We take the privacy and security of your data very seriously.


1. Data Controller

Data Controller is ELPHI VM S.r.l. Via Gallarate 205 – Milano – tel. 02.35949851 e-mail: privacyvei@vinci-energies.com.

2. Legality and Purposes of the Processing

2.1 Your personal data, which we hold or which you will be asked to provide, may be lawfully processed for the execution of a contract, to fulfill a legal obligation or with your express consent for the purposes set out in the following points:

  • fulfilment of pre-contractual and contractual obligations arising from existing relationships;
  • carrying out mandatory administrative, accounting, statutory and fiscal tasks;
  • administrative and possibly commercial management of the existing relationship.

2.2 And, also, due to the legitimate interest of the processing, for the purposes of Direct Marketing such as sending email to customers with post, newsletter, commercial communications and/or advertising material on products or services offered by the Controller.

3. Scope of communication and disclosure of the data we hold

Your data for the above-mentioned purposes may be communicated to our staff as part of the normal course of business and also to:

  • external parties, in fulfilment of legal obligations;
  • data processors and all persons employed by the controller;
  • external parties operating in Italy who assist our company in carrying out certain management phases, as part of its business activities (tax, accounting, financial, insurance and legal obligations);
  • Banks, for the management of receipts and payments

Data processed will not be disclosed to any third party.

The updated list of any External Data Processors is available by contacting the Data Controller.

4. Categories of data processed

The types of data processed are:

  • Name, surname
  • Name of Company
  • Fiscal code/VAT
  • E-mail
  • telephone/fax/cell phone number
  • Identification details of bank accounts (es. IBAN)

5. Terms and period of conservation

Regarding the above-mentioned purposes, personal data may be processed by manual, automated, computerised or electronic means for managing, storing on computer, on paper or on any other type of suitable support.

Data concerning the following categories: Customers, Suppliers, Employees will be stored for ten years.

Data subjects have the right to have his data erased.

The Data Controller will not transfer personal data to any third country or international organization.

6. Exercise of rights under Articles 13-25 GDPR

Data subjects have the right to obtain confirmation of the existence of their personal data and the right to have such data available in a comprehensible form.

Data subject may request to know the origin of the data, the logic and purposes on which the processing is based, to obtain the erasure, as well as the updating of the data and to request information on the security measures adopted to protect the data.

Data subject also has the right to be informed if their data are being processed and, if so, the right to access the following information: the purposes, the categories of data, the recipients, the conservation period, the right to lodge a complaint with a supervisory authority, the right to request rectification or erasure or restriction of processing or to object to processing, and the existence of an automated decision-making process.

The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data without undue delay.

7. Consent and Provision of data

The provision of personal data for the purposes referred to in point 2.1 is compulsory, since failure to provide such data would make it impossible to fulfil a request or comply with a legal and/or contractual obligation incumbent on EPHI VM S.r.l.. The provision of the data referred to in point 2.2 is in the legitimate interest of EPHI VM S.r.l..