Information on personal data processing - SmyChat
Dear User,
we need to process your personal data for the below mentioned purposes; according to EU Regulation 679/2016 on personal data protection, we provide the following information.
1. CONTROLLER
The Controller who determines the means and purposes of personal data processing is SMI SPA, with head office in Via C.Ceresa 10 in San Giovanni Bianco.
2. PURPOSES, LEGAL GROUNDS, METHODS AND DURATION OF PROCESSING
Purposes | Lawfulness | Consequences in case of objection to data processing |
|---|---|---|
Your data are processed to allow your access to SmyChat services: real-time sending and receiving messages, sharing images, videos and files with all members of a group or with a specific user (chat 1:1), video chatting. These services are performed exclusively for work purposes, to facilitate the communication between Smi Group employees and stakeholders with prior authorization. Their use for different purposes is not allowed. | Art. 6, (1, f) GDPR Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data Art. 6, (1, b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; | The consent is not required, but if you object to providing your personal data, the Service shall not continue. |
Smychat service is available as an app for smartphones or tablets and as a web application on PC.
It operates on Android operating systems (4.1 version or above), iOS (6 or above); on PC, an updated browser is enough.
The following data are required to access the service:
- For Smi Group employees: corporate user name and password.
- For external users: user name and password provided by an operator from Smi. Data required to create access credentials (name, surname, company name and address, telephone number, e-mail address).
Your personal data will be processed exclusively by authorized personnel or by processors appointed for this purpose.
Smychat contacts directory displays the group employees, whereas external users can be displayed exclusively by the users in contact with them.
For easier identification of the user, the contacts directory allows associating an image to the profile.
The service is based on Cloud systems with EU data centres; the data traffic is encrypted.
3. RIGHTS OF THE DATA SUBJECT
You are entitled to exercise your rights under this Regulation in respect of and against the Controller.
Right of access: according to art.15 of EU Regulation you have the right to obtain from the controller confirmation as to whether or not your personal data are being processed, and, where that is the case, access to your data.
Right to rectification: according to art. 16 of EU Regulation you have the right to obtain from the controller without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, also by providing a supplementary statement.
Right to erasure: according to art. 17 of EU Regulation you have the right to obtain from the controller the erasure of your personal data without undue delay where one of the provisions of the regulation applies.
Right to restriction of processing: according to art. 18 of EU Regulation, you have the right to obtain from the controller restriction of processing where one of the provisions of the Regulation applies.
Right to object: according to art. 21 of EU Regulation, you have the right to object to processing of your personal data at any time on grounds relating to your particular situation, based on art. 6 (1) point (e) or (f), including profiling based on those provisions.
Right to data portability: according to art. 20 of EU Regulation, you have the right to receive your personal data, which you provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to withdraw your consent: according to art. 7 of EU Regulation, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint: according to art. 77 of EU Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes this Regulation.
4. FURTHER INFORMATION
For further information, for consulting our privacy policy or for receiving an abstract of the articles of the EU Regulation, you can write to the Controller's e-mail address privacy@smigroup.net. Your requests to exercise your rights can be sent in writing to the Controller, together with a valid identity document.
5. CO-OPERATION
Data protection and compliance with the EU Regulation, especially with transparency principle, are crucial values for our Group; we would be grateful if you could help us by notifying the Controller of any difficulties of intelligibility or suggesting any improvements to be adopted.
Contact us
- SMI S.p.A.
- Address: Via Carlo Ceresa, 10
24015 San Giovanni Bianco BG
Italy - Phone: +39 0345 40.111
- E-mail: info@smigroup.it
- Monday - Friday: 07:45 - 17:30
Saturday - Sunday: Closed
Privacy statement
DATA PROTECTION AND PRIVACY
The European Regulation 679/2016 (GDPR) on the protection of personal data has been fully applicable since May 25th, 2018. This is an important goal, because it lays down rules relating to the processing of personal data for all Countries within the Union. Every company of the SMI Group planned a series of activities, assets or operational modes to comply with the regulation and put into practice the protection of personal data. Here is a list of actions taken to comply with the European Regulation and our policy on personal data processing.
Lawfulness of processing
All activities relating to personal data processing shall be lawful (consent, contract obligations, vital interests of the data subject or of third parties, compliance with legal obligations to which the controller is subject, public interest or exercise of official authority, legitimate interest pursued by the controller or by third parties).
Information document
The information statement has been improved and updated to the new regulations (art. 13 and 14 GDPR).
Rights of the data subjects (right of access, right to erasure-right to be forgotten, right to restriction of processing, right to object, right to data portability)
Technical and organization measures have been adopted to ensure the data subject's exercise of his rights and to meet the data subject requirements.
Controllers, processors
Based on the new principle of “accountability”, SMI Group organization was re-defined, in order to proactively ensure integral compliance with the Regulation.
Redefinition of the role of data processors and service suppliers whose activity implies personal data processing.
Risk of data processing; accountability measures taken by controllers and processors (Impact assessment, record of processing activities, security of processing, data breach)
The “Conformity document”, including records of data processing activity, plans, adopts and demonstrates all technical and organizational measures taken to adequately perform the data processing activities and specifies the necessary procedures to be adopted to notify data breach.
Transfer of personal data to international organizations
Smi Group adheres to the general principles and guarantees concerning the transfer of personal data to third Countries.
The Controller is:
SMI S.p.A.
Head office: Via Carlo Ceresa, 10 - 24015 San Giovanni Bianco (BG) - ITALIA
P.I.: 04471940165 - C.F.: 03942700166 - R.E.A.: 421708
For further information, write to: privacy@smigroup.net
According to the European Regulation 679/2016, the data subject is entitled to exercise the rights set forth in the Regulation.
The integral version of art. 15; 16; 17; 18; 20; 21; 77 of the European Regulation is attached to this document.
In order to exercise your rights, please send the application form duly filled in to the Controller's address.
Legal notice
SMI S.p.A. con Unico Socio
Società sottoposta a direzione e coordinamento da SMIGROUP S.p.A.
Società appartenente al GRUPPO IVA SMI INDUSTRIES
Sede amministrativa e Unità produttiva:
Via Carlo Ceresa, 10 - 24015 San Giovanni Bianco (BG) - ITALIA
Tel. +39 0345 40.111 - Fax: +39 0345 40.209 - www.smigroup.it
C.F. 03942700166 - P. IVA IT04471940165 - R.E.A. 421708
Iscr.Reg.Imprese 03942700166 - Cap. Soc. € 5.000.000 i.v.
Sede legale: Via Monte Grappa, 7 - 24121 Bergamo (BG) - ITALIA