Customer information

Who are we and what do we do with your personal data?

The company SINAPTICA S.r.l., with registered office in (50132) - Florence, Piazzale Donatello no. 2, in the person of the Sole Director pro tempore, henceforth the Data Controller, safeguards the confidentiality of your personal data and guarantees the necessary protection against any event that might put them at risk of violation. To this end, the Data Controller implements policies and practices concerning the collection and use of personal data and the exercise of the rights granted to you by the applicable legislation. The Data Controller shall update the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data. An updated list of the persons in charge is available at the company's registered office. 

For any questions on the policies and practices adopted, the Controller provides the address

How does SINAPTICA S.r.l. collect and process your data?

The Data Controller collects and/or receives information regarding you, such as: name, surname, tax code, place and date of birth, physical and telematic address, fixed and/or mobile telephone number and any other personal data necessary for the fulfilment of the relationship between the parties. They are used by the Data Controller for the purpose of managing the supply contract and fulfilling the legal and regulatory obligations to which the Data Controller is bound by virtue of the activity performed. Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary for the correct performance of the service provided or to improve the services that the Controller offers you, and also to meet certain legal obligations or prescribed for the control and supervision of the activity carried out. Any communication that does not meet these purposes will be subject to your consent. Your data (such as name, surname, physical and telematic address, mobile and/or landline telephone number) may also be processed for purposes of commercial promotion, surveys and market research with regard to the products and services that the Controller offers you only if you authorise the processing and/or if you do not object to it. 

The Data Controller does not transfer your personal data abroad. Your personal data will not in any way be disseminated or disclosed to unspecified and unidentifiable persons, not even as third parties. 

Personal information about you will be processed for:

1) the management of the contractual relationship and the consequent fulfilments, including regulatory ones

The processing of your personal data is carried out in order to carry out the activities preliminary and subsequent to your supply contract, for invoicing and payment management (also online), as well as for the fulfilment of any other obligation arising from the contract, such as the registration and archiving of your personal data. 

The obligations to be fulfilled by the Controller in connection with the contract and the specific regulations governing it are, inter alia, those of:

- of bookkeeping;

Your personal data are also processed to prevent fraud, including contractual fraud. Finally, your data (such as your name, surname, tax code, place and date of birth, physical and electronic address, fixed and/or mobile telephone number) will be processed to provide you with assistance on the services covered by the contract.
Your personal data is also collected from third parties such as, for example:

- lists and registers kept by or under the authority of public authorities or similar bodies under specific national and/or international regulations;

The personal data that the Controller processes for this purpose are, among others:

- name, surname, fiscal code, place and date of birth, physical and telematic address, fixed and/or mobile telephone number.

2) for communication to third parties and recipients 

Your personal data is processed in connection with the contract and the obligations, including legal and/or regulatory obligations, arising therefrom. 

Your data will not be disclosed to third parties/ recipients for their own purposes unless:

1. you give permission;

2. is necessary for the fulfilment of the obligations arising from the contract and from the laws governing it (e.g. for the defence of its rights, for reporting to the supervisory authorities, etc.);

3. communication is made to companies in the circuit to which the Data Controller belongs in order to perform the obligations arising from the contract, public bodies, credit institutions, credit recovery companies, legal and sector consultants, auditors, persons with contract administration and consulting functions, data processing and IT services companies (e.g. web hosting, data entry, management and maintenance of IT infrastructures and services, etc.);

4. the communication is made to the financial administration, and to public supervisory and control bodies with which the Data Controller must comply with specific obligations arising from the specific nature of the activity carried out;

5. are not delegated or have no legally recognised right to receive your personal data. This is the case, for example, with family members, cohabitants or legal representatives (curators, guardians, etc.).

3) for trade promotion activities 

Your personal data is processed in order to offer you products and services in addition to those you have purchased, or even improved or more suitable to your needs and, in order to send you advertising newsletters. The processing of your data (such as name, surname, physical and telematic address, fixed and/or mobile telephone number) may take place in order to:

  • e-mail;
  • text message;
  • paper mail.

The treatment in question may be carried out if:

1. gives its consent for the use of the data also with reference to the communication methods, both traditional and automated, with which the processing is carried out;

2. if you did not object to the processing and/or if, if so, you did not specifically and separately object to the sending of communications by traditional means and/or by automatic means.

4) for information security purposes

The Data Controller processes, also by means of its suppliers (third parties and/or recipients), your personal data, including computer data (e.g. logical accesses) or traffic data collected or obtained in the case of services displayed on the website to the extent strictly necessary and proportionate to ensure the security and capacity of a network or servers connected to it to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. 

For these purposes, the Data Controller provides for procedures to manage personal data breaches in compliance with the legal obligations it is required to fulfil.

What happens if you do not provide your data?

If you do not provide us with your personal data, we will not be able to carry out the processing linked to the management of the contract and the services associated with it, nor the fulfilments that depend on them. The Data Controller has intended to carry out certain processing operations in accordance with certain legitimate interests that do not affect your right to confidentiality, such as those that:

  • enable the prevention of computer incidents and the notification to the supervisory authority or the communication to users, if necessary, of the personal data breach;
  • allow communication to third parties/recipients for activities related to those of contract management.

What happens if you do not give your consent to the processing of your personal data for the Controller's own marketing purposes?

Your personal data will not be processed for such purposes; this will not affect the processing of your data for the main purposes, nor will it affect the processing for which you have already given your consent, if requested. In the event that you have given consent and subsequently withdraw it or object to processing for marketing purposes, your data will no longer be processed for marketing activities, without this having any detrimental consequences or effects for you and for the contract you have signed.

How and for how long are your data stored?

The processing of your data is carried out using both electronic and manual means and tools made available to persons acting under the authority of the Data Controller who are authorised and trained for this purpose. The paper and especially electronic archives where your data are stored and stored are protected by effective and adequate security measures to counter the risks of violation considered by the Owner. The Owner provides for the periodic and constant verification of the measures adopted, especially for electronic and telematic instruments, to guarantee the confidentiality of the personal data processed, filed and stored through them, especially if belonging to special categories.

Personal data are stored for the time necessary to carry out the activities related to the management of the contract with the Owner and for the fulfilment of the obligations, including legal obligations, that follow. For data intended for marketing purposes for which you have given your consent, you are always entitled to object to the relevant processing and/or to withdraw your consent. 

The computer files are located within the EU (and EEA) borders and are not intended to be connected or interact with databases located abroad. 

Your data is processed on paper or by computer by specially authorised and trained internal staff. The latter are allowed access to your personal data to the extent and within the limits necessary for the performance of the processing activities that concern you.
The Data Controller periodically checks the instruments by which your data are processed and the security measures provided for them, and provides for their constant updating; checks, also through the persons authorised to process them, that no personal data are collected, processed, filed or stored that do not need to be processed; checks that the data are stored with a guarantee of integrity and authenticity and that they are used for the purposes of the processing actually carried out. 

The data are stored in paper, computer and telematic archives located within the European Economic Area, and appropriate security measures are ensured. 

How long

The personal data processed by the Data Controller are kept for the time necessary to perform the activities related to the management of the contract with the Data Controller and up to ten years after its conclusion (art. 2946 of the Italian Civil Code) or from when the rights that depend on it can be asserted (pursuant to art. 2935 of the Italian Civil Code); as well as for the fulfilment of the obligations (e.g. fiscal and accounting obligations) that remain even after the conclusion of the contract (art. 2220 of the Italian Civil Code), for which purposes the Data Controller must keep only the data necessary for their pursuit. This is without prejudice to cases in which the rights arising from the contract have to be asserted in court, in which case your data, only those necessary for such purposes, will be processed for the time necessary for their pursuit. The personal data processed by the Controller for marketing purposes will be kept for 24 months by the Controller unless you revoke the consent you have given and/or unless you object to the processing. This is without prejudice to your right to object at any time to processing based on legitimate interest for reasons related to your particular situation.

What are your rights?

In essence, you may, at any time and free of charge and without any particular charges or formalities for your request, do so;

  • obtain confirmation of the processing carried out by the Controller;
  • access your personal data and know their origin (when the data are not obtained from you directly), the purposes and aims of the processing, the data of the persons to whom they are communicated, the period of retention of your data or the criteria for determining it;
  • revoke consent at any time if it constitutes the basis for the processing. Withdrawal of consent, however, shall not affect the lawfulness of processing based on consent given before the withdrawal;
  • update or rectify your personal data so that they are always exact and accurate;
  • delete your personal data from the databases and/or archives, including backup archives, of the Data Controller in the event, among others, that they are no longer necessary for the purposes of processing or if this is assumed to be unlawful, and provided that the conditions provided for by law are met; and in any case if the processing is not justified by another equally legitimate reason;
  • limit the processing of your personal data in certain circumstances, for example where you have contested their accuracy, for the period necessary for the Controller to verify their accuracy. You must also be informed, at an appropriate time, when the period of suspension has expired or the reason for the restriction on processing has ceased to exist and the restriction has been lifted;
  • obtain your personal data, if received and/or processed by the Data Controller with your consent and/or if they are processed on the basis of a contract and by automated means, in electronic format also for the purpose of transmitting them to another data controller.

The Controller shall do so without delay and, in any event, no later than one month after receipt of the request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller shall inform you within one month of receipt of your request and shall inform you of the reasons for the extension. 

For any further information and in any case to send your request, please contact the Controller at

How and when can you object to the processing of your personal data?

For reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on legitimate interest or if it is for marketing purposes by sending your request to the Controller at You are entitled to the deletion of your personal data if there is no legitimate reason prevailing over that which gave rise to your request, and in any case if you have objected to the processing for marketing purposes.

Who can you complain to?

Without prejudice to any other administrative or judicial action, you may lodge a complaint with the competent supervisory authority, i.e. the one performing its duties and exercising its powers in Italy where you have your habitual residence or work or if different in the Member State where the breach of Regulation (EU) 2016/679 occurred.

Any updates to this policy will be communicated to you promptly and by appropriate means, and you will also be informed if the Data Controller processes your data for purposes other than those set out in this policy before doing so and in time to give your consent if required.