Dear user, below we provide some information that we need to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards you and towards all parties concerned is a fundamental part of our activity.

 

DATA CONTROLLER

The Data Controller is part of a “group of undertakings” as defined in Art. 4(19) GDPR and, through shared policies and compliance measures, manages the obligations relating to the protection of personal data under the control of the parent company Sweden & Martina S.p.A. (VAT No. 00401550280), established in Italy, a country belonging to the European Union, in accordance with the agreements entered into among the group companies.

The controller is the group company that determines the processing of your personal data. In practice, the controller usually coincides with the company with which you have a professional relationship.

You may contact your controller by writing to privacy@sweden-martina.com, in addition to the contact details indicated in the “controller’s contact details” section of this notice.

 

PERSONAL DATA PROTECTION OFFICER

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at the following: email: dpo@sweden-martina.com – certified email: dataprotectionofficer@pec.it

 

CATEGORIES AND SOURCE OF DATA

For processing purposes, the Data Controller shall process ordinary data, such as: personal data, contact data, address data, data relating to identification/recognition documents, access and identification data, data relating to purchases or the use of services, product quality certificates, data relating to work activity, payment data, asset data, tax data, video surveillance recordings and data relating to the accommodation service, including special data.

The data processed are communicated by the data subject and/or by third parties, such as other suppliers, and/or are collected from publicly accessible sources.

 

PROVISION OF DATA

For the above-mentioned purposes, the provision of personal data is a prerequisite; failure to provide such data could mean processing is not possible.

 

PROCESSING

Your personal data are collected and processed using automated, semi-automated and non-automated means, as specified below. In any case, the time necessary for the statute of limitation in relation to reciprocal rights and the storage time for backups to accrue must be added to the period for storing data indicated from time to time.

 

We process your data in order to execute pre-contractual measures adopted at your request or to perform a contract to which you are party, specifically:

• the search for and selection of suppliers and the subsequent management of contractual obligations (we will keep data for 10 years from the year of termination of the last contract);

• receipt and dispatch of documents and goods (we will keep data for 10 years from the relevant year or from termination of the last contract);

• accommodation and management of related services regarding business negotiations (we will keep data for 10 years after termination of the last contract for data relating to accommodation);

 

We process your data in order to fulfil a legal obligation the Data Controller is subject to, specifically:

• bookkeeping and tax obligations (we will keep data 10 years from the relevant year);

• management and maintenance of the IT network and systems (we will keep data for 18 months after termination of the contract relationship with regard to obligations relating to system administrators);

• ensuring corporate compliance, e.g., managing data protection requirements (we will keep data for as long as necessary to fulfil the purpose).

 

We process your data in order to pursue a legitimate interest of the Data Controller, specifically:

• inhouse management checks (we will keep data for 10 years from the relevant year);

• programming of activities (we will keep data for 10 years from the year of data acquisition);

• monitoring people entering the company and sorting phone calls (we will keep data for one year from the year of data acquisition);

• verification of the quality of goods and services (we will keep data for 10 years from the year of termination of the last contract);

• ensuring corporate compliance, e.g., preventing the commission of criminal offences to the benefit of or in the interest of the organisation (we will keep data for as long as is strictly necessary to fulfil the purpose);

• video-surveillance activities to protect company assets, personal safety and perimeter security, against intrusion and damage to property (we will keep the data for 24 hours, unless events require footage to be kept longer - e.g., theft);

• management and maintenance of the IT network and systems (we will keep data for 10 years from the year of termination of the contractual relationship for accounts, passwords and usernames);

• to prevent and/or detect possible abuse and to defend our rights and interests in court or in the preparatory stages of a court case (we keep data until the purpose of processing ceases).

 

We process your data based on your consent for certain purposes, specifically:

• promotion of the Data Controller’s activities and registration through video or photographic recordings, with possible subsequent publication (except for data subject to dissemination, we will retain the data until consent is withdrawn; thereafter, processing will be limited to mere storage for 10 years from the year in which consent was revoked).

Any special categories of personal data are also processed based on your consent. If you choose not to provide your consent, we will not be able to process your personal data. Furthermore, you may withdraw your consent at any time by contacting the Data Controller using the contact details provided above.

 

COMMUNICATION OF DATA

Your data may be communicated, exclusively for technical and operational requirements strictly related to the above-mentioned purposes, to parties who process the data on behalf of the Data Controller, appointed as Data Processors pursuant to Art. 28 of EU Reg. 2016/679, banks and financial institutions, shipping and transport companies, accommodation facilities and travel agencies, as well as to public bodies with whom there is a legal obligation to communicate (merely by way of example but not limited to, the Chamber of Commerce, Inland Revenue, etc.).

 

TRANSFER OF DATA OUTSIDE THE EU

The processing of personal data (e.g. storage, archiving and preservation of data on servers or the cloud) will be restricted within the areas of circulation and processing of personal data of countries that are part of the European Union, with an express ban on transferring them to non-EU countries that do not guarantee (or do not have) an adequate level of protection, or in the absence of the protection tools provided by EU Regulation 2016/679 (third country deemed adequate by the European Commission, group BCR, model contract clauses, data subject consent, etc.).

 

 

DATA SUBJECT RIGHTS

The data subject has the right, pursuant to Articles 15 et seq. of EU Reg. 2016/679, to request the Data Controller grant access to his or her personal data, as well as the right to rectification or deletion or the right “to be forgotten”. The data subject also has the right to request data portability, the restriction of processing or to object to processing.

For processing based on consent, the data subject has the right at any time to revoke consent, without prejudice to the lawfulness of the processing based on the consent given before revocation. To exercise such rights or to request additional information, data subjects may contact the Data Controller using the information provided above.

Lastly, data subjects may lodge complaints the competent supervisory Authority.

 

MODIFICATIONS

We reserve the right to update our Privacy Policy. We will notify you of any changes as we deem appropriate and will update the date in this Privacy Policy Statement. We therefore recommend you consult our Privacy Policy periodically, even by requesting a copy from the Data Controller.

​

​

Last Update M.158-EN Revisione 5 - 2025/10/28

​