PRIVACY AND COOKIES POLICY (FOR VISITORS FROM THE EUROPEAN COMMUNITY)
Information provided pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) and Article 13 of Legislative Decree 196/2003 (Privacy Code)
Introduction
For ELFO S.r.l., personal data represents a valuable asset and a resource to be safeguarded by implementing procedures and behaviors that ensure its protection. Transparency towards data subjects is therefore a primary objective, pursued through effective communication tools designed to make basic information on data processing available to stakeholders. This information page, created in accordance with the requirements set forth by Regulation (EU) 2016/679 “General Data Protection Regulation” and Legislative Decree 196/2003, provides specific details regarding the following areas:
- Data processing related to the operation of this website;
- Data processing related to contractual relationships established with customers and suppliers.
General Information
Data subjects are informed of the following general principles, applicable to all areas of data processing:
- All data of individuals with whom we interact is processed in a lawful, fair, and transparent manner, in compliance with the general principles outlined in Article 5 of the GDPR and Article 11 of the Privacy Code;
- Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access, in accordance with Article 32 of the GDPR and Article 31 of the Privacy Code.
Contacts and Rights of Data Subjects
- The Data Controller is the undersigned Company, represented by its legal representative pro tempore.
- The Company has appointed a Data Protection Officer (DPO), who can be contacted to exercise any of the rights provided by Articles 15-21 of the GDPR (right of access, rectification, erasure, restriction, portability, objection) as well as to revoke any previously given consent. In case of a lack of response to requests, data subjects can file a complaint with the Data Protection Authority (GDPR – Art.13, paragraph 2, letter d).
Contact Details
Controller: Via Pastore, 3/5 – 29017 Fiorenzuola (PC) – Tel. +39 0523 985811
DPO: Salini Luca – Tel: 0523.713250 – Email: dpo@ecoreholding.it
1) DATA PROCESSING RELATED TO THE OPERATION OF THIS WEBSITE
1.1 Navigation Data
The computer systems and software procedures used to operate this website collect certain personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but, by its very nature, could allow users to be identified through processing and association with data held by third parties. This category includes IP addresses or domain names of computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.
Purpose and Legal Basis of Processing (GDPR-Art.13, comma 1, lett.c) | This data is used solely to obtain anonymous statistical information about the website’s use and to verify its proper functioning. The data could also be used to ascertain responsibility in the event of potential cybercrimes against the site (legitimate interests of the controller). |
Communication Scope (GDPR-Art.13, comma 1, lett.e,f) | Data is processed exclusively by internal staff, duly authorized and instructed in data processing (GDPR-Art.29) or by entities responsible for website maintenance (appointed as external processors, if applicable) and will not be disclosed or transferred to third parties outside the EU. Only in case of an investigation could the data be made available to competent authorities. |
Data Retention Period (GDPR-Art.13, comma 2, lett.a) | Data is usually stored for brief periods, except for extensions related to investigative activities. |
Provision (GDPR-Art.13, comma 2, lett.f) | The data is not provided by the data subject but acquired automatically by the website’s technological systems. |
1.2 Cookies
his website uses cookies. This document, in accordance with Articles 13 and 122 of Legislative Decree 196/2003 (“privacy code”) and in compliance with the general provision of the Privacy Authority dated May 8, 2014, provides information on the cookies used on the site. Cookies are used on our website and in our emails to provide a better service and user experience. This document describes the categories of cookies we use.
What are cookies? Cookies are small data files stored by the browser on the computer’s hard drive. Each time a user returns to visit our website, the browser sends these cookies back to us, allowing us to offer the user a personalized experience that reflects their interests and preferences, and facilitates access to our services.
Do we use cookies on the website? Yes, we use cookies to improve the website and provide services and features to its users.
It is possible to limit or disable the use of cookies through the web browser; however, without cookies, some or all the website’s functionalities may not be usable.
Strictly Necessary
These tracking tools are essential to ensure the operation and delivery of the service requested by the user and therefore do not require consent.
Technical Cookies
Technical cookies may be used to allow users to access secure areas of our website without having to log in repeatedly or to remember actions taken by the user (e.g., completing a form) when returning to a previous page of a session.
Simple Interactions and Functionalities
These tracking tools enable simple interactions and functionalities that allow the user to access certain resources on our service and communicate more easily with our website.
Analytical Cookies
these tracking tools allow us to measure traffic and analyze user behavior to improve our service.
Analytical cookies may be used to obtain information on website usage, advertising, and emails, as well as to notify us of any errors. These cookies may also provide technical details such as the last page visited, the number of pages viewed, whether an email was opened, which parts of the website or emails were clicked on, and the time elapsed between clicks. This information may be associated with user details such as IP address, domain, or browser; however, it is analyzed alongside information from other people so that individual users are not identified. For example, these cookies may be used on our website to:
- Analyze and improve the performance and design of our website, advertisements, and emails;
- Quantify responses to our advertisements and improve their effectiveness;
- Calculate errors occurring on our website to improve the service and handle complaints.
To consult the privacy policy regarding Google Analytics, refer to the Google Privacy Policy page.
The Google Analytics browser add-on for deactivation is also available at the following link: Google Opt-out Tool.
Functionality Cookies
These cookies are not essential but allow users to enjoy various helpful functionalities on our website. For example, they may be used on our website to:
- Remember user preferences selected during previous visits, such as country/language, interests, and website layout (font size, colors, etc.), so the user does not have to re-enter this information;
- Remember responses to questions posed on our site, such as customer satisfaction surveys, so they are not presented to the user again;
- Provide information that allows optional services to function, such as watching an online video or posting a comment on a blog.
Enhancing User Experience
These tracking tools allow us to offer a personalized user experience by improving settings management and enabling interaction with external networks and platforms.
Third-Party Cookies
When a user accesses our website, some cookies from third-party services might be stored. This happens, for instance, if a user visits a page containing content from a third-party website. Consequently, the user may receive cookies from these third-party services. These cookies do not contain personal information unless the user has logged into their account. For example, third-party cookies may originate from:
- YouTube o Facebook
Our website does not control the storage or access to these cookies. For more information on the use of cookies by third parties, please refer to the privacy and cookie policies of the respective services.
Pulsante Mi Piace e widget sociali di Facebook (Facebook, Inc.)
Facebook “Like” Button and Social Widgets: The “Like” button and social widgets for Facebook are services that allow interaction with the Facebook social network, provided by Facebook, Inc.
Personal data collected: Cookies and usage data.
Processing location: USA – Privacy Policy
Twitter “Tweet” Button and Social Widget (Twitter, Inc.)
The “Tweet” button and social widgets for Twitter are services that allow interaction with the Twitter social network, provided by Twitter, Inc.
Personal data collected: Cookies and usage data.
Processing location: USA – Privacy Policy.
Pulsante AddThis, Inc. (“AddThis”, “we”, “us”, or “our”)
AddThis Button and Social Widgets. (“AddThis”, “we”, “us”, or “our”)
The AddThis button and social widgets are interaction services provided by AddThis, Inc
Personal data collected: Cookies and usage data.
Processing location: USA – Privacy Policy.
Targeting and Advertising
These tracking tools allow us to deliver personalized commercial content based on the user’s behavior and manage, deliver, and track advertisements.
How to Change Cookie Settings
Most browsers allow users to delete cookies from their computer’s hard drive, block acceptance of cookies, or receive an alert before a cookie is stored.
How to Limit or Disable Cookies?
ach browser offers methods for limiting or disabling cookies. For more information on managing cookies, please visit the appropriate links:
- Internet Explorer
- Firefox
- Chrome
- Safari
1.3 Work with Us
This page allows data subjects to submit their professional applications for employment with the Company.
Purpose and Legal Basis of Processing (GDPR-Art.13, comma 1, lett.c) | The data (only CVs) is collected for the proper management of the recruitment process. Sending an application requires specific, free, and informed consent (GDPR-Art.6, paragraph 1, letter a). Upon hiring, candidates will receive a standard privacy notice related to the professional relationship established. |
Communication Scope (GDPR-Art.13, comma 1, lett.e,f) | The data is processed exclusively by authorized personnel trained in data processing (GDPR-Art.29). The data will not be disseminated or transferred to non-EU countries. |
Data Retention Period (GDPR-Art.13, comma 2, lett.a) | Data is retained for periods compatible with the purpose of collection |
Provision (GDPR-Art.13, comma 2, lett.f) | Providing data (CV) is necessary to submit an application and facilitate the selection process. |
1.4 Information Requests
This page allows data subjects to request information
Purpose and Legal Basis of Processing (GDPR-Art.13, comma 1, lett.c) | Identifying and contact information is required to respond to data subjects’ requests. Sending a request requires specific, free, and informed consent (GDPR-Art.6, paragraph 1, letter a). |
Communication Scope (GDPR-Art.13, comma 1, lett.e,f) | Data is processed exclusively by authorized personnel trained in data processing (GDPR-Art.29). The data will not be disseminated or transferred outside the EU. |
Data Retention Period (GDPR-Art.13, comma 2, lett.a) | Data is retained for periods compatible with the purpose of collection. |
Provision (GDPR-Art.13, comma 2, lett.f) | Providing data is necessary to obtain a response. |
1.5 Data Voluntarily Provided by the User
The optional, explicit, and voluntary sending of messages to contacts indicated on this website, or participation in the forum, entails the subsequent acquisition of data provided by the sender. The sender remains solely responsible for the relevance and accuracy of the data sent.
2) DATA PROCESSING RELATED TO RELATIONSHIPS WITH CLIENTS AND SUPPLIERS
2.1 Scope of Processing
The Company processes personal identification data of clients/suppliers (such as name, surname, business name, demographic/tax data, address, phone number, email, bank and payment references) and of its operational contacts (name, surname, and contact details) acquired and used in providing the services offered. Elfo may also process personal data (usually anonymized) concerning software development activities/services. In this case, Elfo will ensure the security protections outlined in this policy and any other guarantees expressly required by the client.
2.2 Purpose and Legal Basis of Processing
Data is processed to:
- Establish contractual/professional relationships;
- Fulfill pre-contractual, contractual, and tax obligations arising from existing relationships and manage related communications;
- Comply with legal obligations, regulations, EU directives, or orders from authorities;
- Exercise a legitimate interest or a right of the Controller (e.g., legal defense, protection of credit positions, operational, management, and accounting needs).
Failure to provide the requested data will make it impossible to establish a relationship with the Controller. The above purposes, in accordance with Article 6, paragraphs b, c, and f, represent valid legal bases for processing. If processing for other purposes is intended, specific consent will be requested from data subjects.
2.3 Processing Methods
Personal data processing is carried out through the operations listed in Art. 4, n. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, usage, interconnection, blocking, communication, erasure, and destruction of data. Personal data is processed using both paper and electronic and/or automated methods. The Controller will retain personal data for as long as necessary to fulfill the purposes for which it was collected and for related legal obligations.
2.4 Processing Scope
Data is processed by authorized and trained internal staff under Art.29 of the GDPR. Data subjects may also request detailed information on external entities that may act as Processors or Independent Controllers (consultants, technicians, banks, transporters, etc.).
3) POLICY UPDATES
Please note that this policy may be subject to periodic review, particularly in relation to relevant legislation and case law. In case of significant changes, the updated policy will be prominently displayed on the website’s home page for an appropriate period. Data subjects are encouraged to review this policy periodically.