Last update: November 2018
EFORMA SRL is a limited liability company with registered offices in 36016 Thiene, (VI), via dell’Elettronica, no. 9, C.F. and P.Iva 04133090243, REA (registered business number) VI-381693, registered paid-up share capital of 50.000 euros, telephone no.: +39 0445 367756, fax +39 0445 379517, PEC (registered email address): firstname.lastname@example.org, email email@example.com.
With this Policy, EFORMA, as the Data Controller, intends to give You information about the processing of personal data that You are going to provide while visiting this Website.
For any request of clarification, information or in order to exercise the rights listed in this Policy, please contact us
by email, at firstname.lastname@example.org
by registered mail, to: Via dell’Elettronica, n. 9 – 36016, Thiene (VI).
The Italian Legislative Decree 196/2003, as modified by Italian Legislative Decree 101/2018, and Regulation EU 2016/679 establish the rules to protect individuals in relation to personal data processing; this policy has been drafted in compliance with the new law. Personal data processing and protection find their legal framework on the Treaty on the Functioning of the European Union, and in particular in Art. 16 of the Treaty.
This Policy can be subject to modifications following the introduction of new laws, therefore we invite You to periodically check this section for all the updates.
Pursuant to the law, personal data processing is carried out according to the following principles: fairness, lawfulness and transparency, accuracy, purpose and storage limitation, data minimisation, integrity and confidentiality and user rights protection.
EFORMA SRL is committed to observe the above-mentioned principles. For this reason also, we would like to inform You from the beginning that – with the exception of data processing that requires Your explicit consent by law – by navigating this Website, uploading or providing personal data, You accept the terms and the conditions provided by this Policy. You can withdraw Your consent to the processing of Your personal data at any time by contacting us at the contact information provided above.
If You are under 16, such processing is lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over You, pursuant to Art. 8, Regulation EU 2016/679.
Regardless, we would like to inform You about what data processing is and who is managing Your data.
- TYPES OF PERSONAL DATA WE PROCESS
- DATA CONTROLLER
- DATA PROCESSOR
- METHODS OF PROCESSING
- PLACE OF PROCESSING AND EXTENT OF CIRCULATION OF DATA
- PURPOSES OF THE PROCESSING
- LAWFUL BASIS FOR DATA PROCESSING
- PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
- PERSONAL DATA RECIPIENTS
- DATA DISSEMINATION
- TRANSFER OF PERSONAL DATA
1. TYPES OF PERSONAL DATA WE PROCESS
“Personal data” is all the information that directly or indirectly allows the identification of users.
This information can include, for instance: name, address, user name, email address and telephone number, but also the IP address of the device in use, navigation preferences, information regarding user’s lifestyle, hobbies, interests and user’s preferences in regards his/her online purchases.
“Personal data processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. DATA CONTROLLER
“Data Controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In addition, the Controller is also in charge of the security settings.
For this Website, EFORMA SRL, as better specified above, is the Data Controller. For any question or to exercise Your rights, You can contact EFORMA at the following email address: email@example.com.
3. DATA PROCESSOR
“Data processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
In relation to personal data provided by the user during the navigation of this Website, EFORMA SRL did not appoint any external data processor so the data will be processed by representative designated for the management of the online department or for the Website and, in any case, exclusively by individuals who committed themselves to adequate obligations of confidentiality.
4. METHODS OF PROCESSING
On this Website, data are collected by telematic means and processed mainly by using electronic tools, in a manner that ensures appropriate security and confidentiality of the personal data.
Personal data will be processed by collaborators and/or employees of the Controller, as data processor or data processor representatives, in respect to their functions and in compliance with the Controller’s instructions.
5. PLACE OF PROCESSING AND EXTENT OF CIRCULATION OF DATA
Personal data processings related to the services provided by this Website shall take place at the Controller’s company offices and at the offices of the data processors mentioned above and shall be curated exclusively by personnel in charge of the processing.
Personal data can be disclosed to the Judicial Authorities or to the Police Forces only when required by law. Personal data can be used by EFORMA SRL for defense in court when strictly necessary.
Collected data will not be disclosed to third countries or to international organizations and will not be disseminated. However, for the effective execution of our services, some data will be shared with external subjects in charge of carrying out specific activities for our company (i.e.: Web agencies, marketing consultants, experts, etc.). The Controller is committed to protect the security of data by adopting all the necessary electronic and material measures for the safety of the data provided. No safety system guarantees with absolute certainty this protection; therefore, except in case of responsibility of the Controller for negligence, EFORMA SRL is not responsible for unlawful and unauthorized access to the system by third parties.
6. PURPOSES OF THE PROCESSING
Except for what is already established for the individual data processing activities of this Website, in general, the purposes of the processing are the following:
- to execute activities for delivering services in favor of the users;
- to answer emails that are sent through the contact form;
- to send newsletters for marketing purposes;
- in general, to perform pre-contractual and contractual obligations (including distance contracts);
- to comply to law and regulations;
- to carry out management, administrative, accounting and fiscal compliances;
- to manage cookies;
- for social network and external platform interactions;
- to view contents from external platforms.
7. LAWFUL BASIS FOR DATA PROCESSING
Processing data provided by users by navigating the Website is lawful when one of the following conditions applies:
- processing is necessary for complying with a legal obligation pursuant to Art. 6, cl. 1, lett. c) with reference to legal obligations required for the administration of the Website and/or deriving from the Website;
- processing is necessary for the fulfillment of those obligations that have contractual or “pre-contractual” nature according to Art. 6, cl. 1, lett. b) in regards to requests for information that may come from users via email at the above-mentioned contact information, as well as when data processing is required for sending newsletters upon user’s request;
- the data subject has given consent pursuant to Art. 6, cl. 1 lett. a) to receive marketing and promotional communications via email;
- processing is necessary for the purposes of the legitimate interests pursuant to Art. 6, cl. 1, lett. f) to manage technical and analytical cookies existing on the Website, as well as for sending commercial information – that can also be included in newsletters – regarding products that are similar to those already purchased by the user.
8. PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
Data that are processed for complying to legal obligations will be stored up till the fulfillment of these obligations and, in any case, up to the time that is necessary to prove their fulfillment; data that are processed for complying to contractual obligations, will be stored pending their fulfillment and, in case the contract is finalized or pre- contractual negotiations are over, for ten years after the contract stipulation, in order to exercise any potential judicial or extrajudicial defense.
Regarding commercial communications via email and for technical and analytical cookies management, data will be stored until a potential opposition of the data subject occurred (the opposition shall be exercised following the procedures presented below), or until the withdrawal of the consent for those processings that require the user’s consent.
9. PERSONAL DATA RECIPIENTS
Personal data that You provide can be disclosed to the Controller and/or to the data Processors potentially designated.
Potential additional categories of recipients to whom Your personal data could be disclosed during or after the execution of the contract are:
1. individuals that process data to perform specific legal obligations;
2. external consultants in charge of providing services that are functional for, deriving from or connected to the above-listed purposes, who are appointed in writing and are given specific written instructions with regard to personal data processing;
3. in general, all the public and private entities that required the communication of personal data for the accurate and complete fulfillment of the listed purposes.
10. DATA DISSEMINATION
Except in case of a specific written request from You or a Judicial Authority’s precise order/regulatory requirement, personal data that You provided are not subject to dissemination.
11. TRANSFER OF PERSONAL DATA
Personal data will not be transferred to third countries or to international organizations.
MAIN PERSONAL DATA PROCESSING ACTIVITIES OF THE WEBSITE
2) By filling out CONTACT and CATALOG forms, user shall provide his/her identification data: name, last name, company, country and email. Providing these data is not legally mandatory or required by any contractual obligations and it is therefore optional. However, the Company won’t be able to provide the requested services in case that some of the information required in the forms are missing. The processing of these data is necessary to provide a direct contact information to the Controller or its representative in order to receive the requested information. Data will be processed by computer systems and, in case of purchases, also in paper form. Data will be stored until the user withdraws his/her consent, unless a contract is concluded between the parties. In this case, personal data can be stored for ten years after the contract has been stipulated, for defense in court in case of disputes originating from the contract.
3) Our Website uses social network plugins, such as Facebook, Google+, Pinterest, Twitter and Youtube. You can find details related to social network plug-ins and their characteristics here http://developers.facebook.com/ and here https://developers.google.com/Youtube/ for Youtube and Google+.
Please find more information regarding Pinterest plug-ins and their features here: http://developers.pinterest.com/.
With reference to Instagram, please visit https://www.instagram.com/developer/; for Twitter, please visit: https://developer.twitter.com/content/developer-twitter/en.html .
USER’S RIGHTS PURSUANT TO EU REGULATION 2016/679 AND ITALIAN LEGISLATIVE DECREE 196/2003
Chapter III of EU Regulation 2016/679 lists all the rights granted to the user.
Therefore, EFORMA SRL wants to inform about the existence of certain rights, such as the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed (and, if it so, access to them); their availability in an intelligible form; rectification or erasure of personal data or restriction of processing all or part of them; the user has the right to object to such process based on legitimate reasons and/or to withdraw the consent at any moment (considering though the consequences stated at the previous point no. 5); to ask for the portability of his/her data for those required under specific consent and also, to update them. The data subject has also the right to ask for anonymized data transformation, limitation and block of unlawful processing of data; the data subject can also lodge a complaint for unauthorized processing of conferred data with the Italian Data Protection Authority, following the procedures published on the Authority’s website (http://www.garanteprivacy.it/). Data subject has the right to know from which source the personal data originate, the purposes and the methods of processing, the logic involved, as well as the identity and the contact details of the Controller and the recipients to whom the personal data could be disclosed.
Requests concerning the above-mentioned rights can be addressed to the Controller at the contact information provided above with no need of formality or, alternatively, by using the form provided by the Italian Data Protection Authority available on the Authority’s website here: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
In case of processing based on Art. 6, paragraph 1, let. a) – explicit consent to data processing – or on Art. 9, paragraph 2, lett. a) – explicit consent to processing of genetic data, biometric data, data concerning health, personal data revealing religious or philosophical beliefs or labor union membership, data revealing racial or ethnic origin, political opinions – the user has the right to withdraw the consent at any moment with no prejudice to the validity of the processing based on the consent given before the withdrawal.
Likewise, in case of violation of the law, the user has the right to lodge a complaint with the Italian Data Protection Authority as the authority in charge of controlling processing activities in Italy. The form for lodging the complaint is available at the following link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
For a deeper insight of Your rights, please read Art. 15 and ff. of EU Regulation 2016/679 and Art. 7 of the Italian Legislative Decree 196/2003.
In order to exercise one of more of the above-listed rights, You can contact us at the following email address: firstname.lastname@example.org .