Privacy Policy
Privacy Policy This page provides information pursuant to Articles 13 and 14 of EU Regulation 679/2016 on how the personal data of users who visit the site and utilize its services will be processed. This information pertains exclusively to this site and not to any other websites accessed via links present on this site.
EU Regulation 679/2016, also known as the General Data Protection Regulation (GDPR), sets standards for the protection of individuals concerning the processing of personal data, as well as the free movement of such data. It safeguards the fundamental rights and freedoms of individuals, particularly their right to personal data protection.
Under Article 4, "Personal Data" is defined as any information related to an identified or identifiable individual ("Data Subject"). "Processing" refers to any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, alignment or combination, restriction, erasure, or destruction (Article 4(2)).
Articles 12 and following mandate that Data Subjects must be informed about the processing activities undertaken by the Data Controller and their associated rights.
Data Controller: Lozhkin Stanislav – Sisma Development S.R.L. : COMO (CO) VIA RECCHI 2 CAP 22100 info@sismahouse.com
Purposes and Legal Basis for Processing:
  • To conclude and properly execute contracts involving the Data Subject, or to take precontractual measures upon their request (Article 6(1)(b)). This includes providing requested information, services/products, and newsletter subscriptions.
  • To send commercial communications about services, products, and activities offered by the Data Controller using remote technologies (mail, phone, SMS, WhatsApp) based on consent (Article 6(1)(a)).
  • To send commercial and promotional information about our products/services similar to those previously purchased, unless refused by the Data Subject, based on the Controller's legitimate interest (Article 6(1)(f)).
  • To respond to user requests made via mail and/or website forms (Article 6(1)(b)).
  • To facilitate site navigation and ensure adequate availability, based on the Controller's legitimate interests (Article 6(1)(f)).
  • To analyze statistical data on aggregated or anonymous data to monitor site functionality, traffic, and user interest, based on the Controller's legitimate interest (Article 6(1)(f)).
  • To establish, exercise, or defend legal claims, based on the Controller's legitimate interests (Article 6(1)(f)).
  • To comply with legal obligations as stipulated by law, regulations, EU legislation, or orders from the Authority to which the Data Controller is subject (Article 6(1)(c)).
Types of Data Collected:
  • Identifying data
  • Contact information
  • Data related to the contractual relationship
  • Data regarding the preferences and interests of the Data Subject
Navigation Data: Certain personal data is acquired by computer systems and software processes responsible for the functioning of this website during normal use, implied by internet communication protocols. This includes IP addresses, domain names, URI addresses of requested resources, request time, request method, file size received, response status codes, and other parameters related to the user's operating system and IT environment. This data is used solely to obtain anonymous statistical information on site use and ensure proper functionality. It is immediately deleted after processing. The data may be used to determine liability in the event of hypothetical cybercrimes.
Refusal to Provide Data: Users are free to provide personal data. However, refusal to provide required data may result in failure to conclude or improperly fulfill the contract and/or non-compliance with legal obligations. Providing data for processing requiring consent is optional, and users can still benefit from the Controller's products/services. Users can object to the processing of their personal data at any time by contacting the Controller.
Sources of Data: Data will be provided by the Data Subject or collected from third parties.
Data Processing Methods: According to Article 5 of the regulation, personal data will be:
  • Processed lawfully, fairly, and transparently.
  • Collected for specified, explicit, and legitimate purposes and processed in a manner compatible with those purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and updated when necessary.
  • Processed securely.
  • Stored in a form allowing identification of the Data Subject for no longer than necessary for the purposes of processing.
Processing will be carried out using manual and/or computerized and electronic methods with strict adherence to the purpose and ensuring the security, integrity, and confidentiality of the data.

Communication of Data: Personal Data may be shared with authorized parties and external processors appointed by the Controller (a full list of external processors is available from the Controller). With consent, the Data may also be shared with the Controller’s third-party sponsors and commercial partners for the purposes described in section 3 of the “Purposes of Processing.” Additionally, the Data may be shared with other parties acting as independent Controllers in pursuit of the stated purposes.
Dissemination of Data: Personal data will not be publicly disclosed.
Transfer of Data to Other Countries: Personal Data will be processed within the European Economic Area (EEA). If transferred to a third country without an adequacy decision by the European Commission, applicable legal provisions will be followed, such as the European Commission’s Standard Contractual Clauses.
Storage of Data: In general, Personal Data will be stored only as long as necessary for the purposes for which it was collected and processed, including any legally required retention periods. Typically, data will be stored for a maximum of 10 years after the end of the relationship with the Controller, and for up to 2 years for purposes requiring consent, unless needed for legal defense.
Rights of the Data Subject: Under European Regulation 679/2016, Articles 15 to 21, and applicable national laws, data subjects have the right to:
  • Request confirmation of their Personal Data (right of access).
  • Discover the origin of their data.
  • Receive data in an intelligible format.
  • Obtain information on the logic, methods, and purposes of processing.
  • Request updates, supplementation, correction, deletion, anonymization, or restriction of data processed in breach of the law, including unnecessary data.
  • Lodge a complaint with the Data Protection Authority.
  • Exercise all other rights recognized by applicable law.
These rights can be exercised by sending a request to the Data Controller at the provided contact details.

Version: 1.1.
Last edit 01/10/2024