This policy describes the procedures applied by ESGeo S.r.l. (hereafter “ESGeo” or the “Data Controller”) in relation to the processing of personal data collected through the web site www.esgeo.eu (hereafter referred to simply as the “Site”).
Unless otherwise specified, this policy shall also serve as notice – under art. 13 of EU Regulation no. 2016/679 (hereafter referred to as the “GDPR”) – provided to anyone who interacts with the Site (hereafter the “User”).
Detailed information on personal data processing is, where necessary, provided on the pages regarding individual services offered through the Site. This information is intended to state the limitations on and methods of personal data processing involved in each service, on the basis of which the User may freely give consent, where necessary, and authorise any collection and processing of data that may be required.
Data Controller. Data Processors
The Data Controller is ESGeo S.r.l. of Via Caldera, 21 – 20153, Milan, phone +39 02 89075129.
An up-to-date list of data processors, if any, is available in the Data Controller’s offices.
Types of data processed
The Site may be used to collect and process:
- browsing data;
- personal data supplied voluntarily by Users through contact forms in the Site.
Cookies are small text files which the web sites a user visits send to the user’s terminal, where they are memorised in order to be sent back to the site on the next visit. Cookies allow sites to work properly and efficiently to improve the user’s experience, allowing sites to store information in the memory of the user’s computer or other device.
The Site uses technical cookies. These cookies are technical in nature and do not require the User’s prior consent for installation and use.
The Site also uses third-party profiling cookies. The User is assumed to consent to use of these cookies whenever he or she clicks on the “Accept” button in the banner on the homepage. The User may, however, revoke consent for installation of these cookies at a subsequent time.
The cookies used in the Site are of the following sub-types:
- browsing or session cookies, which permit ordinary browsing and use of the Site and anonymously collect information on how users use the Site and how many visitors the Site has, where they come from, and the other sites they have visited. As they are not stored on the user’s computer, these cookies disappear when the browser is closed;
- analytic cookies, such as, for example, those used by Google Analytics to collect and analyse statistical information through computers and other devices on the number of Site users, or the number of clicks on the page while browsing, sites Users come from or pages they have visited;
- social widgets and plugins: a number of widgets and plugins provided by social networks may use their own cookies to facilitate interaction with the web site;
- profiling cookies, which are used to collect information on the preferences and habits expressed by the User while browsing and therefore make advertisements supplied by third parties more interesting and better tailored to the user.
Purposes and legal basis of data processing
Personal data collected through the Site will be processed:
- for responding to the User’s requests for information;
- for sending commercial information on products and services by e-mail, text message, mixed media message, fax or another similar method and/or through the postal service or by telephone.
Personal data processing for the purposes listed under point a) does not require the User’s consent, as this form of processing is necessary to respond to the data subject’s specific requests under art. 6, paragraph 1, letter b) of the GDPR. Processing of personal data for the purposes listed under point b) requires the User’s consent under art. 6, paragraph 1, letter a) of the GDPR.
Supplying data and consequences of failure to supply it
Providing personal data for the purposes listed above is optional, and the sole consequence of failure to provide it will be that it will be impossible for the Data Controller to respond to and fulfill the data subject’s requests or send commercial information on products and services.
Recipients and categories of recipients
Personal data may be made accessible to, brought to the knowledge of, or disclosed to the following parties, who will be appointed by the data controller or data processor, as appropriate:
- companies in the same group as the Data Controller (subsidiaries and affiliates), employees and/or assistants of any kind of the Data Controller and/or companies in the same group as the Data Controller;
- public or private entities, physical persons or corporate entities whose services the Data Controller uses in performing tasks instrumental to the achievement of the above purposes, or to whom the Data Controller is required to disclose personal data under obligations of the law or contracts in effect.
Personal data will not be disseminated under any circumstances.
Personal data will be stored for a maximum of 24 months following the date on which they are recorded, as a rule, for the purposes stated above; in the event that ESGeo should have a legitimate interest storing the data for a longer time period, ESGeo will provide an additional notice.
Right to data access, erasure, restriction and portability
Data subjects enjoy the rights identified in points 15 through 20 of the GDPR. By way of example, as a data subject, you have the right to:
- obtain confirmation of whether or not personal data concerning you is being processed;
- where personal data concerning you is being processed, obtain access to your personal data, information on how it is being processed, and a copy of your personal data;
- obtain rectification of incorrect personal data and integration of incomplete personal data;
- obtain erasure of your personal data in the presence of one of the conditions listed under art. 17 of the GDPR;
- obtain restriction of processing in the cases envisaged in art. 18 of the GDPR;
- eceive personal data on you in an organised format which is in widespread use and legible on an automated device, and request its transmission to another data controller, if technically feasible.
Right to revoke consent
Every data subject is entitled to object to processing of his or her personal data for the pursuit of the Data Controller’s legitimate interests at any time. In the event of opposition, the User’s personal data will no longer be processed, unless there are legitimate reasons for proceeding with processing which prevail over the data subject’s interests, rights and freedom, or for the investigation, exercise or defence of a right in court.
If consent is required for processing of personal data, each data subject may also revoke the consent already given at any time without affecting the lawfulness of data processing with consent prior to the revocation. Consent may be revoked by sending an email to firstname.lastname@example.org.
Right to objection and revocation of consent for data processing for marketing purposes
With reference to personal data processing for the purposes listed under point b), each data subject may revoke their consent, if given, or object to processing of data by sending an email to email@example.com. Objection to processing by this method also extends to the sending of marketing information by post or via telephone calls, and users may exercise this right in part, for example, by objecting to data processing using automated communication systems only.
Right to make a complaint to the Data Protection Commission
Data subjects may, moreover, make a complaint to the Data Protection Commission if they believe their rights under the GDPR have been infringed, by the methods specified on the Data Protection Commission’s web site at: https://www.garanteprivacy.it.