Privacy Policy

Contact Information

Who we are and what we do with your personal data

SIMEDITA srls., with registered office in (50127) Florence (FI), via Panciatichi 40/11, (hereinafter also referred to as the “data controller”), as the data controller, is concerned with the confidentiality of your personal data and with guaranteeing them the necessary protection from any event that might put them at risk of being breached.

To this end, the controller implements policies and practices concerning the collection and use of your personal data and the exercise of your rights under the applicable legislation. The controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.

The Data Controller has appointed a data protection officer (DPO or DPO) who you can contact if you have questions about the policies and practices adopted.

You can contact the DPO at the addresses and contact details below:

How and why does the Controller collect and process your data?

The Controller collects and/or receives information about you, such as:

first name,

last name


subject of your request

Your personal information will be processed for:

your request for Information related to one of the products/services offered by the Controller

Your personal information will be processed to manage your request for contact and information relating to the products/services made and offered by the Controller and to carry out activities preliminary to the establishment of the contractual relationship, as well as for the fulfilment of any other obligation arising from such activity such as the registration and storage of your personal data.

for marketing activities relating to the services of the Controller

The processing of your personal data is carried out in order to offer you services that are additional to those of the service you have subscribed to, or even improved or more suited to your needs, and in order to send you advertising material. Your data may be processed by:


The processing in question may take place if

you give your consent for the use of your data also with reference to the communication methods, both traditional and automated, by which the processing takes place;

if, in the event that the processing is carried out by means of contact with a telephone operator, you are not enrolled in the opposition register referred to in Presidential Decree no. 178/ 2010

if you have not objected to the processing and/or if, in the event, you have not specifically and separately objected to the sending of communications by traditional means and/or by automated means. for communication to third parties and recipients


Legal basis

Communication to third parties such as: – IT support companies

pre-contractual activities

The Data Controller transfers your personal data to the following non-EU countries, with full assurance of the guarantees provided for by European legislation:

USA: existence of standard contractual clause of 5 February 2010 no. 2010/87.

Communication and dissemination concern the categories of data whose transmission and/or disclosure are necessary for the performance of the activities and purposes pursued by the Controller in managing the relationship established. The relevant processing does not require the consent of the data subject in the event that the processing is carried out in compliance with legal obligations or in order to fulfil the obligations arising from the contractual relationship or in the event of any other hypothesis of exclusion (in particular the legitimate interest of the Data Controller), expressly provided for or dependent on the rules and regulations applied by the Data Controller, or even through third parties identified as data processors;

for IT security purposes

The Controller processes, also by means of its suppliers (third parties and/or recipients), your personal data to the extent strictly necessary and proportionate to ensure the security and the ability of a network or the servers connected to it to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.

For these purposes, the data controller provides procedures for handling data breaches.

What happens if you do not provide the data?

If you do not provide your personal data, the Controller will not be able to carry out the processing linked to the management of pre-contractual negotiations or the fulfilments that depend on it.

The Data Controller has intended to carry out certain processing operations in accordance with certain legitimate interests that do not affect your right to confidentiality, such as those that

allow the prevention of computer incidents and the notification to the supervisory authority or the communication to users, if necessary, of the personal data breach;

allow communication to third parties/ recipients for activities related to those of contract management.

What happens if you do not give your consent to the processing of your personal data for marketing purposes (direct marketing, market research and surveys) owned by the Controller?

Your personal data will not be processed for such purposes; this will not affect the processing of your data for the main purposes, nor for the purpose for which you have already given your consent, if required.

How and for how long is your data stored?


Data is processed by means of paper media or computer procedures by specially authorised and trained internal persons. They are granted access to your personal data to the extent and within the limits necessary to carry out the processing activities that concern you. Data belonging to special categories are processed separately from the others also by means of pseudonymisation or aggregation methods that do not make it easy to identify you. The Data Controller periodically checks the instruments with which your data are processed and the security measures envisaged for them, which it requires to be constantly updated; it verifies, also through the persons authorised to process them, that no personal data are collected, processed, filed or stored whose processing is not necessary; it verifies that the data are stored with a guarantee of integrity and authenticity and that they are used for the purposes of the processing actually carried out.

How long

The personal data processed by the Controller are retained for the time necessary to carry out the activities related to the management of the pre-contractual negotiation with the Controller and up to 2 years with the exception of the establishment of the contractual relationship.

Personal data processed by the Data Controller for marketing purposes (direct marketing, market research and surveys) will be kept for 24 months by the Data Controller unless you revoke the consent you have given and/or unless you object to the processing.

This is without prejudice to your right to object at any time to processing based on legitimate interest for reasons related to your particular situation.

What are your rights?

Basically, you may, at any time and free of charge and without any particular burden or formality, request

obtain confirmation of the processing carried out by the Controller;

access your personal data and know their origin (when the data are not obtained directly from you), the purposes and aims of the processing, the data of the persons to whom they are communicated, the storage period of your data or the criteria used to determine it

revoke your consent at any time, if this constitutes the basis of the processing. Withdrawal of consent, however, shall not affect the lawfulness of processing based on the consent given prior to the withdrawal;

update or rectify your personal data so that they remain accurate and precise;

delete your personal data from the databases and/or archives, including backup archives, of the Data Controller in the event, among others, that they are no longer necessary for the purposes of the processing or in the event that the processing is presumed to be unlawful, and always if the conditions required by law are met; and in any case in the event that the processing is not justified by another, equally legitimate reason

limit the processing of your personal data in certain circumstances, for example where you have contested its accuracy, for the period necessary for the controller to verify its accuracy. You must also be informed, within a reasonable time, of the completion of the period of suspension or of the termination of the cause of the restriction of processing, and then of the lifting of the restriction;

obtain your personal data, if received and/or in any case processed by the Controller with your consent and/or if they are processed on the basis of a contract and by automated means, in electronic format also for the purpose of transmitting them to another data controller.

The Data Controller shall do so without delay and, in any event, no later than one month from receipt of your request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller shall, within one month of receipt of your request, inform you and inform you of the reasons for the extension.

For any further information and in any case to send your request, you should contact the Controller at

How and when can you object to the processing of your personal data?

For reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on legitimate interest or if it concerns the processing of personal data whose provision is subject to your consent, by sending your request to the Controller at

You are entitled to the deletion of your personal data if there is no legitimate reason overriding the one that gave rise to your request, and in any case if you object to the processing.

To whom can a complaint be made?

Without prejudice to any other administrative or judicial action, you may lodge a complaint with the competent supervisory authority or with the authority which carries out its duties and exercises its powers in Italy, where you have your habitual residence or work or if different in the Member State where the breach of Regulation (EU) 2016/679 occurred.

Any updates to this notice will be communicated to you promptly and by appropriate means and you will also be notified if the Controller processes your data for purposes other than those set out in this notice before doing so and in time to give your consent if required.