Foreword
E-Plato S.r.l., with its registered office in Fiorenzuola D’Arda (PC), Corso Garibaldi no. 111, 29017, registered with the Companies’ Register of Piacenza, under no. 194664, VAT and Tax Code no. 01830500334, provides this information notice pursuant to Regulation (EU) 2016/679 (hereinafter, the “GDPR“) as well as to Legislative Decree no.196/2003, as subsequently amended by Legislative Decree no. 101/2018 (hereinafter, the “Privacy Code“), in order todescribe the methods for processing the data of users (hereinafter, the “Data Subjects“) who access the website https://e-plato.com (hereinafter, the “Site“) by means of personal computers, mobile devices or other types of electronictools.
Data controller
The data controller is E-Plato S.r.l., with registered office in Fiorenzuola D’Arda (PC), Corso Garibaldi n. 111, 29017(hereinafter, the “Data Controller“), whom Data Subjects may contact in order to exercise the rights guaranteed to them by the GDPR as well as by the Privacy Code at the following e-mail address: info@e-plato.it.
Object of processing
Personal and contact data collected from Data Subjects, such as, but not limited to: name, surname, company name, e-mail address, telephone number, as well as documents, files and archives; and any information provided voluntarily bythe user, shall be processed.
Legal basis and purpose of processing
The Controller shall process the data of the Data Subjects for the following purposes:
- provide feedback, manage and execute contact requests addressed to the Controller. The provision ofsuch data is necessary for the execution of pre-contractual measures taken at the request of the Data Subjects (Art. 6, par. 1, lett. b GDPR) and failure to provide such data means that the Controller cannotexecute them;
- use of, or provision of the service, as well as fulfilment of obligations of a contractual nature arisingfrom the existing relationship between the Interested Parties and the The provision of such data is necessary for the performance of contracts to which the Data Subjects are party (art. 6, par. 1, lett. bGDPR) and failure to provide such data will result in the impossibility for the Data Controller to execute suchcontracts;
- fulfilling obligations arising from tax and accounting regulations, or any further applicable regulatory obligations. The provision of such data is necessary for the fulfilment of legal obligations to which the DataController is subject (Art. 6(1)(c) GDPR);
- customise the personal area of Data Subjects in the course of the provision of services (Art. 6(1)(b)GDPR), proposing possible updates to ensure greater convenience for Data
- Technical cookies
A cookie is a short text string stored on the computer of the Data Subjects when accessing a website. The Data Controlleruses cookies on the Site in order to provide Data Subjects with a better and safer browsing experience, and therefore, on thelegal basis represented by the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR).
The Controller makes use of the technical cookies shown in the following summary table:
Name |
Type |
Duration |
Use |
_ga |
Analytics |
2 years |
Used to distinguish users. |
|
|
|
|
|
|
|
|
Treatment modes
The processing of the Data Subjects’ personal data will be carried out by the Data Controller using electronic instruments and/or paper media, in accordance with the principles of lawfulness, fairness and transparency of processing (Art. 5(1)(a) GDPR), as well as suitable technical and organisational measures to ensure an adequate levelof security (Art. 32 GDPR).
Personal data retention period
The personal data of the Data Subjects will be kept by the Controller for the period of time necessary to fulfilthe purposes for which such personal data were provided and/or acquired. When the personal data of the Data Subjects are no longer necessary for the aforesaid purposes, the Controller shall delete or anonymize them in such a way that the personal data cannot be associated with the Data Subject who provided them or from whom they were acquired. If personal data are provided by Data Subjects in the form of a recorded communication, by telephone, electronically, in person or otherwise, such data will be retained in accordance with applicable local law for a period of 10 yearsafter the conclusion of the business relationship with the Controller. Where Data Subjects have opted out of receivingmarketing communications, the Controller will keep the relevant email address on a specific opt-out list in order torespect Data Subjects’ opt-out from receiving such communications.
Recipients of personal data
The personal data of the Data Subjects, in the context of the processing carried out for the purposes indicated in paragraph 3 of this notice, will not be disseminated or transferred outside the European Economic Area (hereinafter,’EEA‘). Such personal data may be shared with:
- employees of the Controller’s business functions, authorised in advance for this purpose and trained insuch a way as to ensure that the processing of the Data Subjects’ personal data complies with the GDPR;
- third parties acting as data processors (Art. 28 GDPR) such as, by way of example: (i) individuals, companies or professional firms providing consultancy services (e.g. accounting, tax, legal, administrative) to theData Controller; (ii) banks and credit institutions; (iii) public authorities and bodies with respect to which the sharing of the personal data of Data Subjects is mandatory by virtue of legislative or regulatory provisions;and
- any other third party with respect to whom the sharing of personal data has been authorised in advance by the Data Subjects.
The Data Controller requires that external parties handling and processing personal data recognise the confidentiality of such data, undertake to respect the right to privacy of any individual, and operate in accordance with applicable dataprotection regulations and this Privacy Policy.
Rights of Interested Parties
Data Subjects will be entitled to exercise the rights guaranteed to them by Articles 15-22 of the GDPR: in particular, they may at any time request from the Controller (i) access to their personal data; (ii) if they consider them to beinaccurate, rectification, integration, restriction or erasure of their personal data; and (iii) portability of their personaldata, in a format suitable for that purpose. At any time, Data Subjects may revoke any consent given to the processing, without prejudice to the lawfulness of the processing carried out on the basis of the consent previously given.
Changes to the Privacy Policy
E-Plato reserves the right to make changes to this Privacy Policy at any time to reflect changes in our business processes or applicable laws. We encourage you to periodically review this Privacy Policy to stay informed about how we processyour personal data.
Right to complain
If the Data Subjects consider that the processing of their personal data by the Data Controller is in breach of their rights under the GDPR or the Privacy Code, they shall have the right to lodge a complaint pursuant to Art. 77 GDPR to the Garante per la Protezione dei Dati Personali, with registered office in Rome (RM), Piazza Venezia n. 11, 00187 (https://www.garanteprivacy.it/home), or to take legal action pursuant to Art. 79 GDPR.
Contact
For any questions, requests or clarifications regarding this Privacy Policy, Data Subjects may contact E-Plato at the followinge-mail address: info@e-plato.it