Enervit S.p.A. (Enervit or the Company) wants its relationships with its customers and users to be founded on transparency. Accordingly, it applies this principle when handling personal data.
The website users’ personal data is processed as set out below.
The policy is also based on Recommendation no. 2/2001, adopted by the European personal-data protection authorities on 17 May 2001 at the meeting of the working group established under article 29 of directive no. 95/46/EC. The Recommendation sets out core requirements for collecting personal data online – in particular, the means used, the timescales involved, and the kind of information that data controllers must give to users when they connect to webpages for whatever reason.
- DATA CONTROLLER FOR THE PROCESSING OF PERSONAL DATA
The data controller is Enervit S.p.A., with registered office at Via Achille Papa 30, 20149 Milan, Italy.
Under article 37 of the GDPR, the Company has also appointed a Data Protection Officer (DPO). They can be contacted via email at firstname.lastname@example.org and by post at the above address.
- DATA SUPERVISORS
An internal data supervisor has been appointed along with the external data supervisors with which the data is shared in order to be processed.
For a full list of the data supervisors, email Enervit at email@example.com.
- PLACE OF PROCESSING
Data is processed in association with the web services for this website at the Company headquarters and at the offices of the external companies appointed by Enervit as data supervisors under GDPR article 28.
- TYPE OF DATA PROCESSED
The information systems and software procedures deployed to run this website gather some personal data during their normal operation. These data items are sent to us as an inevitable result of communicating via the internet.
When collecting this information, Enervit does not seek to associate it with identified individuals. By its nature, however, it could potentially be used – by processing it and linking it with data held by third parties – to identify users.
Website-use data includes: the IP addresses or domain names of computers that users use when visiting the website; URI (Uniform Resource Identifier) addresses of the resources requested; the time of the request; the method used to send the request to the server; the size of the file obtained in response; the numeric code for the response status from the server (success, error, etc.); and other parameters about the user’s operating system and computing environment.
This data is used only to obtain anonymous statistical information on use of the website and to ensure that the website is working properly; the data is deleted immediately after being processed. The data could be used to investigate who is responsible for damage to the website in a cybercrime.
Data provided by the user
When a user voluntarily and expressly chooses to send email to the addresses stated on this website, the Company will obtain the sender’s email address, which is necessary in order to reply, and any other personal data included in the message.
Technical information about your computer / mobile device
We obtain information about the IT system or other device that you use to access our websites or apps, such as the IP address used to connect your computer or device to the internet, the operating system, or the type and version of web browser. If you access an Enervit website or app via a mobile device, e.g. a smartphone, the information gathered will also include, where permitted, your device’s unique identifier, advertising ID, geolocation and similar data about it.
Browsing / communication data
When you browse and interact with our websites or newsletter, we use technologies to gather data automatically to obtain certain information about your behaviour. This includes details about the links that you have clicked on, the pages or content that you have viewed and how long for, and similar information and statistics about your interactions, the time you take to respond to the content, any download errors, and how long you spent on certain pages. This information is collected using automated technologies, such as cookies (browser cookies, flash cookies) and web beacons, and via third-party monitoring services.
- PURPOSES AND LAWFUL BASIS OF THE DATA PROCESSING
Further to the remarks about website-use data in section 4, the personal data that users provide via the website is processed for the following purposes:
- to manage the Company’s essential dealings with users, such as – purely by way of example – answering questions received via email, enabling access to private sections of the website, managing newsletter subscriptions, and handling CVs for staff recruitment purposes and other relevant information sent by the user;
- to enable the Company to fulfil its contractual obligations to its customers and users, and vice versa, along with the resulting accounting and tax obligations;
- to enable the Company to comply with its legal and regulatory obligations, with EU law and with measures laid down by legally authorised authorities and by supervisory and regulatory bodies;
- where necessary to establish, exercise or defend a right in a court of law and whenever the judicial authorities exercise their judicial functions;
- to provide information about other products and/or services provided by the Company and/or third-party companies and to send commercial, marketing and advertising content in newsletter form, with your consent;
- to profile users, with their consent, into groups so as to avoid sending general commercial and advertising information to all users indiscriminately. This enables us to segment the user base, by creating groups with different interests, based on their country of origin, language, gender and purchase history, for example. Thus we can send commercial messages that are as relevant and unintrusive as possible, to reduce the likelihood (as far as is possible) of users receiving unwanted messages. Note that consent given for advertising messages includes not only messages sent via automated systems without operator intervention (e.g. email) but also traditional contact methods such as the post. You can always withdraw consent for having your data processed for this purpose or give consent for certain methods only: e.g. to receive advertising by post but not via automated systems;
- for research/statistical purposes based on aggregated or anonymised data, in which users cannot be identified, in order to monitor how the website and its functions operate and to resolve any technical issues.
Some specific services cannot be provided without your personal data; detailed privacy notices are available in the website pages for particular on-demand services.
The lawful basis for processing personal data for the purposes in point a) is to provide a service or respond to a request; by law, the user’s consent is not required.
For purposes b)–d), the data must be processed to pursue the Company’s legitimate interests.
For purposes e) and f), the user’s data is processed only with their express consent, given by signing the relevant summary information notices, which will be provided or displayed on the webpages provided for particular on-demand services. No personal data is processed for purpose g).
- CONSENT TO DATA PROCESSING
Except as stated for the website-use data, users are free to provide their personal data and to consent to the types of processing stated in the specific privacy notices.
- THIRD-PARTY ADVERTISING AND LINKS TO OTHER WEBSITES
The Company website may include third-party advertising messages and links to other websites and apps selling products and services. Our third-party advertising partners may gather information about you when you interact with their content, adverts or services.
- HOW WE PROCESS YOUR DATA AND HOW LONG WE KEEP IT
Your personal data is processed with automated tools for as long as is strictly necessary for the purposes for which it was collected and in line with Enervit’s Data Retention policy.
We apply dedicated security measures to prevent data loss, unlawful or improper use, and unauthorised access attempts.
- YOUR RIGHTS
You have the right at any time to be told whether or not we hold data about you, to know what it contains and where it came from, to check if it is correct, and to ask for it to be added to, updated or corrected under GDPR articles 15 et seq.
Under those articles, you are also entitled to have data deleted, anonymised or frozen if it has been processed unlawfully. In any event, you can also object for legitimate reasons to your data being processed.
To exercise your rights, email us at firstname.lastname@example.org.
- TRANSFERRING DATA WITHIN THE GROUP
To comply with specific legal obligations or for reasons strictly instrumental to the execution of the contract, your personal data may be shared with other companies in our group. If your data is sent outside the EU, then your rights will be safeguarded and protected to the same extent as under the GDPR.