ex Art 13 of the General Data Protection Regulation EU 2016/679 (GDPR)
Data Controller is Elphi VM S.r.l. – Via Gallarate 205 – Milano – tel. 02.35949851 e-mail: email@example.com. Data processed are those provided by identified or identifiable persons visiting our website.
We process data mainly on the basis of user consent. Consent is given through the banner at the bottom of the page, or through the communication form or service request form, specifically designed for collecting consent for the specific purpose of the service. The consent to the collection and processing of data is optional, it can be denied and revoke at any time, without affecting the lawfulness of the treatment given before the revocation. However, withholding consent may cause the Data Controller to be unable to provide certain services and the site navigation experience may be reduced.
The data for the security and proper functioning of the site, as well as data for the analysis of site traffic (statistics), are processed on the basis of the legitimate interest of the Data Controller to protect the site and its users. In such a case the user has always the right to oppose the processing of data (see par. Rights of data subjects).
Place and purpose of data processing
The processing operations connected to the web services of this website take place at our service provider within UE, who was specifically appointed as External Data Processor and are carried out directly by our employees specifically appointed and trained.
Data provided by users who send requests via email are used only to reply to the requests received.
Browsing data are used to obtain anonymous statistical information on the use of the website, for website security purposes and to monitor the proper functioning of the website and could be used to ascertain liability in case of any computer crimes against the website.
Methods of data processing
Personal data are processed with automated computer tools, for the time necessary to achieve the above purpose. Adequate security measures are in place to prevent any loss of data, unlawful or improper use, and unauthorized access.
Your Data are processed by our properly appointed and trained employees. Your Data may also be processed by trusted companies that provide technical and organizational tasks for the Data Controller. These companies are direct collaborators of Data Controller and, in accordance with Article 28 of the Regulations, are appointed as Data Processors and offer sufficient guarantees to put in place appropriate measures so that the processing of personal data complies with the Regulations and ensures the protection of the rights of the data subject.
The full list of Data Processors is constantly updated and can be viewed by sending a request to the Data Controller.
Types of data processed
Data voluntarily provided by Users
The Data Controller collects and processes Personal Data voluntarily provided by Users. This category includes all Personal Data provided by the User on a voluntary basis, for example to participate in surveys, register for marketing events, or, in general, by filling out the contact form. Such Data will be used only for the purpose and for the time strictly necessary to fulfill the individual User’s request.
The computer systems and software procedures used to operate this website, during their normal operation, collect some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified interested parties but, by their very nature, could allow users to be identified through processing and association with data held by third parties. These data include IP addresses or domain names of the computers used by users who connect to the site, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are exclusively collected for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
Cookies Please read Cookies Policy
Transfer of data abroad:
Data Controller may need to transfer Your Data to other group companies or service providers in countries outside the European Economic Area (EEA), consisting of the countries of the European Union and Switzerland, Liechtenstein, Norway and Iceland, which are considered countries with equivalent data protection and privacy laws. In such cases, we will ensure that your data is properly and adequately protected. We always make sure that there is a contract that governs the transfer of data between the parties, in accordance with current European Commission decisions. If the state does not have equivalent data protection and privacy laws, we require third parties to sign a contract according to EU standards.
Rights of data subjects
Data subjects at any time have the right to request from the Data Controller access to their data, the rectification or erasure of the same, the limitation of processing or the possibility to object to processing, to request data portability, to withdraw consent to processing by asserting these and other rights under the GDPR by simple communication to the Data Controller.
Requests and communications should be addressed to the Data Controller by post, or by telephone on 02.35949851 or by email to firstname.lastname@example.org.
Data subject who finds that the processing concerning him/her violates the GDPR regulation (Reg EU2016/679) has the right to lodge a complaint with a supervisory authority (Garante della Privacy).