Erion Compliance Organization S.C.A R.L. (hereinafter “ECO”) with registered and operating offices in Via Messina 38, 20154 Milan – Italy, recorded in Milan’s Register of Companies under VAT and Tax Code No. 11344540965 (hereinafter the “Data Controller” or “ECO”), considers the protection of Personal Data of its and/or potential users of fundamental importance, ensuring that the processing of Personal Data, carried out by any means, both automated and manual, takes place in full compliance with the protections and rights recognized by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data, as well as on the free movement of such data (hereinafter the “Regulation”) and the other applicable regulations regarding the protection of Personal Data.
2. Type of data processed, purposes and legal basis of the processing.
The Website offers informative and, sometimes, interactive content. During site navigation, information regarding the user may be acquired by ECO as follows:
During normal operation, the IT systems and software procedures used to run the Website collect some Personal Data, which are implicitly transmitted through the use of internet communication protocols.
This information may include, for example: IP addresses, browser type, operating system, domain name and website referring or exit pages, information on the pages visited by the user within the Website, access time, navigation length on each page, clickstream analysis and other parameters regarding the operating system and the user IT environment.
These technical/IT data are collected and used exclusively on an aggregated and anonymous basis and may be used to ascertain liability in the event of hypothetical cybercrimes to the detriment of the Website.
- Data voluntarily provided by the user/visitor
This is the Personal Data freely provided by the visitor to the Website in order, for example, to register and/or access a reserved area, use a form to request information about a specific service, write to an email address or call for a direct contact with an ECO officer, register for an event, seminar or course organized by ECO, receive ECO newsletters. The legal basis for the processing of such data is laid down in Article 6(b) and (c) of the Regulation and is based on the pre-contractual or contractual relationship that arises with the interested party at the time of requesting a service.
3. Data processing methods
The data processing will be performed through automated means using electronic procedures for the time strictly necessary and in compliance with Article 5 of the Regulation.
Your Personal Data will be processed by the Data Controller exclusively for achieving the purposes for which the data were collected. In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of the Regulation, i.e. until the termination of the contractual relationship between the data subject and Data Controller, without prejudice to an additional retention period that may be imposed by law as also provided for by Recital 65 of the Regulation.
4. Recipients of Personal Data
The Personal Data collected by the Website may be disclosed to specific subjects considered recipients of such Personal Data. According to Article 4(9) of the Regulation “recipient” means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not” (hereinafter “Recipients”).
- third parties who perform part of the processing activities and/or related and instrumental activities on behalf of the Data Controller. These parties will be appointed as data processors, defined by Article 4(8) of the Regulation as “any natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller” (hereinafter the “Data Processor”);
- individuals, employees and/or collaborators of the Data Controller, who have been entrusted with specific and/or more processing activities. These individuals have been given appropriate instructions on the safety and correct use of Personal Data and are defined, in accordance with Article 4(10) of the Regulation, “persons who, under the direct authority of the controller or processor, are authorized to process personal data” (hereinafter “Authorized Persons”);
- if required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or to the judicial authority without being defined as Recipients. In fact, in accordance with Article 4(9) of the Regulation, “public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients”.
The updated list of Recipients is available on request by writing to: firstname.lastname@example.org.
5. Redirect to external websites
The Website could use social plug-ins. Social plug-ins are special tools that enable the incorporation of social network features directly into the Website (e.g. the “like” function of Facebook).
If social plug-ins are present on the Website, they are marked with the social network’s property logos.
When surfing a Website page, by interacting with the social plug-in (e.g. by clicking on the “like” button) or leaving a comment, the information will be directly transferred from the browser to the social network.
6. Rights of the interested party
The data subject has the right to be informed, at any time, regarding which data are available to the Data Controller and how such data are used. Furthermore, he/she has the right to have such data updated, supplemented, corrected or erased, request their portability or restriction of processing in the cases provided for by the law and oppose their processing unless the Data Controller demonstrates compelling legitimate grounds for their processing. For exercising such rights, as well as for more detailed information about the subjects or categories of subjects to whom the data are communicated and/or transferred or who become aware of the data as controllers or processors, each interested party may contact Erion Compliance Organization S.C.A R.L. The data subject may at any time revoke the consent already given, without prejudice to the lawfulness of the processing based on consent given before the revocation, by writing to: Erion Compliance Organization S.C.A R.L., Via Messina 38, 20154 Milan – Italy, email email@example.com, phone +39 0250020350. Lastly, we remind you that you have the right to lodge a complaint with the competent Data Protection Authority if you consider that your rights have been infringed or if you had not received acknowledgment to your requests according to law.
Thank you for your attention!
Last update 08/09/2020