2) Data controller and supervisor
The data controller is the company EUROELETTRICA s.a.s. DI DENIS MORAS & C.
3) Type of data processed
4) Cookies and browsing data
Cookies can also be classified as:
_ "session" cookies, which are immediately eliminated when the browser is closed;
_ "persistent" cookies, which remain in the browser for a set period of time. These are used, for example, to recognise the device connecting to a website, facilitating the user's authentication operations;
_ "first-party" cookies, generated and managed directly by the domain the user is browsing;
_ "third-party" cookies, generated and managed directly by parties other than the domain the user is browsing.
5) Cookies used on the website
The Website uses the following types of cookies:
5_1) first-party cookies, session and persistent, necessary for permitting the browsing of the Website, for internal security and system administration purposes;
5_2) third-party cookies, session and persistent, necessary for enabling the user to use multimedia elements present on the Website, such as images and videos, for example;
5_3) third-party persistent cookies, used by the Website to send statistical information to the Google Analytics system, with which EUROELETTRICA s.a.s. DI DENIS MORAS & C. can perform statistical analyses of accesses / visits to the Website. The cookies are used exclusively for statistical purposes and collect information in aggregated form. Through a couple of cookies, one persistent and the other session (expiring when the browser is closed), Google Analytics also saves a log with the times that the visit to the Website began and ended. It is possible to prevent Google from collecting data via cookies and subsequently processing it by downloading and installing the browser plug-in from the following address: http://tools.google.com/dlpage/gaoptout?hl=it
5_4) third-party persistent cookies, used by the Website to include the buttons of some social networks (Facebook, Twitter and Google+) on its pages.
6) How to disable cookies on your browser
7) Storage of personal data
Personal data is stored and processed using the information systems belonging to EUROELETTRICA s.a.s. DI DENIS MORAS & C. and managed by EUROELETTRICA s.a.s. DI DENIS MORAS & C. or by third-party suppliers of technical services; for more details please see the section "Accessibility of personal data" that follows. Data is processed exclusively by specifically authorised personnel, including personnel appointed to perform unscheduled maintenance operations.
8) Purposes and methods of data processing
EUROELETTRICA s.a.s. DI DENIS MORAS & C. can process the regular and sensitive personal data of users for the following purposes: use of services and functionalities present on the Website by users, management of requests and reports by its users, sending of newsletters, management of job applications received via the website, etc. Furthermore, with the additional and specific voluntary consent of users, EUROELETTRICA s.a.s. DI DENIS MORAS & C. may process personal data for marketing purposes, i.e. to send users promotional and/or commercial communications relative to the Company's services, using the contact details indicated, via both traditional methods and/or means of contact (post, phone calls with operator, etc.) and automated methods (communications via internet, fax, email, text message, applications for mobile devices like smartphones and tablets, APPS, social network accounts - e.g. via Facebook or Twitter-, automated phone calls, etc.). Personal data is processed in both paper and electronic form and stored in the company information system in full compliance with EU Reg. 2016/679, including security and confidentiality profiles and in accordance with the principles of fair and legal processing. In compliance with EU Reg. 2016/679, data is stored and conserved for 10 years.
9) Security and quality of personal data
EUROELETTRICA s.a.s. DI DENIS MORAS & C. undertakes to protect the security of the user's personal data and respects the security provisions of all applicable regulations in order to prevent data loss, the illegitimate or illicit use of the data, and unauthorised accesses to same. In addition, the information systems and computer programmes used by EUROELETTRICA s.a.s. DI DENIS MORAS & C. are configured in such a way as to minimise the use of personal and identifiable data; this data is only processed to achieved the specific goals pursued each time. EUROELETTRICA s.a.s. DI DENIS MORAS & C. uses multiple advanced security technologies and procedures to help protect the personal data of users; for example, personal data is stored on secure servers located in sites with strong access protection and control. Users can help EUROELETTRICA s.a.s. DI DENIS MORAS & C. to update and ensure the accuracy of their personal data by communicating any changes to their address, credentials, contact information, etc.
10) Communication and accessing of data
The user's personal data may be communicated to:
• all parties whose right to access such data is recognised by legal provisions;
• our workers and employees, as part of their roles;
• all physical and/or legal, public and/or private persons when the communication of this data is necessary or functional for the performance of our activities and in the ways and for the purposes illustrated above.
11) Provision of personal data
The provision of some personal data by users is mandatory as it enables the Company to manage communications, the requests of users or to recontact users in order to follow up on their requests. This type of data is marked with an asterisk [*] and in this case the data must be provided so that the Company can follow up on the user's request. If this data is not provided, it will not be possible to process the user's request. Conversely, the other data not marked with an asterisk is optional: failure to provide this data will not have any consequences for the user. As specified in the "Purposes and methods of data processing" section, the provision of personal data by the user for marketing purposes is optional and the refusal to provide such data will not have any consequences. The consent provided for marketing purposes is extended to the sending of communications using both automated and traditional methods and/or means of contact, as illustrated above.
12) Rights of the data subject
12.1 Art. 15 (right of access) and Art. 16 (right to rectification) of EU Reg. 2016/679 The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed and, if so, to obtain access to this personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
12.2 Art. 17 (right to erasure, so-called "right to be forgotten") of EU Reg. 2016/679
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject,
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of EU Reg. 2016/679
12.3 Art. 18 (right to restriction of processing) of EU Reg. 2016/679
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21 (1) of EU Reg. 2016/679 pending the verification whether the legitimate grounds of the controller override those of the data subject.
12.4 Art. 20 (right to data portability) of EU Reg. 2016/679
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller
12.5 Withdrawal of consent to processing
You have the right to withdraw your consent to the processing of your personal data by sending an email to: [firstname.lastname@example.org] enclosing a photocopy of your ID document, with the following wording: withdrawal of consent to the processing of all my personal data. At the end of this operation your personal data will be removed from our archives as quickly as possible. If you would like more information on the processing of your personal data, or you wish to exercise the rights outlined in point 8, you can send an email to the following address: [email@example.com]. Before providing or modifying any information we may need you to verify your identity and answer a few questions. We will reply to you as quickly as possible.