The data controller is the Company, with registered office and address for service at Via Achille Papa 30, 20149 Milan, Italy, in the person of its acting legal representative (the Data Controller).
You can contact the Data Controller via email at firstname.lastname@example.org or by post at the above address.
The Data Controller may appoint internal or external data supervisors (the Data Supervisors) and appointed people with the authority to process data (the Appointed People). A full up-to-date list of the Data Supervisors and Appointed People is available from the Data Controller at the above addresses.
Under article 37 of the GDPR, the Company has also appointed a Data Protection Officer (DPO), who can be contacted via email at email@example.com and by post at the above address.
In providing its services, the Company obtains your personal data directly from you. In particular, the Company processes the following kinds of non-sensitive personal data:
The Company processes your personal data specifically in order to provide services for the following purposes:
Based on this type of information and with your consent, we show you content or specific promotions from Enervit based on your interests. This use of your personal data is voluntary; therefore, you may object to having your data processed for these purposes.
The lawful bases for processing users’ personal data for the above purposes include:
You must provide the personal data that the Company needs to execute its contractual (section 3, letters a)–c)) or legal obligations (section 3, point d)) regarding the services, so no specific consent is needed to that end under GDPR article 7. Nor is consent required about data processed in the Data Controller’s legitimate interest (section 3, point g)). In these scenarios, if you do not provide your personal data or if you do not let us process it, then we shall be unable to enter into a contract with you, and you will be unable to receive our services.
In other scenarios, you will be asked for consent for the Company to use your personal data (section 3, points d)–f)). You do not have to provide your personal data for those purposes, so if you do not do so or if you do not let us process it, then the Company will still be able to enter into a contract with you. The Company and the other companies in Enervit group and any third-party companies will not, however, be able to update you about events, new product/service presentations, promotions, etc., nor will you be able to receive invitations, advertising, information or other publications that might interest you.
Your personal data may also be used, with no need for your prior consent, if it comes from public registers, lists, records or documents accessible to anyone and, in any event, if the data is processed (not including dissemination) to assert or defend the Company’s rights in a court of law.
Your personal data is processed by people with the necessary training in personal data processing. They may be employees, contract staff or external consultants specifically appointed by the Data Controller as Data Supervisors or Appointed People within the context of their respective roles. Your personal data is also processed using electronic, automated, telematic and digital means and, in any event, for reasons strictly related to the above purposes, in order to keep the personal data confidential and secure. The Company processes data lawfully, transparently, meticulously and proportionately, with honesty and integrity, only where the processing is relevant to and necessary for the purposes involved, while safeguarding your privacy and your rights.
We shall keep your personal data for the period of time permitted by law or by regulations, where applicable, and in any event for no longer than is strictly necessary for the purposes involved and in line with Enervit’s Data Retention policy. Your personal data will be processed and kept in electronic storage systems at the Company headquarters and at the offices of the professionals and/or service companies to which your personal data is sent for the above purposes and in line with our supplier/consultancy agreements with them.
To comply with specific legal obligations or for reasons strictly instrumental to the execution of the contract with the Company, your personal data gathered in the process of supplying the service may be shared for the above purposes with the following recipients:
The service suppliers are external companies that we use to help run our business (for order fulfilment, payment processing, fraud monitoring, identity verification, credit recovery, developing or operating our website, support services, promotions, data analysis, customer services, etc.). The service suppliers and their appointed personnel may access and use your personal data only on our behalf and in line with our instructions. These recipients are obliged to keep your personal data confidential and secure.
To comply with specific legal obligations or for reasons strictly instrumental to the execution of the contract, your personal data may be shared with other companies in our group. If your data is sent outside the EU, then your rights will be safeguarded and protected to the same extent as under the GDPR.
You may exercise your rights regarding your data under GDPR article 15 at any time, i.e.:
You can exercise the above rights by contacting the Data Controller informally via email at firstname.lastname@example.org or by post at Via Achille Papa 30, 20149 Milan, Italy.
Enervit S.p.A. (Enervit or the Company) wants its relationships with its customers and users to be founded on transparency. Accordingly, it applies this principle when handling personal data.
The website users’ personal data is processed as set out below.
The policy is also based on Recommendation no. 2/2001, adopted by the European personal-data protection authorities on 17 May 2001 at the meeting of the working group established under article 29 of directive no. 95/46/EC. The Recommendation sets out core requirements for collecting personal data online – in particular, the means used, the timescales involved, and the kind of information that data controllers must give to users when they connect to webpages for whatever reason.
The data controller is Enervit S.p.A., with registered office at Via Achille Papa 30, 20149 Milan, Italy.
Under article 37 of the GDPR, the Company has also appointed a Data Protection Officer (DPO). They can be contacted via email at email@example.com and by post at the above address.
An internal data supervisor has been appointed along with the external data supervisors with which the data is shared in order to be processed.
For a full list of the data supervisors, email Enervit at firstname.lastname@example.org.
Data is processed in association with the web services for this website at the Company headquarters and at the offices of the external companies appointed by Enervit as data supervisors under GDPR article 28.
The information systems and software procedures deployed to run this website gather some personal data during their normal operation. These data items are sent to us as an inevitable result of communicating via the internet.
When collecting this information, Enervit does not seek to associate it with identified individuals. By its nature, however, it could potentially be used – by processing it and linking it with data held by third parties – to identify users.
Website-use data includes: the IP addresses or domain names of computers that users use when visiting the website; URI (Uniform Resource Identifier) addresses of the resources requested; the time of the request; the method used to send the request to the server; the size of the file obtained in response; the numeric code for the response status from the server (success, error, etc.); and other parameters about the user’s operating system and computing environment.
This data is used only to obtain anonymous statistical information on use of the website and to ensure that the website is working properly; the data is deleted immediately after being processed. The data could be used to investigate who is responsible for damage to the website in a cybercrime.
Data provided by the user
When a user voluntarily and expressly chooses to send email to the addresses stated on this website, the Company will obtain the sender’s email address, which is necessary in order to reply, and any other personal data included in the message.
Technical information about your computer / mobile device
We obtain information about the IT system or other device that you use to access our websites or apps, such as the IP address used to connect your computer or device to the internet, the operating system, or the type and version of web browser. If you access an Enervit website or app via a mobile device, e.g. a smartphone, the information gathered will also include, where permitted, your device’s unique identifier, advertising ID, geolocation and similar data about it.
Browsing / communication data
When you browse and interact with our websites or newsletter, we use technologies to gather data automatically to obtain certain information about your behaviour. This includes details about the links that you have clicked on, the pages or content that you have viewed and how long for, and similar information and statistics about your interactions, the time you take to respond to the content, any download errors, and how long you spent on certain pages. This information is collected using automated technologies, such as cookies (browser cookies, flash cookies) and web beacons, and via third-party monitoring services.
Further to the remarks about website-use data in section 4, the personal data that users provide via the website is processed for the following purposes:
Some specific services cannot be provided without your personal data; detailed privacy notices are available in the website pages for particular on-demand services.
The lawful basis for processing personal data for the purposes in point a) is to provide a service or respond to a request; by law, the user’s consent is not required.
For purposes b)–d), the data must be processed to pursue the Company’s legitimate interests.
For purposes e) and f), the user’s data is processed only with their express consent, given by signing the relevant summary information notices, which will be provided or displayed on the webpages provided for particular on-demand services. No personal data is processed for purpose g).
Except as stated for the website-use data, users are free to provide their personal data and to consent to the types of processing stated in the specific privacy notices.
The Company website may include third-party advertising messages and links to other websites and apps selling products and services. Our third-party advertising partners may gather information about you when you interact with their content, adverts or services.
Your personal data is processed with automated tools for as long as is strictly necessary for the purposes for which it was collected and in line with Enervit’s Data Retention policy.
We apply dedicated security measures to prevent data loss, unlawful or improper use, and unauthorised access attempts.
You have the right at any time to be told whether or not we hold data about you, to know what it contains and where it came from, to check if it is correct, and to ask for it to be added to, updated or corrected under GDPR articles 15 et seq.
Under those articles, you are also entitled to have data deleted, anonymised or frozen if it has been processed unlawfully. In any event, you can also object for legitimate reasons to your data being processed.
To exercise your rights, email us at email@example.com.
Sede legale: Viale Achille Papa, 30 – 20149 Milano - Capitale versato: €4.628.000 - P.IVA: 02375690134 - REA MILANO 1569150
©Enervit 2012-2019, All rights reserved. Engineered by Mind The Value