1. Personal data collected
Elemize collects and processes personal data communicated by the Client when he/she registers on the Website, or when he/she fills out a form or communicates personal data in other ways to the Controller.
The personal data collected by Elemize means: any information relating to an identified person, and may include the birth name, mailing address, e-mail address, telephone number, fax number, C.V., financial and banking details, purchase and transaction data and all the data or information required in order to obtain the services provided by the Controller. Elemize may also collect information concerning the device that the Client uses to interact with the website, or concerning the plant or installation. The Controller may also automatically collect information regarding how the Client uses the website.
2. Purposes of processing
Elemize may use personal data collected only if:
• the data subject has given consent to the processing of his or her data for a specific purpose,
• processing is necessary for the performance of a contract to which the data subject is party,
• processing is necessary for compliance with legal obligation to which the Collector is subject.
In particular, all personal data will be processed in order to: a) provide the Services and the Products that the Client applied for and personalize, evaluate and improve them, b) store the data, c) process the orders and payments for products or services, d) handle complaints, e) conduct marketing activities, f) send newsletters, g) manage customer administration, h) analyze customer behavior, i) any other purposes that are reasonable or related to previous ones, or that are further agreed to mutually.
Regarding the purpose under f), the Client, by registering for Elemize newsletters or alerts, agrees to receive the correspondence at the e-mail address he/she provides. Only Elemize will contact him or her using such e-mail address.
3. Data retention
Elemize retains personal data, as necessary, for the duration of relevant business relationship, processing them in an adequate and relevant manner, limited to that which is necessary in relation to the purpose for which they are processed.
Elemize may retain personal data for longer periods, where it be necessary in order to protect the Controller from legal claims, or to use them for analysis or historical record-keeping, or in complying with information management policies and schedules.
The data subject shall have the right to request that Elemize delete his or her personal data, if the personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed, or if the data subject withdraws the consent on which the processing is based, or in case the processing is or become unlawful.
Elemize has implemented generally accepted standards of technology, organization and operational security to protect personal data from loss, misuse, alteration, disclosure, destruction or any form of unlawful processing. These measures have been implemented taking into account the nature, scope, context and purposes of processing, as well as the risks, of varying nature and severity, regarding the rights and freedoms of natural persons. The Controller ensures compliance with the applicable laws and regulations, such as the GDPR.
The personal data collected by Elemize are subject to a confidential obligation towards external parties, except for the following point V.
5. Transfer of personal data
Elemize does not sell, trade or otherwise transfer to outside parties the Client’s personal data. This does not include trusted third parties who assist the Controller in operating the website, conducting the business, or services to the Client, as long as those parties agree to keep this information confidential. Personal data may be also released to third parties when it is necessary to comply with the laws or legal obligations, or in order to perform a task carried out in public interest or in the exercise of official authority.
Elemize may process the personal data in countries within the European Union. Transfer to countries outside the EU is not permitted if those countries do not comply with the GDPR guidelines.
6. Data subject’s rights
6.1 The data subject shall have the right to request access to the personal data collected by Elemize, in order to review, modify, delete or erase data, or in order to obtain any further information regarding such. The data subject may also have the right to obtain a copy of the personal data undergoing processing.
6.2 The data subject shall have the right to obtain from Elemize, without undue delay, the rectification of inaccurate personal data concerning his or her person.
6.3 The data subject shall have the right to obtain from the Controller restriction of processing according to the GDPR art. 18.
6.4 The data subject shall have the right to data portability according to GDPR art. 20.
6.5 The data subject shall have the right to object to the processing of personal data, when personal data are processed for direct marketing purposes.
6.6 The data subject shall have the right to lodge a complaint with the competent data protection authority.
6.7 The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent previous to such withdrawal.
6.8 The data subject shall have the right to unsubscribe from mailing lists, or any other registration, following the instructions provided in the relevant page.
6.9 The data subject shall have the right to be warned by the Controller, without undue delay, about a personal data breach, when the personal data breach is likely to result in high risk to the rights and freedoms of natural persons, according to the GDPR art. 34.
6.10 The data subject shall have any other right related to privacy and personal data protection, according to the Italian national law and to GDPR.
The personal data Controller is Elemize Technologies s.r.l.
The personal data Processor is Mariassunta di Biasio