Privacy Policy

PRIVACY POLICY

 

The website [https://www.sterlingaromi.it/en/] (hereinafter the “Website”) is operated by Sterling Aromi S.r.l., with registered office in Via XXV Aprile, 6/8 – 22070 Grandate (CO) (hereinafter referred to as the “Company”).

The Company, as controller, wishes to inform the users of its Website about the processing of personal data concerning them by providing this privacy policy (“Privacy Policy“), in accordance with the European Regulation on the protection of personal data no. 679/2016 (“GDPR“) and legislative Decree No. 196/2003, as subsequently amended and/or supplemented (“Privacy Code“).

This Privacy Policy may be subject to change, including as a consequence of any regulatory changes and/or additions. In any case, the changes will be notified in advance and the user can always view the text of this Privacy Policy constantly updated on the Website.

 

Controller

The controller of the Website users’ personal data is Sterling Aromi S.r.l., with its registered office in Via XXV Aprile, 6/8 – 22070 Grandate (CO), P.IVA 03164390134, the users can contact them at the following e-mail address privacy@sterling.it.

 

Type of personal data processed

The Company collects the following types of information (jointly referred to as the “Personal Data”) that the users provide by using the services on the Website or by contacting the Company directly through the Website:

  • personal identification data, such as first name, surname, company name (in case of legal person user);
  • contact details, such as the address of permanent residence, address of registered office or of any secondary office (if legal person user), e-mail address and telephone number;
  • Navigation data, such as the IP address and domain name of the device used for navigation, the URI (uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the fileobtained in response, the numerical code indicating the response status given by the server (e.g., success, error, etc.), and other device-related parameters, the operating system and computer environment used by the user; and
  • any additional data that the user should provide in the event of contact requests and/or requests for information.Processing’s purposes

The Company will process the Personal Data for the following purposes:

  1. to allow users to use the services offered on the Website, to provide feedback to the requests for assistance and contact received from users, including any requests for information regarding the products and/or services offered by the Company (jointly referred to as the “Contractual Purposes”);
  1. comply with any legal and regulatory obligations to which the Company is subject (“Statutory Purposes“);
  1. with the users’ prior consent, carry out market surveys and send newsletters and commercial communications, through traditional and remote means of communication including e-mail, SMS, social networks, instant messages, mobile applications, banners, e-mail and telephone, for the promotion of the Company products and/or services (“Marketing Purposes”);
  1. with the users’ consent, send commercial communications in the manner referred to in point (c) above that take into account the preferences, characteristics and consumption habits of the users or perform analysis based on the characteristics indicated above (“Profiling Purposes”);
  1. To carry out activities related to business and business divestments, acquisitions, mergers, divisions or other transformations and for the execution of such operations, as well as to enforce and defend the rights of the Company against the users and third parties in any litigation (“Legitimate Interest Purposes”).Processing’s legal basis

The processing of Personal Data for Contractual Purposes is necessary in order to allow users to transmit any contact requests or information to the Company, as well as to allow them to use the services offered through the Website. Therefore, if the user does not want personal data to be processed for these purposes, the Company will not be able to provide the user with the services offered through the Website and/or respond to any requests received by the user.

Processing of personal data for Statutory Purposes is mandatory, as required under applicable law.

The processing of personal data for Marketing and Profiling Purposes is optional and is based on the free consent of the user, who may or may not choose to lend. In any case, the user may subsequently decide to withdraw the consent given and may at any time object to marketing communications received by e-mail by clicking on the appropriate link at the bottom of the e-mails or by sending a communication to privacy@sterling.it. If the user chooses not to give or withdraw the consent, the user will not be able to receive marketing communications, including tailored to him/her interests and preferences, and to stay up-to-date on products or services, promotions and offers, neither to participate in market surveys of the products and services provided by the Company.

The processing of personal data for Legitimate Interest Purposes serves the pursuit of a legitimate interest of the Company adequately balanced with the interests, the fundamental rights and freedoms of individuals whose personal data are being processed in the light of the specific limitations and circumstances in which the processing takes place, as referred to in point (e) of paragraph 3 above. Processing for Legitimate Interest Purposes is not mandatory and the user may object to such processing in the manner set out in paragraph 8 below, but if the user objects to such processing him/her Personal Data may not be used for Legitimate Interest Purposes, unless there are other overriding legitimate compelling reasons or for exercising or defending a right of the Company or of a third party pursuant to Article 21 of the GDPR.

 

Processing modalities

In relation to the purposes indicated above, the processing of Personal Data will take place both through computer tools and on paper and, in any case, through suitable tools to guarantee its security and confidentiality through the adoption of the security measures prescribed by the GDPR.

The Company shall erase and/or destroy the Personal Data if there is no longer a need to process the Personal Data in an identifiable form for the purposes of processing and, in any event, at the end of the retention period specified in paragraph 9 below.

 

Scope of communication and disclosure of Personal Data

In order to pursue the purposes of the processing indicated above, Personal Data may be communicated to subjects who perform services connected and functional to the management of the Website, the provision of the Company’s services or to which the disclosure is to be made in compliance with a legal obligation or in accordance with Company’s legitimate interests, and in particular to:

  • collaborators and employees of the Company and the following in their respective roles;
  • third-party providers of assistance and consultancy services with respect to activities in the areas of, but not limited to, technology, accounting, administrative, legal, insurance;
  • entities and authorities whose right of access to Personal Data is expressly recognized by law, regulations or measures issued by the competent authorities;
  • legal subjects or companies assignees of a business or branch of a business, companies resulting from possible mergers, divisions or other transformations of the Company.

These recipients, as appropriate, process Personal Data as controllers, processors or controllers’ representatives. The complete and updated list of subjects who process the data as processors is available on request to the Company, by sending an e-mail to privacy@sterling.it.

In any event, personal data will not be disclosed by the Company.

 

Are Personal Data transferred abroad?

Personal Data will not be transferred outside the European Union. Should it become necessary to transfer certain Personal Data outside the European Economic Area, the Company will take appropriate security measures to maintain an appropriate level of Personal Data security under applicable law and, in particular, Articles 45 and 46 of the GDPR, like the standard contractual clauses adopted by the European Commission.

 

Users’ rights

The users will have, at any time and free of charge, the right to:

  1. obtain confirmation from the controller as to whether or not the Personal Data concerning him or her exist, and know their content and origin, verify their accuracy or request their integration or updating, or rectification;
  2. request erasure, anonymization or blocking of Personal Data processed in breach of law;
  3. in any event, oppose, for legitimate reasons, their processing;
  4. ask the controller to restrict the processing of Personal Data in the event that (I) it disputes the accuracy of the Personal Data, for the period necessary for the controller to verify the accuracy of such Personal Data; (ii) the processing is unlawful and the user objects to the erasure of the Personal Data, but instead request that its use be restricted; (iii) although the controller no longer needs it for processing purposes, the Personal Data are necessary for the establishment, exercise or defense of legal claims; (iv) has objected to the processing pursuant to Article 21(1) of the GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject;
  5. object at any time to the processing of Personal Data;
  6. request the erasure of Personal Data without undue delay;
  7. obtain the portability of Personal Data;
  8. withdraw consent to the processing of Personal Data at any time, without prejudice in any way to the lawfulness of the processing based on the consent given prior to the withdrawal.

In the event of death, the rights referred to above may be exercised by those who have an interest of their own, or act to protect the user as his representative, or for family reasons worthy of protection. The user may expressly prohibit the exercise of some of the rights listed above by any successor in title by sending a written statement to the Company at the email address below, which may be revoked or amended at a later date in the same manner.

Requests for the exercise of the aforementioned rights can be addressed directly to the Company by sending an e-mail to privacy@sterling.it.

The user also has the right to lodge a complaint with the Supervisory Authority, where the conditions are met.

 

Retention of Personal Data

The Company will retain Personal Data for the period strictly necessary to fulfil the purposes for which they were collected, pursuant to paragraph 3 above. In particular:

  • For the Contractual Purposes, Personal Data are kept for the duration of the service provided, and for 10 years after the termination of the service and/or the processing of the request, without prejudice to cases where retention for a further period is required for possible litigation, as requested by the competent authorities or under the applicable law;
  • For Statutory Purposes, Personal Data are kept for a period equal to the period prescribed for each type of data by law;
  • For Marketing Purposes, Personal Data are kept for the duration of the service used and for 2 years after the end of the service or the last interaction with the user (e.g. request received);
  • For Profiling Purposes, Personal Data are kept for a period of time following the duration of the service used and for 12 months after the last purchase or service used and/or the last contact with the user; and
  • For Legitimate Interest Purposes, Personal Data are stored:
  • if the Personal Data are necessary to enforce and defend the rights of the controller against the user and/or third parties in any dispute as referred to in point (e) of paragraph 3 above, for a period equal to the duration of the provision of the services requested and for the following 10 years;
  • in the event that the processing is intended to carry out activities that are functional to the divestments of a business, business branch, acquisitions, mergers, divisions or other conversions, the retention periods listed above shall apply in relation to the main processing that takes place.

Once the above terms have expired, personal data may be deleted, anonymised and/or aggregated.

 

Processing of personal data of children under the age of 18

The Website is not directed to anyone under the age of 18. Therefore, the Company does not knowingly collect personal data relating to minors.

 

Changes and Updates

This Privacy Policy is effective from the date of publication. The Company may make changes and/or additions to it, including as a consequence of any subsequent statutory changes and/or additions. However, changes will be notified in advance and users will be able to view the updated Privacy Policy on the Website.

Suppliers

Customers