Eudaimon S.p.a. protects the confidentiality of the personal data and guarantees them the necessary protection from any event that may put them at risk of violation.
As provided for by the Regulation (EU) 2016/679 (“GDPR”) and, in particular by article 13, we provide the user (hereinafter “Data Subject) with the information required by law concerning the processing of personal data (hereinafter “Personal Data”) voluntarily made available to Soprarno by the Data Subject.
1. Data Controller and Data Supervisor
The Data Controller is Eudaimon S.p.a. (hereinafter “Eudaimon”), with registered office in 13100 Vercelli, Piazza Pajetta, 2.
Eudaimon has appointed a data supervisor (email address firstname.lastname@example.org), who has taken all the measures deemed necessary and appropriate to provide adequate data protection and whom the data subject can contact for any requests or information.
2. Purpose, method of processing and legal basis
Processing operations connected to the web services of this website are carried out only by technical personnel of Eudaimon in charge of the activity. No data from the web service is communicated or disseminated.
Personal Data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, unlawful or incorrect use and unauthorised access.
In the event that the Data Subject has given consent to the processing of his/her Personal Data, this constitutes the legal basis for such processing operations (article 6 paragraph 1 letter a GDPR).
For the processing of Personal Data for the purposes of initiating or performing a contract, the legal basis is article 6 paragraph 1 letter b GDPR.
Where the processing of Personal Data is necessary for the fulfilment of legal obligations, the Data Controller is authorised to carry it out in accordance with article 6 paragraph 1 letter c GDPR.
In addition, Eudaimon processes Personal Data to pursue its own legitimate interests, as well as those of third parties, in accordance with article 6 paragraph 1 letter f GDPR. Such legitimate interests include not only maintaining the functionality of IT systems but also the marketing of products and services offered by Eudaimon, as well as the documentation of business contacts in accordance with legal requirements.
3. Types of data processed
The IT systems and the software procedures used to operate this website acquire, during their normal operation and only for the duration of the connection, some Personal Data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or the domain names of the computers used by users who connect to the website, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters concerning the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the website.
DATA VOLUNTARILY PROVIDED BY THE DATA SUBJECT
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website implies the subsequent acquisition of the sender’s address, necessary to answer to the requests, as well as any other personal data included in the mail.
The use of Personal Data for the possible sending of advertising material, marketing information, sale of products or services by the Company, can only take place with the express consent of the Data Subject.
4. Personal Data retention period
Personal data are retained for the technical time strictly necessary, as described in paragraph 3 above.
In the event of request for cancellation by the Data Subject, the Personal Data will be deleted within 10 days of receipt of the request according to the methods set out at paragraph 5 below, with the exception of those which must be retained for a specific period under current legislation.
5. Rights of the data subject
On the matter of processing Personal Data, the Data Subject will have the right in accordance with the GDPR:
- to request the Data Controller for access to Personal Data and the correction or deletion of the same or the limitation of the processing of the same or to oppose their processing;
- to request the portability of Personal data;
- to obtain the updating and correction of Personal Data concerning him/her;
- to withdraw, where consent is given for certain processing operations, such consent at any time, without prejudice to the lawfulness of the processing operations carried out before the withdrawal of consent;
- to request the total deletion of all Personal Data;
- to lodge a complaint with the Guarantor for the protection of personal data.
The data subject may exercise his/her rights under this paragraph by sending a registered letter with return receipt to the address of the Controller.