Information pursuant to Article 13 of Regulation (EU) No. 2016/679 ("GDPR")
Erbolinea 1 Srl safeguards the confidentiality of personal data and provides them with the necessary protection from any event that might put them at risk of violation.
As required by the European Union Regulation No. 2016/679 ("GDPR"), and in particular Article 13 thereof, below we provide the user ("Data Subject") with the information required by the legislation regarding the processing of their personal data.
Who we are and what data we process (Art. 13(1)(a), Art. 15(b) GDPR)
Erbolinea 1 srl, in the person of its full legal representative, with registered office in San Severo (FG) at Via T. Masselli 15 - P.Iva 01829490711,acts as Data Controller and can be contacted at firstname.lastname@example.org and collects and/or receives information concerning the Data Subject, such as: Personal Data (first name, surname, physical address, nationality, province and municipality of residence, landline and/or mobile telephone, fax, tax code, e-mail address(es)) and Computer Traffic Data (Log, source IP address).
Erbolinea 1 srl does not require the data subject to provide any so called "special" data, i.e., according to the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, as well as genetic data, biometric data uniquely identifying a natural person, data concerning health or sex life or sexual orientation. Should the service requested from Erbolinea srl require the processing of such data, the data subject will be informed in advance and asked to give his/her consent.
For any information or request, the interested party may contact the email address email@example.com or the telephone number 0882222961.
For what purposes do we need the data of the Data Subject (Art. 13, para. 1 GDPR)
The data is used by the Data Controller to fulfil the request to subscribe to the e-mail list in order to send commercial information.
Erbolinea srl does not resell the personal data of the data subject to third parties or use them for undisclosed purposes.
The Data Subject's personal data may also be processed for purposes of commercial promotion, surveys and market research with regard to Services/Products offered by the Controller only if the Data Subject has authorised the processing and does not object to it.
This processing may take place, in an automated manner, by the following means: e-mail, text message, telephone contact. It may be carried out: if the data subject has not withdrawn his/her consent for the use of the data; if, in the event that the processing is carried out by means of telephone operator contact, the data subject is not enrolled in the oppositions register referred to in Presidential Decree no. 178/2010;
The legal basis for such processing is the consent given by the data subject prior to the processing itself, which may be revoked by the data subject freely and at any time (see Section III).
The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the Data Subject's personal traffic data to the extent strictly necessary and proportionate to ensure network and information security, i.e. the ability of a network or information system to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
The Data Controller will promptly inform Data Subjects if there is a particular risk of a breach of their data, without prejudice to the obligations under Article 33 of the GDPR concerning personal data breach notifications.
The Services offered by the Controller are reserved for persons legally able, on the basis of the relevant national legislation, to conclude contractual obligations.
The Data Controller, in order to prevent unlawful access to its services, implements preventive measures to protect its legitimate interest, such as checking the tax code and/or other verifications, when necessary for specific Services/Products, the correctness of the identification data of identity documents issued by the competent authorities.
The Controller imposes on its Third Party Providers and Processors the obligation to comply with security measures equal to those adopted in respect of the Data Subject, restricting the scope of action of the Processor to the processing related to the service requested.
The Controller does not transfer your personal data to countries where the GDPR does not apply (non-EU countries) unless specifically stated otherwise, for which you will be informed in advance and your consent will be sought if necessary.
What happens if the data subject does not provide his or her data identified as necessary for the performance of the requested service? (Art. 13(2)(e) GDPR)
The collection and processing of personal data is necessary in order to carry out the services requested as well as the provision of the Service and/or the supply of the Product requested. If the Interested Party does not provide the personal data expressly envisaged as necessary in the registration form, the Data Controller will not be able to carry out the processing related to the management of the services requested.
What happens in the event that the Data Subject does not give consent to the processing of personal data for commercial promotion activities on Services/Products different from those purchased ?
In the event that the data subject does not consent to the processing of personal data for these purposes, such processing will not take place.
In the event that the data subject has given consent and subsequently withdraws it or objects to processing for sales promotion activities, his or her data will no longer be processed for such activities, without any consequences or prejudicial effects for the data subject and the services requested.
How we process the data of the data subject (Art. 32 GDPR)
The Controller provides for the use of appropriate security measures in order to preserve the confidentiality, integrity and availability of the Data Subject's personal data and imposes similar security measures on third-party suppliers and Processors.
Where we process the data of the data subject
The data subject's personal data are stored in paper, computer and telematic archives located in countries where the GDPR is applied (EU countries).
How long is the data of the Data Subject stored? (Art. 13(2)(a) GDPR)
Unless the data subject explicitly expresses his or her wish to remove them, the personal data of the data subject will be kept as long as they are necessary for the legitimate purposes for which they were collected.
In particular, they will be kept for the duration of your registration and in any case no longer than a maximum period of 12 (twelve) months of your inactivity, unless you revoke your consent.
In the case of data provided to the Controller for profiling purposes, these will be retained for 12 months, unless the consent given is always revoked.
It should also be added that in the event that a user submits personal data to Erbolinea srl that is not requested or is not necessary for the provision of a service strictly connected to it, Erbolinea srl cannot be considered the owner of this data and will delete it as soon as possible.
Irrespective of the data subject's determination to remove them, personal data will in any case be retained in accordance with the terms provided for by current legislation and/or national regulations, for the sole purpose of guaranteeing specific fulfilments.
This shall be without prejudice to cases in which the rights arising from the contract and/or registration with the courts are to be asserted, in which case the personal data of the Data Subject, only those necessary for such purposes, shall be processed for the time necessary for their pursuit.
What are the rights of the data subject? (Art. 15 - 20 GDPR)
The data subject has the right to obtain the following from the data controller:
(a) confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the personal data and the following information:
1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
4. where possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine this period;
5. the existence of the data subject's right to request from the data controller the rectification or erasure of personal data concerning him or her or to object to the processing of personal data concerning him or her;
6. the right to lodge a complaint with a supervisory authority;
7. if the data are not collected from the data subject, all available information on their origin;
8. the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
9. the adequate guarantees provided by the third country (non-EU) or international organisation to protect any data transferred
(b) the right to obtain a copy of the personal data undergoing processing, insofar as this right does not infringe the rights and freedoms of others; in the case of further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.
(c) the right to obtain from the controller the rectification of inaccurate personal data concerning him without undue delay
(d) the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay, if the grounds set out in Article 17 of the GDPR exist, including, for example, if the data are no longer necessary for the purposes of the processing or if the processing is assumed to be unlawful, and provided that the conditions laid down by law are met; and in any case if the processing is not justified by another, equally legitimate reason;
e) the right to obtain from the data controller the restriction of processing, in the cases provided for in Article 18 of the GDPR, for example where you have contested the accuracy of the data, for the period necessary for the data controller to verify its accuracy. The Data Subject must also be informed, in good time, when the period of suspension has expired or the cause of the restriction of processing has ceased to exist, and thus the restriction itself lifted;
(f) the right to obtain communication from the data controller of the recipients to whom requests for any rectification or erasure or restriction of processing carried out, unless this proves impossible or involves a disproportionate effort;
(g) the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her and the right to have those data transmitted to another controller without hindrance by the controller to whom he/she has provided them, in the cases provided for in Article 20 of the GDPR, and the right to obtain the direct transmission of personal data from one controller to another, if technically feasible.
For any further information and in any case to send your request, please contact the Data Controller at firstname.lastname@example.org. In order to ensure that the aforementioned rights are exercised by the Data Subject and not by unauthorised third parties, the Data Controller may request the same to provide any further information necessary for this purpose.
How and when can the data subject object to the processing of his/her personal data? (Art. 21 GDPR)
For reasons relating to the data subject's particular situation, the data subject may object at any time to the processing of his or her personal data if it is based on a legitimate interest or if it is carried out for commercial promotion activities, by sending a request to the Data Controller at email@example.com.
The Data Subject has the right to the erasure of his or her personal data if there is no overriding legitimate reason for the Data Controller to do so other than that which gave rise to the request, and in any event in the event that the Data Subject has objected to the processing for commercial promotion activities.
To whom can the Data Subject complain? (Art. 15 GDPR)
Without prejudice to any other action in administrative or judicial proceedings, the Data Subject may lodge a complaint with the competent supervisory authority on Italian territory (the Italian Data Protection Authority) or with the authority that performs its duties and exercises its powers in the Member State where the breach of the GDPR occurred.
Any updates to this Policy will be communicated promptly and by appropriate means and will also be communicated if the Controller processes the data of the Data Subject for purposes other than those set out in this Policy before doing so and following the expression of the relevant consent of the Data Subject where necessary.
Cookies and other technologies
Erbolinea 1 srl complies with global regulations including the EU Cookie Directive.
Retention of personal information
Communication and Subscription Preferences
You have the opportunity to determine what information you will receive from Erbolinea 1 srl regarding products and services and how such information will be received. If you no longer wish to receive marketing and/or non-transaction-related e-mails from us, you may adjust your settings by sending an e-mail to firstname.lastname@example.org. We would like to point out that this does not apply to e-mails about transactions relating to the user's business relationship with Erbolinea 1 srl. If you choose not to provide certain personal information, we may not be able to fully or adequately respond to your questions, provide updates and/or information about our products and services. However, you can opt out of receiving certain communications at any time by updating your Link subscription preferences page by clicking on the unsubscribe link in any email. However, we will continue to use your Personal Information only to send you important communications about purchases and changes to our policies and contracts, or for other reasons permitted by applicable law.
Erbolinea 1 srl takes the security of its customers' personal information very seriously. To protect the personal information you provide against accidental or unlawful destruction, loss or alteration, Conpietra uses state-of-the-art technical and organisational security measures to prevent any unauthorised disclosure or access.
Breach of data security
Erbolinea 1 srl has implemented strict and thorough security controls, intrusion detection software and warning procedures in the event of a potential or actual intrusion into our computer systems. The company has also put in place a data breach notification policy, with an incident response team that will react immediately and put in place a remediation plan in response to any unauthorised access to our computer systems or databases. If a data security breach occurs, possibly impacting your personal information, notification will be sent as soon as possible once the breach has been determined.
Collection and use of non-personal information
Whenever a user accesses www.erbolinea.com (or any of Erbolinea 1 srl's other portals), we may automatically collect non-personal information, even if the user has not registered. This information may include the operating system used, the domain name of the website that directed the user to our site, the number of visits, the average time spent on a page, and which pages were viewed. We may use this data and share it with our affiliates to monitor content and relevance on our portals in order to improve the performance, content or user experience on our websites. Through your use of services to access our website, communication data (such as your Internet Protocol Address or IP address) or usage data (information about the telecommunication services you access) may be technically generated and may, depending on applicable law, constitute personal information. To the extent that it becomes necessary, the collection and processing of communications or usage data and the subsequent use of such data will be carried out only in accordance with applicable data privacy protection laws and regulations.
Third-party websites and links
Consent to transfer, processing and storage of personal information
Right to be forgotten
The company is committed to taking reasonable steps to ensure that any request for deletion of personal information is processed using existing technology and executed within a reasonable timeframe. However, this practice does not apply to information made public through postings on our forums, blogs or made available to third parties, outside the scope of what Erbolinea 1 srl can delete. Every effort will be made to delete personal information if you withdraw your consent (opt-out) from receiving the information and request the right to be forgotten. However, Erbolinea 1 srl will not be able to delete all personal information if this is technically impossible due to limitations of existing technology or for legal reasons (Erbolinea 1 srl is obliged by local law to retain personal information).
Privacy of minors
Erbolinea 1 srl will not knowingly collect personal information from a person who is not legally an adult as defined by local law, without insisting that they seek prior parental consent where such consent is required by applicable law. Erbolinea 1 srl does not target minors in connection with its products, services or web sites. In the event that Erbolinea 1 srl uses or publishes Personal Information of a person who is not legally an adult, we will seek parental consent in accordance with local laws and regulations in order to protect that person.
What are Cookies
Cookies are text files that sites send to users' terminals, where they are stored and then sent back to the same sites on subsequent visits.
Visitors to the erbolinea.com site may be sent so-called cookies by our computer systems.
Each user can manage, modify or delete the cookies used for navigation by modifying the settings of their browser.
Technical cookies allow authentication on our site, help track sessions and store specific information transmitted by users when viewing a web page.
Essential for quick navigation, technical cookies facilitate the procedures for online authentication and making purchases directly from our site.
Various technical cookies are used, such as session cookies, which are only used during browsing, and persistent (or storage) cookies, which are saved in the browser until they expire after being deleted by the user.
Erbolinea 1 srl uses various technical cookies such as session cookies, persistent cookies used to store the choices made by individual visitors, and analytics cookies used to track users as they browse our website.
Third-party cookies are those cookies hosted on erbolinea.com but originating from other websites, such as analytical and profiling cookies like Google and Facebook.
These cookies are set directly by the owners, so the respective policies are listed below:
- Google https://www.google.com/intl/it/policies/privacy/
- Facebook https://www.facebook.com/privacy/explanation
- Twitter: https://help.twitter.com/it/rules-and-policies/twitter-cookies
- Inkedin: https://www.linkedin.com/legal/privacy-policy
How to disable cookies via browser configuration
If you wish, you can also manage cookies directly via your browser settings.
For further information and support, you can also visit the specific help page of the web browser you are using: