PRIVACY POLICY

PURSUANT TO ARTICLES 13 AND 14 OF EU REGULATION 2016/679 (GDPR) AND ARTICLES 13 – 14 OF SAN MARINO LAW 171/2018

***

PRIVACY POLICY

1. Data controller

The Data Controller for the data collected through this site is TITEK SRL (COE SM23928), with registered office in San Marino, Strada Friginetto, 8 (RSM), hereinafter also referred to as the "Controller." An updated list of data processors and external data processors is available at the Data Controller's headquarters.

 

2. Purpose and legal basis of the processing

 

WEBSITE

PURPOSE	LEGAL BASIS
Data and information are collected exclusively in aggregate and anonymous form to verify the proper functioning of the site. None of this information is related to the individual user of the site, and does not allow for their identification in any way.	Legitimate interest of the Data Controller (statistics and site operation), no consent required.
Data and information may be collected to protect the security of the site (spam filters, firewalls, virus detection) and its Users, and to prevent or detect fraud or abuse of the website. The data is recorded automatically and may also include personal data (IP address), which may be used, in accordance with applicable laws, to block attempts to damage the site or other users, or otherwise engage in harmful or criminal activities. This data is never used to identify or profile Users and is deleted periodically.	Legitimate interest of the Data Controller (site security), no consent required.
Data collection for the purpose of analyzing and processing information relating to the user, their preferences, habits, consumer choices, and/or browsing experiences. This activity is also carried out using technologies such as cookies (first-party or third-party). Data collection through the use of cookies occurs with express consent via a dedicated banner, or through use or consultation of the site, as a conclusive behavior.	Consent of the interested party

SERVICE PROVISION (QUOTE REQUEST)

PURPOSE	LEGAL BASIS
Data collection (e.g., name, surname, email, etc.) in contact forms for service provision or communicated by the interested party through spontaneous emails to company contacts.	- Implementation of contractual and pre-contractual measures for purposes related to the user's request

COMMUNICATIONS AND NEWSLETTERS

PURPOSE	LEGAL BASIS
Sending newsletters and commercial/informative material to our customers.	Legitimate interest of the owner , no consent required (direct marketing)

3. Consent and consequences of refusal

For data collected by the website : consent is provided via a dedicated banner or, if this banner is ignored, through use or browsing the site, which constitutes unequivocal consent. By using or browsing the site, visitors and users approve this privacy policy and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary to provide a service. Providing data and therefore consenting to data collection and processing is optional. Users may refuse consent and may revoke consent already given at any time (via the banner at the bottom of the page or their browser's cookie settings). However, refusing consent may make it impossible to provide certain services and may compromise the browsing experience on the site.

Service provision (Quote request) : The legal basis for data collection to provide the services requested by completing the appropriate forms is the execution of a pre-contractual and/or contractual relationship with the Data Controller, for purposes related to the interested party's request. Therefore, consent is not required. Without this data, it will not be possible to provide the requested service.

Communications and newsletters : The legal basis for receiving communications and newsletters from existing customers of the Data Controller is legitimate interest ( direct marketing or soft spam ), with the data subject's right to opt out . Please note that consent can always be revoked. To exercise this right, the data subject may send an email to titek@titek.eu to indicate that they no longer wish to receive such communications.

4. Methods of processing personal data

Your data is processed using tools and procedures designed to ensure its security and confidentiality, and may be carried out both through our website and through other electronic means, and sometimes even with the aid of paper media. In addition to the Data Controller, in some cases, other parties involved in the organization of this website (administrative, sales, system administrators, etc.) or external parties (such as third-party technical service providers, hosting providers, IT companies, communications agencies) appointed, where required by law, as Data Processors by the Data Controller may have access to the Data. An updated list of Data Processors may be requested from the Data Controller at any time.

 

5. Data retention period

Data collected by the site : The data collected by the site during its operation is retained for the time strictly necessary to carry out the specified activities. Upon expiration, the data will be deleted or anonymized, unless there are other purposes for its retention. The Data Controller has no control over cookies managed entirely by third parties and does not have access to the information collected through such cookies. For further details on the retention of data collected through cookies, please refer to the cookie policy.

 

Data entered in contact forms and/or service requests: may be retained based on business needs, including until the interested party revokes consent and/or requests deletion.

 

6. Transfer of data to foreign or non-EU countries

We strive to avoid transferring your data to non-EU countries or foreign countries. Where necessary, the Data Controller hereby ensures that data transfer to foreign countries will be carried out in compliance with the provisions of Article 46 of Law 171/2018 and Articles 44 et seq. of EU Regulation No. 679/2016.

We inform you that we do not transfer data outside the European Union. However, it is understood that the Data Controller, if necessary, will have the right to transfer data to countries outside the EU. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in compliance with applicable legal provisions, stipulating, where necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission and/or binding corporate rules.

 

7. Access and communication of data

Your data may be made accessible to the Data Controller's employees and collaborators in their capacity as data processors and/or system administrators; to third-party companies or other entities (for example, professional firms, consultants, software houses that provide management software, credit institutions, insurance companies, etc.) that perform outsourced activities on behalf of the Data Controller, in their capacity as external data processors.

The Data Controller may disclose your data to public administrations, supervisory bodies, and/or judicial authorities, as well as to all other entities to whom disclosure is mandatory or required by law. Your data will not be disclosed.

8. Treatment methods

Your personal data is processed using the operations indicated in art. 4, no. 2) of EU Regulation 679/2016 and art. 2, letter b) of Law 171/2018, namely: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure, and destruction of data. Your personal data is processed both on paper and electronically. Processing is carried out by data processors and collaborators within the scope of their respective roles and in accordance with the instructions received, always and solely for the achievement of the specific purposes, scrupulously adhering to the principles of confidentiality and security required by applicable regulations.

9. Rights of the interested party

Pursuant to Articles 15-22 of Law 171/2018 and 15-22 of EU Regulation No. 679/2016, the Data Subject is granted the right to exercise specific rights. Specifically, the Data Subject has the right to: a) obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to that data; b) obtain the rectification of inaccurate personal data and the completion of incomplete personal data; c) obtain the erasure of personal data concerning him or her, where permitted by the Regulation; d) request restriction of processing, in the cases provided for by the Regulation; e) obtain communication, to recipients to whom the personal data have been disclosed, of requests for rectification/erasure of personal data and restriction of processing received from the Data Subject, unless this proves impossible or involves a disproportionate effort; f) receive, in a structured, commonly used and machine-readable format, the personal data provided to the Data Controller, as well as the transmission of such data to another data controller, at any time, even upon termination of any relationship with the Data Controller; g) object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her pursuant to Article 6, paragraph 1, letters e) or f), including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such direct marketing; h) not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her; i) lodge a complaint with a supervisory authority pursuant to Art. 77 of EU Regulation no. 679/2016 and art. 66 of Law 171/2018.

Requests referred to in the previous points must be sent by email to the data controller's address: titek@titek.eu

10. Protection of minors' privacy

This website is intended for a general audience, but its services are intended for individuals aged 18 and over. The Company does not knowingly solicit, collect, use, or disclose personal data provided by individuals under the age of 18 online. If the Company learns that it has personally collected data from a minor, it will delete that data.

11. Updates

This privacy policy is updated as of January 26, 2021.