DATA CONTROLLER
Enginium S.r.l., with registered office at Piazza IV Novembre 5, 20124 Milan, telephone number: 02-444111, e-mail address: it.privacy@enginium.eu (the “Company”).
DATA PROTECTION OFFICER
Piazza IV Novembre 5, 20124 Milan, for the attention of the “Data Protection Officer” – e-mail address: dpo@gigroup.com.
CATEGORIES OF DATA PROCESSED AND SOURCE OF THE DATA
The personal data processed include, by way of example and not limitation, personal details (first name, last name), contact details (e-mail, telephone number), Company, company role, and any additional personal data contained in the message sent through the form and/or collected in the context of the relationship with the Company.
Finally, please note that the Company will collect personal data directly from you.
| Why are your personal data processed? | What is the legal basis that makes the processing lawful? | How long do we retain your personal data? |
| Management of pre-contractual activities
Activities functional to the management of pre-contractual relationships (planning and organizational management of activities, communication, provision, at your request, of pre-contractual information, etc.), as well as, where applicable, the management of a contact request submitted by you through the form. |
The legal basis applicable to the processing of personal data is the implementation of pre-contractual measures taken at the request of the data subject, pursuant to Article 6(1)(b) of the GDPR. | For the time necessary to handle the requests for information. |
After the above retention periods have elapsed, the personal data will be destroyed, deleted or anonymized, in accordance with the technical procedures for deletion and backup.
NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF REFUSAL
Providing personal data is mandatory and, therefore, refusal to provide them prevents the Company from pursuing the above purpose.
METHODS OF PROCESSING
The processing of data is based on the principles of fairness, lawfulness, transparency and data minimization (privacy by design); it may be carried out manually as well as through automated means designed to transmit the data, and will take place through appropriate technical and organizational measures, insofar as reasonable and in light of the state of the art, to ensure, among other things, the security, confidentiality, integrity, availability and resilience of systems and services, preventing the risk of loss, destruction, unauthorized access or disclosure, or in any case unlawful use, as well as through reasonable measures to promptly erase or rectify inaccurate data with respect to the purposes for which they are processed.
RECIPIENTS OF THE DATA
Personal data may be processed exclusively by employees of company departments authorized to process them because they are responsible for pursuing the above purposes. Such employees have received appropriate operating instructions. Personal data may be disclosed by the Company to the following subjects:
- Audit firms;
- Supervisory Body;
- Professional firms and consultants;
- Insurance companies;
- Revenue Agency;
- Bilateral sector body;
- Commercial information companies;
- Group companies.
Personal data may also be processed by external parties expressly appointed as Data Processors pursuant to Article 28 of the GDPR, which provide the Company with:
- IT services;
- Customer database management and maintenance services;
- Archiving services;
- Mailing services for communications.
The updated list of recipients is available at our registered office or by sending an e-mail to it.privacy@enginium.eu.
The personal data provided will not be disclosed and will not be transferred abroad by the Data Controller.
RIGHTS OF THE DATA SUBJECT
Data subjects may ask the Data Controller for access to the data, their erasure, rectification of inaccurate data, completion of incomplete data, as well as restriction of processing in the cases provided for by Article 18 of the GDPR.
Data subjects have the right to object, at any time, in whole or in part, to the processing of data necessary for the pursuit of the Data Controller’s legitimate interest.
Furthermore, where the conditions for exercising the right to data portability under Article 20 of the GDPR are met, data subjects have the right to receive the data provided to the Data Controller in a structured, commonly used and machine-readable format, and, where technically feasible, to transmit those data to another controller without hindrance.
Data subjects have the right to lodge a complaint with the competent supervisory authority (in particular in the Member State in which they habitually reside or work, or in the State where the alleged infringement occurred).
These rights may be exercised by writing by post to the address indicated above, or by e-mail to: it.privacy@enginium.eu. It is understood that, where the request is submitted electronically, the information will be provided in a commonly used electronic format.