1. Who is the Controller?
The “Controller” of the treatment is Esamed srl (P. Iva 04716160231), a company with headquarters in Via Paolo Borsellino, 48 37067 – Valeggio Sul Mincio (VR) Italy. The Controller can be contacted by registered letter with return receipt or at the e-mail address firstname.lastname@example.org, or at the Certified Electronic Mail email@example.com. Any partner sites that from time to time participate in the processing of data in an autonomous manner can take on the role of autonomous data controllers.
2. What data is processed?
The computer systems and software procedures used to operate this site acquire, in normal operation, some personal data that is then transmitted implicitly in the use of Internet communication protocols. This is information that by its nature could, through associations and elaboration with data stored by third parties, allow the identification of users/visitors (e.g. IP address, domain names of the computers used by users/visitors connecting to the site, etc.). This data is used only for statistical information and to check that the website is working properly. The data on web contacts are not stored, however, for more than seven days, except for possible investigations on cybercrimes affecting the site. No data deriving from the web service will be communicated or disclosed.
Data supplied voluntarily by the user
If users/visitors, connecting to this site, send their personal data to access certain services, that is to make requests by e-mail, also by sending CVs, are aware that this involves the acquisition by the Controller of the sender’s address and/or any other personal data that will be processed exclusively to respond to the request, i.e. for the provision of the service. The personal data provided by the users/visitors will be communicated to third parties only in the event that the communication is necessary to comply with the requests of the users/visitors themselves, or by legal obligation (as in the case of invoicing, or hiring after sending a CV.).
3. What are the purposes of the treatment?
In addition to those indicated in the single information notices that precede the filling in of the forms of the different sections of the site, the purposes of the data processing carried out by the Controller must be intended as follows:
- collection, retention and processing for the establishment and operational and administrative management of the contractual relationship related to the provision of the service offered on the site;
- use of the user’s personal data (in particular their e-mail address) to make communications relating to the performance of the established contractual relationship;
- processing of personal data both provided and derived from surfing the site in order to ensure the service is consistent with the indications transmitted during the use of the service;
- collection, storage and processing of data to perform statistical analysis in anonymous and/or aggregate form;
- purposes related to the performance of our activity, such as offering personalized content like newsletter services;
- for the communication of commercial information on future initiatives, product or service launch announcements;
- for market research, statistical and economic analysis;
- to send advertising or promotional material and to inform about prize competitions and promotional initiatives in general.
Your data can be treated, even without your consent, also with the purpose of: fulfilling tax and accounting obligations; fulfilling the obligations provided by law, a regulation, EU legislation or an order of the authority; prevention or discovery of fraudulent activities or misuse damaging the website; exercise of the rights of the Controller, such as defense in court.
4. What legal basis is data processed on?
The legal basis for the processing of clients’ data carried out by the Controller through the site indicated above consists in the request, contract or pre-contractual agreements existing with the interested party, while, in the absence of it, the legal basis is to be found in the legitimate interest of the Controller to the free economic initiative referred to in art. 41 const. For further purposes that require consent, it will be requested in the dedicated section “Privacy Information Notice and Consents,” and should also be considered as a valid legal basis for the further processing of the data.
5. Who is the data communicated to?
In addition to the Controller, in some cases, the data may be accessed by categories of Processors and authorized persons involved in the business organization of the Site (administrative, commercial, marketing staff, lawyers, system administrators). In addition to this, the Controller may make use of external parties (such as third party technical service providers, carriers, hosting providers, cloud service, IT companies, communication agencies) who may be appointed as external processors. The updated list of data processors can always be requested to the Data Controller by contacting the address indicated above.
6. How is the data processed?
Personal data is collected with automated processes (e.g. using electronic procedures and media) and/or manually for the time strictly necessary to achieve the purposes for which the data has been collected and, in any case, in compliance with the relevant regulations in force. Personal data will be processed within the European Union. The data processed by the Controller will never be disclosed.
7. Where is the data processed?
The processing operations connected to the web services of this site take place at the aforementioned headquarters of the Data Controller and are carried out only by technical staff of the office in charge of the processing. If necessary, the data connected to the newsletter service may be processed by the staff of the company that manages the Data Center, at the company’s headquarters.
8. How long will your data be stored?
Personal data will be processed and stored for the time period which is necessary to the purpose for which it was collected; in particular, for the purposes related to the management of the contract, data will be stored for the time period which is necessary to the execution of the service required and, after this, for the time in which the Controller is subject to mandatory data retention for tax purposes or other purposes required by law or regulations. Data will, in any case, be stored for a maximum period of 10 years from the end of the contract, according to the ordinary limitation period as provided by the Civil Code.
9. Is data provision mandatory?
Apart from what has been specified for navigation data that acquire data automatically, users/visitors are free to provide their personal data or not to provide it. Failure to provide it may only result in the impossibility of obtaining what has been requested.
10. What are the rights of the subject?
The subjects that the personal data refers to have the right at any time according to GDPR to obtain confirmation of the existence or not of the said data and to know its content and origin, verify its accuracy or request its integration, updating or rectification.
In relation to the processing of the aforesaid data, article 7 GDPR recognizes the right to obtain the following from the Data Controller:
- the confirmation of the existence or absence of your personal data, its communication in intelligible form and its origin, as well as the logic on which its processing is based;
- the cancellation within a reasonable period of time of your data, its transformation into anonymous form or the blocking of any data processed in violation of the law;
- the updating of the data, its rectification or, should you be interested, its integration;
- proof that the operations referred to in the previous points have been brought to the attention of those to whom they have been communicated, provided that it is not impossible or it requires the use of a disproportionate effort.
The customer has the right to revoke the consent relating to the optional processing operations and unrelated to the execution of the contract stipulated with the owner.
The customer has also the right to object for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of collection, to request its portability, to exercise the right to oblivion, as well as to contact the competent supervisory Authority for the protection of personal data for any violation they deem to have suffered; that is, for Italy, the Guarantor for the protection of personal data and can be contacted by e-mail at firstname.lastname@example.org, by fax at no. 06 696773785, or by mail to the Guarantor for the protection of personal data which is based in Rome, Piazza di Monte Citorio, 121, cap 00186.
The Controller will respond to the user as soon as possible, in any case within one month, without prejudice to the right of the user in case of violation to lodge a complaint to the designated authority.
11. How can the rights be applied?
It is at any time possible to exercise one’s rights by sending:
- a registered letter with return receipt to the Controller;
- an e-mail to the Controller’s address;
- a certified e-mail Controller’s address.
The Controller will respond to the user within 30 days, without prejudice to the right of the latter to lodge a complaint to the designated authority in case of violation.
12. Changes to the privacy Information Notice