ESB
Privacy Policy
Pursuant to Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, and pursuant to art. 13 of the EU Regulation n. 679/2016 («GDPR»).
| DATA CONTROLLER | Sitael S.p.A. Via San Sabino n. 21 Mola di Bari, 70042 Italy +39 080 53 21 796 info@sitael.com |
| DATA PROTECTION OFFICER «DPO» | Marco Di Gioia Via San Sabino, 21, Mola di Bari (BA) – Italy +39 080 53 21 796 dpo@sitael.com |
| PERSONAL DATA PROCESSED |
| 1. Processed personal data for website functional purposes During their normal operations, computer systems and procedures involved in the functioning of this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected with the aim of identifying users: however, this information could allow user identification through processing and association with data held by Sitael or third parties because of its nature. This category of data includes also IP addresses or computers and terminals domain names used by users who connect to the website, URI / URL addresses of requested resources, the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply and other parameters related to the operating system and the users.
2. Personal data provided by the user The optional, explicit and voluntary transmission of personal data – as requested by various sections of this website– is aimed at processing the user’s requests (e.g., filling in the newsletter subscription or sending requests to the e-mail addresses collected) and implicate the addresser’s personal data acquisition necessary to respond, as well as all the data included in the communications. Specific information will be reported in the Website pages prepared for the services on request, in such a way to draw the users’ attention to their personal data processing. 3. Cookies The website uses cookies in order to ensure website normal navigation and use and to improve the users browsing experience. For further information about the use of cookies, please note the full disclosure at the following address esb.bike/cookie-policy. |
| PURPOSE OF PROCESSING
| LEGAL BASIS FOR PROCESSING | DATA RETENTION PERIOD |
| Functioning of the website Personal data collected during navigation are used to obtain anonymous and statistical information on the website use and to check its correct functioning. | Processing brought about for this purpose is based on a legitimate interest of the Data Controller in the correct website management. | For the period for which this is strictly necessary in order to obtain valid statistical information and effectively check the website correct functioning. |
| Commercial and informative communications transfer Personal data provided directly by the user are used in order to process the user’s requests (e.g. Newsletter or contact request). | Processing brought about for this purpose is carried out with the specific consent provided by the user.
| Until the user has revoked the consent given. |
| Contractual purposes Data provided directly by the user are used in order to prepare and execute contracts with users. | Processing used for this purpose is based on the execution of a contract to which the user is a party. | 10 years from the contract termination.
|
| NATURE OF THE PROVISION OF THE DATA |
| Navigation data are necessary to implement IT and electronic protocols. Data indicated as mandatory (e.g. name, surname, e-mail address) in the registration form are required in order to provide the services offered (e.g. newsletter, messages and DEMO booking); the decision not to provide them will not allow the Company to provide the service requested by the user. Some of the data required in order to book a demo are optional (e.g. telephone number, Company name, country). |
| DATA RECIPIENTS |
| We inform you that your data may be made accessible for the aforementioned purposes at: • Data Controller’s employees and collaborators, expressly instructed and authorized for processing; • Service providers who carry out outsourced activities on behalf of the Data Controller (e.g. Website management, Newsletter sending management), in the capacity of Data Processors, within the limits of the purposes indicated in this statement. The Data Processors list can be requested through a specific request to our DPO. |
| METHOD OF PROCESSING |
| Personal data processing provided by the user is accomplished by means of the operations indicated in art. 4, n. 2) of the GDPR, by personnel expressly authorized to process it and appropriately instructed in order to guarantee the data processed confidentiality and to avoid the loss, destruction, unauthorized access or unauthorized processing of the same data, as well as from the units to which they belong within their competence. Data provided will be collected using suitable electronic and/or paper instruments, with logics strictly related to the same purposes and, in any case, capable of guaranteeing their security, secrecy and confidentiality. |
| DATA TRANSFER |
| The aforementioned data are stored mainly on servers located within the European Union. However, data provided for sending communications for purposes of marketing (e.g. “Newsletter”) are stored on servers located in non-EU countries at the following companies: • MailChimp – the Rocket Science Group, LLC, 512 Means St., Suite 404, Atlanta, Georgia 30318 – which guarantees its compliance to the Privacy Shield. We guarantee that the extra-EU data transfer takes place in compliance with the applicable legal provisions and that your data will never be used directly by MailChimp or sold by them to third parties. |
| LINK AD OTHER WEBSITES |
| From this website, it is possible to connect, via specific links, to other websites belonging to third parties. The Data Controller declines any responsibility regarding the possible request and/or release of personal data to third party sites. |
| USER RIGHTS |
| In the spirit of absolute transparency and correctness with which Sitael S.p.A. intends to manage the topic, we assure you our complete availability for any necessary clarification and our collaboration for the appropriate fulfilments. We inform you that the Regulation gives users the opportunity to exercise specific rights. In the capacity of user, you have the right to obtain confirmation from the Data Controller that your personal data is being processed. In this case, pursuant to art. 15 of the GDPR, user will be entitled to obtain access to its personal data and to verify the purposes and methods of processing. You may also exercise your rights to update, rectify, integrate, oppose, limit, and erase your personal data. Furthermore, the user can deactivate and cancel the subscription to the Newsletter service by clicking on the deactivation link in the Newsletter received. According to the art. 7 of the GDPR, the user has the right to withdraw, where applicable, the consent given. In order to exercise these rights, please write to Sitael to the attention of the Data Protection Officer, domiciled for the office at the Company’s headquarters or contact us at the email address dpo@sitael.com. Users who believe that their personal data processing is in violation of the GDPR’s provisions have the right both to lodge a complaint with the Privacy Authority, as provided by art. 77 of the Regulation, and to commence legal proceedings according to art. 79 of the Regulation. |
| POLICY MODIFICATIONS |
| Any entry into force of new regulations in this field, as well as the constant updating of user services, could lead to the need to modify methods and terms described in this policy. We therefore invite you to consult this page periodically. |
© 2021 Sitael S.p.A. - Member Company Of 