Regione Oltrebormida s.n.c 15019 Strevi (AL)
info@starworksky.com
+39 0144 73225

Privacy policy

PRIVACY NOTICE FOR CLIENTS

PURSUANT TO ART. 13 EU REG. 2016/679 (GDPR)

Customer Privacy Notice Form REV. 00 dated 16/06/2025

Dear Data Subject,

With this document, S.W.S. S.A.S. provides information regarding the processing of personal data acquired, even verbally, directly or through third parties, relating to you, necessary for carrying out administrative, accounting, management and contractual services connected with or deriving from the execution of the contract. This information notice is provided pursuant to the provisions of Art. 13 of EU Reg. 2016/679 (so-called GDPR). 

  1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER.

The Data Controller (hereinafter also referred to as the “Controller”) is S.W.S. S.A.S., with registered office in Strevi (AL), Regione Oltrebormida Sn, VAT No. 01466880067, tel. 014473225, e-mail This email address is being protected from spambots. You need JavaScript enabled to view it., PEC This email address is being protected from spambots. You need JavaScript enabled to view it.

  1. PURPOSES OF DATA PROCESSING.

Your personal data will be processed for the following purposes:

  1. to enter into and perform the contract and all related activities, such as, by way of example, invoicing, credit protection, administrative, management, organizational and functional services related to the contractual relationship (including fulfillment of pre- and/or post-contractual obligations);
  2. to fulfill obligations under national and/or EU laws, regulations, and provisions concerning contractual, accounting and tax matters, and to ensure effective management of business relationships, as well as compliance with provisions issued by legally authorized authorities and supervisory bodies;
  3. to send – exclusively via the provided e-mail address – communications regarding products and services similar to those covered by the contract (“Promotional Purpose”);
  4. if necessary, to establish, exercise or defend the Controller’s rights in court (“Protection Purpose”).

If you use vehicles belonging to the company fleet to perform your duties, please note that helicopters are equipped with a satellite geolocation system, authorized by the Territorial Labor Inspectorate of Asti-Alessandria No. 76 dated April 7, 2025. The relevant authorization is available upon request.

  1. LEGAL BASIS OF PROCESSING.

Since data processing is necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the same, the legal basis of the processing is that provided by Art. 6(1)(b) of the GDPR, i.e., performance of a contract, as well as Art. 6(1)(c) GDPR with regard to compliance with legal obligations connected with or arising from the contract.

For the promotional purpose, the legal basis for processing is provided under Art. 130, paragraph 4, of Legislative Decree 196/2003.

For the protection purpose, the legal basis is the legitimate interest under Art. 6(1)(f) GDPR, to establish, exercise or defend a right in court.

Regarding the geolocation system, processing is carried out for the protection of company assets, organizational and production needs, and workplace safety (“organizational purposes”).

  1. METHODS OF DATA PROCESSING.

Processing will be carried out using electronic, IT, or automated tools, as well as paper-based systems.

Processing is carried out by the Controller and by the Controller’s collaborators and/or employees as authorized data processors, by the system administrator, as well as by specifically appointed data processors, within their respective functions and in accordance with the Controller’s instructions, ensuring the use of suitable measures for the security and confidentiality of processed data.

In accordance with the Regulation, the Controller’s data processing activities will comply with the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.

Data will always be processed in full compliance with the principle of confidentiality, including when managed by third parties expressly appointed by the Controller.

Your data will not be subject to any automated decision-making process.

Regarding the geolocation and video surveillance systems, processing is carried out exclusively through IT means.

  1. DATA RETENTION PERIOD.

Your personal data will be retained during the performance of the contract and for a period of ten years after its termination/completion, in order to comply with tax and accounting obligations, as well as for judicial protection in the event of disputes arising from the contract.

This is without prejudice to cases where it is necessary to assert contractual rights in court; in such cases, the personal data of the Data Subject, limited to what is necessary for those purposes, will be processed for the time strictly necessary to achieve them.

For the Promotional Purpose, data will be retained for two years from the time of collection, subject to the data subject’s right to object, which may be exercised at any time.

For the Protection Purpose, data will be retained until that purpose is achieved, unless further retention is necessary for the defense of the Controller’s rights.

For the geolocation system, data will be retained for 168 hours from detection.

Once the above retention periods have expired, the data will be destroyed, deleted, or anonymized, in accordance with the technical procedures for deletion and backup.

This privacy notice shall also be considered valid for any subsequent contracts you may enter into with the Controller.

  1. RECIPIENTS OF PERSONAL DATA.

The personal data you provide may be accessed by the Controller, authorized personnel, and/or data processors. The list of appointed Data Processors, where applicable, is available upon request.

The communication of the Data Subject’s personal data mainly occurs with third parties and/or recipients whose activities are necessary for carrying out tasks related to the execution of the contractual relationship and for fulfilling certain legal obligations, such as, by way of example, entities processing data in accordance with legal requirements (national and governmental bodies, etc.), any trade associations to which the company adheres, credit institutions, financial companies, and other credit intermediaries providing services related to the above purposes, software and hardware support companies, and professionals or firms for the judicial or extrajudicial protection of the Controller’s rights.

  1. DATA DISCLOSURE.

Unless specifically requested in writing by you or required by a court order/legal obligation, the personal data you provide will not be disseminated.

  1. TRANSFER OF DATA ABROAD.

The collected data will not be transferred to third countries or international organizations.

  1. DATA SUBJECT’S RIGHTS.

The legislation grants the Data Subject the exercise of specific rights listed in Articles 15 to 22 of the GDPR, including the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed (i.e., access), to receive such data in an intelligible form, as well as to request rectification or erasure, or to restrict processing in whole or in part, or to object on legitimate grounds to processing, and/or to withdraw consent at any time (without prejudice to the consequences indicated), or to request data portability for data subject to specific consent, or to request updates.

The Data Subject has the right to know the origin of the data, the purposes and methods of processing, the logic applied, the identification details of the Controller, and the entities to whom the data may be disclosed.

The Data Subject also has the right to request anonymization, restriction, or blocking of data processed in violation of the law; they may also lodge a complaint regarding the unauthorized processing of data with the Italian Data Protection Authority following the procedures published on its website (http://www.garanteprivacy.it/).

Requests relating to the exercise of these rights may be addressed to the Data Controller at the above contact details, without formalities, or alternatively by using the model provided by the Italian Data Protection Authority available at the following website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

The exercise of these rights may be carried out by written communication sent via PEC or by registered letter with return receipt addressed to the aforementioned entity.

  1. PROVISION OF DATA AND CONSEQUENCES OF REFUSAL.

The provision of personal data is not mandatory; however, it is necessary for the proper execution of contractual and pre-contractual obligations. Providing contact details for promotional purposes is not mandatory, but it is necessary if you wish to receive communications regarding the Controller’s services and promotions. Failure to provide the requested data will make it impossible to conclude the contract, execute pre-contractual measures, or properly fulfill contractual obligations and related (including legal) requirements, as well as, more generally, to pursue the purposes described above.

The Controller specifies that only the data strictly necessary for the conclusion of the contract and the performance of related obligations or legal requirements will be requested.

PRIVACY NOTICE FOR SUPPLIERS

PURSUANT TO ART. 13 EU REG. 2016/679 (GDPR)

Dear Data Subject,

With this document, S.W.S. S.A.S. provides information regarding the processing of personal data acquired, even verbally, directly or through third parties, relating to you, necessary for carrying out administrative, accounting, management and contractual services connected with or deriving from the execution of the contract. This information notice is provided pursuant to the provisions of Art. 13 of EU Reg. 2016/679 (so-called GDPR). 

  1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER.

The Data Controller (hereinafter also referred to as the “Controller”) is S.W.S. S.A.S., with registered office in Strevi (AL), Regione Oltrebormida Sn, VAT No. 01466880067, tel. 014473225, e-mail This email address is being protected from spambots. You need JavaScript enabled to view it., PEC This email address is being protected from spambots. You need JavaScript enabled to view it.

  1. PURPOSES OF DATA PROCESSING.

Your personal data will be processed for the following purposes:

  1. to enter into and perform the contract and all related activities, such as, by way of example, invoicing, credit protection, administrative, management, organizational and functional services related to the contractual relationship (including fulfillment of pre- and/or post-contractual obligations);
  2. to fulfill obligations under national and/or EU laws, regulations, and provisions concerning contractual, accounting and tax matters, and to ensure effective management of business relationships, as well as compliance with provisions issued by legally authorized authorities and supervisory bodies;
  3. if necessary, to establish, exercise or defend the Controller’s rights in court (“Security Purpose”).
  1. LEGAL BASIS OF PROCESSING.
  • Since data processing is necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the same, the legal basis of the processing is that provided by Art. 6(1)(b) of the GDPR, i.e., performance of a contract, as well as Art. 6(1)(c) GDPR with regard to compliance with legal obligations connected with or arising from the contract.
  • For the Security Purpose, the legal basis is the legitimate interest under Art. 6(1)(f) GDPR, to establish, exercise or defend a right in court.
  1. METHODS OF DATA PROCESSING.

Processing will be carried out using electronic, IT, or automated tools, as well as paper-based systems.

Processing is carried out by the Controller and by the Controller’s collaborators and/or employees as authorized data processors, by the system administrator, as well as by specifically appointed data processors, within their respective functions and in accordance with the Controller’s instructions, ensuring the use of suitable measures for the security and confidentiality of processed data.

In accordance with the Regulation, the Controller’s data processing activities will comply with the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.

Data will always be processed in full compliance with the principle of confidentiality, including when managed by third parties expressly appointed by the Controller.

Your data will not be subject to any automated decision-making process.

  1. DATA RETENTION PERIOD.

Your personal data will be retained during the performance of the contract and for a period of ten years after its termination/completion, in order to comply with tax and accounting obligations, as well as for judicial protection in the event of disputes arising from the contract.

This is without prejudice to cases where it is necessary to assert contractual rights in court; in such cases, the personal data of the Data Subject, limited to what is necessary for those purposes, will be processed for the time strictly necessary to achieve them.

For the Security Purpose, data will be retained until that purpose is achieved, unless further retention is necessary for the defense of the Controller’s rights.

Once the above retention periods have expired, the data will be destroyed, deleted, or anonymized, in accordance with the technical procedures for deletion and backup.

This privacy notice shall also be considered valid for any subsequent contracts you may enter into with the Controller.

  1. RECIPIENTS OF PERSONAL DATA.

The personal data you provide may be accessed by the Controller, authorized personnel, and/or data processors. The list of appointed Data Processors, where applicable, is available upon request.

The communication of the Data Subject’s personal data mainly occurs with third parties and/or recipients whose activities are necessary for carrying out tasks related to the execution of the contractual relationship and for fulfilling certain legal obligations, such as, by way of example, entities processing data in accordance with legal requirements (national and governmental bodies, etc.), any trade associations to which the company adheres, credit institutions, financial companies, and other credit intermediaries providing services related to the above purposes, software and hardware support companies, and professionals or firms for the judicial or extrajudicial protection of the Controller’s rights.

  1. DATA DISCLOSURE.

Unless specifically requested in writing by you or required by a court order/legal obligation, the personal data you provide will not be disseminated.

  1. TRANSFER OF DATA ABROAD.

The collected data will not be transferred to third countries or international organizations.

  1. DATA SUBJECT’S RIGHTS.

The legislation grants the Data Subject the exercise of specific rights listed in Articles 15 to 22 of the GDPR, including the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed (i.e., access), to receive such data in an intelligible form, as well as to request rectification or erasure, or to restrict processing in whole or in part, or to object on legitimate grounds to processing, and/or to withdraw consent at any time (without prejudice to the consequences indicated), or to request data portability for data subject to specific consent, or to request updates.

The Data Subject has the right to know the origin of the data, the purposes and methods of processing, the logic applied, the identification details of the Controller, and the entities to whom the data may be disclosed.

The Data Subject also has the right to request anonymization, restriction, or blocking of data processed in violation of the law; they may also lodge a complaint regarding the unauthorized processing of data with the Italian Data Protection Authority following the procedures published on its website (http://www.garanteprivacy.it/).

Requests relating to the exercise of these rights may be addressed to the Data Controller at the above contact details, without formalities, or alternatively by using the model provided by the Italian Data Protection Authority available at the following website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

The exercise of these rights may be carried out by written communication sent via PEC or by registered letter with return receipt addressed to the aforementioned entity. 

  1. PROVISION OF DATA AND CONSEQUENCES OF REFUSAL.

The provision of personal data is not mandatory; however, it is necessary for the proper execution of contractual and pre-contractual obligations. Providing contact details for commercial activities is not mandatory, but it is necessary if you wish to receive communications regarding the Controller’s services and promotions. Failure to provide the requested data will make it impossible to conclude the contract, execute pre-contractual measures, or properly fulfill contractual obligations and related (including legal) requirements, as well as, more generally, to pursue the purposes described above.

The Controller specifies that only the data strictly necessary for the conclusion of the contract and the performance of related obligations or legal requirements will be requested.