ex Art 13 of the General Data Protection Regulation EU 2016/679 (GDPR)

Before communicating any personal data, we invite you to carefully read this “Privacy Policy” pursuant to art. 13 of the GDPR, addressed to those who consult and interact with the website, as it contains information regarding the protection of personal data and the security measures adopted to ensure their confidentiality in full compliance with the GDPR.

Please note that this Privacy Policy applies only to the site https://www.actemium.it/and does not apply to other websites that may be accessed through our links.

Data Controller

Data Controller is Elphi VM S.r.l. – Via Gallarate 205 – Milano – tel. 02.35949851 e-mail: privacyvei@vinci-energies.com. Data processed are those provided by identified or identifiable persons visiting our website.

 

Legal Basis

 

We process data mainly on the basis of user consent. Consent is given through the banner at the bottom of the page, or through the communication form or service request form, specifically designed for collecting consent for the specific purpose of the service. The consent to the collection and processing of data is optional, it can be denied and revoke at any time, without affecting the lawfulness of the treatment given before the revocation. However, withholding consent may cause the Data Controller to be unable to provide certain services and the site navigation experience may be reduced.  Other legal bases for data processing are the following: legal obligation, performance of contractual and pre-contractual obligations (see processing purposes).

The data for the security and proper functioning of the site, as well as data for the analysis of site traffic (statistics), are processed on the basis of the legitimate interest of the Data Controller to protect the site and its users. In such a case the user has always the right to oppose the processing of data (see par. Rights of data subjects). Such data may also be processed on the basis of a legal obligation in the event of requests by the authorities (see processing purposes).

 

Place and purpose of data processing

 

The processing operations connected to the web services of this website take place at our service provider within UE, who was specifically appointed as External Data Processor and are carried out directly by our employees specifically appointed and trained.

Data provided by users who send requests via email are used only to reply to the requests received. The data provided by users may also be used to fulfil legal and/or contractual obligations arising from the relationship established.

Browsing data are used to obtain anonymous statistical information on the use of the website, for website security purposes and to monitor the proper functioning of the website and could be used to ascertain liability in case of any computer crimes against the website.

Methods of data processing

Personal data are processed with automated computer tools or, residually, by means of paper methods, for the time necessary to achieve the above purpose. With regard to browsing data, please refer to the cookie policy. Adequate security measures are in place to prevent any loss of data, unlawful or improper use, and unauthorized access.

Your Data are processed by our properly appointed and trained employees. Your Data may also be processed by trusted companies that provide technical and organizational tasks for the Data Controller. These companies are direct collaborators of Data Controller and, in accordance with Article 28 of the Regulations, are appointed as Data Processors and offer sufficient guarantees to put in place appropriate measures so that the processing of personal data complies with the Regulations and ensures the protection of the rights of the data subject.

The full list of Data Processors is constantly updated and can be viewed by sending a request to the Data Controller.

Types of data processed

Data voluntarily provided by Users

The Data Controller collects and processes Personal Data voluntarily provided by Users. This category includes all Personal Data provided by the User on a voluntary basis, for example to participate in surveys, register for marketing events, or, in general, by filling out the contact form. Such Data will be used only for the purpose and for the time strictly necessary to fulfill the individual User’s request.

 

Browsing data

The computer systems and software procedures used to operate this website, during their normal operation, collect some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified interested parties but, by their very nature, could allow users to be identified through processing and association with data held by third parties. These data include IP addresses or domain names of the computers used by users who connect to the site, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are exclusively collected for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.

Cookies Please read Cookies Policy 

 

Transfer of data abroad:

Data Controller may need to transfer Your Data to other group companies or service providers in countries outside the European Economic Area (EEA), consisting of the countries of the European Union and Switzerland, Liechtenstein, Norway and Iceland, which are considered countries with equivalent data protection and privacy laws. In such cases, we will ensure that your data is properly and adequately protected. We always make sure that there is a contract that governs the transfer of data between the parties, in accordance with current European Commission decisions. If the state does not have equivalent data protection and privacy laws, we require third parties to sign a contract according to EU standards.

Rights of data subjects

The data subject has the right to request from the controller access to and rectification or erasure of personal data or restriction of the processing of personal data concerning him or her, or to object to the processing of personal data, as well as the right to data portability. The rights recognized by current legislation on the protection of personal data are detailed below.

Right to withdraw consent: where applicable, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;

Right of access, rectification and deletion: you have the right to request access to and receive a copy of your personal data in our possession, to request the correction of any inaccurate data and to request the deletion of your personal data in special circumstances.

Right to data portability: in certain circumstances, you have the right to receive all the personal data you have communicated to us in a structured, commonly used and computer-readable format; you may also ask us to transmit such data to another Data Controller where this is technically feasible.

Right to object to justified processing based on legitimate interests: in cases where our processing of personal data is based on legitimate interests, you will have the right to object to such processing. If you object to such processing, we will be obliged to stop the processing, unless we can demonstrate the existence of compelling legitimate grounds which outweigh your interests, rights and freedoms or where it is necessary for us to process such data in order to initiate, enforce or defend legal action. In cases where we rely on our legitimate interest as a justification for processing, we believe we can demonstrate such legitimate grounds, but each case will be examined on an individual basis.

Right to object to processing for marketing purposes: where personal data is processed for marketing purposes, you have the right to object to such processing at any time

Requests and communications should be addressed to the Data Controller by post, or by telephone on 02.35949851 or by email to privacyvei@vinci-energies.com.

Data subject who finds that the processing concerning him/her violates the GDPR regulation (Reg EU2016/679) has the right to lodge a complaint with a supervisory authority (Garante della Privacy).

 

This Privacy Policy is in force as of 25/05/2018. Elphi VM S.r.l. reserves the right to modify or simply update its content, in part or in whole, also due to changes in the Applicable Regulations.