In general, any information and data which you provide to Sardiamo over the Website, or which is otherwise gathered via the Website by Sardiamo, in the context of the use of Sardiamo’s services (“Services”) as better defined in Section 3 below, will be processed by Sardiamo in a lawful, fair and transparent manner. To this end, and as further described below, Sardiamo takes into consideration internationally recognised principles governing the processing of personal data, such as purpose limitation, storage limitation, data minimisation, data quality and confidentiality.
1. Data Controller
2. Personal Data processed
When you use the Website, the Data Controller will collect and process information regarding you (as an individual) which allows you to be identified either by itself, or together with other information which has been collected. The Data Controller may also be able to collect and process information regarding other persons in this same manner, if you choose to provide it to the Data Controller.
This information may be classified as “Personal Data” and can be collected by the Data Controller both when you choose to provide it (e.g., when you subscribe to the newsletter or request other Services provided by the Data Controller over the Website) or simply by analysing your behaviour on the Website.
Personal Data which can be processed by the Data Controller through the Website are as follows:
a. Name, contact details and other Personal Data
In various sections of the Website – including, in particular, if you decide to create an account on the Website – you will be asked to submit information about yourself, such as your name, phone / mobile numbers, e-mail address, date of birth, country of residence and address. Additionally, when subscribing or signing up to receive Services, you might be asked to provide information as to your preferred mode of payment – PayPal, bank transfer or credit card.
In addition, whenever you participate in surveys and other promotions which may be available on the Website, as well as whenever you communicate with the Data Controller through the contact details provided in the Website or with Customer Service, the Data Controller may collect additional information which you choose to provide.
b. Browsing data
The Website’s operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While the Data Controller does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
These data are used to compile statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website. Save for this last purpose, these data are not kept for more than 7 business days.
- Definitions, characteristics, and application of standards
Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is thanks to these cookies that those websites can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.
When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “third-party cookies”).
There are various types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods of time: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.
According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “technical cookies” – i.e. cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and function cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).
On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.
- Types of cookies used by the Website
The Website uses the following types of cookies:
Browsing or session cookies, which are strictly necessary for the Website’s operation, and/or to allow you to use the Website’s content and Services.
Analytics cookies, which allow the Data Controller to understand how users make use of the Website, and to track traffic to and from the Website.
Function cookies, which are used to activate specific Website functions and to configure the Website according to your choices (e.g., language), in order to improve your experience.
Profiling cookies, which are used to observe the preferences you reveal through your use of the Website and to send you advertising messages in line with those preferences.
The Data Controller also uses third-party cookies – i.e. cookies from websites / web servers other than the Website, owned by third parties. These third parties will either act as independent data controllers from the Data Controller regarding their own cookies (using the data they collect for their own purposes and under terms defined by them) or as data processors for the Data Controller (processing personal data on the Data Controller’s behalf). For further information on how these third parties may use your information, please refer to their privacy policies:
- Cookies present on the Website
In detail, the cookies present on the Website are as follows:
- Cookie settings
You can block or delete cookies used on the Website via your browser options. Your cookie preferences will be reset if different browsers are used to access the Website. For more information on how to set the preferences for cookies via your browser, please refer to the following instructions:
You may also set your preferences on third-party cookies by using online platforms such as AdChoice.
CAUTION: If you block or delete technical and/or function cookies used by the Website, the Website may become impossible to browse, certain services or functions of the Website may become unavailable or other malfunctions may occur. In this case, you may have to modify or manually enter some information or preferences every time you visit the Website.
The Data Controller uses Google Analytics on the Website. This is a tool developed by Google and used to collect information, which permits evaluation of the use of the Website, analysis of your behaviour and improvement of your experience with the Website. You can obtain more information about how to opt out of Google Analytics at: https://tools.google.com/dlpage/gaoptout.
3. Purposes of processing
The Data Controller intends to use your Personal Data, collected through the Website, for the following purposes:
To verify your identity and assist you, in case you lose or forget your login / password details for any of the Data Controller’s registration services, to allow you to create and maintain a registered user profile, to send you newsletters you have subscribed to as a service (containing only informative content), to finalise purchase orders and deliver products bought on the Websites and to provide any other Services which you may request (“Service Provision”);
For compliance with laws which impose upon the Data Controller the collection and/or further processing of certain kinds of Personal Data (“Compliance”).
4. Grounds for processing and mandatory / discretionary nature of processing
The Data Controller’s legal basis to process your Personal Data, according to the purposes identified in Section 3, are as follows:
Service Provision: processing for these purposes is necessary to provide the Services and, therefore, is necessary for the performance of a contract with you. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any Services to you.
Compliance: processing for this purpose is necessary for the Data Controller to comply with its legal obligations. When you provide any Personal Data to the Data Controller, the Data Controller must process it in accordance with the laws applicable to it, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations.
5. Recipients of Personal Data
Your Personal Data may be shared with the following list of persons / entities (“Recipients”):
Persons, companies or professional firms providing the Data Controller with advice and consultancy regarding accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services and which act typically as data processors on behalf of the Data Controller;
Entities engaged in order to provide the Services (e.g., hosting providers or e-mail platform providers);
Persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
Persons authorised by the Data Controller to process Personal Data needed to carry out activities strictly related to the provision of the Services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of the Data Controller);
Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities;
6. Transfers of Personal Data
Sardiamo does not transfer Personal Data outside the European Economic Area.
7. Retention of Personal Data
Personal Data will be kept by the Data Controller for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of the Services, the Data Controller may continue to store this Personal Data for a longer period, as may be necessary to protect the Data Controller’s interests related to potential liability related to the provision of the Services.
8. Data subjects’ rights
As a data subject, are entitled to exercise the following rights before the Data Controller, at any time:
Access your Personal Data being processed by the Data Controller (and/or a copy of that Personal Data), as well as information on the processing of your Personal Data;
Correct or update your Personal Data processed by the Data Controller, where it may be inaccurate or incomplete;
Request erasure of your Personal Data being processed by the Data Controller, where you feel that the processing is unnecessary or otherwise unlawful;
Request the restriction of the processing of your Personal Data, where you feel that the Personal Data processed is inaccurate, unnecessary or unlawfully processed, or where you have objected to the processing;
Exercise your right to portability: the right to obtain a copy of your Personal Data provided to the Data Controller, in a structured, commonly used and machine-readable format, as well as the transmission of that Personal Data to another data controller;
Object to the processing of your Personal Data, based on relevant grounds related to your particular situation, which you believe must prevent the Data Controller from processing your Personal Data.
Please note that most of the Personal Data you provide to the Data Controller can be changed at any time, including your e-mail preferences, by accessing, where applicable, your user profile created on the Website.
Aside from the above means, you can always exercise your rights described above by sending a written request to the Data Controller at the following address: firstname.lastname@example.org.
In any case, please note that, as a data subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out through the Website is unlawful.