Privacy Policy

SIFI S.p.A., aware that the right to the protection of personal data is a fundamental right of the individual, protects users who access its website (“Users”), ensuring that the processing of their personal data takes place in full compliance with the safeguards and rights recognized by Regulation (EU) 2016/679 (“GDPR”) and Legislative Decree 101/2018 laying down provisions for the adaptation of national law to the Regulation. This Privacy Policy only describes how the personal data of Users who visit and browse the www.karomy.it website ("Website") is processed and does not cover other websites that may be accessed via links.


 

WHO IS PROCESSING YOUR DATA

SIFI S.p.A. acts as the Data Controller of your personal data ("Data Controller") and, as such, determines the purposes and means of the processing carried out through the Website. The Data Controller has its registered office in Via Ercole Patti n. 36, 95025 Aci Sant’Antonio (CT) and can be contacted, for any questions concerning the processing of your personal data, at the following emails:


 

HOW CAN YOU CONTACT THE DATA PROTECTION OFFICER (DPO)

The Data Protection Officer (DPO) is the subject designated by the Data Controller to perform advisory, training, information, support and control functions regarding the correct application of the GDPR. 
If you wish, you can contact the DPO at the following email: dpo@sifigroup.com.


 

WHAT DATA WE PROCESS

Browsing data 
The computer systems and software procedures used to operate the Website, during their normal operation, acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes, by way of example, the IP addresses or domain names of the computers and terminals used by users, the Uniform Resource Identifier/Locator (URI/URL) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good, error, etc.) and other parameters related to the operating system and the computer environment of the User. The website browsing data are not paired with identified Users, therefore browsing takes place anonymously. However, through processing and pairing with data held by third parties, browsing data could also enable identification of the User. 

Cookies 
The Website collects data through the use of first-party technical and analytical cookies, whose installation does not require the User’s consent. For more information about the cookies on this Website, please refer to the Cookie Policy available below.


 

PURPOSE AND LEGAL BASIS OF THE PROCESSING

Your personal data may only be collected for specific, explicit and legitimate purposes, and subsequently used in a way that is not incompatible with those purposes. 
In particular, the Data Controller shall collect and process your browsing data for the purpose of:

  • allowing you to use the Website;
  • obtaining statistical information on the use of the Website (most visited pages, percentage of visitors by time slot or daily, duration of views …);
  • checking the Website for proper operation.


 

The legal basis for the processing is Article 6, par. 1, point f) of the GDPR, i.e. the “pursuit of the legitimate interest of the Data Controller” consisting in the interest of SIFI to allow Users to browse the Website and use the services offered, within the framework of its freedom to conduct business. For these purposes, you provide your personal data automatically by browsing the Website. If you do not wish to provide such data, you can do so freely, without any negative consequences, by not accessing the Website.


 

HOW WE PROCESS DATA

SIFI, like all the other Companies in the Group, takes appropriate technical and organizational security measures to ensure that the personal data of the User are protected from accidental or intentional manipulation, loss, destruction or access by unauthorized third parties. We verify the effectiveness of the protection measures implemented and subject them to constant improvement in line with technological development. All personal data entered is encrypted during the transfer using a secure encryption process.


 

TO WHOM WE COMMUNICATE THE DATA

In the pursuit of the purposes set out in paragraph 4, the processing of personal data is carried out by electronic means or anyhow by automated means, in any case fit to ensure the security and confidentiality of the personal data and to prevent unauthorized access to the personal data by third parties. Given that your personal data will not be circulated in any way, they may be communicated to:

  • persons, companies or professional firms providing assistance and advice to the Data Controller, duly appointed as Data Processors in accordance with Article 28 GDPR (e.g. technical and IT companies dealing with the management of the Website);
  • subjects, bodies or authorities to which the disclosure of personal data is mandatory by law or by order of the competent authorities.
  • The User can request a complete list of recipients of personal data, including data processors, at the following email: privacy@sifigroup.com.


 

TO WHOM WE TRANSFER THE DATA

Users’ personal data are not transferred to third countries as they are processed within the European Union. 
However, should such a transfer prove necessary, it shall take place:

  • to countries in respect of which there is an adequacy decision adopted by the European Commission pursuant to Article 45 GDPR;
  • to countries other than those referred to in the previous paragraph, on the basis of one of the appropriate safeguards under Article 46 GDPR or one of the mechanisms of exception under Article 49 GDPR.


 

HOW LONG DO WE KEEP THE DATA

The Data Controller shall retain the personal data for no longer than is strictly necessary to achieve the purposes set out in paragraph 4. In particular, the data collected through the Website shall be kept for the time strictly necessary to perform the service requested by the User. At the end of this period, the Data Controller shall irreversibly erase the data – by means of secure methods of destruction or erasure – or keep it anonymously so as to, even indirectly, prevent the identification of the user.


 

PROFILING

Your data shall not be used in any way to obtain information about your preferences or behaviour. Furthermore, you will not be subject to any decision based solely on the automated processing of your personal data.


 

WHAT ARE YOUR RIGHTS

Under Articles 15 to 22 of the GDPR, you have the following rights:

  • Right of access: the right to obtain from the Data Controller confirmation that personal data concerning you are being processed or not, and if so, to obtain access to and a copy of your personal data and to receive information relating to the processing;
  • Right of correction: right to obtain from the Data Controller the correction of inaccurate personal data concerning you without undue delay and the integration of incomplete personal data, also by providing a supplementary statement;
  • Right to erasure: right to obtain from the Data Controller the erasure of personal data concerning you without undue delay if one of the following reasons exists:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • you have withdrawn your consent to the processing of the data, if it is processed on the basis of consent;
    • you have objected to the processing and there is no overriding legitimate reason to proceed with the processing;
    • the personal data have been processed unlawfully;
    • the personal data must be erased to fulfil a legal obligation to which the Data Controller is subject;
    • the personal data were collected in relation to the provision of services of the information company.
  • Right to restrict processing: right to obtain from the Data Controller the restriction of processing when one of the following applies:
    • you dispute the accuracy of the personal data, for as long as the Data Controller needs to verify the accuracy of such personal data;
    • the processing is unlawful and you object to the erasure of the personal data and request that its use be restricted;
    • although the Data Controller no longer needs it for processing purposes, the personal data are necessary for you to establish, exercise or defend a right in court;
    • you objected to the processing pending verification as to whether the legitimate grounds of the Data Controller outweigh those of the data subject.
  • Right to object to processing: right to object to processing carried out for the performance of a task carried out in the public interest or in connection with the exercise of public authority or on the basis of the legitimate interest of the Data Controller or of third parties, as well as the right to object to the processing of personal data concerning you carried out for direct marketing purposes, including profiling to the extent that it is linked to such direct marketing;
  • Right to data portability: right to obtain data portability, i.e. to receive data from the Data Controller, in a structured, commonly used and machine-readable format, and to transmit them to another Data Controller without hindrance, in the cases and within the limits provided for by the GDPR, the Privacy Code and any relevant industry regulations;
  • Right to withdraw consent, at any time, without prejudice to the lawfulness of the processing based on consent before withdrawal, where the processing is based on Article 6, par. 1, point a), or on Article 9, par. 2, point a) of the GDPR;
  • Right to lodge a complaint with a supervisory authority, in particular in the Member State where you normally reside, work or the place where the alleged breach of the GDPR occurred.


 

In addition to the rights mentioned above, the Data Controller shall provide the data subject with the following information:

  • whether the provision of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and whether the data subject has an obligation to provide the personal data and the possible consequences of not providing such data;
  • the source from which the personal data originated, if the personal data were not obtained from the data subject;
  • the existence of an automated decision-making process, including profiling, under Article 22, par. 1 and 4, GDPR and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such processing for the data subject.


 

Requests regarding the exercise of your rights can be sent to the certified email sifispa@pec.sifigroup.com or to the email privacy@sifigroup.com. We will provide you with feedback as soon as possible and in any case no later than 30 days after your request.


 

HOW TO LODGE A COMPLAINT

You can lodge a complaint about the methods of processing your data by the Data Controller – or about the management of a proposed complaint – by submitting a request directly to the Personal Data Protection Authority in the manner indicated at the following link Complaint form - Italian Data Protection Authority.



 

COOKIE POLICY


 

DATA CONTROLLER AND DATA PROTECTION OFFICER

SIFI S.p.A., with registered office at Aci Sant’Antonio (CT), Via Ercole Patti n.36, Tax Code No. 00122890874 (“SIFI”) is the Data Controller of your personal data and can be contacted at the certified email sifispa@pec.sifigroup.com or at the email privacy@sifigroup.com. In addition to the information provided in the Privacy Notice, SIFI wishes to inform you about the operation of cookies and other tracking technologies available on the website www.sifigroup.com ("Website"). The Data Protection Officer (DPO) is Avv. Silvia Stefanelli that can be contacted at the email dpo@sifigroup.com.


 

LEGAL REFERENCES

The use of cookies by SIFI takes place in full compliance with Regulation (EU) 679/2016 (“GDPR”), Italian Legislative Decree No. 196/2003 as amended (“Privacy Code”), the cookie guidelines and other tracking tools issued by the Personal Data Protection Authority on 10 June 2021 and the applicable Italian and European legislation. For any further information on the processing of personal data of users while browsing the website (e.g. purposes, retention times, recipients, etc.), please consult the Privacy Policy available above.


 

WHAT COOKIES ARE

Cookies are small text files that the websites visited by users send to their terminals, where they are stored and then transmitted back to the same websites when next visited. Each cookie contains different types of data such as, but not limited to, the name of the server from which the connection to the website originates, an identification number, or information about the operating system used. Cookies are used for several purposes: while some are strictly necessary for browsing the Website (such as those that allow seamless browsing between web pages), others serve different purposes and therefore require the user’s consent to be installed (such as those used to create user profiles and display personalized advertising).


 

EXISTING COOKIE TYPES

Depending on their origin, cookies can be:

  • first-party: they are installed by the website owner. Responsibility for and management of these cookies is taken on directly by the Data Controller;
  • third-party: they are installed on a domain other than the one of the website you are visiting by people outside the website. The responsibility for and management of these cookies lies with their owners and operators, who must provide appropriate opt-out mechanisms in their privacy notices.


 

Depending on their purposes, cookies can be:

  • Technical: their installation does not require any consent as these cookies are necessary for providing the service requested by the user. These cookies are, in their turn, divided into:
    • browsing or session cookies: they are used for browsing or to provide a service requested by the user and are not used for any other purpose;
    • functionality cookies: they are useful to facilitate the effective use of the website by the user by personalizing the browsing experience. They are used, for example, to keep track of the chosen language;
  • Analytical: they are used to collect information about user behaviour, such as the number of visits made, the most visited pages and the channels where visitors come from. They therefore allow this information to be collected anonymously and in aggregate form. The use of analytical cookies that may be installed and managed directly by SIFI merely for statistical purposes does not require the user’s consent as they are assimilated to technical cookies. Similarly, where analytical cookies are installed by third parties, the user’s consent will not be required where the cookie is used only on the website, the third parties reduce the identifying power of the analytical cookies (e.g. by masking significant portions of the user’s IP address), do not cross-reference the data contained in the cookies with other information available to them and do not pass it on to third parties; in other words, the user’s consent will not be required every time appropriate measures have been taken to prevent the direct identification of data subjects by the use of third-party analytical cookies. Consequently, the user’s consent will be required for analytical cookies installed by third parties if it is possible, through their use, to directly identify the data subject;
  • Profiling: they are used to track the user’s browsing of the website and create profiles on their preferences, habits and choices. Through the information contained in these cookies, for example, advertising messages may be transmitted to the user’s device in line with the preferences that the user has already expressed during his or her online browsing.


 

The installation of these cookies requires consent from the data subjects.


 

COOKIES INSTALLED ON OUR WEBSITE AND RETENTION TIMES

On this website there are the following types of cookies:

  • Technical cookies
    This website uses first-party technical cookies to save the user’s session and to carry out other activities strictly necessary for the operation of the website. For these cookies to be issued, current legislation does not require the user's prior consent. Their installation is lawful on the basis of the Data Controller’s legitimate interest, which is to carry on their business activity, also through the smooth use of their website by users.
    • Force-stream 
      Operation: Used to properly route server requests within the Salesforce infrastructure for sticky sessions. 
      Type (first party or third party): First party 
      Duration: A few seconds
    • OptanonAlertBoxClosed 
      Operation: This cookie is set by Websites using certain versions of OneTrust's cookie law compliance solution. It is set after visitors have seen a cookie information alert and in some cases only when they actively close the alert. It allows the Website to not show the message more than once to a user. The cookie has a duration of one year and does not contain any personal information. 
      Type (first party or third party): First party 
      Duration: 364 days
    • Pctrk 
      Operation: This is used to count page views by unauthenticated users based on licence usage. 
      Type (first party or third party): First party 
      Duration: 364 days
    • OptanonConsent 
      Operation: This cookie is set by OneTrust's cookie compliance solution. It stores information about the categories of cookies used by the website and whether visitors have given or withdrawn consent to the use of each category. This allows website owners to prevent cookies in each category from being set in users' browsers when consent is not given. The cookie has a normal duration of one year, so that visitors returning to the website are reminded of their preferences. It does not contain any information that identifies the visitor to the website. 
      Type (first party or third party): First party 
      Duration: 364 days
    • sfdc-stream 
      Operation: Common Salesforce cookie 
      Type (first party or third party): 
      Duration: A few seconds
  • Analytical cookies 
    This website uses first-party analytical cookies to collect macro-data about user behaviour, such as the percentage of users who have viewed a given page and the time they have viewed it. These cookies are installed and managed directly by SIFI for statistical purposes only, i.e. they collect information in an anonymous and aggregated form, and for this reason do not require the user's consent, as they are assimilated to technical cookies.


 

HOW TO CONTROL THE INSTALLATION OF COOKIES

Users can check which cookies are installed and manage their cookie preferences directly within their browser, preventing them from being installed by third parties. The browser preferences also allow deleting cookies that have been installed in the past, including cookies that may have saved consent to the installation of cookies by this website. Disabling all Cookies may affect the operation of this website. In the case of services provided by third parties, the User may exercise their right to object to tracking as set out in the third party's policies.


 

  • Browser settings 
    Most browsers allow you to accept, manage and disable cookies through your settings. Through the browser it will also be possible to disable technical cookies: this may however cause malfunctions of the website or affect the correct use of the website. Settings for managing cookie preferences are usually accessible from the browser menu under “options” or “preferences”. For more information on how to set them, you can view the following links:


 

By clicking on the specific icon located at the bottom left of the Home Page of the website, the user can view the status of the consents given and change or update them. 

To check which cookies are installed on your device, and if necessary change your choices, you can change the privacy settings in the control panel of your browser and/or visit the following website https://cookiepedia.co.uk/. Disabling cookies other than technical cookies is possible and will not in any way affect your ability to use the Website.