Isap Packaging S.p.A. (hereinafter referred to as Isap) is the data controller and processes the personal data of its customers, suppliers, partners, web users, candidates, visitors, and staff (hereinafter referred to as “data subjects” or “users“) in compliance with their rights, in a lawful, transparent, and fair manner, in accordance with the provisions of Regulation 2016/679/EU (“GDPR”).

1. Legal Basis (Art. 6 GDPR), Purpose, and Nature of Processing
(why we process your data)

The data subject is informed that Isap will process their personal data, depending on the type, for the following purposes:

  1. Conclusion and execution of the contract (inclusion in the databases of company information systems, order management, etc.) and pre-contractual obligations instrumental to the above;
  2. Compliance with legal obligations – administrative, accounting, and fiscal (such as tax declarations, social security obligations, etc.) – or provided for by internal regulations or European/international legislation (e.g., verification of requirements of integrity, professionalism, etc.);
    Legal Basis: the provision of data for the purposes set out in points (1) and (2) is a requirement to conclude the contract and a legal obligation, and any refusal to provide them may result in the impossibility for the data controller to carry out the activities required for the conclusion and execution of the contract, as well as a violation of legal provisions imposing an obligation on the data controller.
  3. Secretarial management activities (receipt and exchange of communications and correspondence via e-mail, telephone, etc.);
  4. Interaction and/or navigation on the website (e.g., to respond to user inquiries and/or send communications);
    Legal Basis: user consent, optional. However, failure to provide consent may result in the user being unable to receive communications addressed to them (3) or to receive a response to inquiries through the contact channels provided by the website, as well as the inability for Isap to provide any web services (4).
  5. Marketing purposes (sending commercial information about services offered by Isap and available updates (new products, new manufacturers, new delivery areas, etc.);
    Legal Basis: user consent, optional. Failure to provide consent may result in the inability to receive commercial information, without prejudicing in any way the processing referred to in the preceding points. Expressly given consent for the sending of commercial and promotional communications implies the receipt of such communications not only through automated contact methods but also through traditional methods, such as postal mail or operator calls.

2. Types of Data Processed

To provide the possible sales service or to interact with the customer, Isap will need to acquire some of their data, including – not necessarily cumulatively, as only certain data may be necessary – identification and contact data (e.g., e-mail, tax code, telephone number, name and surname, place and date of birth, etc.), payment data (e.g., IBAN, billing data), as well as any other data that is absolutely essential for the provision of the service, in compliance with the principle of necessity and proportionality.

The computer systems and software procedures used for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols, the so-called navigation data (e.g., IP address). These are pieces of information that are not collected to be associated with identified data subjects, but which, by their very nature, could, through processing and association with data held by third parties, allow users to be identified.

Data Voluntarily Submitted by the User

If the user sends spontaneous communications to Isap, the relevant address is acquired, as well as any data contained in the communication.

3. Time and Methods of Processing

The data will be processed for the shortest time possible for each purpose, consistently with the principle of privacy by default. Below, the specification of retention times:

  • ten (10) years from the termination of the contractual relationship for data provided by suppliers, partners, or clients, relevant for fiscal and accounting purposes, unless they need to be retained for a longer period to enforce a right in court;

Processing is carried out through collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. All data will be processed fairly and transparently, using electronic and paper tools; they will be entered into appropriate computer archives – or any other suitable medium – and kept under constant control with operational procedures and measures suitable to ensure their security and confidentiality, in order to prevent their loss, unlawful or incorrect use, and unauthorized access.

4. Web Users’ Navigation Data

The computer systems and software procedures used to operate the website acquire certain personal data (IP address, browser type, domain name, date and time of visit, actions taken, etc.), the transmission of which is implicit in the use of internet communication protocols, which could – if associated with other data – lead to the identification of the user.

This information is collected in an aggregated and automated manner for the following purposes:

  • To verify the correct functioning and ensure the full usability of the website and the services offered;
  • To generate anonymous statistical reports on website traffic;
  • To perform application debugging and monitor computer systems in order to detect any violations in their use and allow for post-incident analysis. This data is deleted immediately after processing. For any information regarding the installation of cookies, please refer to the cookie policy.

5. Communication and Disclosure of Data

The personal data of the user may be communicated to third parties, where necessary, and in particular:

  1. to all subjects, public and private, to whom access to the personal data of the data subject is recognized by provisions of law or by order of the administrative and/or judicial authority;
  2. to authorized data processors, employees, collaborators, and suppliers of Isap, within the scope of their duties and the contractual relationship with them existing, for the performance of contractual obligations with the data subject;
  3. to postal offices, shippers, and couriers, where necessary for the sending of documentation or other material to the data subject;
  4. to legal entities, public and private (for example, but not limited to, law or commercial firms, chambers of commerce, Authorities, etc.), where necessary for the performance of the activities carried out by Isap for the purposes set out in point 1;
  5. to banking institutions for the management of collections and payments.

The personal data of users are not subject to dissemination.

6. Rights of the Data Subject

Isap recognizes to the data subject all the rights provided for by Articles 15 and following of the GDPR; in particular, the right to obtain access, rectification, erasure, portability of data, as well as the right to restrict their processing, the right to withdraw consent (without prejudice to the lawfulness of the previous processing), to object to the processing itself, and to lodge a complaint with a supervisory authority. These rights can be exercised by the data subject with a request addressed informally to the data controller, to which an appropriate response is provided without delay, by mail or fax, to the contact details below, indicating on the envelope or on the sheet the wording “Regarding Privacy,” or by sending an email to privacy@isap-packaging.com.

Data Controller

The data controller is Isap Packaging S.p.A.;

Registered office: Via Lungadige Attiraglio 67 – 37124 Verona (VR) Italy;

VAT number: 03580030231.

7. Update

This information is subject to changes and updates, therefore the data subject is invited to consult it regularly.