INFORMATION REGARDING THE PROTECTION OF PERSONAL DATA
Under the meaning of Article 13 D of EU Regulation 2016/679.
Pursuant to and for the purposes of Article 13 D of EU Regulation 2016/679, Eigenmann & Veronelli SpA, in its capacity as Data Controller of personal data, in the person of its pro-tempore legal representative, discloses the purposes and methods of processing the collected personal data, their scope of communication and dissemination, as well as the nature of their provision.
- NATURE OF THE PROCESSED DATA
If you reach out to us through the “Contacts” area of the Website, we shall process your personal and contact data to respond to your request. We generally do not process any sensitive data, and if it should become necessary for us to do so, we shall ask for your consent first.
Identifying personal information (company name or name, or name and surname of natural persons, address, telephone, e-mail);
Browsing data – Log files: the IT systems and applications that make the Website www.eigver.com work, during normal operations, they contain data (whose transmission is implicit in the use of Internet communication protocols) that is not associated with directly identifiable users. The data collected includes the IP addresses and domain names of the computers used by visitors to the Website, the addresses of the requested resources expressed in URI (Uniform Resource Identifier) notation, the time of the request, the method used for submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the operating system and the user’s IT environment. The data is processed for the time strictly necessary and for the sole purposes of obtaining anonymous statistical information on Website use and checking that it is working properly.
When processing personal data that may, directly or indirectly, identify you, we try to respect a principle of strict necessity. For this reason, we have configured the Website such that the use of personal data is reduced to a minimum and in order to limit the processing of personal data that allow you to be identified only in case of necessity or at the request of competent authorities and police (such as, for example, data relating to traffic and your stay on the Website or your IP address) or to ascertain responsibility in the event of hypothetical computer crimes against the Website.
- PURPOSE OF PROCESSING, LEGAL BASIS, AND RETENTION PERIOD
In full compliance with legal provisions and the principle of correctness, Eigenmann & Veronelli SpA shall use data collected for processing to correctly deliver products and services related to the company’s end-purpose.
Depending on the User’s chosen mode of interaction, we may process User Personal Data for different purposes and on a variety of legal bases.
a) Direct marketing:
- After compiling a dedicated data collection form in specific areas, with prior consent and until such time as an objection may be made, the Data Controller shall use data subjects’ data for direct marketing activities, market research, direct sales, sending out newsletters and promotional, commercial, and advertising material, or related to Data Controller events and initiatives, via automated email or operator/automated telephone calls.
- Legal basis: Consent pursuant to Article 6(1)(a): the data subject has given consent to the processing of their personal data.
- Data retention period: Until objection (opt-out/withdrawal of consent).
- Nature of data provision: Providing data for purpose a) is optional; without such consent, the User’s data will not be processed for that specific purpose. Refusal to provide data does not affect access to the end-purposes outlined in the following points.
b) Website Navigation:
- Legal basis: Legitimate interest pursuant to Article 6(f) and in consideration of Article 47: processing is required in pursuit of the Data Controller’s or third parties’ legitimate interest, provided that the data subject’s interests or fundamental rights and freedoms requiring personal data protection do not prevail, taking into account data subjects’ reasonable expectations based on their relationship with the Data Controller, regarding activities strictly necessary for site operation and providing navigation service on the platform.
- Nature of data provision: Except as specified for navigation data (necessary to enable website navigation), the user is free to provide personal data.
c) Prevention and suppression of fraud/abuse/fraudulent activities carried out via the website:
- Legal basis: The Data Controller’s legitimate interest.
- Data retention period: Personal data are stored for a maximum of 180 days and then deleted or anonymized.
- Nature of data provision: If user personal data are collected (i) to prevent and suppress fraud/abuse/fraudulent activities implemented via the site or (ii) to ascertain, exercise, or defend a right held by the Data Controllers in court, personal data shall be retained for the duration of the claim and/or extrajudicial and/or judicial proceedings, until all possibilities for judicial protection and/or appeals are exhausted.
d) When requesting information about services the Data Controller offers, in order to respond to enquiries received via contact data collection form:
- Legal basis: Based on the execution of pre-contractual measures undertaken at the data subject’s request.
- Data retention period: One year.
- Nature of data provision: Data provision is either optional or required depending on the specific purpose for which the data is being processed. Failure to provide data marked with an asterisk* will make it impossible to fulfil the request or to access services provided by the Data Controller.
The processing of data is carried out electronically and using computers, as well as on paper. It is organized according to principles of minimization, necessity, and proportionality, avoiding the processing of personal data if the operations can be carried out using anonymous data or other methods. We have adopted specific security measures to prevent the loss, unlawful or incorrect use of personal data, and unauthorized access. However, the security of your data depends on your device being equipped with constantly updated defence systems such as antivirus software, and on your internet, provider being able to securely transmit data through firewalls, anti-spam filters, and similar safeguards.
The processing of personal data will be carried out by data controller employees who have been specifically appointed for this task as per the prescriptions of the GDPR. The data controller has adopted appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data in accordance with Article 32 of the GDPR.
- COMMUNICATION AND DISSEMINATION
We do not indiscriminately disseminate the data we collect from our Website users: i.e we do not make it known in any way to indeterminate subjects. The data may be communicated to third parties for the performance of structurally functional activities such as site maintenance and management. More generally, it may be shared with all employees, including employees of third parties (providers of services, infrastructure, IT resources and the like) who are responsible for its management and supervision and have been duly appointed as data controllers. In this case, third-party use will be fully consistent with precepts of integrity and the law. The data may also be processed by authorized parties from within our company, and in particular by the employees of our administrative offices.
There are no plans to transfer the data to non-EU countries. If this should change, data subjects will be notified as per Article 13.1 (f) of the European Regulation 2016/679.
The data will not be subject to dissemination.
- THE RIGHTS OF THE DATA SUBJECT
The rights referred to in Articles. 15, 16, 17 18, 20, 21 and 22 of EU Regulation 2016/679 apply.
We inform you that, as a data subject, in addition to your right to file a complaint with the data supervisory authority, you also enjoy the following rights , which you can assert by sending a specific written request to the data controller:
Article 15 – Right of access
Article 16 – Right to rectification
Article 17 – Right to erasure (“right to be forgotten”)
Article 18 – Right to restriction of processing
Article 19 – Notification obligation regarding rectification or erasure of personal data
or restriction of processing
Article 20 – Right to data portability
Article 21 – Right to object
Article 22 – Right not to be subject to automated decision-making, including profiling
To exercise the rights provided for by Articles 15 et seq. of European Regulation 2016/679, you should write to Eigenmann & Veronelli SpA, Data Controller, at the registered office of VIA DELLA MOSA, 6 – 20017 RHO (MI), and mark your letter for the attention of the Data Protection Officer, or else email firstname.lastname@example.org
Data subjects who believe that the processing of their personal data through the Website infringes the provisions of the GDPR have the right to lodge a complaint with the data protection authority as per Article 77 of the GDPR, and the right to an effective judicial remedy against a controller or processor, as per Article 79.
- DATA CONTOLLER AND DATA PROCESSORS
The data controller is EIGENMANN & VERONELLI SpA with registered office at Via Della Mosa, 6 – 20017 Rho (MI).
The updated list of external data processors can be consulted by submitting a written request to the data controller named above.