PRIVACY POLICY – EXTENDED INFORMATION
Last updated: May 24, 2018
In compliance with the obligations arising from national legislation (Legislative Decree June 30, 2003, No. 196, Personal Data Protection Code) and European community legislation (European Regulation for the Protection of Personal Data No. 679/2016, GDPR), as subsequently amended, this website respects and protects the privacy of visitors and users, making every possible and proportionate effort not to infringe on users’ rights.
This privacy policy applies exclusively to the online activities of this website and is valid for visitors/users of the website. It does not apply to information collected through channels other than this website. The purpose of this privacy policy is to provide the utmost transparency regarding the information that the website collects and how it is used.
DATA CONTROLLER
The data controller pursuant to current laws is the administrator of the website, Eping S.r.l. a Socio Unico, Via Gabriele Villani, 29122 Piacenza (PC) – Italy; contactable via email at: info@eping.it
DATA PROCESSOR
In addition to the Data Controller, in some cases, certain categories of persons involved in the organization of the website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data and may be designated as Data Processors by the Data Controller, if necessary. The up-to-date list of Data Processors can always be requested from the Data Controller.
LEGAL BASIS FOR PROCESSING
This website processes data based on consent. By using or consulting this website, visitors and users explicitly approve this privacy policy and consent to the processing of their personal data in relation to the methods and purposes described below, including any possible disclosure to third parties if necessary for the provision of a service. The provision of data and therefore consent to the collection and processing of data is optional; users can deny consent, and may revoke a previously given consent at any time. However, denying consent may result in the inability to provide certain services, and the browsing experience on the website may be compromised.
Starting from May 25, 2018 (the effective date of the GDPR), this website will also process some data based on the legitimate interests of the data controller.
DATA COLLECTED AND PURPOSES
Like all websites, this website also uses log files in which information collected in an automated manner during users’ visits is stored. The information collected may include:
- IP address
- type of browser and device parameters used to connect to the site
- name of the Internet service provider (ISP)
- date and time of visit
- origin web page of the visitor (referral) and exit
- possibly the number of clicks The above information is processed in an automated form and collected in an exclusively aggregated form to verify the correct functioning of the site and for security reasons (from May 25, 2018, such information will be processed based on the legitimate interests of the data controller).
For security purposes (anti-spam filters, firewalls, virus detection), the automatically recorded data may also include personal data such as the IP address, which could be used, in compliance with applicable laws, to block attempts to damage the site itself or cause harm to other users or otherwise harmful or criminal activities. This data is never used for the identification or profiling of the user, but only for the protection of the website and its users (from May 25, 2018, such information will be processed based on the legitimate interests of the data controller).
If the website allows for the insertion of comments, or in the case of specific services requested by the user, the website automatically detects and records certain user identification data, including the email address. Such data is voluntarily provided by the user when requesting the service. By entering a comment or other information, the user expressly accepts the privacy policy, and in particular consents to the contents being freely distributed to third parties. The received data will be used exclusively for the provision of the requested service and for the time strictly necessary for the provision of the service.
The information that users of the website may choose to make public through the services and tools made available to them are provided knowingly and voluntarily, exempting this website from any liability regarding any violations of the law. It is up to the user to verify that they have the necessary permissions to enter third-party personal data or content protected by national and international regulations.
The data collected by the website during its operation is used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the specified activities. In any case, the data collected by the website will never be provided to third parties, for any reason, unless it is a legitimate request by the judicial authority and only in the cases provided by law. Data used for security purposes (blocking attempts to damage the site) is kept for 7 days.
LOCATION
The data is processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located. For more information, please contact the Data Controller.
HOSTING
This type of service has the function of hosting Data and files that allow this Application to function, provide distribution, and make available an infrastructure ready for use to provide specific features of this Application. Some of these services may work through servers located in different geographical locations, making it difficult to determine the exact location where Personal Data is stored.
Google Cloud Platform (Google Ireland Limited) The hosting of the site is provided at Google’s data centers, which are responsible for processing the data on behalf of the data controller. Google is located in the European Economic Area and operates in compliance with European regulations.
TRANSFER OF DATA TO NON-EU COUNTRIES
This website may share some of the data collected with services located outside the European Union area. In particular, with Google, Facebook, and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized based on specific decisions of the European Union and the Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield – here is the information page of the Italian Data Protection Authority), so no further consent is required. The aforementioned companies guarantee their adherence to the Privacy Shield.
SECURITY MEASURES
This website processes user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. Processing is carried out using computers and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the data controller, in some cases, certain categories of persons involved in the organization of the website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
USER RIGHTS
Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the user can, according to the methods and within the limits provided by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning them (right of access)
- know their origin
- receive intelligible communication
- have information about the logic, methods, and purposes of the processing
- request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected
- in cases of processing based on consent, receive, at the sole cost of any support, the data provided to the data controller, in a structured and readable form by a data processor and in a format commonly used by an electronic device
- the right to lodge a complaint with the supervisory authority (Italian Data Protection Authority)
- and, more generally, exercise all the rights recognized by current legislation.
Requests should be addressed to the Data Controller, contactable via email at: info@eping.it
If data is processed based on legitimate interests, the rights of those concerned by the processing are still guaranteed (with the exception of the right to portability, which is not provided by the regulations), particularly the right to object to the processing, which can be exercised by sending a request to the data controller.