This document describes how to manage the website www.exper.green (“Site”), with reference to the personal-data processing of Users (“User/Users”) who visit it.
It is an information provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) and of the national rules on personal-data privacy and protection applicable to all those who visit our Site.
The information is provided only for the Site and not for other websites that can be visited by the user through links on the Site.
Please note that this website is owned by the company Expergreen s.r.l..
1. Owner of data processing
The owner of the data processing is Expergreen s.r.l., with registered office in Via Torino, 85 – 12040 Vezzad’Alba (CN), Italy, on behalf of its legal representative pro tempore, (“Owner”). Email: [email protected]
2. Types of data collected
2.1 Browsing data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
These data are not collected to be associated with the identified Users but, by their nature, they could allow identifying Users.
They include for example: (i) the IP addresses or domain names of the computers used by the Users who connect to the Site, (ii) the URI (Uniform Resource Identifier) notation addresses of the requested resources, (iii) the time of request, (iv) the method used to submit the request to the server, (v) the size of the file received in reply, (vi) the numerical code indicating the status of the reply given by the server (successful, error) and (vii) other parameters relating to the operating system and IT environment of the User.
2.2 Data provided voluntarily by the User
The Owner processes the personal and identification data (name, surname, address, email), hereinafter “personal data”. Users may provide their personal data to formulate a request for information. As regards the data, there is not any automated decision-making process, nor a data processing involving the user profiling. If the user gives personal data of third parties, he must be sure that they have been adequately informed and have given their consent.
3. Purposes and legal base of the processing
3.1 Browsing data
Browsing data may be used to generate anonymous statistics on the use of the Website, for its security and to check its correct functioning and could be used to ascertain liability in the event of any computer crimes. The legal basis for the processing of such data is the legitimate interest of the Owner and in the case of requests by the judicial authorities, the legal obligation.
3.2 Data supplied voluntarily by the User
The personal data entered in the contact form are processed exclusively to reply to the request for information, i.e. for the provision of the service and to perform pre-contractual, contractual or fiscal duties.
The user’s personal data are also processed to fulfil the duties provided for by law, by rules, by the EC regulations or by an order of the Authority and to pursue a legitimate interest of the Owner or to exercise the rights of the Owner, for example the right to representation.
4. Categories of data recipients
Personal data may be disclosed to third parties belonging to the following categories:
- freelancers, firms or companies within the relationships of assistance and consultancy;
- people who provide services for the management of the information system and telecommunications networks;
- web platform managers (management software e.g. MailUp for sending newsletters);
- relevant authorities to fulfil legal obligations and/or provisions of public bodies, upon request.
Those belonging to the above categories act as Data Processors pursuant to article 28 GDPR. The personal data will be processed only by people authorized by the Owner, according to art. 29 GDPR, based on their duties or company role.
5. Storage period
The data provided directly by the User are kept for the time strictly necessary to process requests and to achieve the purposes of processing, then they will only be kept in order to comply with the relevant legal obligations, for administrative purposes and/or to assert or defend a right.
6. Security measures
Personal data are collected electronically, recorded in digital format, by using organisational and technical security measures to ensure the protection of confidentiality and avoid the risks of loss and destruction, unauthorised accesses and unauthorized data processing that does not comply with the above purposes.
7. Non-EU data transfer
The personal data provided will not be transferred abroad to non-EU countries or to an international organization. Data management and storage takes place on servers located in the European Union. It is understood that the Owner in any case, if necessary, has the right to move to non-EU countries.
In that case, the transfer of non-EU data will take place in compliance with the legal provisions in force by entering, if necessary, into agreements guaranteeing an adequate protection level and/or taking the standard contractual clauses provided for by the European Commission.
This Site is not intended for use by underage youths and minor data are not knowingly collected or processed. In accordance with applicable law, the person who has the parental responsibility must give his consent to collect the minor’s personal data. If the minor data should be unintentionally processed, the Owner will delete them timely, at the written request of the person who has the parental responsibility.
9. Rights of the interested party
The User may assert his rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the owner of the data processing, writing an email to [email protected] or sending a registered letter with return receipt to Expergreen s.r.l., Via Torino, 85 – 12040 Vezza d’Alba (CN), Italy.
The User is entitled, at any time, to ask the Owner of processing to access to his personal data, to rectify and delete them, to restrict their processing. Furthermore, in the cases provided for, the User is entitled to oppose, at any time, the data processing (including automated processing, e.g. profiling), as well as to revoke the consent given without affecting the lawfulness of the processing based on the consent given previously. The User is entitled to make a complaint about the personal data protection (www.garanteprivacy.it) to the Guarantor and/or to any other relevant Board of Control under Regulations. The User is entitled to portability of his data and in this case the Owner of the processing will provide the User data in a structured format, commonly used and machine readable.
The Owner reserves the right to change and update this information. Any updates will be published on this page. If amendments to the policy are significant and a specific consent is required by law, the Owner can send an email message to the User.
Update date: 08 May 2020