Information on the processing of personal data as established by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 concerning the protection of individuals, as well as the free circulation of such data and which repeals Directive 95/46 / EC (General Data Protection Regulation)
We at Europesca take care of your data and process them according to the methods provided for by the European regulation indicated above, better known as the GDPR. The site and our systems comply with the regulations regarding the acquisition and processing of data. For a greater understanding and deepening of the legislation and activities related to personal data you can read: http://ec.europa.eu/justice/smedataprotect/index_it.htm
However, in compliance with the provisions of the law, we report clear, concise, transparent and easily accessible information containing a summary of the most important aspects to facilitate the user in understanding the actions of processing his personal data.
2. Owner and manager of data processing
The owner and manager of data processing is Shopify. The contact details are indicated on the website in the relevant sections. An email box is available for any communications with this method: info@Europesca.it, for all other contact methods you can refer to the updated contact details indicated on the website. As data controller and data processor, Europesca will endeavor to process and preserve the personal data of its customers and users in accordance with the law.
3. Subjects authorized to process
The data are processed not only by Europesca and all its collaborators, but also by external companies and partners committed to providing and guaranteeing the continuity of services and managing information systems. The subjects can also be partner companies or companies attributable to the group, as well as management companies of marketing platforms and systems related to the management of the acquired information. All those who can come into contact for shipping, accounting, financial, administrative and legal management are authorized subjects.
4. Non-personal and aggregate technical navigation data collected
The computer systems for the use of this website acquire some data that cannot be properly defined as personal, the transmission of which is in any case implicit in the use of internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
Among these data, IP addresses are the only data that, although not associated with identified direct interested parties, can by its very nature, through processing and association with data held by third parties, allow users to be identified. Where possible, our company, as required by law, has prepared anonymization and masking in the collection of the IP address as specified below
However, the data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, at present the data of the web IPs do not persist for more than 3 months.
5. Consent and type of data processed voluntarily provided by the user
The consent to the processing of data is freely and voluntarily provided by the user through the web forms through specific approval for the various purposes and registered for a verification by the authorities or for a request by the interested party. The interested party has the right to withdraw his consent at any time. Consent may also be requested in writing if the particular actions require it, otherwise what is expressed in the IT methods described above is valid. The data are those provided, also collected as an integration to previously collected data in order to keep them always updated.
6. Cookies and profiling and tracking data
7. Purpose of data processing
The data is collected for the purposes of providing services, for the processing of requests received, for marketing communications or for any analysis and for the transfer to third parties. All the required authorizations are differentiated by the type of purpose in the various collection forms, with a clear indication of the data processed and their purposes. Each type of data processing collected requires specific authorization based on the purpose expressed above.
The requests for authorization differ, in the collection phase, according to the different purposes of data processing as specified below:
A. Processing of mandatory data for the provision of the service. [obligatory]
This is a mandatory consent to allow us to provide the requested services. Processing can also be understood as the transfer of data to third-party companies for the purpose of managing information and providing services in order to ensure greater security and control over the data and activities covered by the services provided. It also includes communications about the various needs related to the provision of services such as: sending deadlines, payments, invoices, technical and service communications, alerts and information on the status of the systems, sending service notes, data recovery in case of accidental loss , backup. The revocation of the authorization, even if possible, prevents the further provision of the service. The data may also be transferred to third parties residing outside the European Union in the condition envisaged by article 27 paragraph 2 paragraph (a), in which the establishment of a DPO (Data Protection Officer) or representative is not envisaged. of the treatment.
B. Processing for marketing purposes. [optional]
It concerns an optional consent on marketing purposes related to products and or services purchased or of interest. It provides for the authorization to send emails, sms, and communications also via other computer and paper advertising means. The data will be processed internally for communications by Europesca about the activities expressed above. The data could be transferred and / or provided to third-party partner companies or external interested parties both for the management of the communications themselves and for related marketing, survey and / or survey activities, and for other purposes. The processing by third-party companies may concern activities aimed at helping the management of improvement analyzes on performances and conversions. At any time it is possible to revoke or correct the consent.
8. Methods and duration of data processing
The data is collected in full compliance with current legislation. In particular, the collection phase of the same takes place by encryption with an SSL protection certificate. The data is stored on cloud storage with backup and redundancy and kept for the period necessary for the provision of related services and activities. The disks on which the data is stored are encrypted. The data processed may be periodically subject to verification of correctness. In these cases the interested party will receive a communication of the adjustment of his data in our archives. Physical access to the servers is protected with anti-intrusion systems and access control to the data rooms. The data are geographically replicated also for greater protection from accidental cancellation due to natural disasters or physical theft of the same. There is a log of the data and consents provided and the authorizations granted in the phase of entering and managing the data and information connected to these authorizations. The aim is to quickly identify the activities related to the management of the data of the individual users concerned. The data is securely stored and any unauthorized access is limited to a minimum with the implementation of all the security activities required by the technology. In any case of access, the interested parties will be promptly informed and the data, in the case of accidental deletions, immediately restored.
9. Rights of the interested party regarding the processing of data
The interested party may at any time request the correction, integration or total cancellation of the data. These requests can be made directly to the addresses on the website www.europesca.it. The interested party can also request the revocation of the authorizations for processing for various purposes. If the revocation concerns the mandatory purpose of data processing for the provision of the services, the same can no longer be provided and may be suspended without refunds.
It is possible to request, always in accordance with the provisions of the law, a copy of the data processed and the purposes of the processing.
It is possible to initiate a complaint to email@example.com or directly to the Personal Data Guarantor Authority or one of the supervisory authorities in the event of non-compliance that goes against the provisions of the GDPR legislation.
All data entered on the site through the forms, managed and processed for the purposes of requests for quotes, assistance, newsletters and contact in general, also sent by email on domains of our company or attributable to it, or through third-party systems and in any case sent to us, are treated in compliance with the legislation of the Privacy Guarantor pursuant to art. 13 of Legislative Decree no.196 / 2003 and EU regulation 2016/679 GDPR for the processing of personal data. The processing of the data entered and managed takes place according to the regulations of the Guarantor for the Protection of Personal Data pursuant to art. 13 of Legislative Decree no.196 / 2003. The website www.europesca.it complies with the EU regulation 2016/679 GDPR for the processing of personal data.