Privacy Policy

IN ACCORDANCE WITH REGULATION (EU) 2016/679 (“GDPR”) ARTICLES 13 AND 14 AND SUBSEQUENT NATIONAL ADAPTATION RULES

This document (“Information Notice”) intends to provide you with information regarding the processing of information, as specified below, that will be provided by you or otherwise available at our facility and that will be processed by it and/or by other entities identified for the purposes indicated below. The Information Notice, in particular, is provided pursuant to EU Regulation no. 679/2016 (“GDPR”) and subsequent national adaptation rules (together with the GDPR hereinafter referred to as “Applicable Regulations”). Specific information notices may be presented on the Website pages in relation to particular services or processing of data provided by the data subject and specific consents collected (where necessary).

The data controller, pursuant to Articles 4 and 24 of EU Reg. 2016/679, is: Sandhills Italy Srl – Via Ceresio, 7 – 20154 – Milan (MI) – Italy, VAT number: IT09998020961, Tel.: (0861)-818117, email: [email protected], in the person of the pro-tempore legal representative (hereinafter “Data Controller”).

The Personal Data collected will be processed for the purposes and on the legal bases as set forth below:

Nei limiti delle finalità e delle modalità descritte nella presente Informativa, potranno essere trattate informazioni che possono essere considerate come “Dati personali”, nei quali rientrano le Sue generalità, i Suoi recapiti (quali, per esempio, numero di cellulare, indirizzo e-mail, indirizzo IP, cookie, etc.).
Dettagli completi su ciascuna tipologia di dati raccolti sono forniti nelle sezioni dedicate di questa privacy policy o mediante specifici testi informativi visualizzati prima della raccolta dei dati stessi. L’eventuale utilizzo di Cookie (o di altri strumenti di tracciamento) da parte di questo sito web o dei titolari dei servizi terzi utilizzati da questo sito web, ove non diversamente precisato, ha la finalità di fornire il servizio richiesto dall’Utente, oltre alle ulteriori finalità descritte nel presente documento e nella Cookie Policy.

The computer systems and software procedures responsible for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. These are information that are not collected to be associated with identified individuals, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the date and time of the request, the method used in submitting the request, the size of the response file, the numerical code indicating the status of the response given by the server, and other parameters relating to the user’s operating system and computer environment. This data is used solely for the purpose of deriving anonymous statistical information about the use of the site and to check its correct functioning, and is deleted immediately after processing. The data may be used, exclusively by the Judicial Authority, for the investigation of responsibilities in the event of hypothetical computer crimes against the site.

The optional, explicit, and voluntary sending of emails to the addresses indicated on this website, or the completion of forms, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data voluntarily entered by the User. The User takes responsibility for the Personal Data of third parties obtained, published, or shared through this website and guarantees to have the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.

It is possible that so-called social plug-ins are used during navigation on the site. Social plug-ins are special tools that allow the incorporation of social network features directly within the Site (e.g., the “like” function of Facebook). All social plug-ins on the Site are marked with the respective logo of the social network platform.

When visiting a page on the Site and interacting with the plug-in (e.g., clicking the “like” button) or deciding to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform (in this case Facebook) and stored by it. For information about the purposes, type, and methods of collection, processing, use, and retention of personal data by the social network platform, as well as the methods to exercise your rights, please refer to the privacy policy of the respective social network.

Personal data will not be disclosed, meaning it will not be made known to undetermined subjects. However, it may be communicated to well-defined subjects, in full compliance with legal requirements, for purposes strictly related to those previously indicated. Any access to your personal data is limited to subjects authorized by the Data Controller. Communication to the identified recipients, only if involved and functional, is linked to the achievement of the purposes outlined in the previous point 3, therefore the personal data collected and processed may be:

Used anonymously for statistical purposes;
Made available to the collaborators of the Data Controller, as Data Processors or persons authorized to process personal data;
Communicated to third parties, individuals or legal entities, Public administrations, professionals, law enforcement agencies, governmental entities, regulatory bodies, courts, or other public authorities authorized by law;
Entities providing services for the management of the information system and communication networks including email, newsletters, and website management;
Studies or Companies within the scope of assistance and consultancy relationships;
If necessary, transferred to another Data Controller as provided for by the GDPR, also regarding the right to data portability.

Information may also be communicated whenever such communication may be necessary to comply with requests from the Judicial Authority or Public Security. The data collected will not be disclosed under any circumstances.

The list of Data Processors is available at the Data Controller’s headquarters.

Data will not be transferred outside the European Union.

Below is a table containing indications of data retention periods (or criteria for determination) of Personal Data:

In addition, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

The processing of Personal Data will be carried out using manual, computerized, or telematic tools, suitable to ensure its security and confidentiality, and will be performed by personnel duly trained to comply with the Applicable Law. There is no automated decision-making process.

In addition to the Data Controller, in some cases, other subjects involved in the organization of this website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also if necessary, appointed as Data Processors by the Data Controller.

In addition to cases where it is necessary to contact you for purposes related to managing your position, if you consent to the processing of your data for the purposes described in point 3, letter b), you may be contacted via email, newsletter, SMS, instant messaging systems, or through any equivalent electronic means, or by postal mail or call via operator to all the contact details provided. If you prefer to be contacted only at one or some of these addresses, you can make a written request to the Data Controller without formality.

The User’s Personal Data may be used by the Owner in court or in the preparatory stages leading to possible legal action arising from improper use of this website or related services by the User. The User declares to be aware that the Owner may be required to disclose the Data upon request of public authorities.

Upon the user’s request, in addition to the information provided in this privacy policy, this website may provide the user with additional and contextual information regarding specific services, or the collection and processing of Personal Data.

For operational and maintenance purposes, this website and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the user’s IP address.

Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

This website does not support “Do Not Track” requests. To determine if any third-party services used support them, the User is invited to consult their respective privacy policies.

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, by sending a notification to Users through one of the contact details held by the Data Controller. Therefore, please regularly consult this page, referring to the date of the last modification indicated at the bottom. If the changes concern processing for which the legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.

We inform you that you may exercise the rights recognized by the Applicable Regulations, including, for example, the right:
to access your Personal Data and know their origin, purposes and purposes of processing, data of the subjects to whom they are communicated, the period of data retention or the criteria useful for determining it (art.15);
to request their rectification (art.16);
deletion (“forgetting”), if they are no longer necessary, incomplete, incorrect or collected in violation of the law (art.17);
to request that the processing be limited to part of the information concerning you (art.18);
to the extent that it is technically possible, to receive in a structured format or to transmit to you or to third parties indicated by you the information concerning you (so-called “portability”) or those that have been voluntarily provided by you (art.20);
to object to their processing based on legitimate interest (art. 21);
as well as to revoke your consent at any time, if this constitutes the basis of the processing (the revocation of consent does not affect the lawfulness of the processing based on the consent given before the revocation itself).

The aforementioned rights can be exercised by written request addressed informally to the Data Controller at the contacts indicated at point 1.

The Data Controller shall proceed in this regard without delay and, in any case, no later than one month from receipt of the request. The deadline may be extended by two months, if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller shall inform you within one month from receipt of your request and shall inform you of the reasons for the extension.

We remind you that, if the response to your requests is not satisfactory, you may contact and lodge a complaint with the Garante per la Protezione dei Dati Personali (https://www.garanteprivacy.it) in the manner provided for by the Applicable Regulations.