Privacy Policy

CROCE DELL’EST ENGINEERING SAS

BY ARCH. PERIN GIAMPIETRO
INFORMATIVE EX ART 13 OF EU REGULATION 2016/679
WEBSITE https://estart.eu/

1. Process Owner.

The Process Owner is CROCE DELL’EST ENGINEERING SAS DI ARCH. PERIN GIAMPIETRO in the person of its legal representative Arch. Perin Giampietro, with registered office in Via Niccolò Tommaseo n. 5 – 35131 Padova, C.F./P.IVA 04408090282 , email: info@estart.eu

2. Purpose, legal basis of the process and need for the conferment.

Purpose of the process.

In general, the purpose that the Owner pursues through this website is the dissemination of news on its activity with an indication of the services offered and contact channels for contractual purposes. In particular, users may contact the Owner in order to request quotes, information on services (pre-contractual phase) and, if necessary, request to evaluate the establishment of a contractual relationship, including employment.

The Owner, as part of its activity, processes personal information also relating to its employees, collaborators, suppliers, customers and third parties who may request information or quotes. In all these cases, the Owner collects and processes data for contractual or pre-contractual purposes or to fulfill a related legal obligation.

 Legal basis and need for conferment

The legal basis of the process for the purposes indicated is that provided by art. 6 paragraph 1 letters b) and c) of the GDPR, i.e. the establishment of a contractual relationship between the parties and the fulfillment of any legal obligations relevant   to it.

The provision of data is necessary to execute the relationship and in the absence of the requested Personal Data it will not be possible to perform the related process.

Any candidates for a job position will receive appropriate information, in the same way the subjects who establish a contractual relationship will receive information relating to this process from the Owner before or during the establishment of the relationship. There is no need for the prior consent of the candidates pursuant to art. 111bis of the Privacy Code.

Within the reserved area, documents may be exchanged between the customer and the Owner for contractual purposes and therefore in the context of the execution of the relationship between the parties. The Owner adopts all security measures to the risk of violation of this space and for access management.

Navigation on the site

The Owner may process users’ personal data even while browsing and if necessary, through the use of cookies (see related information).

It should be noted that the use of cookies is necessary to proceed with proper navigation and that in its absence it will not be possible to navigate (eg. viewing the page from a mobile phone, specific browser, etc.) and that non-technical cookies are also used on this site.

3. Processing methods.

Personal Data is processed by the Owner mainly in electronic format. Personal data as well as any other information that can be associated, directly or indirectly, with an interested party are collected and processed by applying the technical and organizational security measures in order to guarantee a level of security appropriate to the risk, taking into account the state of the art and the costs of implementation.
Please note that Personal Data breach means “the breach of security that involves accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to Personal Data transmitted, stored or otherwise processed” .

4. Categories of recipients of Personal Data and transfer

The personal data that may be processed by the Owner is generally of a common type. In the case of employment relationships, special categories of data may also be processed in compliance with the laws that provide for it. In any case, the data of the interested parties may be disclosed to third parties, including service providers (data centers, server providers, etc.) all formally appointed by the Data Controller or Data Processor pursuant to art. 28 GDPR. In the same way, in cases of joint ownership, Article 26 GDPR contract will be implemented.
The Data Controller transfers the personal data of its subjects to third parties, adopting appropriate guarantees corresponding to the adequacy decisions issued by the European Commission and / or the National Guarantor Authority for the protection of personal data as appropriate to the case. Further information regarding the cases of possible transfers of data to foreign countries with respect to the European Union and the related guarantees adopted, as well as information about the companies appointed as Data Processors, can be requested from the Owner.

5. Retention period

In compliance with the provisions of art. 5, paragraph 1, lett. e) of EU Reg. 2016/679, the Data collected will be processed in a form that allows the identification of the interested parties for a period of time not exceeding the achievement of the purposes for which the Personal Data is processed.
Personal Data collected for the purposes indicated above will be processed by the Owner until the termination of pre-contractual or contractual relationships and kept until the prescription of the rights of the interested party (generally provided for by the civil code in 10 years). If a processing is based on its consent, this will cease upon its revocation (see cookies).

6. Rights of the interested party

The subjects to whom the personal data refers to have the right at any time to obtain confirmation or not of a processing in progress, the correction of inaccurate personal data, the cancellation and the limitation of the processing. Theserights, together with those of portability and opposition to processing, can be exercised under the conditions provided for in articles 15-22 of European Regulation 2016/679. In particular, the interested party, at any time, may: (i) access personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of Data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of processes automated decision-making, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and possible consequences for the interested party, where not already indicated in the text of this Information; (ii) obtain without delay the rectification of inaccurate Personal Data concerning them; (iii) obtain, in the cases provided for by law, the cancellation of your Data; (iv) obtain the limitation of the processing or oppose it, when admitted on the basis of the provisions of the law applicable to the specific case; (v) in the cases provided for by the law, request the portability of the Data that you have provided to the Data Controller, i.e. receive them in a structured format, commonly used and readable by automatic device, and also request to transmit such Data to another holder, if technically feasible; (vi) if it deems it appropriate, lodge a complaint with the Supervisory Authority (art. 77).

In particular, the following rights are recognized: arts. 15 – “Right of access of the interested party”, 16 – “Right of rectification”, 17
– “Right to cancellation”, 18 – “Right to restriction of processing”, 20 – “Right to data portability”, 21 – “Right to object “ GDPR within the limits and conditions provided for by art. 12 GDPR. For the processing of Personal Data for which the legal basis consents, this may be revoked. Complaint (art. 77 GDPR)

To exercise these rights, you must contact the Owner referring to the contact details at the beginning of this Policy, the Data Controller will process your request in a month or longer in case of specific needs.