is regulated by Italian law and in particular by Legislative Decree no. 196 of 30 June 2003 (Personal data protection code, the “Code”), as well as the European Regulation 2016/679 “GDPR” (the “Regulation”) in force since 25th May 2018.
1. PERSONAL DATA CONTROLLER
Enco Srl with registered office 80122 Naples – Via Michelangelo Schipa 115 (hereinafter Enco) is the data controller for the data processing related (“Controller”) to the Sites, including therein browsing data, as well as all the data connected and related to online sales.
2. PERSONAL DATA COLLECTED
a) Sign up for the newsletter
By subscribing to the newsletter, the user provides the following personal data: name, surname, email. These data are necessary, therefore, in the absence of such data, it will not be possible to register for the newsletter or to create an account.
b) Assistance / request for information
To obtain a support service or to request information, the User can send a request to the email address email@example.com or to the other email addresses indicated on the Website, or use one of the elettronic forms present in the Website, and must provide the following personal data: name, surname, mail, message. These data are necessary: failure to provide such data could prevent Enco from providing the requested assistance.
c) Browsing data
During the browsing of the Site by the user, the information systems and software procedures relied upon to operate these Sites acquire personal data as part of their standard functioning, the transmission of such data is an inherent feature of Internet communication protocols.
This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.
3. PURPOSE OF THE PROCESSING, LEGAL BASIS AND DATA STORAGE PERIOD
3.1 Newsletter subscription and request for information via web form
The personal data provided by the user or collected when the user subscribes to the newsletter on the Website or requests information via web form, will be used:
-to provide the services requested (for example, assist and manage any complaints and respond to a request or contact request that may be submitted by the user, also through customer service);
-to manage newsletter subscription
Personal data must be provided for the aforementioned purposes and the refusal would prevent to complete the request.
The processing of data for the afore mentioned purposes is carried out to follow up the request to receive newsletters and manage the request of information / assistance.
The personal data processed for newsletter subscription will be kept until the user requests cancellation from the newsletter.
The personal data processed for the assistance / request for information will be kept for the time necessary to manage the request, and then they will be eliminated
Without prejudice to the foregoing, the user’s personal data will be kept only for any legal and regulatory obligations (such as, for example, accounting and tax obligations).
3.2 Use of web services
The browsing data, which are acquired by the Controller during the browsing of the Website by the Customer, are necessary for the use of web-based services and are also processed in order to:
– extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);
– check functioning of the services.
Browsing data are kept for no longer than seven days and are erased immediately after being aggregated (except where judicial authorities need such data for establishing the commission of criminal offences).
Personal data collected on the Website will be used, after obtaining consent, to offer promotions and send newsletters, other communications, surveys and researches, market analysis, promotions and other initiatives for customers (“marketing”). The Controller may use traditional (postal mail and telephone) and/or digital and automated (e-mail, SMS) contact means.
The use of data for marketing purposes is optional and free, being based on the consent that the user can choose to lend. The user can revoke his consent at any time. In any case, the refusal to provide personal data for marketing purposes does not prevent the user from using the services of the Sites or making purchases, but the same will not be informed of marketing initiatives promoted by the Controller.
Personal data processed for marketing purposes will be kept, in accordance with the provisions of the Italian data protection authority’s (hereinafter the Garante), for a period not exceeding 24 months, unless the user renews his consent and except for further measures issued by the Garante.
Passed the retention period indicated above, personal data will be permanently deleted or anonymised. Without prejudice to the foregoing, the user’s personal data will be kept only for any legal and regulatory obligations (such as, for example, accounting and tax obligations).
4. COMMUNICATION OF PERSONAL DATA
The personal data of the user will be processed by authorised persons of the Controller and, if appointed, the Processor.
Personal data may also be processed by third parties who perform, for example, services for sending communications via e-mail or SMS, computer system maintenance services, computer assistance services and Content management application.
The above-mentioned persons will only process the personal data necessary for the performance of the related services and will not be authorized to process them for different purposes.
The user’s personal data may also be communicated to other persons, such as law enforcement agencies, administrative or judicial authorities and public administrations for the fulfillment of legal obligations, regulations or community provisions.
5. PROTECTION OF THE PRIVACY OF MINOR
The processing of personal data of the minor is lawful where the child is at least 16 years old. If the child is under the age of 16, such treatment is lawful only if the consent is given or authorized by the holder of parental responsibility.
The Data Controller will, in any reasonable way and in consideration of the available technologies, make sure that the consent is given or authorized by the holder of parental responsibility on the child.
If the Data Controller or the Processor come to know that a minor’s data have been collected, they will immediately cancel them.
In the event that the user is not of the required age, please do not register or proceed with the online purchase and ask an adult (or their parents or legal guardian) to perform the necessary procedures.
6. METHOD OF PROCESSING
The personal data collected through the Sites is processed mainly using computerized and telematic methods and tools, adopting the necessary security measures in order to minimize the risk of destruction or loss, even accidental, of the data, unauthorized access or of treatment not allowed or not in accordance with the collection purposes indicated in this statement. However, these measures, due to the nature of the online transmission medium, cannot limit and exclude absolutely any risk of unauthorized access or data loss. To this end, the user is advised to: periodically check that the computer is equipped with appropriate software devices for the protection of data transmission in the network, both incoming and outgoing (as updated antivirus systems); verify that the internet service provider has taken appropriate measures for the security of data transmission over the network (such as, for example, firewalls and antispam filters). In the event that the Controller believes that the security of the personal data of the user in his possession or under his control has been or may have been compromised, the same will inform the user of the incident according to the procedures established by the law in force, using the methods prescribed by it (providing his/her email address to the Controller, the user consents to receive such communications in electronic format through this email address).
7. TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
8. USER RIGHTS
To exercise the rights indicated below, the user can send a request by contacting the Controller and by sending an email to firstname.lastname@example.org or a letter by postal mail to the address of the Controller. When contacting the Controller, the user must include his name, email address, postal address and/or telephone number(s) to be sure that the Controller can correctly handle his/her request.
8.1 Right of access
The user shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data; the recipients or categories of recipient; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the user, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the user; Where personal data are transferred to a third country or to an international organisation, the user shall have the right to be informed of the appropriate safeguards relating to the transfer.
The user has the right to obtain a copy of the personal data undergoing processing.
8.2 Right of rectification
The user shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the user shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
8.3 Right to erasure
The user shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– the user withdraws consent on which the processing is based, with an email or postal communication;
– the user objects to the processing and there are no overriding legitimate grounds for the processing, or the user objects to the processing for direct marketing purposes, which includes profiling;
– the personal data have been unlawfully processed;
– the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
– the personal data have been collected in relation to the offer of information society services directly to a child.
8.4 Right of restriction
The user shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the user, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claims;
d) the user has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Controller override those of the data subject.
8.5 Right to data portability
The user shall have the right to receive the personal data concerning him/her, which he/she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9 (2) of Regulation or on a contract pursuant to point (b) of Article 6(1) of Regulation;
b) the processing is carried out by automated means.
In exercising his/her right to data portability pursuant to paragraph 1, the user shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
8.6 Right to object
The user shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
8.7 Further rights
The user shall have the right not to be subjected to a decision based only on automated processing, including profiling, which produces legal effects that affect him/her or that significantly affects his person.
The user shall have the right to lodge a complaint with a supervisory authority (in Italy, the Italian data protection authority’s, Garante).
9. UPDATE OF PERSONAL DATA
The user is invited to check and update their personal data on a regular basis. To this end, in case of changes, the user is invited to write to the email address email@example.com or to directly modify the data online using the settings of the user account on the Website, where registered.
10. UPDATES OF THIS INFORMATION – COMMUNICATIONS
It is the responsibility of the user to read, from time to time, the Information to be aware of any changes made.
In some cases, the Controller may provide further communications regarding significant changes to this Information by posting a notice on the home page of this Website or, in the case of registered users, by sending a notification email or by posting a notice on their account page.