PRIVACY INFORMATION pursuant to art. 13 of EU Regulation 2016/679 GDPR (General Data Protection Regulation)
A. Who are we and why are we providing you with this document?
EIL Systems Srl has always considered the protection of the personal data of its users to be of fundamental importance, ensuring that this treatment takes place in full compliance with the safeguards and rights recognized pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (hereinafter the “Regulation”) and the additional applicable rules on the protection of personal data. The term personal data refers to the definition contained in Article 4 at point 1) of the Regulation, that is “any information concerning an identified or identifiable natural person; the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or to one or more characteristic elements of its physical, physiological, genetic, psychological, economic, cultural or social identity “(hereinafter the” Personal data”). The Regulation provides that, before proceeding with the processing of Personal Data – with this term meaning, according to the relative definition contained in Article 4 at point 2) of the Regulation, “any operation or set of operations, carried out with or without the aid of automated processes applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction “(hereinafter the” Treatment “) – it is necessary that the person to whom such Personal Data belong to is informed about the reasons for which such data are requested and how they will be used.
In this regard, this document is intended to provide you, in a simple and intuitive way, with all the useful and necessary information so that you can provide your Personal Data in a conscious and informed manner and, at any time, request and obtain clarifications and / or adjustments.
This information, therefore, was drafted on the basis of the principle of transparency and all the elements required by Article 13 of the Regulation and is divided into individual sections (hereinafter “Sections” and individually “Section”), each of which deals with one specific topic in order to make your reading faster, easier and easier to understand (hereinafter the “Information”). The information may undergo changes due to the introduction of new rules in this regard, therefore the user is invited to periodically check this page. If the user is under the age of 16, pursuant to article 8, c.1 EU regulation 2016/679, he must legitimize his consent through the authorization of his parents or guardian.
B. Who will process your Personal Data?
The company that will process your Personal Data for the main purpose referred to in Section D of this Notice and which, therefore, will play the role of according to the relevant definition contained in Article 4 at point 7) of the Regulations, “the natural person or legal entity, the public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data “is:
EIL Systems Srl – Via Don Giovanni Minzoni 72 – 30034 Mira Venezia E-mail: firstname.lastname@example.org Tax Code / VAT number 04426090272 (hereinafter the “Data Controller”)
C. Who can you contact?
In order to facilitate relations between you, as an interested party, that is the “identified or identifiable natural person” to whom the Personal Data refer pursuant to Article 4 in point 1) of the Regulation (hereinafter the “Interested”) and the Data Controller, the Regulation has provided, in some specific cases, for the appointment of a control and support figure who, among the various tasks entrusted, also acts as a contact point with the interested party. figure of “data protection officer”, so-called “Data Protection Officer”, pursuant to Article 37 of the Regulation (hereinafter the “DPO”) if it is necessary to appoint them. The DPO, pursuant to and for the purposes of Article 39 of the Regulation, is required to carry out, inter alia, the following activities: Processing regarding the obligations deriving from the Regulation as well as from other provisions of the Union or of the Member States relating to the protection of Personal Data; o monitor and supervise compliance with the Regulations, the applicable regulations regarding the protection of Personal Data as well as the policies and procedures adopted by the Data Controller and the Joint Data Controllers; o provide support in the feedback to the interested party; o cooperate with the competent Authority for the Protection of Personal Data. As required by Article 38 of the Regulations, you can freely contact the DPO for all matters relating to the processing of your Personal Data and / or if you wish to exercise your rights as provided for in Section I of this Information, by sending a written communication to the e-mail address email@example.com and / or by writing to the Data Protection Officer at the headquarters of EIL Systems Srl and / or by calling +39 0413072424. You can consult the “Privacy” section of the website www.eilsystems at any time .com in which you will find all the information concerning the use and processing of your Personal Data, updated information regarding the contacts and communication channels made available to all interested parties by the Data Controller.
D. For what main purpose will your Personal Data be processed?
The personal data provided by the user through the forms are collected and processed for the following purposes:
a) carrying out the relationship activities with the user.
b) administrative purposes and for the fulfillment of legal obligations such as those of an accounting, tax nature, or to process requests from the judicial authority;
c) in the presence of specific consent, for the periodic sending, by e-mail, of newsletters and advertising material;
d) in the presence of specific consent, to receive updates on our activities and reports on our activities;
e) in the presence of specific consent, to receive promotional communications and invitations to events, training courses, webinars, special promotions or to participate in market analysis and research;
f) in the case of sending a curriculum vitae, exclusively for selection purposes.
The Data Controller, in order to allow your registration to its websites, if the possibility of registering is foreseen, and / or sending requests for information using the contact forms and / or subscription to the newsletter service, needs to collect some of your Personal Data, as requested in the registration form. The websites of the Data Controller for which this Information is issued are those indicated in the footer of this site (hereinafter the “Internet Sites”). The processing of your Personal Data will be conducted by the Data Controller to allow you, therefore, to access your profile, participate in initiatives promoted through the Internet Sites, receive newsletters, send requests for information and take advantage of all other services, from time to time. in time, offered by each of the Internet Sites to which you have registered and / or within which you are browsing; the processing of your Personal Data will be legally based on the contractual relationship that will be created between you and the Data Controller following your acceptance of the conditions for participation in the Internet Sites. To allow the Data Controller to carry out the processing activities for the aforementioned purposes, it will be necessary to provide the Personal Data marked with the symbol *. In the absence of even one of the marked data, it will not be possible to proceed with the Processing of your Personal Data and, consequently, you will not be allowed to complete your registration on the Internet Sites and / or benefit from the services provided by them for which it is requested a provision of Personal Data. The Personal Data that will be requested from you for the pursuit of the aforementioned purposes will be those reported in the registration and / or contact form, i.e., by way of example and not limited to: name, surname, date of birth, e-mail address, address domicile / residence, telephone numbers of mobile users, tax code, gender. If you decide to access the Internet Sites through the use of your social profile (eg Facebook profile), where provided, the collection of your Personal Data will be carried out by the Data Controller from third parties, i.e. at the manager of the social network you used for access the Internet Sites. In this case, you will be able to view this Information in the Privacy section of each of the Sites.
E.To which subjects may your Personal Data be disclosed?
Your Personal Data may be disclosed to specific subjects considered recipients of such Personal Data. In fact, article 4 in point 9) of the Regulation defines as recipient of a Personal Data “the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is of third parties “(hereinafter the” Recipients “). In this perspective, in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Notice, the following Recipients may be in a position to process your Personal Data:
• Third parties who carry out part of the processing activities and / or activities connected and instrumental to them on behalf of the Data Controller. These subjects have been appointed as data processors, having to be understood individually with this term, pursuant to Article 4 at point 8) of the Regulation, “the natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Data Controller “(hereinafter the” Data Processor “);
• Individuals, employees and / or collaborators of the Data Controller, who have been entrusted with specific and / or more processing activities of your Personal Data. These individuals have been given specific instructions regarding the security and correct use of Personal Data and are defined, pursuant to Article 4 at point 10) of the Regulations, “persons authorized to process Personal Data under the direct authority of the Data Controller. or the Data Processor “(hereinafter the” Authorized Persons “).
• Where required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities without these being defined as Recipients. In fact, pursuant to article 4 at point 9) of the Regulation, “the public authorities that may receive communication of Personal Data in the context of a specific investigation in accordance with the law of the Union or of the Member States are not considered Recipients”.
F. How long will your Personal Data be processed?
One of the principles applicable to the processing of your Personal Data concerns the limitation of the retention period, governed by Article 5, paragraph 1, point e) of the Regulation which states “Personal Data are stored in a form that allows the identification of the Data Subjects for a period of time not exceeding the achievement of the purposes for which they are processed; Personal Data may be stored for longer periods provided that they are processed exclusively for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, in accordance with article 89, paragraph 1, without prejudice to the implementation of adequate technical and organizational measures required by this regulation to protect the rights and freedoms of the interested party “. In light of this principle, your Personal Data will be processed by the Data Controller limited to what is necessary for the pursuit of the purpose referred to in Section D of this Information. In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulation, that is until the termination of the contractual relationships existing between you and the Data Controller without prejudice to a further retention period. which may be imposed by law as also required by Recital 65 of the Regulation. With regard to the treatments carried out for the achievement of the purposes referred to in Section E of this Information, the Data Controller may lawfully process your Personal Data until you communicate, in one of the methods provided for in this Information, your will to revoke the consent to one or all of the purposes for which it was asked of you. Any withdrawal of consent will in fact require the Data Controller to cease the processing of your Personal Data for these purposes.
G. Is it possible to revoke the consent given and how?
As required by the Regulation, if you have given your consent to the processing of your personal data for one or more purposes for which it was requested, you can, at any time, revoke it totally and / or partially without prejudice to the lawfulness of the processing based on on the consent given before the revocation. The methods of withdrawal of consent are very simple and intuitive, just contact the Data Controller and / or the DPO using the contact channels indicated in this Information and respectively in sections C and I. In addition to the above and for simplicity, if you find yourself in a position to receive advertising e-mail messages from the Data Controller that are no longer of interest to you, simply click on the “unsubscribe link” at the bottom of the same to no longer receive any communication also through other contact channels for which your consent was obtained.
H. What are your rights?
As required by article 15 of the Regulation, you will be able to access your Personal Data, request its correction and updating, if incomplete or incorrect, request its cancellation if the collection took place in violation of a law or regulation, as well as oppose the processing for legitimate and specific reasons. In particular, we report below all your rights that you can exercise, at any time, towards the Data Controller:
1. Right of access: you will have the right, pursuant to Article 15, paragraph 1 of the Regulation, to obtain from the Data Controller confirmation that your Personal Data is being Processed or not and, in this case, to obtain the ” access to such Personal Data and to the following information: • the purposes of the Processing; • the categories of Personal Data in question; • the Recipients or categories of Recipients to whom your Personal Data have been or will be communicated, in particular if Recipients from third countries or international organizations; • when possible, the retention period of the Personal Data envisaged or, if not possible, the criteria used to determine this period; • the existence of the right of the interested party to ask the Data Controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; • the right to lodge a complaint with a supervisory authority; • if the Personal Data are not collected from the Data Subject, all available information on their origin; • the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this Treatment for the interested party. • All this information can be found in this Information which will always be available to you in the Privacy section of each of the Internet Sites.
2. Right of rectification: you will be able to obtain, pursuant to Article 16 of the Regulations, the rectification of your Personal Data which are inaccurate. Furthermore, taking into account the purposes of the processing, you will be able to obtain the integration of your Personal Data which are incomplete, also by providing an additional declaration.
3. Right to cancellation: pursuant to Article 17, paragraph 1 of the Regulations, you can obtain the cancellation of your Personal Data without undue delay and the Data Controller will have the obligation to cancel your Personal Data, if there is even only one of the following reasons: a) the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) you have revoked the consent on which the processing of your personal data is based and there is no other legal basis for their processing; c) you have opposed the processing pursuant to article 21, paragraph 1 or 2 of the Regulation and there is no longer any legitimate overriding reason to proceed with the processing of your Personal Data; d) your Personal Data have been unlawfully processed; e) it is necessary to delete your Personal Data to fulfill a legal obligation provided for by a community standard or internal law. In some cases, as provided for by Article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to delete your Personal Data if their Processing is necessary, for example, to exercise the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.
4. Right to limit the processing: you will be able to obtain the limitation of the Processing, pursuant to Article 18 of the Regulation, in the event that one of the following hypotheses occurs: a) you have contested the accuracy of your Personal Data (the limitation will continue for the period necessary for the Data Controller to verify the accuracy of such Personal Data); b) the processing is unlawful but you have opposed the deletion of your Personal Data, requesting, instead, that its use be limited; c) although the Data Controller no longer needs it for processing purposes, your Personal Data are used to ascertain, exercise or defend a right in court; d) you have opposed the processing pursuant to Article 21, paragraph 1, of the Regulation and are awaiting verification of the possible prevalence of the Data Controller’s legitimate reasons with respect to yours. In case of limitation of processing, your Personal Data will be processed, except for storage, only with your consent or for the ascertainment, exercise or defense of a right in court or to protect the rights of a ‘other natural or legal person or for reasons of significant public interest. We will inform you, in any case, before this limitation is lifted.
5. Right to data portability: you can, at any time, request and receive, pursuant to Article 20, paragraph 1 of the Regulation, all your Personal Data processed by the Data Controller and / or by the Joint Data Controllers in a format structured, commonly used and legible or request its transmission to another data controller without hindrance. In this case, it will be your responsibility to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by providing us with written authorization.
6. Right to object: pursuant to Article 21, paragraph 2 of the Regulation and as also reaffirmed by Recital 70, you can object, at any time, to the Processing of your Personal Data if these are processed for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing.
7. Right to lodge a complaint with the supervisory authority: without prejudice to your right to appeal to any other administrative or judicial office, if you believe that the processing of your Personal Data conducted by the Data Controller is in violation of the Regulations and / or of the applicable legislation, you can lodge a complaint with the competent Personal Data Protection Authority. To exercise all your rights as identified above, simply contact the Data Controller in the following ways: • by writing to EIL Systems Srl – Via Don Giovanni Minzoni 72 – 30034 Mira – VE • by sending an e-mail to the mailbox to: firstname.lastname@example.org • by calling the telephone number +39 0413072424. We remind you that, at any time, you can also contact the DPO in the manner provided for in Section C of this Information.
I.Where is your Personal Data processed?
Your Personal Data will be processed by the Data Controller within the territory of the European Union. If for technical and / or operational reasons it is necessary to make use of subjects located outside the European Union, we inform you as of now that these subjects will be appointed as Data Processors pursuant to and for the purposes of the article 28 of the Regulations and the transfer of your Personal Data to these subjects, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulations. All necessary precautions will therefore be taken in order to guarantee the most complete protection of your Personal Data by basing this transfer: (a) on adequacy decisions of the recipient third countries expressed by the European Commission; (b) on adequate guarantees expressed by the third party recipient pursuant to Article 46 of the Regulation; (c) on the adoption of binding corporate rules, so-called corporate binding rules. In any case, you can request more details from EIL Systems Srl if your Personal Data have been processed outside the European Union by requesting evidence of the specific guarantees adopted.
Version 0.1 August 2018
N.B. We remind you that the information may undergo changes due to the introduction of new rules in this regard, therefore the user is invited to periodically check this page.