alexa and smart skills logo

PRIVACY POLICY

Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)

SMART SKILLS S.R.L. (hereinafter, the “Company” or the “Controller”) is committed to safeguarding your personal data and privacy in accordance with the principles of lawfulness, fairness, transparency, and the protection of your rights.

1. Data Controller

The Data Controller is SMART SKILLS S.R.L., in the person of its legal representative pro tempore, with registered office at VIA RENACCIO 33 – 48018 – FAENZA (RA), listed in the Business Register (REA) no. 227394.

An updated list of any Data Processors (external entities processing data on behalf of the Controller) is available upon request by contacting the above addresses.

2. Categories of Personal Data Processed

The Company may collect and process various types of personal data, including but not limited to:

  1. Identification and Contact Data (e.g., first name, last name, company name, tax code, VAT number, address, phone number, email, etc.).
  2. Connection and Browsing Data (e.g., IP addresses, system logs, information collected through technical or third-party cookies).
  3. Data Necessary for Specific Services (e.g., data required for purchasing products/services, creating an account, or subscribing to a newsletter).

Users provide such data on a voluntary basis (e.g., by filling out online forms, sending emails, or calling us). However, failing to provide certain information may prevent the proper delivery of the requested services.

3. Purposes and Legal Basis for Processing

The User’s personal data are processed by the Controller solely for the following purposes and on the legal bases indicated below:

  1. Managing Requests and Providing Services

    • Purpose: to create and manage accounts, respond to contact requests, provide support and information, and enable the purchase or use of products/services.
    • Legal Basis: performance of a contract or pre-contractual measures taken at the User’s request (Article 6(1)(b) GDPR).

  2. Compliance with Legal Obligations

    • Purpose: to fulfill legal and/or fiscal obligations, manage invoicing, and comply with relevant laws and regulations.
    • Legal Basis: compliance with a legal obligation to which the Controller is subject (Article 6(1)(c) GDPR).

  3. Legitimate Interest

    • Purpose: to prevent fraud, assert or defend a legal right in court or before administrative authorities, ensure network and information security, and improve our services.
    • Legal Basis: pursuit of the legitimate interests of the Controller, provided that such interests are not overridden by the fundamental rights and freedoms of the data subject (Article 6(1)(f) GDPR).

  4. Marketing and Promotional Communications/Newsletters

    • Purpose: to send information and promotional communications regarding the Company’s products and services (including newsletters), which may be similar to those already purchased, or to request feedback on service satisfaction.
    • Legal Basis: the data subject’s explicit consent (Article 6(1)(a) GDPR) or, in some cases, the Controller’s legitimate interest (soft spam) if the communications relate to similar products/services.
    • The User may withdraw consent or object to such communications at any time.

4. Methods of Processing and Security Measures

Personal data is processed using both paper-based and digital tools. The Company implements appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of data. Access to data is restricted to authorized personnel who have received specific training on data protection.

5. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected and/or further processed, in compliance with legal retention requirements (e.g., civil and tax obligations) or until consent is withdrawn for processing that relies on it. In particular:

  • Contact and Account Data: retained as long as the account is active or as necessary to achieve the purposes of collection.
  • Marketing Purposes: retained until the data subject withdraws consent or within the limits set by law.
  • Fiscal/Administrative Data: retained for the period required by law (10 years, unless otherwise extended due to legal disputes).

6. Data Communication and Disclosure

  1. Communication to Third Parties
    Personal data may be disclosed to third parties appointed as Data Processors, under Article 28 GDPR, who carry out activities on behalf of the Controller (e.g., hosting services, IT support, customer service, newsletter management, payment services, consultants).
    Data may also be communicated to independent Controllers (e.g., judicial authorities, regulatory bodies) for compliance with legal obligations.

  2. Disclosure
    The data will not be disclosed or made accessible to undetermined recipients under any circumstances.

7. Transfer of Data Outside the EU

The Controller does not regularly transfer personal data to countries outside the European Economic Area (EEA). Should such transfers become necessary, the Controller will take all measures required under the GDPR (e.g., adequacy decisions, standard contractual clauses) to protect your data.

8. Cookie Policy

The Company’s website may use technical cookies and, with your consent, profiling or third-party cookies. For more information on the types of cookies, how they are used, and how to manage your preferences, please refer to the [Cookie Policy] (to be included in a dedicated section of your website).

9. Data Subject Rights

Pursuant to Articles 15–21 of the GDPR, you have the right to:

  1. Access: obtain confirmation whether or not personal data concerning you is being processed, and receive a copy of such data (Article 15 GDPR).
  2. Rectification: request the correction of inaccurate data or the completion of incomplete data (Article 16 GDPR).
  3. Erasure (“Right to be Forgotten”): request the deletion of personal data under certain conditions (Article 17 GDPR).
  4. Restriction of Processing: restrict the processing of personal data if the conditions are met (Article 18 GDPR).
  5. Data Portability: receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller (Article 20 GDPR).
  6. Objection: object at any time to processing based on legitimate interests or for direct marketing purposes (Article 21 GDPR).

10. How to Exercise Your Rights

To exercise your rights or withdraw previously granted consent, you may contact the Controller at any time using the following:

  • Registered Mail (with return receipt): SMART SKILLS S.R.L., VIA RENACCIO 33 – 48018 – FAENZA (RA), Italy
  • PEC: smartskills@spidmail.it
  • Phone: +39 02 8089 7375

You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

Last Updated: 24/01/2025

© 2025 Smart Skills S.R.L - All rights reserved