PRIVACY POLICY
- DATA CONTROLLER
The Data Controller that identifies the aims and means to process personal data is Emu Group S.p.A. with head office on the Industrial Estate in Marsciano – 06055 (Pg)
VAT No. IT03765320969
- PERSONAL DATA PROTECTION OFFICER
The Personal Data Protection Officer has not been appointed as the Data Controller is not obliged to do so.
- JOINT DATA CONTROLLER – DELEGATION TO THIRD PARTIES
In the event of a joint data controller, the main data controller ensures compliance with the following principles is guaranteed by means of a joint data controller agreement.
In the event personal data processing is entrusted to third parties, the main data controller ensures compliance with the following principles is guaranteed by means of a service agreement.
- ORGANISATION
The data controller organises the resources and personal data processing, so they comply with the requisites envisaged by the GDPR and national legislation for the sector. More specifically:
-
- internally,
- the organisation of privacy reflects operational organisation, consistent with the connected operational duties, powers and authority
- The natural people, who will have the tasks and important responsibility (taking into account the number and categories of personal data, the risks for the rights and liberty of natural persons), are selected, identified and appointed on the basis of objective criteria, which establish their knowledge, ability and experience required by the company. If there are no formal qualifications, the requisites and assessment standards are established in advance.
- The data processors act under the direct authority of the Data Controller or a supervisor appointed by the latter. Personnel is duly trained and informed under a continual training programme, which takes into account the different needs according to the different roles covered.
- The Data Controller directs and supervises all those, who process personal data on its behalf.
-
- Outside the company,
- all those appointed to process personal data are selected, identified and appointed on the basis of a preliminary, transparent process, which guarantees an objective selection. The supplier must possess the skills and professionalism required by the organisation; the supplier must give sufficient guarantees that it can put in place adequate technical and organisational measures for processing to comply with the GDPR requisites and to guarantee the rights of the Data Subject.
- Relationships with third parties processing data on behalf of the Data Controller are always formalised in writing. The relevant agreement complies with the minimum requisites envisaged by Art. 28, GDPR.
- The Data Controller directs and supervises all those, to whom it delegates data processing.
- THE STAKEHOLDERS
- The Data Controller processes the personal data of the following categories of natural persons:
– employees
– freelancers
-users
– suppliers
-
- Categories of indirect Data Subjects:
– family members of employees or users
– employees’ creditors
– employees’ successors
-
- Data Subject Institutions / Organisations
– trade unions
-
- other.
- THE CULTURE OF PRIVACY
Emu Group S.p.A. does not consider its ability to protect personal data as merely and only a legal obligation, but rather a preferential requirement and competitive asset. In tune with the prospect of accountability required by the GDPR, Emu Group S.p.A. takes a risk-based approach to compliance of its processing of personal data with the GDPR. Compliance with the rights, freedom and data of natural persons is a mandatory, ethical imperative, which guides all its business activities.
- LAWFULNESS
Emu Group S.p.A. only implements personal data processing based on one of the legal principles according to Article 6, GDPR (consent, fulfilment of contractual obligations, vital interests of the Data Subject or of third parties, legal obligations to which the Data Controller is subject, public interest or the exercise of public powers, legitimate interests pursued by the Data Controller or third parties, to whom the data is given).
Emu Group S.p.A. processes special personal data (i.e. not only data which may reveal the racial or ethnic origin, political opinions, religious or philosophical convictions or trade union membership, but also genetic data, biometric data, which can univocally identify a natural person, data regarding a person’s health, sexual life or sexual orientation) only in the event of one of the cases envisaged by Article 9, GDPR.
Emu Group S.p.A. only processes personal data regarding criminal convictions and offences or connected to security measures on the legal basis provided for by Article 6.1, GDPR and only until the control of the public authority or, if processing is authorised by the law of the European Union or by its member States, which envisages appropriate guarantees for the rights and freedom of the data subjects.
- FAIR PRACTICE
Emu Group S.p.A. processes personal data exclusively for identified, explicit, lawful purposes, without any impropriety or deception towards the Data Subjects and strictly within the restrictions of the legal basis which authorises processing.
- TRANSPARENCY
Emu Group S.p.A. takes appropriate measures to provide the Data Subject with all the information according to Articles 13 and 14 and the communications according to Articles 15 and 22 and Article 34 regarding processing in a concise, transparent, intelligent and easily accessible form, using simple, clear language. More specifically, Emu Group S.p.A. informs the Data Subject of the procedures used each time to collect, use, consult or otherwise process his personal data, as well as the extent to which his personal data are or will be processed. The information and communications regarding the processing of that personal data must be easily accessible and understandable.
- LIMITATION OF PURPOSE
Emu Group S.p.A. processes personal data for specific, explicit, lawful purposes and ensures the processing is not incompatible with those purposes.
- DATA MINIMISATION
Emu Group S.p.A. processes adequate, pertinent personal data, restricted to what is required for the purposes for which it is processed.
- ACCURACY
Emu Group S.p.A. processes accurate and, if necessary, updated personal data. It takes all reasonable measures to erase or promptly correct incorrect data, according to the purposes for which it is processed.
- STORAGE LIMITATION
Emu Group S.p.A. stores personal data in a form which permits the identification of the Data Subjects for a period of time no longer than is required to achieve the purposes, for which it is processed.
- INTEGRITY AND CONFIDENTIALITY
Emu Group S.p.A. processes personal data and guarantees it takes adequate technical and organisational measures to guarantee the data is secure and protected from unauthorised or unlawful processing and from accidental loss, destruction or damage.
- DATA PROTECTION BY DESIGN AND BY DEFAULT
Emu Group S.p.A. takes a methodological approach to any project, according to which an assessment of the protection of personal data must be made from the project design stage. Therefore, personal data protection must be taken into account for any structural or conceptual project from the moment of its design, and solutions found to protect personal data.
Emu Group S.p.A. implements adequate technical and organisational measures to guarantee personal data is processed by default, using only the personal data required for each specific purpose of the processing. More specifically, the technical and organisational measures in place aim to guarantee it is processed by default according to the specific purposes of the processing.
- OBLIGATIONS
Failure to comply with the principles contained in this document, or with any of the directives, instructions, requests and orders, which Emu Group S.p.A. may give to protect personal data and compliance with the legislation in force, constitutes a serious breach.
- REVISIONS
This document is approved by the Board of Directors and has been prepared by the data controller, which arranges for its update and diffusion.
- TRANSFER OF DATA ABROAD
Your personal data may be transferred abroad, both within the European Union and to third countries, for the purpose of executing the contract, the mandatory relationship in place with you or the pre-contractual measures adopted at your request, as well as the fulfillment of obligations imposed by applicable laws. This transfer will take place in compliance with the provisions of articles 44 et seq. of the GDPR. In particular, the transfer may take place on the basis of an adequacy decision adopted by the European Commission capable of proving that the recipient country offers an adequate level of security for the protection of personal data (article 45 of the GDPR). For transfers to third countries in which, however, there is no decision by the commission, the Company undertakes to ensure an adequate level of protection of personal data, providing “adequate guarantees” on the basis of the provisions of article 46 of the GDPR.
In any case, the Customer has the right to obtain reference to the appropriate or suitable guarantees adopted for the transfer of personal data and the means to obtain a copy of such personal data or the place where they were made available.
PRIVACY POLICY – COOKIES
Information overview, disabling and managing cookies
Cookies are data sent from the website and stored by the Internet browser on the user’s computer or other device (e.g. tablet or mobile phone). Our Internet website or the relevant sub-domains may install technical cookies and third party cookies.
Users may, nevertheless, request cookies to be generally disabled or deleted by modifying the settings of their Internet browser. Disabling, however, may slow down or prevent access to some parts of the website.
The settings to manage or disable cookies can vary according to the Internet browser used. Therefore, in order to obtain further information on how to proceed with these operations, we advise the User to read the manual for his own device or use the “Help” function on his Internet browser.
Below, we have given Users the links, which explain how to manage or disable cookies for the most popular Internet browsers:
- Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Opera: http://help.opera.com/Windows/10.00/it/cookies.html
- Safari: https://support.apple.com/kb/PH19255
Technical cookies
The use of technical cookies, i.e. cookies required to transmit communications on an electronic communication network or cookies strictly required by the supplier to provide the service requested by the customer, allows you to use our website safely and efficiently.
Session cookies may be installed to allow you to access and remain in the reserved area of the portal as an authenticated user.
Technical cookies are essential for our Internet website to function correctly and we use them to enable users to browse normally and to use the advanced services available on our website. The technical cookies used are divided into session cookies, stored exclusively for the time you spend browsing until you close the browser, and permanent cookies, which are stored in the user’s device until they expire or are deleted by the user. Our website uses the following technical cookies:
- Technical browser or session cookies, used to manage normal browsing and user authentication;
- Technical functional cookies, used to store the personalisations chosen by the user, e.g. language;
- Technical analytics cookies, used to understand how users use our website in order to be able to assess and improve how it operates.
Third party cookies
Third party cookies may be installed: these are analytical, profiling cookies by Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookies are sent by Internet websites of the aforementioned third parties outside our website.
Third party analytical cookies are used to detect information on how users behave on the website. Detection is anonymous to monitor performance and improve site usability. Third party profiling cookies are used to create user profiles to offer advertising messages, which match the choices made by the user.
The use of these cookies is regulated by the rules prepared by same third parties. Therefore, we invite our Users to read the privacy policy and the instructions on how to manage or disable the cookies published on the following web pages:
For Google Analytics cookies:
– privacy policy: https://www.google.com/intl/it/policies/privacy/
– instructions to manage or disable the cookies: https://support.google.com/accounts/answer/61416?hl=it
For Google Doubleclick cookies:
– privacy policy: https://www.google.com/intl/it/policies/privacy/
– instructions to manage or disable the cookies: https://www.google.com/settings/ads/plugin
For Criteo cookies:
– privacy policy: http://www.criteo.com/it/privacy/
– instructions to manage or disable the cookies: http://www.criteo.com/it/privacy/
For Facebook cookies:
– privacy policy: https://www.facebook.com/privacy/explanation
– instructions to manage or disable the cookies: https://www.facebook.com/help/cookies/
For CrazyEgg cookies:
– privacy policy: https://www.crazyegg.com/privacy/
– instructions to manage or disable the cookies: https://www.crazyegg.com/cookies/
For Rocket Fuel cookies:
-privacy policy: http://rocketfuel.com/it/privacy/
– instructions to manage or disable the cookies: http://rocketfuel.com/it/cookie-policy/
For Youtube cookies:
-privacy policy: https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines
– instructions to manage or disable the cookies: https://support.google.com/accounts/answer/61416?hl=it
For Yahoo cookies:
-privacy policy and instructions to manage or disable the cookies: https://policies.yahoo.com/ie/it/yahoo/privacy/euoathnoticefaq/
For Bing cookies:
-privacy policy and instructions to manage or disable the cookies: https://privacy.microsoft.com/it-it/privacystatement
Profiling cookies
Profiling cookies can be installed by the Data Controller/s via so-called web analytics software, and used to prepare reports of detailed analyses in real time, with information on: visitors to a website, the search engines of origin, key words used, user language, most visited pages.
They can also collect information and data, such as IP address, nationality, town, date/time, device, browser, operative system, screen resolution, origin of navigation, pages visited and number of pages, duration of the visit, number of visits made.
This data can be used by the Data Controller in compliance with, and within the restrictions set by the legislation in force and by what is set out in the Privacy Policy.
THE PROCESSING OF PERSONAL DATA
Dear Sir/Madam,
as you have shown interest in our company, we intend to process information about you and your personal data for the purposes indicated below. We are, therefore, providing you with the following information as prescribed by the European legislation on the protection of personal data (EU Regulation 679/2016).
Data Controller and Data Protection Officer
The Data Controller, i.e. the party entitled to take decisions regarding the purposes, procedures and security of personal data is EMU GROUP S.P.A. with head office in Zona Industriale Schiavo, 06055 Marsciano (PG).
Purposes and legal base of the processing
The personal data you give us, which may be collected when we provide the services you requested, will be processed for the purposes according to the legal base given below:
Purposes
(Why we process your data) |
Legal base
(the legal provision which regulates our processing) |
refusAL OF processing
(What happens if you refuse to provide your data and/or your consent to processing) |
To allow you to access the reserved area to take advantage of the digital resources we make available. | Art. 6 letter b), processing is required to execute a contract with the data subject or to execute pre-contractual provisions taken at the latter’s request. | Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract |
To enable you to take advantage of our assistance in your projects. | Art. 6 letter b), processing is required to execute a contract with the data subject or to execute pre-contractual provisions taken at the latter’s request. | Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract |
To promote you work via our network. | Art. 6 letter b), processing is required to execute a contract with the data subject or to execute pre-contractual provisions taken at the latter’s request. | Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract |
To send you information on our products, news in the sector, our initiatives, shows and/or events. | Art. 6 para. 1, letter f), processing is required to fulfil the lawful interest of the data controller or third parties, on condition that the interests or rights and basic freedom of the data subject requesting protection of personal data prevail, especially if the data subject is under age. | Consent is not required. You may oppose this purpose of processing at any time by exercising your right of opposition provided for by Art. 21 GDPR. |
Categories of Addressees
Your personal data will be processed exclusively by personnel authorised for the purpose or by data protection officers appointed for the purpose.
In addition to the statutory obligations of communication envisaged by law and communications you may request, your data will be communicated to the following categories of addresses:
Purposes | recipients |
Promotion of your projects | Members of the EMU GROUP S.P.A. network |
Transfer abroad
Your personal data will not be transferred outside the European Union.
Period of personal data retention and criteria used
Your personal data will be retained until you exercise your right of opposition.
We will retain the material you send us for promotion for 10 years.
Rights of the data subject
The Regulation gives you the following rights which you can exercise when dealing with and against each co-data controller
A complete extract of the articles which follow is annexed to this document.
- Right of access: Article 15 of the European Regulation allows you to obtain the Data Controller’s confirmation of whether or not your data is currently being processed and in that case to obtain access to that data.
- Right to rectify: Article 16 of the European Regulation allows you to ask the Data Controller to rectify any incorrect personal data without any unjustifiable delay. Taking into account the purposes of the processing, the data subject has the right to supplement any incomplete personal data and provide a supplementary declaration.
- Right to erasure: Article 17 of the European Regulation allows you to obtain the erasure of your personal data without any unjustifiable delay if any of the grounds envisaged by the regulations exist.
- Right of restriction: Article 18 of the European Regulation allows you to ask the Data Controller to restrict processing when any of the grounds envisaged by the regulations exist.
- Right of opposition: Article 21 of the European Regulation allows you to oppose at any time on grounds of your particular situation the processing of your personal data pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of those provisions.
- Right of portability: Article 20 of the European Regulation allows you to receive your personal data you have sent to a data controller in a structured, commonly used format, which can be read by an automatic device and you have the right to send that data to another data controller without any impediment by the data controller you gave them to according to the terms and conditions envisaged by the regulation..
- Right to lodge a claim: Article 77 of the European Regulation gives you the right to lodge a claim with a supervisory authority in the member state where you usually reside, work or the place where the presumed breach has occurred, if you believe processing of your data has breached the regulation.
Further information
For any other requirement and to exercise the rights recognised to you by law, including the right of opposition, you can contact the data controller’s contact persons given above.
Collaboration
We consider the protection of your data and compliance with the principles established by legislation, especially the principle of transparency to be of primary importance. We would be grateful, if you would notify the data controller’s contacts given above of anything you fail to understand in this document and suggest any improvements we can make.
INFORMATION AND PROMOTION
Dear Sir/Madam,
as you have shown interest in our products and initiatives, we intend to process information about you, your personal data, for the purposes indicated below. We are, therefore, providing you with the following information as prescribed by the European legislation on the protection of personal data (EU Regulation 679/2016).
Data Controller and Data Protection Officer
The Data Controller, i.e. the party entitled to take decisions regarding the purposes, procedures and security of personal data is EMU GROUP S.P.A. with head office in Zona Industriale Schiavo, 06055 Marsciano (PG).
Purposes and legal base of the processing
The personal data you give us, which may be collected when we provide the services you requested, will be processed for the purposes according to the legal base given below:
Purposes
(Why we process your data) |
Legal base
(Which legal provision regulates our processing) |
refusAL OF processing
(What happens if you refuse to provide your data and/or your consent to processing) |
To send you information on our products, news in the sector, our initiatives, shows and/or events. | Art. 6 para. 1, letter f), processing is required to fulfil the lawful interest of the data controller or third parties, on condition that the interests or rights and basic freedom prevail of the data subject requesting protection of personal data, especially if the data subject is under age. | Consent is not required. You may oppose this purpose of processing at any time by exercising your right of opposition provided for by Art. 21 GDPR. |
Categories of Addressees
Your personal data will be processed exclusively by personnel authorised for the purpose or by data protection officers appointed for the purpose.
We will only communicate your personal data to fulfil our legal obligations.
Transfer abroad
Your personal data will not be transferred outside the European Union.
Period of personal data retention and criteria used
Your personal data will be retained until you exercise your right of opposition.
Rights of the data subject
The Regulation gives you the following rights which you can exercise when dealing with and against each co-data controller
A complete extract of the articles which follow is annexed to this document.
- Right of access: Article 15 of the European Regulation allows you to obtain the Data Controller’s confirmation of whether or not your data is currently being processed and in that case to obtain access to that data.
- Right to rectify: Article 16 of the European Regulation allows you to ask the Data Controller to rectify any incorrect personal data without any unjustifiable delay. Taking into account the purposes of the processing, the data subject has the right to supplement any incomplete personal data and provide a supplementary declaration.
- Right to erasure: Article 17 of the European Regulation allows you to obtain the erasure of your personal data without any unjustifiable delay if any of the grounds envisaged by the regulations exist.
- Right of restriction: Article 18 of the European Regulation allows you to ask the Data Controller to restrict processing when any of the grounds envisaged by the regulations exist.
- Right of opposition: Article 21 of the European Regulation allows you to oppose at any time on grounds of your particular situation the processing of your personal data pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of those provisions.
- Right of portability: Article 20 of the European Regulation allows you to receive your personal data you have sent to a data controller in a structured, commonly used format, which can be read by an automatic device and you have the right to send that data to another data controller without any impediment by the data controller you gave them to according to the terms and conditions envisaged by the regulation.
- Right to lodge a claim: Article 77 of the European Regulation gives you the right to lodge a claim with a supervisory authority in the member state where you usually reside, work or the place where the presumed breach has occurred, if you believe processing of your data has breached the regulation.
Further information
Further information, our privacy policy and this notice are available on our website at the address www.emu.it, where you will also find a complete extract of the articles of law referred to above.
For any other requirement and to exercise the rights recognised to you by law, including the right of opposition, you can contact the data controller’s contact persons given above.
Collaboration
The protection of your data and compliance with the principles established by legislation, especially the principle of transparency are values of primary importance to us. We would be grateful, if you would notify the data controller’s contacts given above of anything you fail to understand in this document and suggest any improvements we can make.
MODEL OF PRIVACY POLICY NOTICE FOR PROCESSING CUSTOMERS’ PERSONAL DATA
Dear Sir/Madam,
we need to process information about you and your personal data for the purposes indicated below. We are, therefore, providing you with the following information, as prescribed by the European legislation on the protection of personal data (EU Regulation 679/2016).
- Data Controller and Data Protection Officer
The Data Controller, i.e. the party entitled to take decisions regarding the purposes, procedures and security of personal data is EMU GROUP S.P.A.
- Purposes and legal base of the processing
The personal data you give us, which may be collected when we provide the services you requested, will be processed for the purposes according to the legal base given below:
Purposes
(Why we process your data) |
Legal base
(Which legal provision regulates our processing) |
refusAL OF processing
(What happens if you refuse to provide your data and/or your consent to processing) |
To fulfil the contract you have entered into. | Art. 6 letter b), processing is required to execute a contract with the data subject or to execute pre-contractual provisions taken at the latter’s request. | Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract |
To fulfil legal obligations regarding fiscal and tax administration for the contract. | Art. 6 letter c), the processing is required to fulfil a legal obligation to which the data controller is subject. | Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract |
Send information on other products sold by Emu Group Spa | Art. 6 para. 1, letter f), processing is required to fulfil the lawful interest of the data controller or third parties, on condition that the interests or rights and basic freedom of the data subject requesting protection of personal data prevail, especially if the data subject is under age. | Consent is not required. You may oppose this purpose of processing at any time by exercising your right of opposition provided for by Art. 21 GDPR. |
- Recipients and categories of processed data
The personal data you have provided or acquired during the provision of the service will be processed exclusively by personnel authorised for the purpose or by data protection officers appointed for the purpose.
In addition to the statutory obligations of communication envisaged by law and any communications you may request, your data will be communicated to the following categories of addresses:
Purposes | categories of data | recipients |
Invoicing | Consumption, identification, contractual details, | Companies preparing, printing and recording invoices |
Sending invoices | Identification, contractual details | Shipping and delivery companies |
Collection of invoices | Identification, contractual details | Banks |
Protection in the event of non-fulfilment of the contract | Identification, contractual details, consumption | Companies and professionals appointed to collect credit and deal with any litigation |
- Transfer abroad
Your personal data will not be transferred outside the European Union.
- Period of personal data retention and criteria used
The personal data processed is collected in documents, which will be retained in compliance with the purpose of the processing as summarised below.
Document | Retention duration |
Contract and relevant documentation | 10 years from the termination of the contract |
Tax documentation regarding the contract. | 10 years from the time of issue |
- Rights of the data subject
The Regulation gives you the following rights, which you can exercise when dealing with and against each co-data controller
A complete extract of the articles which follow is annexed to this document.
- Right of access: Article 15 of the European Regulation allows you to obtain the Data Controller’s confirmation of whether or not your data is currently being processed and, in that case, to obtain access to that data.
- Right to rectify: Article 16 of the European Regulation allows you to ask the Data Controller to rectify any incorrect personal data without any unjustifiable delay. Taking into account the purposes of the processing, the data subject has the right to supplement any incomplete personal data and provide a supplementary declaration.
- Right to erasure: Article 17 of the European Regulation allows you to obtain the erasure of your personal data without any unjustifiable delay if any of the grounds envisaged by the regulations exist.
- Right of restriction: Article 18 of the European Regulation allows you to ask the Data Controller to restrict processing when any of the grounds envisaged by the regulations exist.
- Right of opposition: Article 21 of the European Regulation allows you to oppose at any time the processing of your personal data on the grounds of your particular situation pursuant to Article 6, paragraph 1, letters e) or f), This includes profiling on the basis of those provisions.
- Right of portability: Article 20 of the European Regulation allows you to receive your personal data you have sent to a data controller in a structured, commonly used format, which can be read by an automatic device. You have the right to send that data to another data controller without any impediment by the data controller you gave them to according to the terms and conditions envisaged by the regulation.
- Right to lodge a claim: Article 77 of the European Regulation gives you the right to lodge a claim with a supervisory authority in the member state where you usually reside, work or the place where the presumed breach has occurred, if you believe processing of your data has breached the regulation.
- Further information
Further information, our privacy policy and this notice are available on our website at the address www.emu.it
A complete extract of the aforementioned articles of law is available at EMU GROUP SPA – Zona industriale – 06055 Marsciano (Perugia) – Italy – 0039 075 874021 – info@emu.it
This department will be able to provide all the explanations you may need on exercising your rights; you may send your requests in writing, together with a valid identity document to EMU GROUP SPA – Zona industriale – 06055 Marsciano (Perugia) – Italy – 0039 075 874021 – info@emu.it
- Collaboration
We consider the protection of your data and compliance with the principles established by legislation, especially the principle of transparency to be of primary importance. We would be grateful if you would notify the data controller’s contacts given above of anything you fail to understand in this document and suggest any improvements we can make.
INFORMATION NOTICE FORM FOR THE PROCESSING OF PERSONAL DATA FOR LEAD GENERATION
Dear Sir/Madam,
In order to provide you with the requested information and keep you informed about our future initiatives, we need to process information about you—your personal data—for the purposes indicated below; to this end, as prescribed by the European legislation for the protection of personal data (European Regulation 679/2016), we are providing you with the following information.
Data Controller
The Data Controller, i.e., the subject responsible for deciding on the purposes, methods, and security of personal data, is EMU GROUP SPA with registered office in Zona Industriale, Schiavo, 06055 Marsciano (PG), Italy.
Purposes and legal grounds for processing
The personal data that you provide to us will be collected at the time of your request and will be processed for the purposes according to the legal grounds set out below:
Purposes
(Why we process your data) |
Legal ground
(Which is the legal provision we refer to when processing data) |
Consequences in case of refusal to processing
(What happens if you refuse to provide personal data and/or authorise processing) |
Provide you with the commercial information you have requested. | Art. 6(1)(b), the processing is necessary for the execution of pre-contractual measures taken at the request of the data subject. | Consent is not required, failure to provide information makes it impossible to fulfil requests. |
To transfer data to the companies in the Group and to the sales network (i.e., agents, distributors, and retailers) responsible for the area concerned in order to satisfy your purchase requests. | Art. 6(1)(b), the processing is necessary for the execution of pre-contractual measures taken at the request of the data subject.
Art. 49 (1)(b), GDPR, the transfer of data is necessary for the execution of a contract concluded between the data subject and the data controller or for the execution of pre-contractual measures taken at the request of the data subject. |
Consent is not required, if you refuse to give your data we will not be able to proceed with the contract. |
Recipients and categories of processed data
The personal data provided by you or acquired in the course of the provision of services will be processed exclusively by authorised personnel or by data processors designated for this purpose.
Your data will be communicated to the following recipients:
Purposes | Category of data | Recipients |
To meet your requests relating to territorial areas outside the Company’s jurisdiction | Identification, economic data | Companies in the Group responsible for the area concerned and sales network (i.e., agents, distributors, and retailers) |
Marketing purposes | Customer IDs | Persons, companies, or agencies that provide marketing and analysis services or consultancy activities in favour of EMU GROUP S.p.A. |
Transfer abroad
Your personal data are transferred outside the European Union, only if the transfer of your data is necessary for the execution of a contract concluded between the data subject and the Data Controller, or for the
execution of pre-contractual measures taken at the request of the data subject; the legal ground is Art. 49 (1)(B) of GDPR.
Retention period for the personal data and criteria used
The data provided will also be used with computer and telematic tools and will be stored only for the period necessary to meet your requests and until your objection.
We would like to remind you that, if you do not wish to receive information about future initiatives or products, you may exercise your right to object freely and at any time by making a request to the Data Controller.
Rights of the data subject
The Regulation gives you the following rights, which you may exercise against and in relation to each joint controller.
A complete abstract of the following law articles is available on the Internet at http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/6264597.
- Right to Access: Art. 15 of the European Regulation allows you to obtain confirmation from the data controller as to whether or not data relating to you is being processed and, if so, to obtain access to such data.
- Right to Rectification: Art. 16 of the European Regulation allows you to obtain from the data controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, even by providing a supplementary declaration.
- Right to Erasure: Art. 17 of the European Regulation allows you to obtain from the data controller the erasure of personal data concerning you without undue delay, if one of the reasons provided for by the rule exists.
- Right to Restriction: Art. 18 of the European Regulation allows you to obtain from the data controller the restriction of processing when one of the cases provided for by the rule applies.
- Right to Object: Art. 21 of the European Regulation allows you to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you pursuant to Article 6(1)(e) or (f), including profiling based on these provisions.
- Right to Portability: Art. 20 of the European Regulation allows you to receive the personal data concerning you that you have provided to a data controller in a structured, commonly used, and machine-readable format. You have the right to transmit these data to another data controller without hindrance from the controller to whom you have provided them, in accordance with the conditions laid down by the Regulation.
- Right to Revoke Consent: Art. 7 of the European Regulation allows you to revoke your consent at any time. Revocation of consent does not affect the lawfulness of processing based on consent prior to revocation.
- Right to Complain: Art. 77 of the European Regulation gives you the right to lodge a complaint with a supervisory authority in the Member State in which you are normally resident or work or in which the alleged infringement has taken place, if you consider that the processing of your personal data is in breach of the Regulation.
Further information
Further information, our privacy policy and this notice are available on our website at www.emu.it/en/.
A complete extract of the above mentioned law articles is available at the administrative office of the company EMU GROUP SPA – Zona Industriale, 06055, Marsciano (PG), Italy – 0039 075 874021 – info@emu.it.
This office can provide all the explanations you may need regarding the exercise of your rights; requests may be submitted in writing, accompanied by a valid identification document, to the administrative office of the company EMU GROUP SPA – Zona Industriale, 06055, Marsciano (PG), Italy – 0039 075 874021 – info@emu.it.
Collaboration
The protection of data concerning you and compliance with the principles laid down in the legislation, with particular reference to the principle of transparency, are fundamental values for us; we will be grateful if you help us by reporting any misunderstanding of this document or by suggesting improvements via contact information of the controller, as mentioned above.
INFORMATION NOTICE FORM FOR THE PROCESSING OF PERSONAL DATA FOR INFORMATION AND PROMOTION PURPOSES (NEWSLETTER) FOR FACEBOOK/LINKEDLN CAMPAIGN
Dear Sir/Madam,
In order to provide you with the requested information and keep you informed about our future initiatives, we need to process information about you—your personal data—for the purposes indicated below; to this end, as prescribed by the European legislation for the protection of personal data (European Regulation 679/2016), we are providing you with the following information.
Data Controller
The Data Controller, i.e., the subject responsible for deciding on the purposes, methods, and security of personal data, is EMU GROUP SPA with registered office in Zona Industriale, Schiavo, 06055 Marsciano (PG), Italy.
Purposes and legal grounds for processing
The personal data that you provide to us will be collected at the time of your request and will be processed for the purposes according to the legal grounds set out below:
Purposes
(Why we process your data) |
Legal ground
(Which is the legal provision we refer to when processing data) |
Consequences in case of refusal to processing
(What happens if you refuse to provide personal data and/or authorise processing) |
To send you information about our products, industry news, our initiatives, shows and/or events. | Art. 6 (1)(a) of GDPR (the data subject has given consent to the processing of his/her personal data for one or more specific purposes). | In the absence of your consent, we will not proceed with the data processing. |
Recipients and categories of processed data
The personal data provided by you or acquired in the course of the provision of services will be processed exclusively by authorised personnel or by data processors designated for this purpose.
Transfer abroad
Your personal data is not transferred outside the European Union.
Retention period for the personal data and criteria used
The data provided will also be used with computer and telematic tools and will be stored only for the period necessary to meet your requests and until revocation of consent.
Rights of the data subject
The Regulation gives you the following rights, which you may exercise against and in relation to each joint controller.
A complete abstract of the following law articles is available on the Internet at http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/6264597.
- Right to Access: Art. 15 of the European Regulation allows you to obtain confirmation from the data controller as to whether or not data relating to you is being processed and, if so, to obtain access to such data.
- Right to Rectification: Art. 16 of the European Regulation allows you to obtain from the data controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, even by providing a supplementary declaration.
Right to Erasure: Art. 17 of the European Regulation allows you to obtain from the data controller the erasure of personal data concerning you without undue delay, if one of the reasons provided for by the rule exists.
- Right to Restriction: Art. 18 of the European Regulation allows you to obtain from the data controller the restriction of processing when one of the cases provided for by the rule applies.
- Right to Object: Art. 21 of the European Regulation allows you to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you pursuant to Article 6(1)(e) or (f), including profiling based on these provisions.
- Right to Portability: Art. 20 of the European Regulation allows you to receive the personal data concerning you that you have provided to a data controller in a structured, commonly used, and machine-readable format. You have the right to transmit these data to another data controller without hindrance from the controller to whom you have provided them, in accordance with the conditions laid down by the Regulation.
- Right to Revoke Consent: Art. 7 of the European Regulation allows you to revoke your consent at any time. Revocation of consent does not affect the lawfulness of processing based on consent prior to revocation.
- Right to Complain: Art. 77 of the European Regulation gives you the right to lodge a complaint with a supervisory authority in the Member State in which you are normally resident or work or in which the alleged infringement has taken place, if you consider that the processing of your personal data is in breach of the Regulation.
Further information
Further information, our privacy policy and this notice are available on our website at www.emu.it/en/.
A complete extract of the above mentioned law articles is available at the administrative office of the company EMU GROUP SPA – Zona Industriale, 06055, Marsciano (PG), Italy – 0039 075 874021 – info@emu.it.
This office may provide you with all the explanations you need regarding the exercise of your rights; requests may be made in writing, accompanied by a valid identification document, to the administrative office of the company EMU GROUP SPA – Zona Industriale 06055 Marsciano Perugia Italy – 0039 075 874021 info@emu.it.
Collaboration
The protection of data concerning you and compliance with the principles laid down in the legislation, with particular reference to the principle of transparency, are fundamental values for us; we will be grateful if you help us by reporting any misunderstanding of this document or by suggesting improvements via contact information of the controller, as mentioned above.
INFORMATION IN RELATION TO THE PROCESSING OF PERSONAL DATA – AUTHORISATION TO PUBLISH PHOTOS/VIDEOS – SALONE DEL MOBILE
Dear Sir/Madam,
EMU GROUP SPA, with registered office located in 06055 Marsciano (PERUGIA), Industrial Area, as the “Data Controller”, would like to inform you of how your personal data will be processed, specifically the data regarding photos taken and/or audio-video recordings made during the Trade Fair Salone del Mobile – Milan, in accordance with “European Regulation 2016/679 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data” (hereinafter GDPR), which provides for the protection of persons and other subjects with regard to the processing of their personal data.
EMU GROUP SPA, as the “Data Controller”, pursuant to Art. 13 of the GDPR, would like to inform you of the following:
• Purpose of data processing
The event organised is by invitation of the participants and any personal data that may be processed, by means of photographic images or audio-video recordings, will be processed for the prevailing purpose related to the documentation of the event. This will be done by disseminating such photographic images or audio-video recordings using the means of communication most widely used today, such as the Company’s website (https://www.emu.it/), and the social medial networks linked to it or any other means of dissemination. For purposes related to the drafting of publications of an informative and institutional nature, the Data Controller may also store the photos or the audio-video recordings in the Company’s computer and paper archives, specifying that they may be used at a later date.
The images collected will be mainly aimed at the environmental context in which the event itself will take place (main topic) and, only secondarily (background or context) at the people present, taking care not to take close-up or frontal shots of the faces of those present, but at angles such as to limit the recognisability of the people and/or taken from a certain distance.
• Legal basis of data processing
The processing carried out for the purposes described above is based on:
– granting of consent by the data subject pursuant to Art. 6(1)(a) ([…] the data subject has given consent to the processing of his/her personal data for one or more specific purposes). In this context, consent shall be deemed to have been explicitly given where the data subject is informed in advance and participates, by going to a place (for example event venues, etc.) where there will be a photo or video shooting service. These places will be clearly identified by specific signs.
– pursuit of the legitimate interest of the Data Controller in the event of the publication of images to document the event;
– fulfilment of legal obligations (for example, in the case of communications that must be given to public authorities);
Should you wish to object to the processing of your data for these purposes, you may do so at any time by contacting the Data Controller using the contact details indicated below in this information notice.
• How the data is processed and how it is communicated and disseminated
The personal data, including photographic images and/or audio-video recordings, will be processed in accordance with current regulations and with the principles of correctness, lawfulness, transparency and confidentiality that inspire the activities carried out by EMU GROUP SPA, in compliance with the security measures provided for by the GDPR.
The data will be processed, also using electronic devices, by people specifically appointed for the Company’s dissemination and communication activities. The images collected will be stored, also in electronic form and on any digital media for the purposes and within the limits defined above, and they may be disseminated on the website (https://www.emu.it/), as well as through social media channels. such as Facebook, Twitter, Youtube (by way of example but not limited to). The use of the images does not entitle you to any remuneration.
In any case, any use of the images that may harm the honour, reputation or respectability of the person portrayed, filmed or recorded is excluded pursuant to Art. 10 of the Italian Civil Code.
• Transfer of data to non-EU countries:
The personal data will in no way be transferred to non-EU countries.
• Data Controller and Data Processors
The Data Controller is EMU GROUP SPA, with registered office located in 06055 Marsciano (PG) Industrial Area, who can be contacted at the email address info@emu.it, certified email address info@pec.emu.it. In relation to the purposes indicated, the data may be sent to companies and/or people, who provide services, including external services, on behalf of the Data Controller for the implementation, promotion and communication of the event, as well as to other institutions hosting the event.
Any Data Processors are duly identified and the relationship with them is based on a regular contract. You can request their data from the Data Controller should it be in your interest to learn the details.
• Rights of the interested party
Giving consent to the processing of your personal data is optional. At any time, you may exercise all the rights indicated in Articles from 15 to 22 and in Art. 34 of the GDPR, in particular the cancellation, rectification or integration of data, by written communication to be sent to the email address info@emu.it, certified email address info@pec.emu.it, as indicated above.
• Retention period
The data collected (photos, audio-video recordings, etc.) will be kept in the Company’s computer archives exclusively for the purpose of having a historical memory of the events and activities carried out and they will be used for these purposes as well as for institutional use. The data stored is checked periodically for obsolescence in relation to the purposes for which it was collected and the maximum retention period is 5 years.
• Possible consequences of not providing data
Giving consent to the processing of data for the above mentioned purposes is free and optional. However, any refusal, manifested in the ways indicated above, will result in the implicit impossibility of participating in the event.
• Changes and updates
This information notice is valid from the date indicated in the heading. EMU GROUP SPA might make changes and/or additions to this information notice, also as a consequence of any subsequent regulatory modifications and/or integrations. The interested party can view the text of the constantly updated information notice on the Company’s website.
INFORMATION IN RELATION TO THE PROCESSING OF PERSONAL DATA – AUTHORISATION TO PUBLISH PHOTOS/VIDEOS – OPEN DAYS AND EVENTS AT EMU- CORSO MONFORTE, 50 MILAN
Dear Sir/Madam,
EMU GROUP SPA, with registered office located in 06055 Marsciano (PERUGIA), Industrial Area, as the “Data Controller”, would like to inform you of how your personal data will be processed, specifically the data regarding photos taken and/or audio-video recordings made during the Fuori Salone Open Days (6/12 June 2022) and the event “Talk with Luciano Galimberti and Sebastian Herkner” (8.6.2022), in accordance with “European Regulation 2016/679 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data” (hereinafter GDPR), which provides for the protection of persons and other subjects with regard to the processing of their personal data.
EMU GROUP SPA, as the “Data Controller”, pursuant to Art. 13 of the GDPR, would like to inform you of the following:
• Purpose of data processing
The event organised is by invitation of the participants and any personal data that may be processed, by means of photographic images or audio-video recordings, will be processed for the prevailing purpose related to the documentation of the event. This will be done by disseminating such photographic images or audio-video recordings using the means of communication most widely used today, such as the Company’s website (https://www.emu.it/), and the social medial networks linked to it or any other means of dissemination. For purposes related to the drafting of publications of an informative and institutional nature, the Data Controller may also store the photos or the audio-video recordings in the Company’s computer and paper archives, specifying that they may be used at a later date.
The images collected will be mainly aimed at the environmental context in which the event itself will take place (main topic) and, only secondarily (background or context) at the people present, taking care not to take close-up or frontal shots of the faces of those present, but at angles such as to limit the recognisability of the people and/or taken from a certain distance.
• Legal basis of data processing
The processing carried out for the purposes described above is based on:
– granting of consent by the data subject pursuant to Art. 6(1)(a) ([…] the data subject has given consent to the processing of his/her personal data for one or more specific purposes). In this context, consent shall be deemed to have been explicitly given where the data subject is informed in advance and participates, by going to a place (for example event venues, etc.) where there will be a photo or video shooting service. These places will be clearly identified by specific signs.
– pursuit of the legitimate interest of the Data Controller in the event of the publication of images to document the event;
– fulfilment of legal obligations (for example, in the case of communications that must be given to public authorities);
Should you wish to object to the processing of your data for these purposes, you may do so at any time by contacting the Data Controller using the contact details indicated below in this information notice.
• How the data is processed and how it is communicated and disseminated
The personal data, including photographic images and/or audio-video recordings, will be processed in accordance with current regulations and with the principles of correctness, lawfulness, transparency and confidentiality that inspire the activities carried out by EMU GROUP SPA, in compliance with the security measures provided for by the GDPR.
The data will be processed, also using electronic devices, by people specifically appointed for the Company’s dissemination and communication activities. The images collected will be stored, also in electronic form and on any digital media for the purposes and within the limits defined above, and they may be disseminated on the website (https://www.emu.it/), as well as through social media channels. such as Facebook, Twitter, Youtube (by way of example but not limited to). The use of the images does not entitle you to any remuneration.
In any case, any use of the images that may harm the honour, reputation or respectability of the person portrayed, filmed or recorded is excluded pursuant to Art. 10 of the Italian Civil Code.
• Transfer of data to non-EU countries:
The personal data will in no way be transferred to non-EU countries.
• Data Controller and Data Processors
The Data Controller is EMU GROUP SPA, with registered office located in 06055 Marsciano (PG) Industrial Area, who can be contacted at the email address info@emu.it, certified email address info@pec.emu.it. In relation to the purposes indicated, the data may be sent to companies and/or people, who provide services, including external services, on behalf of the Data Controller for the implementation, promotion and communication of the event, as well as to other institutions hosting the event.
Any Data Processors are duly identified and the relationship with them is based on a regular contract. You can request their data from the Data Controller should it be in your interest to learn the details.
• Rights of the interested party
Giving consent to the processing of your personal data is optional. At any time, you may exercise all the rights indicated in Articles from 15 to 22 and in Art. 34 of the GDPR, in particular the cancellation, rectification or integration of data, by written communication to be sent to the email address info@emu.it, certified email address info@pec.emu.it, as indicated above.
• Retention period
The data collected (photos, audio-video recordings, etc.) will be kept in the Company’s computer archives exclusively for the purpose of having a historical memory of the events and activities carried out and they will be used for these purposes as well as for institutional use. The data stored is checked periodically for obsolescence in relation to the purposes for which it was collected and the maximum retention period is 5 years.
• Possible consequences of not providing data
Giving consent to the processing of data for the above mentioned purposes is free and optional. However, any refusal, manifested in the ways indicated above, will result in the implicit impossibility of participating in the event.
• Changes and updates
This information notice is valid from the date indicated in the heading. EMU GROUP SPA might make changes and/or additions to this information notice, also as a consequence of any subsequent regulatory modifications and/or integrations. The interested party can view the text of the constantly updated information notice on the Company’s website.