Privacy Policy

Sivida srl
Last updated: April 19, 2025

INFORMATION ON THE PROCESSING OF PERSONAL DATA

This Privacy Policy describes how Sivida srl ​​("iDoctors", "we", "us", "our") collects, uses, shares and protects the personal information of users ("user", "you") when they use our website www.idoctors.it ("Site"), our electronic device repair services or interact with us in our physical stores in Milan.

We are committed to protecting your privacy and processing your personal data in accordance with EU Regulation 2016/679 (GDPR), Legislative Decree 196/2003 (Privacy Code) as amended by Legislative Decree 101/2018 and other applicable data protection regulations.

We invite you to read this Policy carefully to understand our practices regarding the treatment of your personal data.

1. DATA CONTROLLER

The Data Controller is:

Sivida srl
Registered office: Corso di Porta Romana 128, 20122 - Milan - MI
VAT: 11602710961
Email: sividasrl@gmail.com
Phone: 0250301677
PEC: sividasrl@gmail.com

2. DATA PROTECTION OFFICER (DPO)

Our Data Protection Officer (DPO) can be contacted for any matter relating to the processing of personal data at the following address:

Email: sividasrl@gmail.com
Phone: 0250301677
Postal address: [Corso di Porta Romana 128, 20122 - Milan - MI c/o Data Protection Officer

3. CATEGORIES OF PERSONAL DATA PROCESSED

3.1 Data provided directly by the user

We may collect the following personal data provided directly by you:

a) Identification and contact data : name, surname, address, email, telephone number, tax code, VAT number.

b) Billing data : billing address, payment details, tax information.

c) Device information : brand, model, serial number, IMEI or other identifiers of the device delivered for repair, description of the problem encountered, temporary passwords provided to access the device (if necessary for the repair).

d) Communication preferences : consents and preferences relating to contact methods.

3.2 Data collected automatically

When you visit our Site, we may automatically collect:

a) Browsing data : IP address, browser type and version, operating system, access times, pages visited, browsing path, device identifier.

b) Cookies and similar technologies : information collected through cookies, web beacons and similar technologies, as described in our Cookie Policy available on the Site.

3.3 Data from other sources

We may receive personal data about you from other sources, such as:

a) Business partners, when they offer services together with us.

b) Social media, when you interact with our social network profiles.

c) Payment service providers, when you make a payment for our services.

4. PURPOSE AND LEGAL BASIS OF THE PROCESSING

4.1 Performance of a contract or pre-contractual measures (art. 6, par. 1, lett. b, GDPR)

We process your personal data for:

a) Provide requested repair services, including diagnosis, estimates, repairs and delivery of devices.

b) Manage online reservations and appointments at our stores.

c) Process payments and manage related administrative and accounting aspects.

d) Provide pre- and post-sales customer service and technical support.

e) Manage warranty claims on repairs carried out.

4.2 Fulfilment of legal obligations (art. 6, par. 1, lett. c, GDPR)

We process your data for:

a) Comply with tax, accounting and administrative obligations.

b) Comply with requests from public or judicial authorities.

c) Comply with product and service warranty regulations.

d) Comply with the obligations set forth by the legislation on consumer protection.

4.3 Legitimate interest (art. 6, par. 1, lett. f, GDPR)

Based on our legitimate interest, we process your data to:

a) Improve and optimize our internal services and processes.

b) Ensure the security of our facilities, IT systems and customer devices.

c) Prevent and detect fraudulent activity or abuse.

d) Exercise or defend a right in court.

e) Perform statistical analyses in aggregate and anonymous form.

f) Send service communications regarding ongoing or completed repairs.

4.4 Consent (art. 6, par. 1, letter a, GDPR)

Subject to your specific consent, we process your data for:

a) Send newsletters and marketing communications about our services, promotions and events.

b) Carry out profiling activities to personalize commercial offers.

c) Conduct satisfaction surveys and market research.

d) Publish testimonials or reviews (with prior specific consent).

5. METHODS OF TREATMENT

The processing of personal data is carried out using manual, computerised and telematic tools, with logic strictly related to the purposes indicated above and, in any case, in a way that guarantees the security and confidentiality of the data itself.

We take appropriate technical and organizational security measures to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

6. DATA RETENTION PERIOD

We retain your personal data for the time necessary to achieve the purposes for which they were collected, as well as to comply with legal, accounting and tax obligations.

In particular:

a) Data relating to repair services will be retained for the warranty period (12 months) plus a further 24 months for any disputes or claims, for a total of 36 months from the date of completion of the service.

b) Billing and accounting data will be retained for 10 years, as required by current tax legislation.

c) The data collected for marketing purposes will be retained until the consent is revoked and in any case no longer than 24 months from the last contact.

d) Browsing data will be stored for a maximum of 12 months.

e) Access logs to computer systems will be retained for 6 months, except for any legal obligations or need for legal defense.

At the end of the retention period, personal data will be deleted or permanently anonymized.

7. SHARING AND COMMUNICATION OF DATA

Your personal data may be communicated to:

7.1 Data controllers

Third parties who provide services on our behalf and who process personal data in accordance with our instructions, such as:

a) IT and hosting service providers.

b) Payment service providers and banking institutions.

c) Shipping and logistics companies.

d) Suppliers of specialized technical components and services.

e) Tax, legal and employment consultants.

7.2 Other recipients

Your data may be communicated to:

a) Public authorities, government bodies, law enforcement agencies, judicial authorities or other public entities, when communication is necessary to comply with legal obligations or to exercise or defend a right in court.

b) Potential buyers or investors, in the event of a sale or transfer (in whole or in part) of our business or assets (in which case, we will inform you before sharing the data).

7.3 International data transfers

Generally, we store your personal data within the European Union. However, some of our service providers may be located in countries outside the EU/EEA.

In such cases, we ensure that the transfer takes place in compliance with the appropriate guarantees provided by the GDPR, such as:

a) Adequacy decisions of the European Commission.

b) Standard contractual clauses approved by the European Commission.

c) Binding Corporate Rules.

d) Other valid legal mechanisms for international data transfer.

You can request further information on international transfers and a copy of the safeguards adopted by contacting us at the contact details indicated in the "Contacts" section.

8. RIGHTS OF INTERESTED PARTIES

In accordance with the GDPR, you as a data subject have the following rights:

a) Right of access (art. 15 GDPR): right to obtain confirmation of the existence or otherwise of personal data concerning you and to obtain a copy thereof, as well as information on their processing.

b) Right to rectification (art. 16 GDPR): right to obtain the correction of inaccurate personal data or the integration of incomplete data.

c) Right to erasure ("right to be forgotten", art. 17 GDPR): right to obtain the erasure of personal data, in the cases provided for by the GDPR.

d) Right to restriction of processing (art. 18 GDPR): right to obtain restriction of processing of personal data, in the cases provided for by the GDPR.

e) Right to data portability (art. 20 GDPR): right to receive personal data in a structured, commonly used and machine-readable format, and to transmit them to another data controller.

f) Right to object (art. 21 GDPR): right to object at any time to the processing of personal data based on legitimate interest or carried out for direct marketing purposes.

g) Right to withdraw consent (art. 7 GDPR): right to withdraw at any time the consent given for specific processing purposes, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.

h) Right to lodge a complaint (art. 77 GDPR): right to lodge a complaint with the competent supervisory authority (in Italy, the Guarantor for the Protection of Personal Data - www.garanteprivacy.it).

To exercise your rights, you can contact us using the contact details indicated in the "Contacts" section or by sending a specific request to privacy@idoctors.it.

We undertake to respond to your requests without undue delay and, in any case, within one month of receiving the request. This period may be extended by two months, if necessary, taking into account the complexity and number of requests.

9. DEVICE DATA AND CONTENTS

9.1 Access to data on devices

During repair operations, we may need to access the contents of your device to perform diagnostics, functional tests or data transfer. These activities are performed exclusively:

a) With your explicit consent.

b) Limiting access to the minimum necessary to perform the requested service.

c) Following rigorous internal procedures that guarantee data confidentiality.

9.2 Managing temporary credentials

If you provide us with temporary passwords or credentials to access your device:

a) These will be used exclusively for repair purposes.

b) They will be kept safely during the repair period.

c) They will not be archived after the device is returned.

d) We recommend that you change all passwords after regaining possession of your device.

9.3 Data storage and deletion

After the repair is complete:

a) We do not keep copies of the data on your device unless you specifically request it (for example, for backup or data recovery services).

b) Any temporary files created during diagnostics are deleted.

c) Temporary passwords are immediately removed from our systems.

10. COOKIES AND TRACKING TECHNOLOGIES

Our Site uses cookies and similar tracking technologies to improve your browsing experience, analyze Site usage, and personalize content.

Full details on the types of cookies used, the purposes for which they are used and how to manage preferences are available in our Cookie Policy accessible via the cookie banner on the Site or in the dedicated section.

11. DATA SECURITY

The security of your personal data is our priority. We have implemented appropriate technical and organizational security measures to protect your data from unauthorized access, loss, misuse, disclosure or alteration.

These measures include, but are not limited to:

a) Encryption of sensitive data and communications.

b) Physical access controls to our offices and laboratories.

c) Logical access controls to our information technology systems.

d) Regular training of staff on data security and protection procedures.

e) Periodic risk assessment and system vulnerability testing.

f) Backup and disaster recovery procedures.

g) Security incident management policies.

However, no system can be completely secure. Therefore, while we strive to protect your data, we cannot guarantee the absolute security of any information transmitted or stored.

12. PRIVACY OF MINORS

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from individuals under the age of 16. If you are a parent or guardian and believe that a child under your care has provided personal information to iDoctors, please contact us immediately at the contact details provided in the "Contact Us" section.

If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information from our records.

13. CHANGES TO THE PRIVACY POLICY

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our processing practices, applicable law or for other legitimate reasons.

The updated version will be posted on our Site with the date of the last update. We invite you to periodically consult this page to be informed of any changes.

Substantial changes to this Policy will be communicated to users through notifications on the Site or by email, if available.

14. CONTACTS

For any questions, requests or complaints regarding the processing of your personal data or this Privacy Policy, you can contact us at the following addresses:

Sivida srl
Registered office: Corso di Porta Romana 128, 20122 - Milan - MI
VAT: 11602710961
Email: sividasrl@gmail.com
Phone: 0250301677
PEC: sividasrl@gmail.com

To contact our Data Protection Officer (DPO):
Email: sividasrl@gmail.com
Phone: 0250301677

15. SUPERVISORY AUTHORITY

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with the competent supervisory authority:

Guarantor for the Protection of Personal Data
Piazza Venezia n. 11 - 00187 Rome
www.garanteprivacy.it

---

This Privacy Policy was last updated on April 19, 2025.