Ernestomeda S.p.A. operates in compliance with the General Data Protection Regulation (EU) 2016/679. We appreciate that privacy is an important consideration to users and visitors of the Ernestomeda website www.ernestomeda.com and the relative subdomains. The information which follows is designed to help visitors to understand which data are collected and how data are subsequently managed and used.
Pursuant to Regulation (EU) 2016/679 (hereinafter "GDPR"), below Ernestomeda S.p.A. (“Company” or the “Data Controller") provides the general guidelines regarding the processing of your personal data when you access the www.ernestomeda.com website (“Website”) or use its services.
The Data Controller is Ernestomeda S.p.A., with registered office at Montelabbate (PU), Via dell’Economia 2/8 postcode 61025, Italy, which can be contacted via email at firstname.lastname@example.org
The Company has designated a Data Protection Officer, who can be contacted via email at email@example.com
Pursuant to Data Protection Regulations, the Data Controller processes the following personal data contributed by you (your “Personal Data”) when you navigate the Website:
These navigation data are necessary for the use of web services, and are also processed in order to:
• obtain statistical information concerning the use of the services (most visited pages, number of visitors by time band or per day, geographical area of origin, etc.);
• check that the services offered are operating correctly.
The Data Controller processes your Personal Data for clearly defined processes and only if there is a specific legal basis for the said processing under the relevant privacy and personal data protection legislation.
The list which follows covers all the types of processing performed by the Company to enable it to use digital channels, and to enable the Data Controller to guarantee their correct operation and the compliance of data processing.
The Data Controller processes your Personal Data for the following purposes and with the following legal bases:
a) operation of digital channels, delivery of the relative services and monitoring of their correct operation:
legal basis: fulfilment of a contract to which you are a party (art. 6, comma 1, point b) GDPR);
b) Direct marketing - Dispatch of marketing communications via newsletters:
legal basis: your optional, freely given consent, which may be withdrawn at any time (art. 6, comma 1, point a) GDPR);
c) Prevention and prosecution of fraud/deception/fraudulent activity undertaken via the website:
legal basis: legitimate interest of the Data Controller (see art. 6, comma 1, point f) GDPR);
d) verification, exercise or defence of a right of the Data Controller during judicial proceedings;
legal basis: legitimate interest of the Data Controller (see art. 6, comma 1, point f) GDPR)
The contribution of your data is compulsory for the service purposes referred to in subpoints a), c) and d) of point 4 above. If you refuse to provide these data, you will be unable to use the Company’s services via the Website.
The contribution of your data is optional for the marketing purposes referred to in subpoint b) of point 4 above. If you refuse to provide your data, you will be unable to receive any marketing communications regarding the Data Controller’s products, projects and/or services.
You may unsubscribe from any service to which you have subscribed at any time by writing to firstname.lastname@example.org
Withdrawal of consent does not prejudice the lawfulness of the consent-based processing prior to the withdrawal.
For the purposes referred to in point 4), the Data Controller may disclose your personal data to third parties, such as the following entities or categories of entities:
- police forces, armed forces and other public authorities for fulfilment of the obligations envisaged by the law, regulations or Community directives. In this case, under the relevant data protection law, there is no obligation to obtain the data subject’s prior consent to any such disclosure;
- companies, organisations or associations, or controlling, controlled or associated enterprises as defined by article 2359 of the Italian Civil Code, or between them and subsidiaries of the same parent, and between consortia, networks of enterprises and temporary groups and combines of enterprises and with their member entities, with regard only to communications made for administrative and/or accounting purposes;
specialist marketing companies;
- other companies under contract to the Data Controller, providing consulting, service provision support, etc., formally designated as Data Processors pursuant to art. 28 of the GDPR.
- data controller’s sales force
The Data Controller guarantees that the greatest care will be taken to ensure that the disclosure of personal data concerning you to the aforesaid recipients only relates to the data necessary for the achievement of the specific purposes for which they are intended.
Your personal data are stored in the Data Controller’s databases and will only be processed by authorised staff. They will receive specific instructions regarding the procedures and purposes of the processing. Moreover, these data will not be disclosed to third parties except as described above, and in all cases within the stated limits.
To conclude, kindly remember that your personal data will not be disseminated.
The processing of personal data concerning you, under the provisions of art. 4 of the GDPR, may comprise the following activities (“Treatment”): collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, any other form of provision, comparison or interconnection, restriction, erasure or destruction of the data.
Moreover, your Personal Data:
Your Personal Data may be processed with the aid of paper media and automated, IT or telematic tools, with organisational procedures and methods strictly correlated to the stated purposes.
The Data Controller uses the most appropriate technological and security measures (electronic, IT, physical, organisational and procedural) to guarantee the security and confidentiality of the data processed. These measures include the maintenance of a secure data storage and processing system using encryption, hacking detection and preventive and protective software.
You must be aware and realise that the communication of personal data via Internet sites involves risks of the disclosure of these data, and that no system is totally secure or immune to tampering and/or hacking.
In the event that your personal data are internationally transferred outside the EU, on every occasion the Data Controller will adopt all appropriate, necessary contractual measures to guarantee an adequate level of protection of your personal data in accordance with the provisions of this policy, including the Standard Contract Clauses approved by the European Commission.
Data will be stored for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed, in accordance with legal obligations.
During their normal operation, the IT systems and software procedures which operate this website acquire some personal data the transmission of which is implicit in the use of Internet communications protocols. These data are not collected for association with identified data subjects, but by their very nature, when processed or associated with data held by third parties, they might allow users to be identified. This category of data includes IP addresses or domain names of the PC's used by users who connect to the site, as well as Uniform Resource Identifiers of the requested resources, the time of the request, the method utilized in presenting a request to the server, the size of the file obtained in response, the numerical code specifying the state of the response provided by the server (positive outcome, error, etc..) and other parameters concerning the operating system and the IT environment of the user.
The optional, explicit, voluntary dispatch of email to the addresses provided on this site, and/or the compilation of data collection forms, leads to the subsequent acquisition of the sender’s address, necessary in order to reply to the enquiry, and any other personal data included in the message.
In the relevant circumstances, data subjects have the right to obtain from the Data Controller access to their personal data and rectification or erasure thereof or the restriction of the processing of data concerning them, or to object to their being processed (art. 15 and following articles of the Regulation). Application may be made to the Data Controller via email to: email@example.com
The Data Controller may amend this policy at any time. Users of this website are advised to visit this privacy document again for information regarding new privacy practices or changes to the Data Controller’s policy.