(art. 13 Regulation (EU) 2016/679 and Italian Legislative Decree 196/03 as amended and integrated from time to time)

Dear User,

you will find in this notice full information regarding how Elettropiemme processes your personal data while using our website. This notice is provided in accordance with the Regulation (EU) 2016/679 (“Regulation” or “GDPR”) and reflects our commitment towards the protection of your personal data.

The data controller is the Company Elettropiemme S.r.l. (the “Company”), headquartered in Trento (TN) via Linz 137, pec elettropiemme@pec.it.

The Company only collects and processes those data that are strictly necessary for the purposes pursued by the data processing activities set out hereafter.

 

PERSONAL DATA	PURPOSES OF THE PROCESSING	DATA RECIPIENTS	PROCESSING METHODS AND PLACE	RETENTION TERMS
Browsing data (eg. IP address)	The information systems and other software used to maintain this website acquire, during their normal operation, some personal data whose transmission is implied in the use of Internet communication protocols. Such information could by its nature, through associations and processing with data held by third parties, allow users to be identified.	Personal data will be processed by the Company in accordance with GDPR and Italian law, including any provisions issued by the Supervisory Authority (the so called Garante per la protezione dei dati personali), where applicable, in any case, by ensuring compliance with the principles of correctness, lawfulness and transparency, protecting their confidentiality and related rights.	Personal data will be processed using also automated electronic methods, in addition to the manual ones, strictly necessary to the purpose of the processing and the data will be processed exclusively within the European Union. Appropriate security measures are observed to prevent the loss of data, illegal or incorrect use and unauthorized access.	Data will be retained until the deletion from the requested services and, in any case, for the time strictly necessary to achieve the purposes for which they were collected, and in any case, no longer than: 2 years regarding Browsing data 5 years regarding newsletter subscription (Data provided voluntarily by users) 2 years regarding contact form requests subscription (Data provided voluntarily by users) All the above, without prejudice to legal obligations.
Data provided voluntarily by users (personal identifying and contact data, e.g., first name, last name, email address)	Information provided by users to access certain services (e.g. newsletter subscription, contact form requests), or to submit e-mail requests, this involves the collection by the Company of the sender’s address and or any other personal data. Such data will be processed for the sole purposes of processing the request or subscription to the service. Compulsory data will be marked with an asterisk.
Cookies	Cookies are small text files used by websites to make the experience more efficient for the user. Certain operations could not be fulfilled without the use of cookies, which are in some cases required for the functioning of this website. Please refer to the cookie policy for further information.			For as long as is strictly necessary to achieve the purposes for which they were collected. Please refer to the cookie policy for further information.

The data are processed by the Data Controller for specific purposes only, and where they are supported by an adequate legal basis. The legal basis used depends on the specific purpose for which the personal data are processed. For the purposes of the processing of personal data referred to in this policy, the legal basis used are:

• Execution of a contract / pre-contractual measure when the processing of personal data is required to fulfill a contract or a precontractual measure;
• Legitimate interest when processing personal data to pursue the Company’s legitimate interests, provided that these do not override the fundamental rights and freedoms of individuals and as necessary for the execution of requested services and/or features or to respond to requests, as well as to ensure website security, prevent fraud, analyse web navigation, and to improve the user experience;
• Consent when we ask for the specific consent of the user before processing certain personal information for specific purposes. Users may revoke their consent at any time by contacting the Data Controller, and in such a case, we will cease to process your information for that purpose;
• Compliance with legal obligations when your personal data are processed to fulfill legal obligations.

No data arising from the web service shall be disseminated.

Without prejudice to the duty of disclosure to fulfil any public authority order or to abide by legal obligations, the personal data may be brought to the attention of the Company’s employees and processed by them; such personnel is formally appointed and authorized to process and receive opportune operational instructions in this regard. Furthermore, the data may be processed by external companies which the Company may make use of in relation to the management of the contractual relationship with customers or for its own organizational needs and its activities.

In accordance with the provisions of Article 13 of the GDPR, the subjects to whom the personal data refer have the right at any time to:

• Access (Article 15 GDPR): to obtain confirmation that personal data are being processed or not and, if so, to obtain access to the personal data and information concerning the processing, to know their content and origin and, where it does not violate the rights and freedoms of third individuals, to obtain a copy;
• Correction (Art. 16 GDPR): verify its accuracy or request its correction without unjustified delay and the integration or updating of incomplete personal data, also by providing a supplementary statement;
• Deletion (Art. 17 GDPR): to obtain the deletion of personal data without undue delay, in the cases provided for by the GDPR, or the transformation into anonymous form or the blocking of data processed in violation of the law; subject to any applicable exceptions, requests for the deletion of data are in fact subject to existing legal and record-keeping obligations required by law or regulations;
• Restriction of processing (Art. 18 GDPR): obtain the restriction of personal data processing, in cases provided for in the above-mentioned article of the GDPR;
• Opposition (Art. 21 GDPR): to oppose at any time, for legitimate reasons, the processing of personal data, including the profiling;
• Withdrawal: to withdraw consent, where the data processing is based on the consent; any withdrawal of consent to the processing does not affect the lawfulness of the processing based on the consent given before the withdrawal;
• Data portability (Art. 20 GDPR): to receive in a structured, commonly used and machine-readable format the personal data provided to a data controller and, where applicable, to transfer such data to another data controller;
• Not be subject to an automated decision-making process (Art. 22 GDPR): not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning or similarly significantly affecting the data subject.

To exercise the rights referred to in this notice it is possible to contact the Privacy Supervisory Body of the Parent Company Gefran S.p.A. (the so called Organismo di Supervisione Privacy) at the addresses indicated above or by email at privacy@gefran.com.

The Data Subject is entitled to submit complaints to the Italian Authority for the protection of personal data, www.garanteprivacy.it.