OWNER OF PROCESSING

Evoca S.p.A., with registered offices in Via Tommaso Grossi 2, 20121, Milan, Italy, fiscal code and VAT number 05035600963, phone number: +39.035.606111, email info@evocagroup.com (hereafter also “Company”).

 

RESPONSIBLE FOR DATA PROTECTION (DPO)

Partners4Innovation S.r.l., with registered offices in Via Copernico 38, 20125 Milan, fiscal code and VAT number 0484183096 in the Milan Registry of Enterprises.

 

 

1- PURPOSE OF PROCESSING

1.1 – Contractual purposes: to visualise web pages and use services, including the sale of products offered on the site www.evocagroup.com (“Site”).

1.2 – Marketing purposes: to send via automated means (e.g. SMS, MMS and e-mail) and traditional means (i.e. phone calls and post) promotional and sales information about services/products offered by the Company or other companies within the Evoca Group, or notification about company events, as well as market research and statistical analysis reports.

1.3 – Legal obligations: to comply with rules and obligations set out by national and supranational legislation, where applicable.

1.4 – Newsletters: if requested by the user by subscribing to this service.

1.5 – Owner's rights: if necessary, to ascertain, exercise and defend the Company's rights in any and all locations

1.6 – Site Functionality: the information systems and software procedures responsible for the Site’s functionality acquire some personal data during their normal use. That transmission of the data is implicit in the use of Internet communication protocols. These data are not collected to be associated with specific parties, however due to the nature of the information, they could enable the identification of the Site user through elaboration and association with data held by the Company or third parties.

 

2 - LEGAL ASPECTS OF DATA PROCESSING

2.1 - Contractual purposes: execution of the agreement to which the user is a party.

2.2 - Marketing purposes: consent (optional and revocable at any time).

2.3 – Legal obligations: need to fulfil legal obligations.

2.4 - Newsletters: legitimate interest.

2.5 - Owner's rights and Extrajudicial credit recovery: legitimate interest.

 

3 - DATA STORAGE PERIOD

3.1 - Contractual purposes and Legal obligations: for the entire duration of the contract and for 10 years after termination.

3.2 - Newsletters and Marketing purposes: until the revocation of consent for said purposes. Only data related to any purchases made shall be stored and handled for 24 months, which is the period provided for by the Data Protection Authority measures of 24 February 2005 and subsequent modifications.

3.3 - Owner's rights: in the event of litigation, for the entire duration of the same, until the exhaustion of the enforceability of appeals.

3.4 – Site Functionality: for the entire duration of the session navigating the Site.

Upon the expiry of the above mentioned storage terms, the user's personal data shall be destroyed, erased or made anonymous, in compliance with technical erasure and backup procedures.

 

4.1 - PERSONAL DATA PROCESSING FOR CONTRACTUAL PURPOSES - LEGAL OBLIGATIONS - OWNER'S RIGHTS

Anagraphic, contact and administrative-accounting data.

4.2 - PERSONAL DATA PROCESSING FOR MARKETING PURPOSES

Anagraphic, contact and administrative-accounting data; data about purchases made on the Site; data collected by cookies installed on the Site.

4.3 - PERSONAL DATA PROCESSING FOR NEWSLETTERS

Contact information.

4.4 - PERSONAL DATA PROCESSING FOR SITE FUNCTIONING

The IP addresses and computer domain names utilised by users who connect to the Site; the URI addresses (Uniform Resource Identifier) of the requested resources; the request time, the method used to submit the request to the server, the size of the files received in reply, the numerical code indicating the status of the server's reply (successful, error, etc.); other parameters related to the operating system and the user’s IT environment; information related to the user’s behaviour on the Site, to the pages visited or searched for in order to select and tailor specific adverts to Site users; data related to navigation behaviour held by Sites using cookies, for example.

 

5 - COMPULSORY DATA CONFERMENT

The conferment of personal data as per point 4.1 for the purposes outlined in point 1.1 is compulsory. Refusal to provide the aforesaid personal data therefore precludes the ability to use booking and product sales services on the Site.

The conferment of personal data as per points 4.2 and 4.3 for the purposes outlined in points 1.2 and 1.3 is optional and linked to user consent.

Some of the personal data as per point 4.4 are required for the Site to function properly. Other data are used only for extracting anonymous statistical information about the use of the Site and that it is functioning correctly. These data are immediately erased after elaboration. The principle of strict necessity is applied during the processing of personal data which may identify the specific user, either directly or indirectly. Thus, the Site has been configured so that the use of personal data is minimal, and the processing of personal data which enables the specific user to be identified is limited exclusively to cases of necessity or request by the authorities and the police (e.g. data related to traffic, to a user’s time on the Site or IP address) or to ascertain responsibility in the event of cybercrimes.

 

6 - RECIPIENTS OF DATA

The data can be processed by external parties operating as autonomous owners, including the authorities, supervisory and control bodies, public and private parties entitled to request data, as well as other companies in the Evoca Group.

The data can be processed by the Company, using external parties designated as Data Managers, all of whom have received appropriate operative training. Said parties fall into the following categories:

a. companies offering e-mail messaging services;

b. companies offering Site maintenance and development services;

c. companies offering market survey reporting and support services.

 

7 – DATA TRANSFER OUTSIDE THE EU

Your data may be transferred and processed in one or more nations within or outside the European Union. A complete list of the countries in which we operate is available on our internet page www.evocagroup.com.

We have the faculty to transfer personal data outside the European Union exclusively to those countries deigned able by the European Commission to offer a suitable level of protection (on the following site you can find a list of these countries: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), or where the Evoca Group has arranged adequate measures to preserve data privacy (for which we usually adopt one of the forms of data transfer contracts approved by the European Commission of which you can find a copy at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).

 

8 – USERS’ RIGHTS - COMPLAINT TO CONTROL BODY

By contacting the Company via e-mail at privacy@evocagroup.com, users may ask the Company to provide access to their personal data, to cancel the data, to correct any inexact data, to integrate incomplete data, to limit processing according to art. 18 of the GDPR, as well as to deny processing in cases of the Company's legitimate interest.

Additionally, when processing is based on consent or the contract and is effected automatically, users have the right to receive their personal data in commonly-used structured format legible by an automatic device, as well as to transmit the data to another owner without impediment when technically feasible.

The user has the right to revoke consent for marketing purposes at any moment, as well as deny processing of personal data for marketing purposes. However, if the user prefers to be contacted for this purpose exclusively by traditional means, it shall be possible for him/her to express his/her opposition only to the receipt of communications by automated methods.

Users have the right to forward complaints to the competent Control Bodies in the member State where they usually reside or work or in the State where the presumed violation has occurred.

 

9 - DATA SAFETY

We have adopted adequate safety measures to prevent the loss of, illicit and improper use, and unauthorised access to personal data. However, we ask users to remember that in order to ensure the safety of their data it is essential to have continually updated antivirus software installed on their devices, and that Internet providers guarantee safe data transmission via firewalls, anti-spamming filters and additionally similar protections.