Erion Professional (hereinafter “Erion”) with registered and operating offices in Via Messina 38, 20154 Milan – Italy, recorded in Milan’s Register of Companies under VAT and Tax Code No. 11277920960 (hereinafter the “Data Controller” or “ERION”), considers the protection of Personal Data of its and/or potential users of fundamental importance, ensuring that the processing of Personal Data, carried out by any means, both automated and manual, takes place in full compliance with the protections and rights recognized by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data, as well as on the free movement of such data (hereinafter the “Regulation”) and the other applicable regulations regarding the protection of Personal Data.
2. Data Controller
Erion Professional with registered office in Via Messina 38, 20154 Milan – Italy, recorded in Milan’s Register of Companies under VAT and Tax Code No. 11277920960 (hereinafter the “Data Controller”).
For some processing related to direct marketing purposes (understood as all the activities performed by the co-controllers for promoting products, services, initiatives, provided by the co-controllers on the basis of their legitimate interest in pursuing their business purpose, alongside the Data Controller will operate in its capacity as co-controller:
Erion Compliance Organization S.C.A R.L. (hereinafter “ECO”), with registered office in Via Messina 38, 20154 Milan – Italy, VAT and Tax Code No. 11344540965.
(Hereinafter the Data Controller and ECO may be jointly referred to as “Joint Controllers”)
The Joint Controllers have entered into an arrangement between themselves in accordance with Article 26 of the Regulation, with which they have undertaken to:
- jointly determine some purposes and methods of processing your Personal Data;
- jointly determine, in a clear and transparent manner, the procedures for providing prompt feedback should the interested party wish to exercise his/her rights, as provided for by Articles 15, 16, 17, 18 and 21 of the Regulation as well as in cases of portability of Personal Data provided for by Article 20 of the Regulation as better described hereunder;
- jointly define this Privacy Notice, indicating all the information required by the Regulation.
3. Type of data processed, purposes and legal basis of the processing.
The Website offers informative and, sometimes, interactive content. During site navigation, information regarding the user may be acquired by ERION as follows:
During normal operation, the IT systems and software procedures used to run the Website collect some Personal Data, which are implicitly transmitted through the use of internet communication protocols.
This information may include, for example: IP addresses, browser type, operating system, domain name and website referring or exit pages, information on the pages visited by the user within the Website, access time, navigation length on each page, clickstream analysis and other parameters regarding the operating system and the user IT environment.
These technical/IT data are collected and used exclusively on an aggregated and anonymous basis and may be used to ascertain liability in the event of hypothetical cybercrimes to the detriment of the Website.
- Data voluntarily provided by the user/visitor
This is the Personal Data freely provided by the visitor to the Website in order, for example, to register and/or access a reserved area, use a form to request information about a specific service, write to an email address or call for a direct contact with an ERION officer, register for an event, seminar or course organized by ERION, receive ERION newsletters or other communications on its activities or activities of the group to which the Joint Controllers belong. The legal basis for the processing of such data is laid down in Article 6(b) and (c) of the Regulation and is based on the pre-contractual or contractual relationship that arises with the interested party at the time of requesting a service, or also for direct marketing activities, on the basis of legitimate interest of the Joint Controllers in pursuing their business purpose, regardless of the consent of the interested parties and without prejudice to their right to object as explained in point 7 below.
4. Data processing methods
The data processing will be performed through automated means using electronic procedures for the time strictly necessary and in compliance with Article 5 of the Regulation.
Your Personal Data will be processed by the Data Controller exclusively for achieving the purposes for which the data were collected. In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of the Regulation, i.e. until the termination of the contractual relationship between the data subject and Data Controller, without prejudice to an additional retention period that may be imposed by law as also provided for by Recital 65 of the Regulation.
5. Recipients of Personal Data
The Personal Data collected by the Website may be disclosed to specific subjects considered recipients of such Personal Data. According to Article 4(9) of the Regulation “recipient” means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not” (hereinafter “Recipients”).
- third parties who perform part of the processing activities and/or related and instrumental activities on behalf of the Data Controller. These parties will be appointed as data processors, defined by Article 4(8) of the Regulation as “any natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller” (hereinafter the “Data Processor”);
- individuals, employees and/or collaborators of the Data Controller, who have been entrusted with specific and/or more processing activities. These individuals have been given appropriate instructions on the safety and correct use of Personal Data and are defined, in accordance with Article 4(10) of the Regulation, “persons who, under the direct authority of the controller or processor, are authorized to process personal data” (hereinafter “Authorized Persons”);
- if required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or to the judicial authority without being defined as Recipients. In fact, in accordance with Article 4(9) of the Regulation, “public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients”.
The updated list of Recipients is available on request by writing to: firstname.lastname@example.org.
6. Redirect to external websites
The Website could use social plug-ins. Social plug-ins are special tools that enable the incorporation of social network features directly into the Website (e.g. the “like” function of Facebook).
If social plug-ins are present on the Website, they are marked with the social network’s property logos.
When surfing a Website page, by interacting with the social plug-in (e.g. by clicking on the “like” button) or leaving a comment, the information will be directly transferred from the browser to the social network.
7. Rights of the interested party
The data subject has the right to be informed, at any time, regarding which data are available to the Data Controller and how such data are used. Furthermore, he/she has the right to have such data updated, supplemented, corrected or erased, request their portability or restriction of processing in the cases provided for by the law and oppose their processing unless the Data Controller demonstrates compelling legitimate grounds for their processing. For exercising such rights, as well as for more detailed information about the subjects or categories of subjects to whom the data are communicated and/or transferred or who become aware of the data as controllers or processors, each interested party may write to: Erion Professional, Via Messina 38, 20154 Milan – Italy, email email@example.com. The data subject may at any time revoke the consent already given, without prejudice to the lawfulness of the processing based on consent given before the revocation. Lastly, we remind you that you have the right to lodge a complaint with the competent Data Protection Authority if you consider that your rights have been infringed or if you had not received acknowledgment to your requests according to law.
Thank you for your attention!
Last update 09/09/2020