Information relating to the processing of personal data
After consulting this site, data relating to identified or otherwise identifiable persons may be processed. This webpage describes how the site is managed, in compliance with current regulations, with reference to the processing of personal data of users who – for whatever reason – consult it.In this regard, Ett s.p.a., the Data Controller (referred to hereinafter as “Controller”) informs users that, pursuant to the provisions of article 13 of Legislative Decree no. 196/2003 (hereinafter “Privacy Code”) and article 13 of the EU Regulation n. 2016/679 (hereinafter “GDPR”), the Data will be processed in the manner and for the purposes herewith described.Ett s.p.a. further specifies that this information is provided for the ETT site only and not for other websites that the user may consult using a link on our web pages.
1. Controller: the Data Controller is Ett s.p.a., based in Genoa, Via Sestri 37, tax code and VAT number 03873640100. The Chairman of the Board of Directors and legal representative pro tempore is Giovanni Verreschi.
2. Object of processing: the Data Controller processes personal and identification Data, including but not limited to, name, surname, company name, address, telephone, email, bank details, etc.), hereinafter referred to as “Personal Data” or simply “Data”. These Data may be entered by users: when registering on website www.ettsolutions.com; after concluding a contract; when participating in opinion polls; by filling in registration forms through this site for events organised by the Controller; from an online request for clarifications; from requests for support; from the newsletter mailing list.
3. Purpose of processing: the Data provided by users are processed:
- without their express consent (Article 24, paragraphs a, b and c, Privacy Code and article 6 paragraphs b and e, GDPR) for the following purposes:
- site management and maintenance
- user-requested services
- on-line registration and participation in initiatives or events organised by the Controller
- confirmation or registration of a contact request
- fulfilment of obligations established under law, by a regulation, by EU legislation or by an order or a sentence issued by a competent authority
- agreement of contracts for services offered by the Controller
- fulfilment of pre-contractual, contractual and tax obligations deriving from ongoing relationships
- exercising Controller rights (such as, for example, the right of defence in court)
- with express and specific prior consent (articles 23 and 130 Privacy Code and article 7 GDPR), for the following other purposes:
- when sending information material (newsletters, brochures, CD-ROMs, answers to queries, promotional material in general and other technical documents). The use of such Data will, in any case, be limited to the performance of the requested service.
4. Processing methods: processing of user Data is carried out in the operations indicated in article 4 of the Privacy Code as well as article 4, paragraph 2, GDPR, namely collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction. Personal Data are subject to paper and electronic and/or automated processing.
The Controller will process Personal Data with automated tools, exclusively for the time necessary to fulfil the aforementioned purposes and in any case for no more than ten years from the termination of the relationship for service supply purposes, and for no more than two years from Data collection for other purposes.
Specific security measures have been adopted to prevent Data loss, illicit or incorrect use of Data and unauthorised access, in line with the provisions of articles 32-34, Privacy Code and article 32, GDPR.
5. Data access: personal user Data may be processed, and then made accessible, for the sole purposes referred to in Article 3 of this informative note, including employees or collaborators of Ett s.p.a., or of Group Companies, in their capacity as personnel in charge of processing, or by system administrators.The aforementioned Data may also be processed and subsequently made accessible to third-party companies or other subjects – including, but not limited to – professionals, consultants, suppliers, hardware and software service engineers, credit institutes, shippers or transport companies, while carrying out outsourcing activities on behalf of Ett s.p.a., in their capacity as outside Data processors.
6. Data communication: in the absence of express consent, pursuant to article 6 paragraphs b) and c), GDPR, Ett s.p.a. will communicate user Data to Supervisory Bodies, Judicial Authorities or other subjects to whom the communication is mandatory by law for the fulfilment of the purposes shown in the previous point 3, sub a) of this information sheet.No Data provided by users and deriving from the web service shall be disseminated.
7. Data transfer: the personal user Data associated with this site’s web services are held at the above-mentioned headquarters of Ett s.p.a. They are exclusively handled by internal technical staff in charge of Data processing, or by others in charge of occasional and specific maintenance operations.
8. Types of Data processed:
- Navigation Data: the computer systems and software procedures used to operate this website acquire, during normal use, some personal Data implicit in the use of internet communication protocols. This information has not been collected in order to identify users. However, they could, by their very nature, be processed with the aid of third party Data, allowing users to be identified. This category of Data includes IP addresses or computer domain names used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer set-up. These Data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The Data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. Except for this eventuality, the Data on web contacts are currently cancelled within seven days.
- Data provided voluntarily by users: the optional, explicit and voluntary sending of e-mails to the e-mail addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to reply to requests, as well as any other personal Data included in the mail. For visitors to the site who wish to send their curriculum vitae for purposes of applying for employment, a specific format is accessible from the “working at Ett” page.
- Cookies:On this site, we use a third-party Google Analytics statistical analysis tool to improve the navigation experience (www.google.com/analytics/, a statistics service for websites and blogs). The service uses performance cookies to collect user Data, such as the time spent on a page, the search engine that allowed the redirection to the www.ettsolutions.com, website, the country of destination of the user, the time spent on various pages, etc. Users, therefore, browsing this site, accept this information sheet.Session cookies are generally essential in order to distinguish among connected users and are used to avoid supplying a required feature to the wrong user. They are also for security purposes, helping to prevent cyber-attacks on the site. Session cookies do not contain personal Data and last only for the current session, i.e. until the browser is closed.For further information, site users are invited to visit the cookie information page.
9. Nature of the Data supply: the supply of Data for the purposes indicated in point 3, sub a), is mandatory. Without them, it is not possible for Ett s.p.a. to guarantee the requested user services.The supply of Data for purposes referred to in point 3, sub b), however, is optional. Users may, therefore, decide not to supply Data or to subsequently deny the possibility of processing Data already provided. In this case, users cannot receive newsletters, commercial communications or advertising materials relating to the services offered by the Controller. In any case, having made this choice, users will be guaranteed the right to receive the services referred to in point 3, sub a).
10. Rights of the interested party: users, in their capacity as interested parties, have those rights as indicated in article 7, Privacy Code and article 15, GDPR, and in particular:
- they may obtain confirmation regarding the existence of personal Data concerning them, even if not yet registered, and to receive notification in an intelligible form;
- they may obtain indications as to: a) the origin of personal Data; b) the purposes and methods of treatment; c) the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identifying details of the Controller, of the managers and of the designated manager pursuant to article 5, paragraph 2, Privacy Code and article 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal Data may be communicated or who may become aware of it in their capacity as designated State territory representative, managers or appointees;
- they may obtain: a) the updating, modification or, on request, the integration of Data; b) the cancellation, transformation into anonymous form or blocking of Data processed in violation of the law, including those that do not need to be kept for the purposes for which the Data were collected or subsequently processed; c) the attestation that the operations referred to in sub a) and b) have been brought to the attention, also as regards their content, of those to whom the Data have been communicated or disseminated, except in the case where such fulfilment is proved to be impossible or would involve the use of manifestly disproportionate means, relative to the protected right;
- they may object, in whole or in part: a) for legitimate reasons, to the processing of Data concerning them, even if pertinent to the purpose of the collection; b) to the processing of Data concerning them for advertising purposes or direct sales material or for carrying out market research or commercial communications.
Where applicable, users also have the rights referred to in articles 16-21, GDPR (right of rectification, right to be forgotten, right to limit processing, right to Data portability, right of opposition), all understood to be here fully in force. They may also lodge a complaint with the Guarantor (http://eur-lex.europa.eu/legal-content/IT/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ITA&toc=OJ:L:2016:119:TOC)
11. How to exercise rights: users may exercise the rights shown in the previous point at any time by sending a registered letter to the Ett head office. ETT s.p.a., Via Sestri 37 – 16154 Genova; or by certified email to: email@example.com
12. Controllers and Appointees: the Controller is Ett s.p.a., with registered office in Via Sestri 37, Genoa, Italy. The internal Controllers are Giorgio Genta (indirizzo mail: firstname.lastname@example.org) and Giovanni Verreschi (indirizzo mail email@example.com). The external Controller is Emanuele Ameri (indirizzo mail firstname.lastname@example.org). The updated list of Data Controllers is kept at the registered office of the Controller.
13. Changes to this information sheet: as the information herein may be subject to change, Ett s.p.a. advises users to check this information sheet regularly and to refer always to the latest version.