EOS Consulting S.p.A. (hereinafter only the “Data Controller“), in its capacity as data controller pursuant to the Italian legislation applicable pro tempore on the protection of personal data and EU Regulation 679/2016- General Data Protection Regulation (“GDPR”), protects the confidentiality of Personal Data and guarantees the appropriate and effective technical and organisational measures taking into account the nature, scope, context and purposes of the processing, as well as the risk to the rights and freedoms of individuals.
Identity of the data controller and contact details: EOS Consulting S.p.A., with registered office in Rome – 00144 V.le dell’Aeronautica, email@example.com, www.eosconsulting.com, +39 06 87810620.
Il Titolare ti informa che il trattamento dei tuoi dati personali sarà improntato ai principi di liceità, correttezza, trasparenza, limitazione delle finalità e della conservazione, minimizzazione dei dati, esattezza, integrità e riservatezza. I tuoi dati personali verranno pertanto trattati in accordo alle disposizioni legislative della normativa applicabile e degli obblighi di riservatezza ivi previsti.
In the light of the applicable legislation, the Data Controller of the Site is the Company EOS Consulting S.p.A. as defined above.
“Personal Data” means any information concerning an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more features of his/her physical, physiological, mental, economic, cultural or social identity.
The personal data collected by the Site are as follows:
1. Navigation data
The Site’s computer systems collect certain personal data, the transmission of which is implicit in the use of Internet communication protocols. The data collected, however, do not allow the person concerned to be identified, as they are aggregate data for statistical and visit analysis purposes only (geographical location, type of device accessed, time spent on individual pages, etc.). Under no circumstances will this data be cross-referenced with other data for the purpose of identifying individual users.
2. Data provided voluntarily
Through the Site you have the opportunity to voluntarily provide personal data such as your name, e-mail address or mobile phone number to subscribe to the newsletter service, to contact the Controller through the “Contact” form. The Controller shall process this data in compliance with the applicable legislation, assuming that it relates to you or to third parties who have expressly authorised you to provide it on the basis of a suitable legal basis legitimising the processing of the data in question. With respect to such hypotheses, you act as autonomous data controller, assuming all the obligations and responsibilities of law. In this sense, you grant the widest indemnity on this point with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by the Data Controller from third parties whose personal data have been processed through your use of the Site in violation of the applicable legislation.
The personal data you provide through the Site will be processed by the Data Controller for the following purposes: 1. use of personal data and contact details, both through traditional and electronic means of communication (e.g. newsletters, sms, mail, telephone contacts,) carried out for informative, cognitive, and promotional communications regarding the activities of the Data Controller; 2. purposes of statistical research/analysis on aggregate or anonymous data, without therefore the possibility of identifying the user, aimed at measuring the functioning of the Site, measuring traffic and assessing usability and interest; 3. purposes relating to the fulfilment of a legal obligation to which the Controller is subject; 4. purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their jurisdictional functions.
The legal basis for the processing of personal data for the purposes described in point 1 may be the consent expressed by the data subject. The purpose in point 2 does not involve the processing of personal data, whereas the purposes in points 3) and 4) are legitimate processing of personal data within the meaning of the applicable legislation since, once the personal data has been provided, the processing is indeed necessary to fulfil a legal obligation to which the Controller is subject or to exercise its right of defence in court. Providing your personal data for the purposes listed above is optional, but failure to do so may make it impossible to fulfil a request you have made or to comply with a legal obligation to which the Controller may be subject.
In addition to the subjects that may already be mentioned in the description of the purposes of processing, personal data may be communicated to the following categories of natural or legal persons, as subjects involved in the processing, or as subjects whose knowledge of the data is required for the pursuit of the purposes indicated, or as Authorities to the reasoned requests for which a reply is obligatory. These subjects will process the data in their capacity as autonomous Data Controllers: 1. subjects necessary for the provision of the services offered by the Site including, by way of example, the sending of e-mails and the analysis of the operation of the Site who typically act as Data Controllers of the Data Controller; 2. persons authorised by the Data Controller to process personal data who have committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. collaborators of the Data Controller); 3. judicial authorities in the exercise of their functions when required by applicable legislation.
Processing and storage in hard copy, computerised and telematic archives may take place at the Data Controller’s offices or in any other place where the parties involved in the processing are located. Data processed with the help of platforms, virtual spaces or applications developed for example by suppliers operating on an international scale (e.g. Google, Microsoft, Dropbox) or by suppliers operating in any case outside the Italian Republic, may also be stored at the offices of the latter, even outside the territory of the European Union.
Should it be necessary or appropriate to transfer the data to subjects located in a third country or to an international organisation, such transfers will be carried out: 1) In compliance with the adequacy decisions; 2) In compliance with the applicable adequate guarantees; 3) In compliance with the binding corporate regulations, if any.
Personal data shall be retained as long as necessary in relation to the legitimate purposes for which they were collected, unless a willingness to remove them is expressed, and subject in this case to the needs of the Data Controller in relation to those data whose processing or retention is required by legal obligations or specific interests, or cases where removal of the content is not possible or involves a disproportionate effort for the Data Controller.
In particular, the maximum retention time is identified with the following criteria: 1) End of the pre-contractual or contractual relationship, and of the subsequent period in which effects/obligations/fulfilments are possible that presuppose the proper retention of the Data. 2) End of the period within which it may be necessary for the Data Controller to fulfil a legal obligation; 3) End of the period within which the Data Controller may pursue its own legitimate interest. This is without prejudice to the obligation of the Data Controller itself to provide information to the Data Subject in the event of a request.
In order to ensure the correct and transparent processing of personal data, the Data Controller guarantees the Data Subject, following communication to the above-mentioned addresses and according to what is within its possibilities, to exercise
1) The right to obtain confirmation of the existence or otherwise of personal data concerning him/her, even if not yet registered, and its communication in intelligible form;
2) The right of the Data Subject to request from the Data Controller access to the personal data concerning him/her
3) The right to obtain from the Controller the rectification of inaccurate personal data concerning him/her without undue delay
4) The right to obtain from the data controller the erasure of personal data concerning him/her without undue delay, if the data are no longer necessary for the purposes of the processing or if the processing is alleged to be unlawful, provided that the conditions laid down by law are met and, in any case, unless the processing is not justified by another, equally legitimate reason
5) The right to obtain from the data controller, where its accuracy is contested, the restriction of the processing for the period necessary for the data controller to carry out the appropriate checks
6) The right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her and the right to have such data transmitted to another Data Controller without hindrance by the Data Controller to whom he/she has provided them, in the cases provided for in Article 20 of the GDPR, and the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible and involving a non-disproportionate effort
7) The right to withdraw consent to the processing of one’s personal data previously given, (where the processing is based on Article 6(1)(a) or Article 9(2)(a)) at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation and except where the processing is lawful on other legal grounds or conditions
8) The right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f), including profiling on the basis of those provisions. In such a case, the Data Controller shall refrain from further processing the personal data unless it can demonstrate the existence of legitimate grounds for processing which override the interests, rights and freedoms of the Data Subject, or the need to continue processing in order to allow the establishment, exercise or defence of legal claims.
9) The right to lodge a complaint with a supervisory authority, whose contact details can be found at www.garanteprivacy.it.
Requests should be addressed by e-mail firstname.lastname@example.org: