This policy shall be drawn up according to art. 13 and 14 of EU Regulation 2016/679 of the European Parliament and Council, relative to the protection of natural persons with regard to the processing of their personal data, and the free movement of such data and repealing the Directive 95/46 CE (General Regulation relative to data protection).
ESB Srl is the Controller of this policy and the Responsible of the website.
Personal data processed and their source
The personal data which could be processed are:
- Identity data, which include for example: name, surname, title, business name, customer code or similar identification.
- Contact data, which include for example: billing address, delivery address, e-mail, telephone and fax number.
- Financial data concerning banks account and/or possible payment cards.
- Transaction data concerning for example issued or received payment, your solvency in the relationship with third parties, and other data concerning products and services purchased from us.
- Marketing and Communication data concerning your preference on the receipt of marketing communications on our part and your preference regarding the communication.
- Profile data concerning for example your technical areas, your product category, your purchases and orders, your feedback.
- Technical data concerning for example IP address (internet protocol), your log in data, browser type and version, time zone and geographical location, type and plug-in version of the browser, operating system and platforms, and other technologies installed on the equipment to access and interact with our website. These data are collected anonymously and are not attributable to your person.
- Data on the use concerning the information about how you use our website and about the products and the services that you view on it. These data are collected anonymously and are not attributable to your person. About the data collected on the use of our website, refer to the Information Cookie that you can see at the following link http://easyandsmartblock.it/ibi-rosacometta/en/cookie-information-notice
ESB Srl does not collect Special Categories of Personal Data (for example data on race, ethnicity, religious or philosophical belief, sexual orientation, political opinion, belonging to a trade union, information on Your health conditions and biometrics and genetics data).
However, ESB Srl could collect information about offences and criminal convictions.
We take these data directly from you, through the compilation of online forms, or they could be collected by third parties, independent controller of the processing (for ex. agents, distributors, recruiters, commercial society, records, lists or database publicly available, etc.).
If you do not provide your personal data
Whenever it is necessary to collect personal data for law or contractual obligations, and you do not provide these data at the time of the request, we may not be able to carry out the performance expected for this contract (for example, the supply of goods and services). In this case, we could be forced to delete one of your order relative to a product or a service, and if that happens, we will give you a prior communication.
The processing is carried out for the following purposes:
- Execution of the contracts and related legal obligations;
- Protection of the rights under the contract;
- Recovery or assignment of the claim;
- Organizational and commercial management of the contract and of the after-sale activity (e.g. contact with agents, distributors, contractors, assistances centers);
- Solvency policy and activities of risk protection;
- Internal statistical analysis;
- Training activities on the use of product/services;
- Marketing activities through the sending of promotional and advertising material concerning products/services similar to those of the existing business relationship;
- Invitations to conferences, manifestations, initiatives promoted by the Commissioner, related to the existing business relationship;
- Control and management of the proper functioning of our website.
Processing legal base
The provision of data has a mandatory nature for the above mentioned purposes, from point 1 to 3, because related to the performance of legal and contractual obligations/rights, and the purposes from point 4 to 6 because related to the execution of performed operations for the contractual relationship and the economic activity of the Commissioner. Regarding these purposes, the refusal to provide these data, that is to say the authorization of the processing, may cause the impossibility by the Commissioner and the person concerned to fulfil the mutual commitments during the contract drafting and the legal obligations.
Regarding point 7 to 9 the provision of data and their relative processing are discretionary.
For point 10, instead, which applies only to technical data of web surfing and use of our website, these data are collected and processed in an aggregate and anonymous way (they do not require the consent to use) and their processing is based on the legitimate interest of the controller to make the use of our website functional for the user and verify its proper functioning.
Processing modes and persons in charge
The data processing will be carried out by the employees designated by the Commissioner as responsible, or also by external parties, belonging to the same Group of Companies (controlled companies and subsidiaries), in accordance with the rules of the EU Regulation 2016/679 and the instructions provided by the Commissioner.
ESB makes data accessible only to the authorized personnel for specific activities and tasks. These entities –for example- employees, interim and/or any other natural person placed under the direct authority of ESB- perform their activity because they are authorized and according to the instructions given by ESB.
On written request, addressed to ESB Srl, Via Aldo Moro, 33 24050 Zanica, Bergamo (Italy) or to the e-mail address email@example.com ESB will you communicate the names and the contact details of the person in charge for this issue.
The access to the database managed with computer facilities is allowed also to external entities, if it is necessary to guarantee the update and full functioning of the computer tools.
The processing requires tools and paper, computer and telematic supports in compliance with the dispositions aim at guaranteeing the security and confidentially, as well as the pertinence of data relative to the declared purposes in this policy.
ESB does not resell to third parties or spread deliberately the personal data collected directly from the interested persons.
Addressee of personal data
According to the above mentioned purposes, your data may be communicated to the following categories of subjects:
- State, regional, provincial and municipal administrations, Public Security Authority, Judicial authority;
- Companies of the Group, partners and/or shareholders;
- Credit institutions, leasing companies, factoring companies;
- Insurances companies;
- Agents, distributors, recruiters, assistances centres, contractors, clients;
- Transport companies and carriers;
- Companies of financial report auditing and certification, quality certification;
- Companies of business information and debt collection;
- Law and consulting firms, technical and fiscal assistance;
- Business organization;
- Universities, schools of all types and levels or training centers;
- Entities in charge of editing and/or sending business magazines, informative brochure, invitation to commercial initiatives;
- Companies of IT service in the field of assistance for the management of the information system.
Period of data retention
We will process your personal data only for the time required to fulfil the purposes these data were collected for, including legal, accounting and reporting needs.
In order to determine the adequacy of the retention period of personal data, we consider the quantity, the nature and the sensibility of personal data and the potential damage that an unauthorized use or their spread could cause, the purposes we process your personal data for, also taking into consideration the possibility to achieve the same purpose by other means, and the applicable legal requirements.
By law we must save a certain amount of basic information of our customers (including contact details, Identity details, financial and transaction data) for 10 years from the termination of the relationship for tax purposes.
In some cases we could make anonymous your personal data (so that they cannot be associated with you) for statistical and research reasons; in this case we could use these information for an unlimited period, without forward you further communication.
International transfer of your personal data
ESB shall not transfer outside the EU your personal data.
In relation to the above mentioned processing and the existing data into the archives of the Commissioner, the rights of art. 15, 16, 17, 18, 20, 21 of the Regulation EU 2016/679 (the text is available on the website www.garanteprivacy.it) could be exercised through a written request to the referring persons indicated below this document.
Your personal data are protected by the rights as enshrined in the law of data protection.
These rights are:
- The right to ask the access to your personal data.
In this way you can receive a copy of your personal data in possession of ESB and verify the legitimacy of the processing.
- The right to ask the correction of your personal data.
In this way you can obtain the correction of incomplete or wrong data; this could require a new verification of your data.
- The right to ask the deletion of your personal data
In this way you can ask the deletion or the removal of personal data when there is no more a good reason to continue their processing. You also have the right to ask the deletion or the removal of your personal data whenever you ask your right of not processing your data (see the next paragraph), whenever your informations had been processed unlawfully by ESB or if the Company was obliged to the cancellation by the local law. However, in some cases, it could not be possible to fulfil your requests of deletion because of specific legal reasons, which will be communicated at the time of your request.
- The right of opposition to the processing of your personal data.
In case of your personal data have been legitimately processed (by ESB or a third party), but for any reason you require the opposition to the processing, because it could impact your rights and fundamental freedom, you have the right of opposition. You can also oppose to the processing for marketing purposes. In some cases, we could demonstrate to have a right motivation for the processing of your personal data, which may prevail over your rights and freedom.
- The right to ask restrictions to the processing of your personal data
In this way you can ask us to suspend the processing of your personal data in the following situations:
- (a) you want to establish the accuracy of data;
- (b) the use on our part of your data is unlawful but you do not want the deletion of your data;
- (c) you need that ESB maintains your data even though this is not anymore necessary for the Company, but you need it to act or defend in court;
- (d) You oppose to the use of your data but we need these data to establish the existence of legitimate reasons to use them.
- The right to transfer your personal data
Your personal data will be offered to you or to third parties chosen by you in a structured format, legible by common equipment. It should be noted that such a right shall be applied only to automated information previously authorized by you or otherwise used in the field of contractual performances toward you.
- The right to withdraw your consent.
If the consent is necessary to process your personal data, you have the right to withdraw it. However, this will not affect the legitimacy of any elaboration of data carried out before that date. The consent’s withdrawal on your part could prevent ESB to provide you specific products or services. If this is the case, you will be informed at the moment of the withdrawal of the consent.
- The right to propose a complaint to the supervisory authority.
If you wish to exercise the rights above mentioned, please contact us.
Generally, there are no forecast expenditures:
You will not be asked for payments to have access to your personal data (or to exercise our other rights). However, you could provide for the payment of a reasonable amount of money in case of unfounded, reiterated or excessive requests, In these cases we might refuse to fulfil these requests.
What ESB could ask you:
We might ask you for specific information to confirm your identity and guarantee the right of access to your personal data (or the exercise of any other right). It is a security measure to prevent the diffusion of your personal data to not authorized people. We might also contact you for further information about possible reminders.
Timing for the answers:
We try to answer to any request admissible within one month. If your request is particularly difficult or if you submitted several requests, it might be necessary a longer period of time. In this case you will be informed and keep update.
To exercise all the above mentioned rights, you can contact the Controller of the processing as follows:
- Writing to ESB SPA, to the kind attention of the Privacy Responsible, Via Aldo Moro, 33 24050 Zanica, Bergamo (Italy)
- Sending an e-mail to the mailbox firstname.lastname@example.org
- Calling the telephone number +39 035 526944
We have implemented appropriate security measures to prevent the loss, manipulation, alteration or divulgation of your personal data. Moreover, the access to your personal data is limited to employees, agents, suppliers and other third parties with only job purposes. Your personal data will be processed according to our instructions and the confidentiality obligation.
We have implemented some procedures to deal with any possible breach of the personal data, that will be notified to You and any other competent authority, if necessary.