Smipa srl: Privacy & cookies

  • Foreword

    Smipa S.r.l.with head office in via G. Zanella, 233E - 36010 Monticello Conte Otto (VI), Tax Code and VAT no. 00150140242 as Data Controller (hereinafter, "Controller"), hereby informs you pursuant to Legislative Decree no. 196 dated 30.6.2003 (hereinafter, "Privacy Code") and subsequent amendments and additions and to Art. 13 of EU Regulation no. 2016/679 (hereinafter, "GDPR") that your data will be processed in the following manners and for the following purposes:

  1. Processing subject

    The Controller shall process the personal, identifying and non-sensitive data ( specifically, name, surname, tax code, VAT number, e-mail, telephone number - hereinafter, "personal data" or also "data") that you communicated when registering on the Controller's website and/or when subscribing to the newsletter service offered by the Controller.

  2. Processing purposes

    Your personal data is processed:

    1. Without your express consent (Privacy Code and subsequent amendments and additions and Art. 6 lett. b, and GDPR), for the following Service purposes:
      • To enable you to register on the website;
      • To manage and maintain the website;
      • To allow you to subscribe to the newsletter service provided by the Controller and any further services you may request;
      • To fulfil pre-contractual, contractual and fiscal obligations arising from existing relations with you;
      • To fulfil the obligations required by law, regulation, EU legislation or an order from the Authority;
      • To prevent or detect fraudulent activities or harmful abuse for the website;
      • To exercise the rights of the Controller, such as the right of defence in court.
    2. Only subject to your specific and distinct consent (Privacy Code and subsequent amendments and additions and art. 7 of GDPR), for the following Marketing Purposes:
      • To send you newsletters, commercial communications and/or advertising material on products or services offered by the Controller via e-mail. Please note that if you are already our customer, we may send you commercial communications relating to services and products of the Controller similar to those you have already used, unless you disagree (Privacy Code and subsequent amendments and additions).
  3. Processing methods

    The processing of your personal data is carried out by means of the operations indicated in the Privacy Code and subsequent amendments and additions and in Art. 4 no. 2) GDPR, namely: data collection, recording, organisation, retention, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction. Your personal data shall be subject to paper, electronic and automated processing.
    The Controller will process your personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Service Purposes and for no longer than 2 years from the data collection for Marketing Purposes.

  4. Data access

    Your data may be made accessible for the purposes set out in Articles 2.A) and 2.B):

    • To employees and collaborators of the Controller, in their capacity as appointees and/or internal data processors and/or system administrators;
    • To external companies for support in studying the feasibility of the customer's project, for the technical management of the project, for the storage of personal data, etc.) or to third parties (e.g. providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc.) that perform outsourcing work on behalf of the Controller, in their capacity as external data processors.
  5. Data disclosure

    Without your express consent (Privacy Code and subsequent amendments and additions and Art. 6 lett. b) and c) GDPR), the Controller may disclose your data for the purposes set out in Art. 2.A) to supervisory bodies, judicial authorities and all other parties to whom disclosure is legally required for the fulfilment of the aforementioned purposes. Your data will not be disseminated.

  6. Data transfer

    The management and retention of personal data will take place on servers located within the European Union of the Controller and/or third party companies appointed and duly designated as Data Processors. Our servers are currently located in Italy. Data will not be transferred outside the European Union. It is in any case understood that should it become necessary, the Controller shall have the right to move the location of the servers to Italy and/or the European Union and/or countries outside the EU. In this case, the Controller hereby ensures that transferring data outside the EU will take place in compliance with applicable legal provisions by entering into - if necessary - agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.

  7. Nature of providing data and the consequences of refusal to do so

    Providing data for the purposes set out in Article 2.A) is mandatory. Without it, we will not be able to guarantee you registration on the site or the Services of art. 2.A). On the other hand, providing data for the purposes of Article 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material related to the Services offered by the Controller. In any event, you will continue to be entitled to the Services set out in Article 2.A).

  8. Rights of the data subject

    In your capacity as a data subject, you have the rights as set out in the Privacy Code and subsequent amendments and additions and Art. 15 GDPR and specifically the rights to:

    1. Obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and its disclosure in an intelligible form;
    2. Obtain the indication:
      • Of the origin of the personal data;
      • Of the purposes and processing methods;
      • Of the logic applied in the event of processing performed with the aid of electronic instruments;
      • Of the identification data concerning the controller, the processors and the designated representative pursuant to the Privacy Code and subsequent amendments and additions and Article 3, paragraph 1, GDPR; and of the data subjects or categories of data subjects to whom the personal data may be disclosed or who may become aware of the data in their capacity as designated representative in the territory of the State, processors or appointees;
    3. Obtain:
      • The updating, rectification or, where interested therein, the integration of data;
      • The deletion, transformation into anonymous form or blocking of illegally processed data, including data whose retention is not necessary for the purposes for which the data was collected or subsequently processed;
      • The certification that the operations set forth in Articles 8.A) and B) have been brought to attention, also regarding their content, to those to whom the data has been disclosed or disseminated, except in the case where this proves impossible or involves the use of means manifestly disproportionate to the protected right;
    4. Fully or partially object:
      • To the processing of your personal data for legitimate reasons, even if pertinent to collection purposes;
      • To the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for performing market research or commercial communication surveys, through the use of automated calling systems without an operator, by e-mail and/or through traditional marketing methods by telephone and/or by post. Please note that the data subject's right to object, as set out in point B) above, for direct marketing purposes by automated means extends to traditional marketing methods and that, in any case, the data subject's right to object may also be partially exercised. Therefore, the data subject may decide to receive only notifications by traditional means or only automated ones, or neither of the two types of notification.
      • Where applicable, the data subject also has the rights set out in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.
  9. Procedures for exercising rights

    You may exercise your rights at any time by sending:

    • A registered letter with return receipt addressed to: SMIPA S.r.l., with head office in via G. Zanella, 233E - 36010 Monticello Conte Otto (VI)
    • An e-mail to
    • A certified e-mail (PEC) to
  10. Minors

    This site and the Controller's services are not intended for minors under the age of 18, and the Controller does not intentionally collect personal information concerning minors. In the event that information concerning minors is unintentionally recorded, the Controller will promptly delete it upon the users’ request.

  11. Controller, processor and appointees

    The Data Controller is SMIPA S.r.l., with head office in via G. Zanella, 233E - 36010 Monticello Conte Otto (VI). The updated list of data processors and processing appointees is kept at the Data Controller's head office.

  12. Changes to this Policy

    This Privacy Policy is subject to change. It is therefore recommended to regularly check this Privacy Policy and to refer to the most up-to-date version.