The present statement is made, pursuant to Art. 13 of Regulation (EU) 2016/679, ("GDPR") "European Regulation on the protection of personal data", to customers and suppliers natural persons who are proprietors of sole proprietorships and to natural persons who operate on behalf of customers and suppliers legal entities of the company SF GROUP Srl. The aforementioned legislation contains provisions to protect persons and other subjects, with respect to the processing of "personal data" (personal and fiscal data) provided, which will be processed in compliance with the aforementioned law and according to the principles of lawfulness, correctness, transparency and protection of the privacy and rights of the interested party (natural person), with particular reference to integrity, confidentiality, personal identity and the right to protection of personal data.

Information on the processing of personal data

This Privacy Policy is intended to inform you how personal data is collected, used, eventually transmitted to third parties or otherwise processed by SF GROUP Srl.

Holder and responsible for the treatment of personal data

The owner and manager of the processing of personal data is SF GROUP Srl which can be contacted through the e-mail address for the exercise of the rights indicated below.

Interested in the processing of personal data

Interested in the processing of personal data The interested party is any natural person identified or identifiable, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier, or one or more characteristic elements of his physical, physiological, genetic, psychic, economic, cultural or social identity.

Personal data

Personal Data is any information concerning the Data Subject.

Subject of the treatment and personal data collected

The Data Controller processes the data of customers and natural person suppliers, or of natural persons operating in the name and on behalf of customers and supplier’s legal entities. In particular, the Data Controller processes personal, identifying data (for example, name, surname, company name, address, telephone number, e-mail address, bank and payment details, tax code, VAT number).

Purpose of the treatment

The personal data provided by the interested party will be used:
A) without the need for express consent, for the following purposes:

  • Manage and allow the supply of the requested products / services, manage accounting and tax compliance, allow effective management of relations with customers and suppliers in order to respond to requests for supply organization, information, assistance, suggestions and / or specific needs reported by the interested party;
  • Fulfil the pre-contractual obligations, including the economic-financial evaluation;
  • Fulfil contractual, tax and administrative obligations deriving from existing relationships;
  • Carry out the operations necessary for processing orders and other requests, including managing and controlling risks and preventing possible insolvencies or defaults, including the communication of the data provided, to third parties, when necessary for contractual fulfilment; including communications to banks and / or service companies for financial obligations related to established contractual relationships;
  • Fulfil all the operations imposed by the application of the Management Systems applied in the company according to UNI EN ISO, OHSAS 18001, or Legislative Decree 231/2001;
  • Fulfil the obligations provided for by law, by a regulation, by EU legislation or by an order of the Authority, of any nature: accounting, administrative, fiscal, civil, regulatory, health, supervision, etc.;
  • Prevent or detect fraudulent activities or harmful abuse;
  • Prevent and manage possible disputes, take legal action in case of need;
  • Exercise the rights of the Holder, such as the right to defend in court;
  • Start and manage transactions and compensation claims in the event of damage and / or reported claims;
  • protect the rights and personal safety of our employees and third parties. In relation to the aforementioned purposes, the data may also be communicated, within the strictly necessary limits, to the following subjects who carry out outsourced activities on behalf of the Data Controller, in their capacity as external processors or to the categories of subjects indicated below:
  • consultants, if regularly appointed to this form of treatment in full compliance with the minimum measures in force, or when the communication is in the interest of the subject (natural or legal person) or when the communication is due by law;
  • banking institutions, when the communication is in the interest of the subject (natural or legal person);

Finally, it may be communicated to the subjects entitled to access it under the provisions of the law, regulations, Community legislation, for example the Public Administration when the communication is due by law, or it is in the interest of the subject (natural or legal person).

Place and transfer of data

The Data will be processed at the Data Controller's headquarters and in any other place where the parties involved in the processing are located. The management and storage of personal data will take place on servers located within the European Union of the Data Controller and / or any third party companies duly appointed as Data Processors. Currently our servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the servers in Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller now ensures that the extra-EU data transfer will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by the European Commission.

Rights of interested parties

The interested party has the right to request information in writing on his personal data stored. In addition, in connection with the use of your personal data, you have the right to correct, delete, suppress or limit the processing, as well as the right to file a complaint with the data protection authority. In case of modification of the data or withdrawal of consent to the storage or use of data, an email can be sent to the email address

Right to Withdraw Consensus

If the processing is based on consent, the interested party has the right to revoke it at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.

Right to propose a complaint

The interested party has the right to lodge a complaint with the supervisory authority.

Data security

The Data Controller undertakes to adopt multiple data security measures to ensure the confidentiality and integrity of personal information. However, given the nature of the Internet, it does not ensure the total absence of gaps in the security of data transmission via the Internet (for example communication via e-mail) and that complete data protection from third party access is not possible.

Corporate data

registered office:
via Tiburtina 1143 - 00156 Rome
Tel. 08551999 - Fax. 0854512020