Logo ecsa group 300x

INFORMATION NOTE ON THE PROCESSING OF PERSONAL DATA

 

This policy is issued pursuant to Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (so-called “General Data Protection Regulation” or “GDPR”), and to Legislative Decree No. 196 of 30 June 2003, as amended and supplemented by Legislative Decree No. 101 of 10 August 2018 (“Data Protection Act” or “Privacy Act”), and to Recommendation no. 2 of 17.05.2001 on “certain minimum requirements for collecting personal data on-line in the European Union” adopted by the Working Party Art. 29 (or “WP29”), now replaced by the European Data Protection Board (or “EDPB”), by:

ECSA Italia s.r.l., with registered office in 20832 Desio (MB), Via Lavoratori Autobianchi, 1, T.C./V.A.T. no. 00222470130, in its capacity as Data Controller (hereinafter, “Controller”)

The Controller, being aware of the importance of guaranteeing the security of private information, in accordance with applicable European and Italian legislation and with the principle of transparency enshrined in Art. 12 GDPR, provides the following information to inform users about the characteristics and methods of personal data processing.

 

  1. Scope of processing
    The Controller processes the user’s personal data that are supplied when using the website. In particular, the Controller processes data not supplied by you directly whose transmission is connected with the use of Internet communication protocols (by way of example, accesses to the page, quantity of data transferred, status message upon access, ID session numbers, IP addresses, URL addresses, etc.).

 

  1. Legal basis and purpose of processing          

a) Your personal data are processed without your explicit consent:

(i) to supply Services and their functions to the user. In this case, the performance of a contract you are a party to or the implementation of precontractual measures adopted at your request, is the legal basis of processing;

(ii) to ensure the technical operation of the website. In this case, the legitimate interest of the Controller in ensuring the proper technical operation of the website, is the legal basis of processing.

In addition, your personal data may be processed without your explicit consent also: iv. to fulfil administrative, accounting and tax obligations deriving from the contract; v. to comply with obligations laid down by law, a regulation, European legislation or an order issued by the Authorities; vi. to protect the vital interests of the data subject or of another natural person; vii. to perform a task carried out in the public interest or in the exercise of official authority vested in the Controller; viii. to pursue a legitimate interest of the Controller or a third party, at the limits and conditions set out in Art. 6 f) GDPR; ix. to exercise the rights of the Controller (by mere way of example, to defend a legal claim);

b) for the following purposes, though subject to your specific and unequivocal consent: i. to perform, whether directly and/or through third parties and/or business partners, statistical analyses, market surveys, promotional activities by sending emails, newsletters, commercial communications and/or advertising material on products and/or services offered by the Controller (marketing purposes). In fact, in this case, the user’s consent is the legal basis of processing.

 

  1. Provision of personal data

Providing data for the purposes listed in Art. 2 a) is mandatory, because failure to provide the requested personal data would make it impossible for the Controller to supply the services connected with website usage. Providing data for the purposes in Art. 2 b) is not mandatory.

 

  1. Methods of data processing

Personal data are processed by carrying out the operations indicated in Art. 4(1) no. 2) GDPR, namely any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Data will be processed in compliance with the principles of fairness, lawfulness and transparency. Data may be processed through automated methods that can store, manage and transmit them, using tools that, as reasonable and depending on the state of the art, can ensure data security and confidentiality through the application of suitable procedures that avoid the loss, unauthorised access, unlawful use and dissemination of data. Personal data may be stored both using IT systems and on paper and any other support deemed suitable for processing.

 

  1. Data storage period

In accordance with the principles enshrined in Art. 5 GDPR, the Controller will process personal data for no longer than is necessary to pursue the aforesaid purposes and to fulfil all legal obligations laid down for the same purposes. With respect to the marketing purposes set out in Art. 2 b), personal data may be processed for no more than 2 years from their collection. When the above storage periods end, the data will be erased or made anonymous. Further and more detailed information on storage periods may be requested by contacting the Controller at the addresses indicated in this policy.

 

  1. Data disclosure

The personal data processed by the Controller will not be disseminated, i.e. they will not be disclosed to unknown subjects, in no form of any kind, including making data available or simply allowing the consulting of such data. However, they may be made accessible to employees and/or collaborators of the Controller and/or to external parties that can sufficiently ensure they have adopted adequate legal, organisational technical measures so that data processing meets the requirements of the GDPR and protects the data subject’s rights. Specifically, data may be made accessible to: employees and/or collaborators of the Data Controller, as designated parties, persons in charge of processing and/or persons authorised to process personal data and/or System administrators; ii. Ecsa Group companies; iii. third-party companies or other subjects (e.g. banks, professional firms, consultants, insurance companies, etc.) that carry out outsourced activities on behalf of the Controller, as external Processors. The Controller may also disclose personal data to subjects who are entitled to have access thereto pursuant to law, regulations, European law, to the judicial authority and to all the subjects to which data must be disclosed under law.

 

  1. Transfer of data        

Personal data will be managed and stored on the servers of the Controller and/or of third-party companies designated and formally appointed as Processors, based in the European Union and in the European Economic Area (EEA) or otherwise in third countries, namely outside the European Union and the European Economic Area, recognised by the European Commission as countries that ensure an adequate level of protection (e.g. Switzerland) or by providing appropriate safeguards under Arts. 46 and 47, GDPR.

 

  1. Browsing data

The IT systems and software procedures that ensure website operation may acquire personal data, in the course of their normal operation, whose transmission is implied in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the user’s computers and terminals, the URI/URL addresses (“Uniform Resource Identifier” and “Uniform Resource Locator”) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the number code indicating the status of the response given by the server (e.g. successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data, which are necessary for the use of web services, are also processed: i. to obtain statistical information about the use of our services (e.g. most visited pages, number of visitors per time slot or day, place of origin, etc.); ii. to check the proper performance of the services offered. These data are erased immediately after being processed (except in case of crime investigations by the judicial authority).

 

  1. Cookies

Cookies are stored on your computer when you use the Controller’s website. Cookies are small text files that are saved on your computer to provide given information. They are commonly used to ensure or improve website operation, to improve the user’s experience and to provide given information to website owners. The Controller’s website uses cookies that are stored on your computer for different periods of time. Some cookies expire at the end of each session while others remain stored for a longer period so that you can enjoy a better experience when you return to the Controller’s website. Web browsers allow users to have some control over cookies by setting their preferences. Most browsers offer users the possibility to block cookies or to block cookies of given websites. Browsers may also allow you to delete cookies when closing your browser. However, please note that this may imply the deletion of any opt-outs or preferences that you have set on a website. Please read the technical information relating to your browser for instructions. If you disable cookies or refuse to accept a cookie, some parts of our service may not work properly or may work significantly more slowly.

 

  1. Rights of the data subject    

Pursuant to Arts. 15 to 22 GDPR, in the cases established by law, you have the right: i. to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and other related information, also receiving a copy thereof (so-called right of access); ii. to obtain from the Controller the rectification of inaccurate personal data and to have incomplete personal data completed (so-called right to rectification); iii. to obtain from the Controller the erasure of personal data concerning you where one of the grounds laid down by the GDPR applies (so-called right to erasure); iv. to obtain from the Controller restriction of processing where one of the grounds laid down by the GDPR applies (so-called right to restriction of processing); v. to ask for and receive from the Controller the personal data concerning you, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance (so-called right to data portability); vii. to withdraw consent at any time to personal data processing (so-called right to withdraw consent); vii. to object, in whole or in part, to processing of personal data concerning you (so-called right to object); viii. not to be subject to a decision based solely on automated processing in the cases envisaged by the GDPR. If you believe that your data are being processed in violation of the GDPR, you have the right to lodge a complaint with the Data Supervisory Authority (Art. 77, GDPR) or you have the right to an effective judicial remedy (Art. 79, GDPR).

 

  1. How to exercise your rights

You may exercise your rights at any time by contacting the Controller:

► by registered letter with return receipt: ECSA Italia s.r.l., 20832 Desio (MB), Via Lavoratori Autobianchi, 1;

► by email (PEC [certified email]): ecsa@legalmail.it

 

  1. Controller, Processors, designated parties, persons in charge of processing and/or persons authorised to process data      

The Controller is:

ECSA Italia s.r.l., with registered office in 20832 Desio (MB), Via Lavoratori Autobianchi, 1, T.C./V.A.T. no. 00222470130. Further information about processors, designated parties, persons in charge of processing and/or persons authorised to process personal data may be requested by contacting the Controller at the addresses indicated in this policy.

This policy may be changed. Therefore, please check this policy on a regular basis and refer to its last updated version.

Desio (MB), 20.12.2019

The Controller

ECSA Italia s.r.l.

ECSA Chemicals AG
Burgauerstrasse 17
CH-9230 Flawil (Switzerland)

Via Luigi Favre 16
CH-6828 Balerna (Switzerland) 

T. +41582119100
F. +41582119101

CHE-103.950.878

ECSA Maintenance AG
Burgauerstrasse 17 
CH-9230 Flawil (Switzerland)

Via Luigi Favre 16 
CH-6828 Balerna (Switzerland)

T. +41582119300
F. +41582119301

CHE-480.131.332

ECSA Energy SA
Via Luigi Favre 16 
CH-6828 Balerna (Switzerland)

T. +41582119500
F. +41582119501

CHE-356.953.942

ECSA ITALIA Srl Società
con Unico Socio
Via Lavoratori Autobianchi 1 
I-20832 Desio (MB)
(Stabile n. 15 - Polo Tecnologico della Brianza)

T. +39 0362 625 421
F. +39 0362 304 361

P.IVA IT00222470130

Codice destinatario: C1QQYZR

Porta Ticino Easy Stop SA
Via San Giorgio 37
CH-6877 Coldrerio

T. +41582119910
F. +41582119911

CHE-477.597.888

Stalvedro Easy Stop SA
Stalvedro 4, CH-6780 Airolo

T. +41582119950

CHE-315.206.664

This website uses its own cookies and reserves the right to use third-party cookies to guarantee the website’s function and to take browsing choices into account. For more details and to learn about how to withdraw consent to the use of all or some cookies, please read the Cookie Policy. By accessing any element under this banner, you agree to the use of cookies. Learn more