limits necessary to carry out the processing activities concerning you.<br>The Data Controller periodically verifies the tools used to process your data and the security measures implemented for them, which are constantly updated. It verifies, also through authorized personnel, that no personal data is collected, processed, archived, or retained that is unnecessary or whose processing purposes have been fulfilled. It verifies that the<br>data is stored with guarantees of integrity and authenticity and that it is used for the purposes of the processing actually performed.<br>The Data Controller guarantees that the data, even after verification, is found to be excessive or irrelevant and will not be used, except for the possible retention, in accordance with the law, of the deed or document containing it.  <br><strong>Where<\/strong><br>The data is stored in paper, computer, and electronic archives located within the European Economic Area, and adequate security measures are ensured. Your personal data may be transferred to the following non-EU countries, fully complying with the guarantees required by European legislation:<br>\u2022 USA, existence of an adequacy decision, Commission Implementing Decision (EU) 2016\/1250 of 12 July 2016 pursuant to Directive 95\/46\/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield [notified under document C(2016) 4176]; <\/p><ul><li>MEXICO: existence of standard contractual clause no. 27 December 2004 no. 50071\/2004;<\/li><li>T\u00fcrkiye: existence of standard contractual clause no. 27 December 2004 no. 50071\/2004;<\/li><li>RUSSIA: existence of standard contractual clause of 5 February 2010 n\u00b02010\/87;<\/li><li>CHINA: existence of standard contractual clause dated 5 February 2010 n\u00b02010\/87.<\/li><\/ul><p>How long<br>Your personal data is retained for the time necessary to complete the activities related to the management of the contract you have entered into with the Data Controller and for the related obligations, including legal obligations.<br>In particular:<\/p><table><tbody><tr><td width=\"243\"><p>identification data and data relating to relationship management<\/p><p> <\/p><\/td><td width=\"408\"><p>Duration of the contractual relationship<\/p><p>The following are saved:<\/p><p>\u2013 termination of the contract (for any reason)<\/p><p>\u2013 purposes that continue beyond the conclusion of the contract (e.g., accounting, art. 2220 of the Italian Civil Code)<\/p><p>\u2013 the limitation periods: from five to ten damages from the definition of the relationship and in any case from the moment in which the rights deriving from it can be exercised (articles 2935, 2946 and 2947 of the Civil Code)<\/p><p>Without prejudice, furthermore, to any dispute which may entail an extension of the aforementioned terms, for the time necessary to pursue the relevant purpose.<\/p><\/td><\/tr><tr><td width=\"243\">Computer data (system and network access logs and\/or IP addresses).<\/td> <td width=\"408\">The retention period depends on the presumed and\/or detected risk and the resulting detrimental consequences, without prejudice to measures to anonymize the data or limit its processing.<br>In any case, the data must be retained (starting from the time of knowledge\/detection of the risk event or data breach) for the time necessary to notify the supervisory authority of the detected data breach through the procedures implemented by the Data Controller and, in any case, to remedy the breach.<\/td><\/tr><\/tbody><\/table><p> <\/p><p> <\/p><p>Once all the purposes that justify the retention of your personal data have been exhausted, the Data Controller will take care to delete them or make them anonymous.<br><strong>What are your rights?<\/strong><br>Your rights allow you to always have control over your data.<br>Your rights are: <\/p><ul><li>access;<\/li><li>rectification;<\/li><li>cancellation;<\/li><li>limitation of processing;<\/li><li>opposition to processing;<\/li><li>portability.<\/li><\/ul><p>In essence, you can, at any time and free of charge and without any particular charges or formalities for your request:<\/p><ul><li>obtain confirmation of the processing carried out by the Data Controller;<\/li><li>access your personal data and know their origin (when the data is not obtained directly from you), the purposes and aims of the processing, the data of the subjects to whom they are communicated, the period for which your data will be stored or the criteria used to determine it;<\/li><li>update or rectify your personal data so that it is always accurate and up-to-date;<\/li><li>Delete your personal data from databases and\/or backup archives if, among other things, they are no longer necessary for the purposes of the processing or if the processing is deemed unlawful, provided that the legal requirements are met; and in any case, if the processing is not justified by another equally legitimate reason;<\/li><li>Restrict the processing of your personal data in certain circumstances, for example, if you have contested its accuracy, for a period of time necessary for the Data Controller to verify its accuracy. You must also be informed, within an appropriate timeframe, when the suspension period has expired or the reason for the restriction of processing has ceased to exist, and the restriction has therefore been lifted; <\/li><li>obtain your personal data, if their processing is carried out on the basis of a contract and with automated tools, in electronic format also for the purpose of transmitting them to another Data Controller.<\/li><\/ul><p>The Data Controller shall proceed in this manner without delay and, in any case, no later than one month after receiving your request. This deadline may be extended by two months if necessary, taking into account the complexity and number of requests received. In such cases, the Data Controller will inform you and explain the reasons for the extension within one month of receiving your request.<br>For any further information and to submit your request, please contact the Data Controller at privacy@sismadev.net-informatica.it.  <br><strong>How and when can you object to the processing of your personal data?<\/strong><br>For reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on legitimate interest by sending your request to privacy@sismadev.net-informatica.it.<br>You have the right to have your personal data erased if there is no legitimate reason that prevails over the reason for your request.<br><strong>Who can I complain to?<\/strong><br>Fatta salva ogni altra azione in sede amministrativa o giudiziaria, pu\u00f2 presentare un reclamo all\u2019autorit\u00e0 garante per la protezione dei dati personali, a meno che Lei non risieda o non svolga la Sua attivit\u00e0 lavorativa in altro Stato membro. In tale ultimo caso, o in quello in cui la violazione della normativa in materia di protezione dei dati personali avvenga in altro Paese dell\u2019UE, la competenza a ricevere e conoscere il reclamo sar\u00e0 delle autorit\u00e0 di controllo ivi stabilite.<br>Ogni aggiornamento della presente informativa Le sar\u00e0 comunicato tempestivamente e mediante mezzi congrui e altrettanto Le sar\u00e0 comunicato prima di procedervi e in tempo per prestare il Suo consenso se necessario. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-bb35d5c e-flex e-con-boxed wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-parent\" data-id=\"bb35d5c\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5818da6 elementor-widget elementor-widget-spacer\" data-id=\"5818da6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>About us and what we do with your personal dataSisma S.p.A., with registered office in Via Industria 1, (36013) Piovene Rocchette (VI) (hereinafter also the Data Controller), in its capacity as data controller, is concerned with the confidentiality of your personal data and guarantees that they will be protected against any event that may put them at risk of breach.To this end, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of the rights recognised by the applicable legislation. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that could affect the processing of your personal data. The Data Controller has appointed a Data Protection Officer (DPO) who you can contact if you have questions about the policies and practices adopted: dpo@sismadev.net-informatica.it How and why does the Data Controller collect and process your personal data?The Data Controller collects and\/or receives information about you, such as: name, surname tax code or VAT number place and date of birth address email telephone number identification code current account number data relating to criminal convictions and\/or offences exclusively in the case of litigation The personal data concerning you will be processed for the following purposes: 1) the management of the contractual supply relationship and the consequent obligations, including regulatory Purpose Legal basis \u2013 the management of the contractual relationship in all its phases, from negotiations to its definition, whatever the cause \u2013 monitoring and updating of supply conditions and\/or services and assignments \u2013 registration, invoicing and accounting Carrying out contractual and pre-contractual activities Adempimento di obblighi di legge e dipendenti dal contratto e dal rapporto instaurato, quali, tra gli altri, quelli discendenti da: \u2013 Presidential Decree n. 633\/1972 and subsequent amendments. \u2013 Presidential Decree n. 600\/1972 and subsequent amendments. \u2013 Code of Ethics of the Owner Fulfillment of economic, financial and social reporting obligations Your data may also be collected from third parties such as, for example: other data controllers, for example companies in the Group to which the Data Controller belongs; IT service provider. I dati che La riguardano possono essere ottenuti mediante la consultazione di: lists kept by public or equivalent bodies or under the control of the public authority on the basis of specific national legislation. 2) for communication to third parties and for dissemination Purpose Legal basis comunicazione a terzi quali: \u2013 societ\u00e0 del Gruppo a cui appartiene il Titolare \u2013 Suppliers possibly involved in administrative and accounting management IT consultants \u2013 Public bodies Carrying out contractual and pre-contractual activities Fulfillment of obligations arising from the contract Compliance with legal obligations, including those deriving from: \u2013 Presidential Decree n. 633\/1972 and subsequent amendments. \u2013 D.P.R. n. 600\/1972 Fulfillment of transparency and economic-social reporting obligations The Data Controller does not transfer your personal data abroad (non-EU countries). Your personal data may be disseminated and disclosed through the Data Controller&#8217;s websites, where lists of suppliers and consultants are published in accordance with the Code of Ethics and the obligations of transparency and economic-social reporting.Disclosure and disclosure concern the categories of data whose transmission and\/or disclosure are necessary for the performance of the activities and purposes pursued by the Data Controller in managing the established relationship. The relevant processing does not require the data subject&#8217;s consent if it is required by law or to fulfill obligations arising from the contractual relationship,or if another exclusion applies (in particular, application of the provisions of the Code of Ethics and\/or the Data Controller&#8217;s legitimate interest), expressly provided for or dependent on the laws and regulations applied by the Data Controller, or through third parties identified as data processors; 3) for IT security activities Purpose Legal basis \u2013 control and monitoring of the services displayed online and on the platforms belonging to the Data Controller and made available to you also by virtue of the activities carried out on behalf of the Data Controller (access to reserved areas, websites, email inbox, administration of the systems in use, etc.) \u2013 implementation of procedures for detecting and notifying personal data breaches Carrying out activities dependent on the established relationship Fulfillment of legal obligations (detection and notification of data breach events) Legitimate interest How, where and for how long is your data stored?HowData processing is carried out using paper or computerized procedures by specifically authorized internal personnel. These personnel are granted access to your personal data to the extent and within the limits necessary to carry out the processing activities concerning you.The Data Controller periodically verifies the tools used to process your data and the security measures implemented for them, which are constantly updated. It verifies, also through authorized personnel, that no personal data is collected, processed, archived, or retained that is unnecessary or whose processing purposes have been fulfilled. It verifies that thedata is stored with guarantees of integrity and authenticity and that it is used for the purposes of the processing actually performed.The Data Controller guarantees that the data, even after verification, is found to be excessive or irrelevant and will not be used, except for the possible retention, in accordance with the law, of the deed or document containing it. WhereThe data is stored in paper, computer, and electronic archives located within the European Economic Area, and adequate security measures are ensured. Your personal data may be transferred to the following non-EU countries, fully complying with the guarantees required by European legislation:\u2022 USA, existence of an adequacy decision, Commission Implementing Decision (EU) 2016\/1250 of 12 July 2016 pursuant to Directive 95\/46\/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield [notified under document C(2016) 4176]; MEXICO: existence of standard contractual clause no. 27 December 2004 no. 50071\/2004; T\u00fcrkiye: existence of standard contractual clause no. 27 December 2004 no. 50071\/2004; RUSSIA: existence of standard contractual clause of 5 February 2010 n\u00b02010\/87; CHINA: existence of<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-22899","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/sismadev.net-informatica.it\/en\/wp-json\/wp\/v2\/pages\/22899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sismadev.net-informatica.it\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sismadev.net-informatica.it\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sismadev.net-informatica.it\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sismadev.net-informatica.it\/en\/wp-json\/wp\/v2\/comments?post=22899"}],"version-history":[{"count":0,"href":"https:\/\/sismadev.net-informatica.it\/en\/wp-json\/wp\/v2\/pages\/22899\/revisions"}],"wp:attachment":[{"href":"https:\/\/sismadev.net-informatica.it\/en\/wp-json\/wp\/v2\/media?parent=22899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}