Privacy Policy
Company name: Sailpost S.p.A.
Registered office: Via del Fischione n. 19 – 56019 Vecchiano (PI) Fraz. di Migliarino P.
VAT number: 01528040502
Registered capital: 2.550.000,00 i.v.
REA (Economic Administrative Index): PI-134466
WEB PRIVACY POLICY www.sailpost.it
In compliance with the obligations arising from Legislative Decree June 30, 2003, n. 196 (Personal Data Protection Code, as amended by Legislative Decree August 10, 2018, n. 101) and European legislation (EU Regulation April 27, 2016, n. 679 GDPR) and subsequent amendments, this site is committed to ensuring the rights of Data Subjects regarding the protection of personal data.
This privacy policy applies exclusively to activities carried out by the website www.linehaul.sailpost.com and applies to visitors/users of the site but does not apply to information collected through other systems.
The purpose of this information is to inform visitors about the methods of data collection and their use by the Data Controller. This web privacy policy is one of the tools that Sailpost uses to keep users updated on the developments/changes in the services provided by the Franchise Network.
LEGAL BASIS FOR DATA PROCESSING
By reading this web privacy policy, visitors and interested parties provide consent for the processing of their personal data for the purposes and in the ways listed below, including any transmission to third parties if essential for the provision of services. Consent for the collection and processing of data is optional, so at any time, visitors can deny/revoke consent by sending a request to privacy@sailpost.it. However, it is important to note that the revocation/denial of consent may result in the inability to provide some of the requested services.
DATA COLLECTION ACTIVITIES
In order to provide a service (or to be able to make an offer and provide it), users may be required to provide certain data, which may vary depending on the nature of the subject.
Private individuals:
- Address, email, and password
- Other data related to the subject of the requested service
- Name and surname, date of birth, gender
- City or municipality of reference, phone number
During the provision of the service, the user may contact our Quality Control office to request information.
DATA OF THIRD PARTIES
In the event that personal data of third parties, such as those of potential beneficiaries of the service and/or communications related to them, are provided, the communicating party must ensure that such individuals have been adequately informed and have consented to the processing.
MINOR USERS’ DATA
In the event that personal data of individuals under the age of 16 is provided to this website, no registration will take place. If such an individual misrepresents their actual age, the Data Controller disclaims any responsibility for such misrepresentation. In cases where the falsehood of such statements is confirmed, the data will be promptly erased.
PROFESSIONALS/COMPANY DATA
- Company name, VAT number, contact person, contact details (email, phone)
- Professional category, home address
REGISTRATION/ACCESS TO THE SITE
Registration on the portal is entirely optional; however, in some cases, the non-registration may result in the inability to use certain online services provided by the site. Registration on the site and the ability to use its services involve a request for the unique identification of the user.
After registration, while navigating certain areas of the site, you will be prompted to log in using your credentials (“Username” and “Password”). The Username is an email address chosen by the user, and the Password is a secret combination of characters (letters and/or numbers) chosen by the user.
For security reasons, these credentials must remain confidential and should not be disclosed to the public. If a user requests data erasure, the login credentials will be permanently erased as well.
Like all web portals, this site also uses log files on which information is automatically recorded during visit sessions. The recorded information may include the following:
- Internet Protocol (IP) address;
- Type of browser and device parameters used to connect to the site;
- Name of the Internet Service Provider (ISP);
- Date and time of the visit;
- Referral and exit web page of the visitor;
- Uniform Resource Identifier (URI) addresses;
- Details of the itinerary within the Application, with particular reference to the sequence of pages consulted, parameters related to the operating system, and the User’s computing environment;
- Possibly, the number of clicks;
- File size obtained in response;
- Numeric code indicating the status of the response from the server (success, error, etc.).
DATA PROCESSING METHODS
The Data Controller undertakes to implement adequate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data.
Processing is carried out using computer and/or telematic tools, with organizational methods and logics that comply with the stated purposes. In addition to the Data Controller, and solely for the purpose of carrying out the activity requested by the Data Subject, other parties involved in the organization (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data, also appointed, if necessary, as Data Processors or Sub-Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.
PURPOSES OF PROCESSING
The Data Controller commits to process the Data provided by the user, either directly or through intermediaries, possibly integrated with data collected from third parties, including data available from the company database, and those obtained through telephone conversations or as a result of browsing web pages or other means for the following purposes:
- To prepare an offer for the subsequent conclusion of a contractual agreement to regulate the provision of a service. The preliminary activity before the contract involves the processing of data collected from the data subject and also from other databases to which the controller may have access for the evaluation of operational feasibility and customer characteristics, for contract quantification, and for compliance with any legal obligations required in the exercise of the commissioned activity, prevention of fraud and terrorist financing.
- To proceed with sending the offer to the interested party through ordinary mail, telephone (including mobile), email, or other distance communication techniques, or within a social network to which the user belongs, to the contact details that have been voluntarily provided in the service request. The same contact details may receive notices of expiration and/or related to the service provided, along with a proposal for the contractual renewal of the service and any additional guarantees.
- • Implementation and management of the same contractual agreement and for any other activity connected exclusively to the performance of the service for which the Organization is authorized under current legal provisions.
- Compliance with any legal obligation related to the contract or the aforementioned offer activity, management of judicial and extrajudicial litigation, as well as, in general, the exercise and defense of the contracting party’s rights, prevention of fraud and terrorist financing, analysis of new markets, internal management and control, adjustment of systems and computer platforms for customer relations, statistical and tariff analysis.
- If the customer chooses to pay for the services through payment systems other than bank transfers or other payment systems, the Data will also include those related to their payment card and the banking details necessary for payment transactions.
- Processing, monitoring, and updating of any requests for information, negotiation, pre-contractual and/or contractual relationship with any of the various Companies with which the Organization collaborates, and the management of activities with operational and commercial intermediaries.
- Promotional/commercial activities for services for which a quote has been requested, addressed to the contact details already provided, via email, telephone, including mobile (SMS).
- Analysis of the perceived quality by the customer regarding products and/or services rendered for the management and execution of the contract, via email, telephone (including mobile), text messaging services such as short messaging system (“SMS”), instant messaging services, or social networks.
- Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
- Processing is necessary for the pursuit of the legitimate interests of the Data Controller or third parties. In this regard, the Organization informs you that it will check and update the data related to the payment card with credit and banking entities designated for this purpose, for the proper management of your case over time.
DURATION OF PROCESSING AND DATA RETENTION
The storage of personal data will occur in paper and/or electronic/information technology form for the time necessary based on the purposes requested by the data subject, in compliance with their privacy, current regulations, and contractual conditions (e.g., invoices, accounting documents, and transaction data are kept for 11 years in accordance with the law, including tax obligations).
Regarding data collected for the activities of preparing the economic offer related to the services requested by the data subject, in the event that they do not become a customer, the collected data, in the absence of consent, excluding information required by regulations, will be retained for only 12 months and 15 days and then erased. However, in the case of formalization of the contractual relationship, the provided data will be kept for the period determined in compliance with:
- The obligation of conservation established by law;
- The duration of the contractual relationship and responsibilities arising from the said relationship;
- The request for erasure by the data subject, in case they submit a request to that effect.
In the event that the data subject expresses the intention to exercise the right to be forgotten through the appropriate request for the erasure of personal data processed by the data controller, the data, following the erasure operations, will be stored, in a protected form with limited access, solely for the purposes of investigation and repression of crimes, within the legal terms or, if not otherwise specified, for a period not exceeding 12 months.
The data collected by the site during its operation is used exclusively for the purposes mentioned above and stored for the time strictly necessary to carry out the specified activities. In any case, the data collected by the site will never be provided to third parties for any reason, unless it is a legitimate request by the judicial authority and only in cases provided by law.
To fulfill the aforementioned purposes, the data controller undertakes to retain data related to telematic traffic for a period not exceeding 6 years from the communication date, pursuant to art. 24 of Law n. 167/2017, which has implemented EU Directive 2017/541 on counter-terrorism, excluding, however, the contents of communications.
In the event that the user does not take any active actions (such as browsing, searches, and/or any other use of the service) on the site www.linehaul.sailpost.com for a period of 27 months, they will be classified as inactive, and their personal data will be automatically removed. Data used for security purposes (blocking attempts to damage the site) is retained for 7 days. For direct marketing and profiling purposes, Sailpost will retain data for a maximum period as stipulated by applicable regulations (respectively 24 and 12 months).
LOCATION OF DATA PROCESSING
The Data is processed at the operational headquarters of the Data Controller and in other locations where the Sailpost Network is organized. For further information, the Data Subject can send a request to the contacts indicated at the end of this policy.
As for non-material processing, Web Hosting services and private Cloud services are supported by the infrastructure of the telecommunications service provider, appointed as the data processor, which ensures full compliance with Data Protection regulations and the use of the best data protection standards.
In any case, the Data Subject has the right to obtain information about the security measures adopted by the Data Controller to protect the Data.
RECIPIENTS OF THE DATA
The Data of the customer or potential customer may:
- Be known within the Organization by individuals authorized to process data by the Data Controller, as well as by other authorized individuals responsible for delivery services. User Data may also be forwarded to external parties outside the organization appointed as processors under art. 28 of Regulation n. 679/2016, the list of which is constantly updated at the Data Controller’s office. Furthermore, the Data may also be communicated to competent Authorities for checks aimed at preventing fraud and terrorism financing.
- Be communicated to any controlled and affiliated Companies, in order to conduct a complete and centralized management of relationships with the data subject.
- To other entities in the industry (the so-called “supply chain”), such as counterparts (including companies or entities entrusted with the management of assistance and judicial protection branches).
- To Supervisory and Control Bodies, as well as to other entities or bodies that are holders of databases for which the communication of data is mandatory.
- Companies providing support for business management activities, including postal services.
- Audit and consultancy firms; legal and tax firms; commercial information companies for financial risk management; fraud prevention and control services companies; debt collection companies.
MISURES OF SECURITY
The website www.linehaul.sailpost.com processes visitor/user data according to the principles of lawfulness, transparency, and fairness, adopting appropriate security measures to prevent unauthorized access and other fraudulent behaviors, such as disclosure, modification, or unauthorized destruction of data.
Processing is carried out using computer and/or telematic tools, with organizational methods and logics strictly related to the specified purposes. In addition to the data controller, in some cases, categories of individuals involved in the organization of the website (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
RIGHTS OF DATA SUBJECTS
In accordance with art.13-20 of EU Regulation n. 679/2016 of April 27, 2016 (GDPR) and d.lgs n. 101 of August 10, 2018, the Data Subject can, within the limits and according to the methods provided by current regulations, exercise the following rights:
- Request confirmation as to whether or not personal data concerning him or her are being processed (right of access);
- Know the origin;
- Receive intelligible communication;
- Obtain information about the logic, methods, and purposes of the processing;
- Request the updating, rectification, integration, erasure, transformation into anonymous form, or blocking of data processed in violation of the law, including those no longer necessary for the purposes for which they were collected;
- In cases where the legal basis for processing is the data subject’s consent, the data subject has the right to obtain the extraction of their data in a format commonly used and readable by electronic devices, only at the cost of any support for this activity;
- The right to lodge a complaint with the Italian Data Protection Authority, whose link is provided here: https://www.garanteprivacy.it;
- The right to lodge a complaint with the Italian Data Protection Authority to exercise all the rights recognized to the data subject by the regulations.
All contact requests for the purpose of exercising one’s rights or receiving information about the processing must be addressed to the Data Controller.
DATA CONTROLLER
The Data Controller is Sailpost S.p.A., the operator of the website www.sailpost.it, represented by its legal representative pro tempore.
CONTACTS
Data Controller: Sailpost S.p.A., Registered Office: Via del Fischione n.19, Migliarino Pisano (PI), VAT ID: 01528040502. Tel: +39 0508008790, website: www.sailpost.it, email: privacy@sailpost.it. Data Protection Officer: Sailpost S.p.A.’s DPO can be contacted at the email address: privacydpo@sailpost.it.