Eptalex- Garzia Gasperi & Partners S.t.p. S.r.l. a company incorporated under the laws of Italy, having its registered office in Viale L. Majno n. 5, 20122 Milano (MI), as data controller (“Company” or “Data Controller”), pursuant to the EU Reg. no. 2016/679 (“GDPR”), is committed to protect and respect the privacy of the Website users.
Object of the data processing
This policy describes what personal data (“Personal Data”) the Company collects from the Website user and how it processes such personal data.
The Company may collect information on visits to the Website including, but not limited to, traffic data, location data, weblogs, contact forms and other communication data and the resources that the user may access.
This information will make the users’ visit to the Website easier in the future since the Company might suggest content or services depending on the location of the user while accessing the Website.
The Company may also store cookies, as set out more in detail in the Cookie Policy
Scope of the data processing and data retention
The Personal Data are collected and managed by the Company in order:
- to customize content or services according to the user’s preferences;
- to reply to the user’s request and questions and to keep the user informed by e-mail or telephone;
- to help the Company to create, publish and improve the content and services in the most appropriate manner for the user;
- to ensure that the content and services provided through the Website are delivered in the most effective manner according to the user’s devices;
- to further develop and improve the Website, the Company’s Services and systems for a better customer satisfaction;
- send informative and promotional communications relating to the activities of the data controller.
The use of the information abovementioned is allowed by legal provisions on the protection of personal data, since it is necessary:
- for the legitimate interests of the Company to pursue the abovementioned scope of the data processing; such interests, in any case, do not result in a conflict with the privacy rights of the users;
- in some cases, to comply with legal and regulatory liabilities of the Company, for example in relation to communication obligation to the authorities, government and regulatory bodies;
- in some cases, to fulfil of actions of public interest and, when the Company uses particular categories of personal data, or to engage, carry out and defend itself in legal actions, or when the data processing regards personal information manifestly of public domain;
The Company does not take decisions only based on automated decision-making, including profiling, which may produce legal effects on the user or similar consequences.
The Company stores the personal data for a period of time necessary for the fulfilment of its legal obligations. The storage period of the personal data depends on the scope according to which the personal data are processed and on the instruments by means of which the data are treated.
However, it is not possible to indicate in this policy the estimate of the storage period of the personal data. The criteria used to determine the applicable period are strictly connected to the time (i) necessary for the accomplishment of the related scope, (ii) necessary for the completion of the business relationship with the user, (iii) accepted by the user and/or (iv) required by the applicable legal provisions.
To the extent that the processing of Personal Data is based on your consent, you also have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legitimacy of any processing based on consent given before such withdrawal.
We remind you that the sending of informative and promotional communications can be interrupted at any time by selecting the “unsubscribe” option at the foot of each newsletter received. From that moment on you will no longer receive our information and promotional communications
Disclosure of information with third parties
To ease an efficient use of the user’s data, and to provide the user with the best service and/or opportunities, it may sometimes be necessary for the Company to share information with third parties. However, the disclosure will only occur in the following circumstances:
- to suppliers, contractors and agents: the Company may engage or employ other companies and individuals to perform functions on its behalf. Examples may include hosting and/or maintenance of the Website content or supply of specific functions contained on the Website, supply of marketing services or economic updating required by the user. Such recipients will only have access to data required by them to perform their functions and are not permitted to use such data for any other purposes. These recipients will be subject to contractual confidentiality obligations;
- to judicial or governmental authorities, if and to the extent that the Company believes that they are legally entitled to request them.
IP address and cookies
The Company may collect information about the user’s computer or other electronic devices. This information may include (when available) IP address, operating system and browser type, for system administration. This is statistical data about the Company’s user’s browsing actions and patterns and does not identify the users or any individual.
For the same reason, the Company may obtain information about the user’s general Internet usage by cookies file which is stored on the user’s device. Cookies help the Company to improve the Website and to deliver a better and more customized service. For more detail about the use of cookies, please visit the Cookie Policy.
Data transfer abroad
Personal Data may be transferred and processed in one or more States within the European Economic Area or outside the European Economic Area. A transfer of Personal Data to a third country outside the EU may take place where the European Commission has decided that the third country ensures an adequate level of protection or where the Company has provided adequate safeguards to preserve the confidentiality of this information.
Data security
Although the Company endeavours to take all steps reasonably necessary to safeguard the Personal Data, please note that the transmission of information via internet is not totally safe and it is not possible to ensure a complete security of the Personal Data transmitted to the Website or to third parties; for this reason, any transmission of data occurs at the user’s own risk.
However, the Company applies strict operating procedures and adequate technical and organisational security measures in order to prevent any access, modification, erasure or unauthorised transmission of personal data.
Rights of the user
- Right of access: pursuant to Article 15 GDPR, the interested party has the right to obtain confirmation from the Company as to whether or not Personal Data concerning him or her is being processed and, in this case, to obtain access to the Personal Data and related information. If Personal Data is transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to Article 46 GDPR relating to the transfer.
- Right of rectification: pursuant to Article 16 GDPR, the interested party has the right to obtain, without unjustified delay, the rectification of inaccurate Personal Data concerning him and the integration of incomplete Personal Data.
- Right to cancellation: pursuant to art. 17 GDPR, the interested party has the right to obtain, without unjustified delay and at any time, the cancellation of Personal Data concerning him, in the cases provided for by the GDPR. The Firm will evaluate the possibility of accepting the request and if it is ascertained that, in accordance with the law, your request for deletion of Personal Data can be accepted, the Company will immediately proceed with the cancellation.
- Right to limitation: pursuant to art. 18 GDPR, the interested party has the right to obtain the limitation of processing, in the cases provided for by the GDPR;
- Right to portability: pursuant to art. 20 GDPR, the interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the Personal Data provided to the Firm and to obtain that these are transmitted to another data controller without impediments, in the cases provided for by the GDPR.
- Right of opposition: pursuant to art. 21 GDPR, the interested party has the right to object to the processing of personal data concerning him, unless there are legitimate reasons for the firm to continue the processing.
The interested party has the right to lodge a complaint with the Supervisory Authority pursuant to art. 77 GDPR.
To the extent that the processing of Personal Data is based on your consent, you also have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legitimacy of any processing based on consent given before such withdrawal.
Modality of the exercise of the user’s rights
In order to exercise his/her rights, the user can submit an e-mail to the following e-mail address: dpo.italy@eptalex.com.
Data Protection Officer
The data protection officer (DPO) appointed by the Data Processor pursuant to art. 37 GDPR can be contacted at the following e-mail address: dpo.italy@eptalex.com.
Changes to this Privacy Policy
The conditions of this Privacy Policy may change from time to time. The Company will post any changes on this Website.
Contact
The Company informs that questions, comments and requests regarding this Privacy Policy must be submitted to the following e-mail address: compliance.it@eptalex.com.