top of page

Privacy & cookie Policy

Information about data management on the website sardmobil.com

I. Purpose of the Policy

Guilcernet 3.0 s.r.l.s (registered office: Via San Lorenzo SN, 09080 Boroneddu (OR), Italy, Tax number IT01283520953), hereinafter referred to as the "Company," as data controller, carries out its data processing activities in accordance with the provisions of Regulation 2016/679 of the European Parliament and of the Council ("GDPR"). The purpose of this Notice is to provide visitors registered on the Company's websites with information about the data processed by the Company in the operation of the website and other activities related to data management. The terms used in this notice have the same meaning as defined in the EU Regulation 2016/679 ("GDPR").

II. Definitions

- "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

- "Processing" means any operation or set of operations that is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

- "Restriction of processing" means the marking of stored personal data for the purpose of restricting their future processing

- 'Profiling' means any form of automated processing of personal data by which personal data are used to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict characteristics associated with the work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person

- 'Pseudonymization' means the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information being required, provided that such further information is stored separately and technical and organizational measures are taken to ensure that no association with identified or identifiable natural persons is possible

- 'Filing system' means a set of personal data, structured in any way, whether centralized, decentralized or structured according to functional or geographical criteria, which is accessible based on specified criteria; 7. 'controller' means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law; 8. 'processor' means the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller

- "Recipient" means a natural or legal person, public authority, agency, or any other body to whom or with which personal data is disclosed, whether or not a third party. Public authorities which may have access to personal data in the framework of an individual inquiry in accordance with Union or Member State law shall not be considered recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing

- 'Third party' means a natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, or the persons who, under the direct authority of the controller or processor, are authorized to process personal data

- 'Consent of the data subject' means a freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she signifies his or her agreement to the processing of personal data relating to him or her by means of a statement or an unambiguous act of affirmation

- 'Personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed

- 'Genetic data' means any personal data relating to the inherited or acquired genetic characteristics of a natural person which contains specific information about the physiology or state of health of that person and which results primarily from the analysis of a biological sample taken from that natural person

- 'Biometric data' means any personal data relating to the physical, physiological, or behavioral characteristics of a natural person obtained by means of specific technical procedures that allow or confirm the unique identification of a natural person, such as facial image or dactyloscopy data

- 'Health data' means personal data relating to the physical or mental health of a natural person, including data relating to the provision of health services to a natural person, which contain information about the health of the natural person

- "activity center": (a) in the case of a controller having establishments in more than one Member State, the place of its central administration within the Union; however, where decisions on the purposes and means of the processing of personal data are taken at another place of activity of the controller within the Union, and the latter place of activity has the competence to implement those decisions, the place of activity which took those decisions shall be considered the center of activity; (b) in the case of a processor having its place of business in more than one Member State, the place of its central administration within the Union or, where the processor does not have a central administration in the Union, the place of business of the processor within the Union where the main processing activities in relation to the activities carried out at the place of business of the processor take place, where the processor is subject to obligations under this Regulation

- 'Representative' means a natural or legal person established or resident in the Union and designated in writing by the controller or processor pursuant to Article 27 to represent the controller or processor in relation to the obligations incumbent on the controller or processor under this Regulation

- 'Undertaking' means any natural or legal person engaged in an economic activity, regardless of the legal form of that person, including partnerships or associations of persons engaged in a regular economic activity

- 'Group of undertakings' means the controlling undertaking and the undertakings controlled by it

- 'Binding Corporate Rules' means the rules on the protection of personal data that a controller or processor established in the territory of a Member State of the Union follows in one or more third countries in respect of the transfer or series of transfers of personal data by a controller or processor within the same group of undertakings or the same group of undertakings engaged in joint economic activities

- 'Supervisory authority' means an independent public authority established by a Member State in accordance with Article 51.

- 'Supervisory authority concerned' means a supervisory authority that is concerned with the processing of personal data for one of the following reasons: a) the controller or processor is established in the territory of the Member State of that supervisory authority; b) the processing significantly affects or is likely to significantly affect data subjects residing in the Member State of the supervisory authority; or c) a complaint has been lodged with that supervisory authority.

- 'Cross-border processing of personal data' means: (a) the processing of personal data within the Union in the context of activities carried out by a controller or processor established in more than one Member State at sites located in more than one Member State; or (b) the processing of personal data within the Union in the context of activities carried out by a controller or processor at a single site in more than one Member State which substantially affects or is likely to substantially affect data subjects in more than one Member State.

- 'Relevant and well-founded objection' means an objection to a draft decision raised with regard to whether this Regulation has been infringed or whether the envisaged measure concerning the controller or processor is in compliance with this Regulation; the objection must clearly demonstrate the significance of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where applicable, to the free flow of personal data within the Union.

- 'International organization' means an organization governed by public international law or its subsidiary bodies or any other body which is established by or under an agreement between two or more countries.

III. Principles concerning the processing of personal data

The Company shall process personal data lawfully and fairly, for a specific purpose, in a data-sparing, accurate, limited, secure, accountable, and transparent manner to the data subject.

Personal Data:

- collected only for specified, explicit, and legitimate purposes

- processed only in a manner compatible with those purposes

- be adequate and relevant

- be limited to the minimum necessary

- be accurate and, where necessary, kept up to date

- be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

- ensure adequate security of the data during their processing, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage

IV. Processing during registration and newsletter sending

The fact of data collection and the purpose of data processing:

1) Concerning registration, the Company offers individual sessions and group training for natural persons. The purpose is to provide direct information on current events and new services and to comply with the Company's data reporting obligations pursuant to the Adult Education Act, Article 20/A (1) (c).

2) In relation to the sending of newsletters. In the absence of registration, the Company will not send advertising messages. Registered users may unsubscribe from receiving the newsletter by oral, electronic, or postal means. Registration for the newsletter requires acceptance of the privacy statement on the website.

Data subjects:

Date, time, surname, first name, email address, telephone number, billing address, and date of birth. Additional data that the Company is required to record for invoicing purposes may include the tax identification number.

Duration of data processing: In the case of personal data processing based on voluntary consent, it is until the voluntary consent is withdrawn.  In the event of an erasure request, personal data not subject to a legal obligation will be erased without delay.

V. Operating a contact form

The fact of data collection and the purpose of data processing: The Company provides on the website the possibility for prospective partners to contact it directly. To use the contact form, it is necessary to accept the data protection statement on the website.

Data subjects: visitors who have given their consent via the Company's contact point.

Data processed: name, telephone number, email address

Legal basis for data processing.

Duration of processing: until the data subject's consent is withdrawn. The data subject may withdraw their consent to the storage of their personal data at any time by contacting the contact details provided in the Data Security and Privacy Policy.

The data subject may revoke his or her consent to the processing of personal data.1.2.1.

VI. Statistics about visitors of the website and the use of Google Analytics

​Definition of a cookie:

A small text file containing information that is stored on your computer when you visit a website. It is used to help websites remember your actions while you are on the site. For example, it stores information about whether you clicked on certain links or pages, logged in with your username, or read certain pages on the site months or even years before.

 

There are different types of cookies, and without them, websites will not work as you expect. Sardmobil.com also uses cookies to ensure the best user experience and only uses the most necessary and useful cookies.

 

What types of cookies are on sardmobil.com?

Cookies may be either persistent or session-based, and we distinguish between first-party and third-party cookies. Below, we explain what these terms mean so that you can better understand the cookies we use and why we use them.

Cookies that are valid at the time of your browsing session:

Browsing session cookies enable you to be recognized when you visit a website, allowing the browser to remember any page changes or selections made from one page to the next. These cookies enable you to navigate quickly and easily through the various pages of a website without needing to identify yourself or repeat processes on each page you visit. Cookies that are valid during a browsing session are temporary and expire as soon as you close your browser or leave the website.

Persistent cookies:

Persistent cookies are cookies that remain "persistent" on your computer for a certain period of time after the browsing session has expired and, therefore, allow you to recall users' preferences or actions during subsequent visits to the website.

Cookies from the website operator:

These are cookies from the website operator of the website you are browsing.

Third-party cookies:

Cookies may also be your own (internal) or third-party (external) cookies. Internal cookies are set by the website you visit, while external cookies are set by someone else. Sardmobil.com only allows the setting of external cookies that have been approved in advance.

Google Analytics files are used to monitor the site and gather information about how it is used. This information is used to generate statistics and further develop the portal. Google Analytics files store data in an anonymous form, such as the number of visitors to the site or the pages they view. Google Analytics sets these files. For more information, please visit http://www.google.com/analytics. To disable tracking by Google Analytics on all pages, please visit http://tools.google.com/dlpage/gaoptout.

To accept cookies:

We only place cookies on your computer, phone, or tablet with your consent. You can give this consent by clicking the "Accept" button on the cookie pop-up. If you do not wish to receive cookies linked to our website on your computer, phone, or tablet, you can refuse the cookie. Even if you initially consent to the use of cookies, you can always choose to disable and delete cookies in your internet browser settings.

Setting and deleting cookies

If you choose to opt out of cookies, you can delete them from your browser's cookie folder. You can set your browser to block cookies anyway or to display a warning message before a cookie is stored. These settings are typically available in your browser's "Settings" or "Preferences" menu. If you have further questions, we recommend you visit the 'All About Cookies' website: http://www.allaboutcookies.org

VII. Other rights of data subjects

- Right of access

The data subject has the right to receive feedback from the controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data collected by the controller.

- Right to rectification

A data subject shall have the right to obtain, upon his or her request, the rectification of inaccurate personal data relating to him or her by the controller without undue delay. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

- Right to erasure

The data subject shall have the right to obtain, upon his or her request, the erasure of personal data concerning him or her without undue delay by the controller, and the controller shall be obliged to erase personal data without undue delay in the circumstances set out in Article 17(1) of Regulation EU 2016/679.

- Right to be forgotten

Where the controller has disclosed personal data and is under an obligation to erase it, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the erasure of the links to or copies or replicas of the personal data in question.

- Right to restriction of processing

The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller where one of the following conditions is met:

- the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the controller to verify the accuracy of the personal data

- the processing is unlawful, and the data subject opposes the erasure of the data and requests instead the restriction of their use

- the data processor no longer needs the personal data for the processing, but the data subject requires them for the establishment, exercise, or defense of legal claims

- the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

- Right to data portability

A data subject shall have the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data if the processing is based on consent in accordance with Article 6(1)(a) of Regulation EU 2016/679 and the processing is carried out by automated means.

- Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data based on Article 6(1)(a) of Regulation EU 2016/679, including profiling based on those provisions. In this case, the controller may no longer process the personal data.

- Automated decision-making in individual cases, including profiling

A data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

The previous paragraph shall not apply where the decision:

- necessary for entering into, or the performance of, a contract between the data subject and the controller

- is permitted by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

- is based on the explicit consent of the data subject.

VIII. Time limits for taking action regarding the processing of the website

The Company shall provide information on the action taken in response to requests concerning the processing within 1 month of receipt of the request. This time limit may be extended by 2 months for legitimate reasons. The Company shall provide information on the extension of the deadline within 1 month of receipt of the request, stating the reasons for the delay. Suppose the Company fails to take action on a request by a data subject. In that case, it shall inform the data subject without delay, but at the latest within 1 month of receipt of the request, of the reasons for the failure to take action and of the means of complaint to the supervisory authority and the courts.

IX. Security of data processing

The controller and the processor shall implement appropriate technical and organizational measures, taking into account the state of the art and the cost of implementation, the nature, scope, context, and purposes of the processing, and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the level of risk, including, where appropriate:

- pseudonymisation and encryption of personal data

- ensuring the continued confidentiality, integrity, availability, and resilience of the systems and services used to process personal data

- in the event of a physical or technical incident, the ability to restore access to and availability of personal data promptly

- a procedure for regularly testing, assessing, and evaluating the effectiveness of the technical and organizational measures taken to ensure the security of data processing.

X. informing the data subject of the data protection incident and notifying the incident to the supervisory authority

The Company shall report the data protection incident to the competent supervisory authority without undue delay and no later than 72 hours after becoming aware of it, unless the data protection incident is not likely to pose a risk to the rights and freedoms of natural persons.

If the personal data breach is likely to result in a high risk to the rights and freedoms of the data subjects, the controller shall inform the data subject of the personal data breach without undue delay.

XI. Remedies

The Company shall delete the personal data if:

- where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed

- the data subject withdraws his or her consent, and there is no other legal basis for the processing

- the data subject objects to the processing, and there is no overriding legitimate ground for the processing.

- the personal data have been unlawfully processed

- the personal data must be erased in order to comply with a legal obligation         

 

Person entitled to erasure, amendment, or restriction of processing of personal data: Giovanni Manca; Email: hello@sardmobil.com

Contact the Data Protection Officer in case of prejudice to the rights of the data subject in the processing of personal data:

- Garante per la protezione dei dati personali (GPDP), Piazza Venezia, 11, 00187, Roma, Email: rpd@gpdp.it, web: garanteprivacy.it.

- The Tribunal of Oristano is competent for the place of establishment of the Company as data controller, or the Tribunal is competent for the place of residence of the data subject, or the Tribunal is competent for the place of stay of the data subject.

bottom of page