NOTICE MADE PURSUANT TO ARTICLES 13-14 OF THE GDPR 2016/679 (GENERAL DATA PROTECTION REGULATION)
In compliance with stipulated in the European Data Protection Regulation EU 2016/679
(hereinafter “GDPR”), we provide the necessary information regarding the processing of personal data on our site.
This Notice is intended to be given for the website https://www.evolutiongroup.digital/ (henceforth: “Site”) and
constitutes an integral part of the Site and the services we offer.
This information is provided in accordance with Article 13 of the Regulations, to those who interact with the web services of the Site and the Owner, either through simple consultation or through the use of specific services made available through the Site
THE DATA CONTROLLER
The owner of the processing of personal data is Evolution ADV s.r.l. – P.IVA:14074001000 – Rea No.: RM-1494334 – with registered office in -00187- Rome at Via XX Settembre n.40 – email [email protected]
PLACE OF DATA PROCESSING
Processing related to the web services of this site takes place at the aforementioned registered office, as well as at the operating offices, and is handled only by personnel in charge of processing, or by any persons in charge of maintenance operations.
PERSONAL DATA BEING PROCESSED
As a result of browsing the Site, Evolution ADV will process the user’s Personal Data in accordance with applicable regulations.
Personal data provided by users who submit specific requests through the form or email address on the site are used for the sole purpose of possibly performing the requested service or performance and are disclosed to third parties only if necessary for that purpose.
(a) Navigation data
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This data is used for the sole purpose of obtaining anonymous statistical information about the use of the site and to check that it is working properly.
(b) Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the address indicated on this site or the use of contact forms involves the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
Specific summary disclosures will be progressively reported or displayed on pages of the site set up for particular on-demand services.
THE PURPOSES OF PROCESSING
User data are processed in order to respond to requests expressly made by users. Specifically, all data collection and subsequent processing activities are aimed at pursuing the following purposes:
(a) site registration;
(b) subscription to email newsletters;
(c) execution of the contract concerning the provision of the requested service/product;
(d) sharing of content on the site;
(e) customer relationship management;
(f) generic request for information;
(g) participation in any promotional initiatives dedicated to new or already registered customers;
(h) purposes of statistical research/analysis on aggregated or anonymous data, thus without the possibility of identifying the user, aimed at measuring the operation of the site;
(i) fulfillment of obligations provided for in taxation and accounting.
MODE OF TREATMENT
Data processing is carried out using paper, electronic, and/or computer tools.
The Owner takes all appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The data will be processed in an organizational and logical manner strictly related to the purposes for which they were collected and in compliance with current security regulations, for the purposes indicated above or specified from time to time in any further information presented to the user.
LEGAL BASIS FOR PROCESSING
The Owner processes Personal Data related to the User if one of the following conditions exists:
- The User has given consent for one or more specific purposes;
- processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures;
- processing is necessary to fulfill a legal obligation to which the Controller is subject;
- the processing is necessary for the performance of a task of public interest or the exercise of public authority vested in the Controller;
- processing is necessary for the pursuit of the legitimate interest of the Owner or third parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, is required by a contract, or necessary to conclude a contract.
PROVISION OF DATA
The forms to be filled out provided on this site contemplate both mandatory data-whose failure to provide does not allow the request to be acted upon-and optional provision data that are not strictly necessary to act upon the request.
COMMUNICATION AND DISSEMINATION OF DATA
The personal data provided may be disclosed to third parties only in the event that the disclosure is necessary to comply with the requests of the users/visitors themselves or by legal obligation.
Third parties will act as autonomous data controllers by providing services that are instrumental in fulfilling the request of the data subject (e.g., third-party technical service providers, postal couriers, hosting providers,) or to whom the communication of data is necessary to comply with laws or regulations.
The following parties are also recipients of the collected data and, therefore, will process such data on behalf of the Controller, pursuant to Art. 28 of the Regulations, as Data Processors:
– Accountant with respect to the obligations required in taxation and accounting
– Consultants and freelancers in single or associated form
– E-mail provider
– Insurance institutions
– Banking institutions
– PEC Provider
– Occupational health and safety consulting company
– Privacy consulting companies Data recipients may also include attorneys who provide functional services for the above purposes.
An up-to-date list of Data Processors can always be obtained from the Data Controller.
In addition, your data may be communicated to external parties such as, but not limited to, authorities and supervisory and control bodies and, in general, public or private parties entitled to request the data (e.g., Internal Revenue Service, Guardia di Finanza).
The personal data collected will also be processed by the internal authorized persons acting on the basis of specific instructions given regarding the purposes and methods of such processing.
Data are processed and kept for the time required by the purposes for which they were collected.
The data will be retained, in any case, until the request for deletion is made, subject to related legal obligations that provide for a longer retention period in compliance with applicable regulations.
At the end of the retention period, the Personal Data will be deleted. Therefore, upon the expiration of this period, the right of access, deletion, rectification and the right to Data portability can no longer be exercised.
RIGHTS OF INTERESTED PARTIES
Users, at any time, may exercise, pursuant to Articles 15 to 22 of EU Regulation No. 2016/679, the right to:
(a) request confirmation of the existence or non-existence of their personal data;
(b) obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and, when possible, the retention period;
(c) obtain rectification and deletion of data;
(d) obtain restriction of processing;
(e) obtain portability of data, i.e., receive them from a data controller, in a structured, commonly used, machine-readable format, and transmit them to another data controller without hindrance;
f) object to the processing at any time and also in the case of processing for direct marketing purposes;
(g) object to automated decision-making related to natural persons, including profiling; (h) to request from the data controller access to and rectification or erasure of personal data or restriction of processing concerning him or her or to object to its processing, as well as the right to data portability;
(i) revoke consent at any time without affecting the lawfulness of the processing based on the consent given before revocation;
Users may exercise their rights by written request submitted by contacting the Controller by PEC at [email protected], e-mail at [email protected] or registered letter with return receipt at Via XX Settembre n.40 – 00187 Rome.
In addition, the user may lodge a complaint with the competent supervisory authority under Article 77 of the Regulations (Personal Data Protection Authority www.garanteprivacy.it ) pursuant to Art. 77 of the Regulations, if it considers that the processing of data is contrary to the regulations in force.