Privacy Policy

This information notice on the www.espedia.it website is provided pursuant to Art. No. 13 EU Reg. 2016/679 (“General Data Protection Regulation” or “GDPR”) and pursuant D.Lgs. 196/2003 and subsequent amendments and additions.

1.    Data controllers

Data Controller is Espedia S.r.l. (C.F. and P.I 03786190268) with registered office in Viale della Repubblica 12/l, 31020 Villorba (TV) (hereinafter referred to as the “Controller” or the “Data Controller“).

2.    Purposes of data processing and legal basis

Personal data (hereinafter referred to as “Data“) provided by the interested party are processed for the following purposes:

a) execution of the requested service (hereinafter referred to as “Service“): e.g. provision of services based on web interface, registration of users, provision of information relating to those who voluntarily subscribed to the database of our site, provision of information relating to training activities;

b) subject to specific consent, for the purposes:

i. of sending commercial and / or promotional communications on the products and services and to perform market research (“Direct Marketing“) by means of which in art. 8;

ii. survey management and questionnaires related to the degree of customer satisfaction;

iii. management of events, meetings, conferences, seminars also aimed at professional training

c) transfer of collected data to third parties, established within the European Union (companies operating in the sectors of planning and landing consultancy services and product development for corporate information systems and the development and integration of management service for companies) which will process them for purposes of direct marketing and for sending promotional and advertising messages pursuant letter (b) (hereinafter “Data transferring to third parties“).

3.    Types of  data processed

3.1       Internet navigation data

This category of data includes IP addresses or domains of computers used by users who connect to the site, addresses of the requested resources, time of the request, method used in submitting the request to the server, file size obtained in response, numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and user’s computer environment.

3.2  Data provided voluntarily by the user

The optional, explicit and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address for the purposes of answering to requests, as well as any other data included in the format.

4.    Recipients of  personal data

The Data will be processed by employees and / or collaborators of the Data Controller duly appointed as authorized processors.

Where consent has been given pursuant to Art. 2 lett. c), the Data may be transferred to third parties operating in the sectors of planning and landing consultancy services and development products for corporate information systems; software integration development for business management within the European Union.

Under no circumstances will the Data be disseminated.

The Data Controller may disclose Data to judicial authorities, or supervisory bodies, administrations, public bodies and organizations. These subjects will process the Data in their capacity as independent data controllers.

The updated list of data processors is stored at the registered office of the Data Controller.

5.    International transfer of personal data

Personal data are managed and stored on servers located within and outside the European Union owned and / or available to the Controllers and / or third parties, duly appointed as data processors.

Pursuant art. 45 GDPR and for the purposes at art. 2, letter b), Data could be transferred to the Rocket Science Group LLC d/b/a MailChimp and Salesforce.com inc., incorporated in USA, when provided an adequate level of protection (e.g. the subscription to the Privacy Shield List in compliance with the European Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 cd “Privacy Shield”).

6.    Data storage period

Data of the interested parties, collected through the website forms, are stored for the time necessary to give feedback to their requests.

Data collected for Direct Marketing purpose will be stored for 24 months maximum. Data collected through cookies are stored for the period of time established by the individual cookie. For further information, please refer to the site’s cookie policy.

7.    Providing data

As to (a), users provide personal data on a voluntary basis: the refusal to provide the data, however, excludes the user from the service required.

The consent to data processing for further purposes is optional.

8.    Data processing methods

Data processing for each of the aforementioned purposes is carried out using paper-based, automated or electronic methods also, but not limited to, mail or email, telephone (e.g. unsolicited calls, SMS, MMS), fax and any other IT channel (e.g. websites, mobile, app) suitable to guarantee security and confidentiality according to the so-called data protection by default, i.e. the application of measures to minimize the risks of data breach.

9.    Rights of the interested party

Pursuant to artt. 16-16-17-18-19-20-21 and 77-79 GDPR, and subject to the conditions specified therein, the interested party holds the following rights:

  1. right of access, i.e. the right to obtain confirmation that personal data are (not) being processed and, where that is the case, obtain access to it;
  2. right to rectification and cancellation, i.e. the right to obtain from the Controller the rectification of inaccurate personal data and / or the completion of incomplete personal data or erasure of personal data;
  3. right to restriction of data processing, i.e. the right to request suspension of personal data processing;
  4. right to data portability, i.e. the right to receive personal data in a structured, commonly used and machine-readable format, as well as the right to transmit personal data to another data controller;
  5. right to object, i.e. the right to object to  processing of personal data, including the processing of personal data for marketing and profiling purposes, as applicable;
  6. right to revoke at any time without prejudice to the lawfulness of the treatment based on the pre-given consent.
  7. right to contact the national competent data protection authority in case of unlawful processing of personal data.

10.    How to exercise your rights

Interested parties can exercise their rights by sending

– a registered letter to ESPEDIA S.r.l., Viale Repubblica 12/l, 31020 Villorba (TV) or

– by sending an email to the following address: privacy@espedia.it

Data Controllers will take care keep this information notice updated.