Privacy
Privacy 2018-11-22T23:08:41+00:00

PRIVACY POLICY

  • DATA CONTROLLER

The Data Controller that identifies the aims and means to process personal data is Emu Group S.p.A. with head office on the Industrial Estate in Marsciano – 06055 (Pg)

VAT No. IT03765320969

  • PERSONAL DATA PROTECTION OFFICER

The Personal Data Protection Officer has not been appointed as the Data Controller is not obliged to do so.

  • JOINT DATA CONTROLLER – DELEGATION TO THIRD PARTIES

In the event of a joint data controller, the main data controller ensures compliance with the following principles is guaranteed by means of a joint data controller agreement.

In the event personal data processing is entrusted to third parties, the main data controller ensures compliance with the following principles is guaranteed by means of a service agreement.

  • ORGANISATION

The data controller organises the resources and personal data processing, so they comply with the requisites envisaged by the GDPR and national legislation for the sector. More specifically:

    • internally,
  • the organisation of privacy reflects operational organisation, consistent with the connected operational duties, powers and authority
  • The natural people, who will have the tasks and important responsibility (taking into account the number and categories of personal data, the risks for the rights and liberty of natural persons), are selected, identified and appointed on the basis of objective criteria, which establish their knowledge, ability and experience required by the company. If there are no formal qualifications, the requisites and assessment standards are established in advance.
  • The data processors act under the direct authority of the Data Controller or a supervisor appointed by the latter. Personnel is duly trained and informed under a continual training programme, which takes into account the different needs according to the different roles covered.
  • The Data Controller directs and supervises all those, who process personal data on its behalf.
    • Outside the company,
  • all those appointed to process personal data are selected, identified and appointed on the basis of a preliminary, transparent process, which guarantees an objective selection. The supplier must possess the skills and professionalism required by the organisation; the supplier must give sufficient guarantees that it can put in place adequate technical and organisational measures for processing to comply with the GDPR requisites and to guarantee the rights of the Data Subject.
  • Relationships with third parties processing data on behalf of the Data Controller are always formalised in writing. The relevant agreement complies with the minimum requisites envisaged by Art. 28, GDPR.
  • The Data Controller directs and supervises all those, to whom it delegates data processing.
  • THE STAKEHOLDERS
    • The Data Controller processes the personal data of the following categories of natural persons:

– employees

– freelancers

-users

– suppliers

    • Categories of indirect Data Subjects:

– family members of employees or users

– employees’ creditors

– employees’ successors

    • Data Subject Institutions / Organisations

– trade unions

    • other.
  • THE CULTURE OF PRIVACY

Emu Group S.p.A. does not consider its ability to protect personal data as merely and only a legal obligation, but rather a preferential requirement and competitive asset. In tune with the prospect of accountability required by the GDPR, Emu Group S.p.A. takes a risk-based approach to compliance of its processing of personal data with the GDPR. Compliance with the rights, freedom and data of natural persons is a mandatory, ethical imperative, which guides all its business activities.

  • LAWFULNESS

Emu Group S.p.A. only implements personal data processing based on one of the legal principles according to Article 6, GDPR (consent, fulfilment of contractual obligations, vital interests of the Data Subject or of third parties, legal obligations to which the Data Controller is subject, public interest or the exercise of public powers, legitimate interests pursued by the Data Controller or third parties, to whom the data is given).

Emu Group S.p.A. processes special personal data (i.e. not only data which may reveal the racial or ethnic origin, political opinions, religious or philosophical convictions or trade union membership, but also genetic data, biometric data, which can univocally identify a natural person, data regarding a person’s health, sexual life or sexual orientation) only in the event of one of the cases envisaged by Article 9, GDPR.

Emu Group S.p.A. only processes personal data regarding criminal convictions and offences or connected to security measures on the legal basis provided for by Article 6.1, GDPR and only until the control of the public authority or, if processing is authorised by the law of the European Union or by its member States, which envisages appropriate guarantees for the rights and freedom of the data subjects.

  • FAIR PRACTICE

Emu Group S.p.A. processes personal data exclusively for identified, explicit, lawful purposes, without any impropriety or deception towards the Data Subjects and strictly within the restrictions of the legal basis which authorises processing.

  • TRANSPARENCY

Emu Group S.p.A. takes appropriate measures to provide the Data Subject with all the information according to Articles 13 and 14 and the communications according to Articles 15 and 22 and Article 34 regarding processing in a concise, transparent, intelligent and easily accessible form, using simple, clear language. More specifically, Emu Group S.p.A. informs the Data Subject of the procedures used each time to collect, use, consult or otherwise process his personal data, as well as the extent to which his personal data are or will be processed. The information and communications regarding the processing of that personal data must be easily accessible and understandable.

  • LIMITATION OF PURPOSE

Emu Group S.p.A. processes personal data for specific, explicit, lawful purposes and ensures the processing is not incompatible with those purposes.

  • DATA MINIMISATION

Emu Group S.p.A. processes adequate, pertinent personal data, restricted to what is required for the purposes for which it is processed.

  • ACCURACY

Emu Group S.p.A. processes accurate and, if necessary, updated personal data. It takes all reasonable measures to erase or promptly correct incorrect data, according to the purposes for which it is processed.

  • STORAGE LIMITATION

Emu Group S.p.A. stores personal data in a form which permits the identification of the Data Subjects for a period of time no longer than is required to achieve the purposes, for which it is processed.

  • INTEGRITY AND CONFIDENTIALITY

Emu Group S.p.A. processes personal data and guarantees it takes adequate technical and organisational measures to guarantee the data is secure and protected from unauthorised or unlawful processing and from accidental loss, destruction or damage.

  • DATA PROTECTION BY DESIGN AND BY DEFAULT

Emu Group S.p.A. takes a methodological approach to any project, according to which an assessment of the protection of personal data must be made from the project design stage. Therefore, personal data protection must be taken into account for any structural or conceptual project from the moment of its design, and solutions found to protect personal data.

Emu Group S.p.A. implements adequate technical and organisational measures to guarantee personal data is processed by default, using only the personal data required for each specific purpose of the processing. More specifically, the technical and organisational measures in place aim to guarantee it is processed by default according to the specific purposes of the processing.

  • OBLIGATIONS

Failure to comply with the principles contained in this document, or with any of the directives, instructions, requests and orders, which Emu Group S.p.A. may give to protect personal data and compliance with the legislation in force, constitutes a serious breach.

  • REVISIONS

This document is approved by the Board of Directors and has been prepared by the data controller, which arranges for its update and diffusion.

PRIVACY POLICY – COOKIES

Information overview, disabling and managing cookies

Cookies are data sent from the website and stored by the Internet browser on the user’s computer or other device (e.g. tablet or mobile phone). Our Internet website or the relevant sub-domains may install technical cookies and third party cookies.
Users may, nevertheless, request cookies to be generally disabled or deleted by modifying the settings of their Internet browser. Disabling, however, may slow down or prevent access to some parts of the website.

The settings to manage or disable cookies can vary according to the Internet browser used. Therefore, in order to obtain further information on how to proceed with these operations, we advise the User to read the manual for his own device or use the “Help” function on his Internet browser.

Below, we have given Users the links, which explain how to manage or disable cookies for the most popular Internet browsers:

Technical cookies

The use of technical cookies, i.e. cookies required to transmit communications on an electronic communication network or cookies strictly required by the supplier to provide the service requested by the customer, allows you to use our website safely and efficiently.
Session cookies may be installed to allow you to access and remain in the reserved area of the portal as an authenticated user.

Technical cookies are essential for our Internet website to function correctly and we use them to enable users to browse normally and to use the advanced services available on our website. The technical cookies used are divided into session cookies, stored exclusively for the time you spend browsing until you close the browser, and permanent cookies, which are stored in the user’s device until they expire or are deleted by the user. Our website uses the following technical cookies:

  • Technical browser or session cookies, used to manage normal browsing and user authentication;
  • Technical functional cookies, used to store the personalisations chosen by the user, e.g. language;
  • Technical analytics cookies, used to understand how users use our website in order to be able to assess and improve how it operates.

Third party cookies

Third party cookies may be installed: these are analytical, profiling cookies by Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookies are sent by Internet websites of the aforementioned third parties outside our website.
Third party analytical cookies are used to detect information on how users behave on the website. Detection is anonymous to monitor performance and improve site usability. Third party profiling cookies are used to create user profiles to offer advertising messages, which match the choices made by the user.
The use of these cookies is regulated by the rules prepared by same third parties. Therefore, we invite our Users to read the privacy policy and the instructions on how to manage or disable the cookies published on the following web pages:

For Google Analytics cookies:
– privacy policy: https://www.google.com/intl/it/policies/privacy/
– instructions to manage or disable the cookies: https://support.google.com/accounts/answer/61416?hl=it

For Google Doubleclick cookies:
– privacy policy: https://www.google.com/intl/it/policies/privacy/
– instructions to manage or disable the cookies: https://www.google.com/settings/ads/plugin

For Criteo cookies:
– privacy policy: https://www.criteo.com/it/privacy/
– instructions to manage or disable the cookies: https://www.criteo.com/it/privacy/

For Facebook cookies:
– privacy policy: https://www.facebook.com/privacy/explanation
– instructions to manage or disable the cookies: https://www.facebook.com/help/cookies/

For CrazyEgg cookies:
– privacy policy: https://www.crazyegg.com/privacy/
– instructions to manage or disable the cookies: https://www.crazyegg.com/cookies/

For Rocket Fuel cookies:
-privacy policy: https://rocketfuel.com/it/privacy/
– instructions to manage or disable the cookies: https://rocketfuel.com/it/cookie-policy/

For Youtube cookies:
-privacy policy: https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines
– instructions to manage or disable the cookies: https://support.google.com/accounts/answer/61416?hl=it

For Yahoo cookies:
-privacy policy and instructions to manage or disable the cookies: https://policies.yahoo.com/ie/it/yahoo/privacy/euoathnoticefaq/

For Bing cookies:
-privacy policy and instructions to manage or disable the cookies: https://privacy.microsoft.com/it-it/privacystatement

Profiling cookies

Profiling cookies can be installed by the Data Controller/s via so-called web analytics software, and used to prepare reports of detailed analyses in real time, with information on: visitors to a website, the search engines of origin, key words used, user language, most visited pages.

They can also collect information and data, such as IP address, nationality, town, date/time, device, browser, operative system, screen resolution, origin of navigation, pages visited and number of pages, duration of the visit, number of visits made.

This data can be used by the Data Controller in compliance with, and within the restrictions set by the legislation in force and by what is set out in the Privacy Policy.

THE PROCESSING OF PERSONAL DATA

Dear Sir/Madam,

as you have shown interest in our company, we intend to process information about you and your personal data for the purposes indicated below. We are, therefore, providing you with the following information as prescribed by the European legislation on the protection of personal data (EU Regulation 679/2016).

Data Controller and Data Protection Officer

The Data Controller, i.e. the party entitled to take decisions regarding the purposes, procedures and security of personal data is EMU GROUP S.P.A. with head office in Zona Industriale Schiavo, 06055 Marsciano (PG).

Purposes and legal base of the processing

The personal data you give us, which may be collected when we provide the services you requested, will be processed for the purposes according to the legal base given below:

Purposes

(Why we process your data)

Legal base

(the legal provision which regulates our processing)

refusAL OF processing

(What happens if you refuse to provide your data and/or your consent to processing)

To allow you to access the reserved area to take advantage of the digital resources we make available. Art. 6 letter b), processing is required to execute a contract with the data subject or to execute pre-contractual provisions taken at the latter’s request. Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract
To enable you to take advantage of our assistance in your projects. Art. 6 letter b), processing is required to execute a contract with the data subject or to execute pre-contractual provisions taken at the latter’s request. Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract
To promote you work via our network. Art. 6 letter b), processing is required to execute a contract with the data subject or to execute pre-contractual provisions taken at the latter’s request. Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract
To send you information on our products, news in the sector, our initiatives, shows and/or events. Art. 6 para. 1, letter f), processing is required to fulfil the lawful interest of the data controller or third parties, on condition that the interests or rights and basic freedom of the data subject requesting protection of personal data prevail, especially if the data subject is under age. Consent is not required. You may oppose this purpose of processing at any time by exercising your right of opposition provided for by Art. 21 GDPR.

Categories of Addressees

Your personal data will be processed exclusively by personnel authorised for the purpose or by data protection officers appointed for the purpose.

In addition to the statutory obligations of communication envisaged by law and communications you may request, your data will be communicated to the following categories of addresses:

Purposes recipients
Promotion of your projects Members of the EMU GROUP S.P.A. network

Transfer abroad

Your personal data will not be transferred outside the European Union.

Period of personal data retention and criteria used

Your personal data will be retained until you exercise your right of opposition.

We will retain the material you send us for promotion for 10 years.

Rights of the data subject

The Regulation gives you the following rights which you can exercise when dealing with and against each co-data controller

A complete extract of the articles which follow is annexed to this document.

  • Right of access: Article 15 of the European Regulation allows you to obtain the Data Controller’s confirmation of whether or not your data is currently being processed and in that case to obtain access to that data.
  • Right to rectify: Article 16 of the European Regulation allows you to ask the Data Controller to rectify any incorrect personal data without any unjustifiable delay. Taking into account the purposes of the processing, the data subject has the right to supplement any incomplete personal data and provide a supplementary declaration.
  • Right to erasure: Article 17 of the European Regulation allows you to obtain the erasure of your personal data without any unjustifiable delay if any of the grounds envisaged by the regulations exist.
  • Right of restriction: Article 18 of the European Regulation allows you to ask the Data Controller to restrict processing when any of the grounds envisaged by the regulations exist.
  • Right of opposition: Article 21 of the European Regulation allows you to oppose at any time on grounds of your particular situation the processing of your personal data pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of those provisions.
  • Right of portability: Article 20 of the European Regulation allows you to receive your personal data you have sent to a data controller in a structured, commonly used format, which can be read by an automatic device and you have the right to send that data to another data controller without any impediment by the data controller you gave them to according to the terms and conditions envisaged by the regulation..
  • Right to lodge a claim: Article 77 of the European Regulation gives you the right to lodge a claim with a supervisory authority in the member state where you usually reside, work or the place where the presumed breach has occurred, if you believe processing of your data has breached the regulation.

Further information

For any other requirement and to exercise the rights recognised to you by law, including the right of opposition, you can contact the data controller’s contact persons given above.

Collaboration

We consider the protection of your data and compliance with the principles established by legislation, especially the principle of transparency to be of primary importance. We would be grateful, if you would notify the data controller’s contacts given above of anything you fail to understand in this document and suggest any improvements we can make.

INFORMATION AND PROMOTION

INFORMATION ON THE PROCESSING OF PERSONAL DATA

FOR THE PURPOSE OF INFORMATION AND PROMOTION

Dear Sir/Madam,

as you have shown interest in our products and initiatives, we intend to process information about you, your personal data, for the purposes indicated below. We are, therefore, providing you with the following information as prescribed by the European legislation on the protection of personal data (EU Regulation 679/2016).

Data Controller and Data Protection Officer

The Data Controller, i.e. the party entitled to take decisions regarding the purposes, procedures and security of personal data is EMU GROUP S.P.A. with head office in Zona Industriale Schiavo, 06055 Marsciano (PG).

Purposes and legal base of the processing

The personal data you give us, which may be collected when we provide the services you requested, will be processed for the purposes according to the legal base given below:

Purposes

(Why we process your data)

Legal base

(Which legal provision regulates our processing)

refusAL OF processing

(What happens if you refuse to provide your data and/or your consent to processing)

To send you information on our products, news in the sector, our initiatives, shows and/or events. Art. 6 para. 1, letter f), processing is required to fulfil the lawful interest of the data controller or third parties, on condition that the interests or rights and basic freedom prevail of the data subject requesting protection of personal data, especially if the data subject is under age. Consent is not required. You may oppose this purpose of processing at any time by exercising your right of opposition provided for by Art. 21 GDPR.

Categories of Addressees

Your personal data will be processed exclusively by personnel authorised for the purpose or by data protection officers appointed for the purpose.

We will only communicate your personal data to fulfil our legal obligations.

Transfer abroad

Your personal data will not be transferred outside the European Union.

Period of personal data retention and criteria used

Your personal data will be retained until you exercise your right of opposition.

Rights of the data subject

The Regulation gives you the following rights which you can exercise when dealing with and against each co-data controller

A complete extract of the articles which follow is annexed to this document.

  • Right of access: Article 15 of the European Regulation allows you to obtain the Data Controller’s confirmation of whether or not your data is currently being processed and in that case to obtain access to that data.
  • Right to rectify: Article 16 of the European Regulation allows you to ask the Data Controller to rectify any incorrect personal data without any unjustifiable delay. Taking into account the purposes of the processing, the data subject has the right to supplement any incomplete personal data and provide a supplementary declaration.
  • Right to erasure: Article 17 of the European Regulation allows you to obtain the erasure of your personal data without any unjustifiable delay if any of the grounds envisaged by the regulations exist.
  • Right of restriction: Article 18 of the European Regulation allows you to ask the Data Controller to restrict processing when any of the grounds envisaged by the regulations exist.
  • Right of opposition: Article 21 of the European Regulation allows you to oppose at any time on grounds of your particular situation the processing of your personal data pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of those provisions.
  • Right of portability: Article 20 of the European Regulation allows you to receive your personal data you have sent to a data controller in a structured, commonly used format, which can be read by an automatic device and you have the right to send that data to another data controller without any impediment by the data controller you gave them to according to the terms and conditions envisaged by the regulation.
  • Right to lodge a claim: Article 77 of the European Regulation gives you the right to lodge a claim with a supervisory authority in the member state where you usually reside, work or the place where the presumed breach has occurred, if you believe processing of your data has breached the regulation.

Further information

Further information, our privacy policy and this notice are available on our website at the address www.emu.it, where you will also find a complete extract of the articles of law referred to above.

For any other requirement and to exercise the rights recognised to you by law, including the right of opposition, you can contact the data controller’s contact persons given above.

Collaboration

The protection of your data and compliance with the principles established by legislation, especially the principle of transparency are values of primary importance to us. We would be grateful, if you would notify the data controller’s contacts given above of anything you fail to understand in this document and suggest any improvements we can make.

Model of privacy policy notice for processing customers’ personal data

Dear Sir/Madam,

we need to process information about you and your personal data for the purposes indicated below. We are, therefore, providing you with the following information, as prescribed by the European legislation on the protection of personal data (EU Regulation 679/2016).

  1. Data Controller and Data Protection Officer

The Data Controller, i.e. the party entitled to take decisions regarding the purposes, procedures and security of personal data is EMU GROUP S.P.A.

  1. Purposes and legal base of the processing

The personal data you give us, which may be collected when we provide the services you requested, will be processed for the purposes according to the legal base given below:

Purposes

(Why we process your data)

Legal base

(Which legal provision regulates our processing)

refusAL OF processing

(What happens if you refuse to provide your data and/or your consent to processing)

To fulfil the contract you have entered into. Art. 6 letter b), processing is required to execute a contract with the data subject or to execute pre-contractual provisions taken at the latter’s request. Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract
To fulfil legal obligations regarding fiscal and tax administration for the contract. Art. 6 letter c), the processing is required to fulfil a legal obligation to which the data controller is subject. Consent is not required. If you refuse to provide your data, we will be unable to go ahead with the contract
Send information on other products sold by Emu Group Spa Art. 6 para. 1, letter f), processing is required to fulfil the lawful interest of the data controller or third parties, on condition that the interests or rights and basic freedom of the data subject requesting protection of personal data prevail, especially if the data subject is under age. Consent is not required. You may oppose this purpose of processing at any time by exercising your right of opposition provided for by Art. 21 GDPR.
  1. Recipients and categories of processed data

The personal data you have provided or acquired during the provision of the service will be processed exclusively by personnel authorised for the purpose or by data protection officers appointed for the purpose.

In addition to the statutory obligations of communication envisaged by law and any communications you may request, your data will be communicated to the following categories of addresses:

Purposes categories of data recipients
Invoicing Consumption, identification, contractual details, Companies preparing, printing and recording invoices
Sending invoices Identification, contractual details Shipping and delivery companies
Collection of invoices Identification, contractual details Banks
Protection in the event of non-fulfilment of the contract Identification, contractual details, consumption Companies and professionals appointed to collect credit and deal with any litigation
  1. Transfer abroad

Your personal data will not be transferred outside the European Union.

  1. Period of personal data retention and criteria used

The personal data processed is collected in documents, which will be retained in compliance with the purpose of the processing as summarised below.

Document Retention duration
Contract and relevant documentation 10 years from the termination of the contract
Tax documentation regarding the contract. 10 years from the time of issue
  1. Rights of the data subject

The Regulation gives you the following rights, which you can exercise when dealing with and against each co-data controller

A complete extract of the articles which follow is annexed to this document.

  • Right of access: Article 15 of the European Regulation allows you to obtain the Data Controller’s confirmation of whether or not your data is currently being processed and, in that case, to obtain access to that data.
  • Right to rectify: Article 16 of the European Regulation allows you to ask the Data Controller to rectify any incorrect personal data without any unjustifiable delay. Taking into account the purposes of the processing, the data subject has the right to supplement any incomplete personal data and provide a supplementary declaration.
  • Right to erasure: Article 17 of the European Regulation allows you to obtain the erasure of your personal data without any unjustifiable delay if any of the grounds envisaged by the regulations exist.
  • Right of restriction: Article 18 of the European Regulation allows you to ask the Data Controller to restrict processing when any of the grounds envisaged by the regulations exist.
  • Right of opposition: Article 21 of the European Regulation allows you to oppose at any time the processing of your personal data on the grounds of your particular situation pursuant to Article 6, paragraph 1, letters e) or f), This includes profiling on the basis of those provisions.
  • Right of portability: Article 20 of the European Regulation allows you to receive your personal data you have sent to a data controller in a structured, commonly used format, which can be read by an automatic device. You have the right to send that data to another data controller without any impediment by the data controller you gave them to according to the terms and conditions envisaged by the regulation.
  • Right to lodge a claim: Article 77 of the European Regulation gives you the right to lodge a claim with a supervisory authority in the member state where you usually reside, work or the place where the presumed breach has occurred, if you believe processing of your data has breached the regulation.
  1. Further information

Further information, our privacy policy and this notice are available on our website at the address www.emu.it

A complete extract of the aforementioned articles of law is available at EMU GROUP SPA – Zona industriale – 06055 Marsciano (Perugia) – Italy – 0039 075 874021 – info@emu.it

This department will be able to provide all the explanations you may need on exercising your rights; you may send your requests in writing, together with a valid identity document to EMU GROUP SPA – Zona industriale – 06055 Marsciano (Perugia) – Italy – 0039 075 874021 – info@emu.it

  1. Collaboration

We consider the protection of your data and compliance with the principles established by legislation, especially the principle of transparency to be of primary importance. We would be grateful if you would notify the data controller’s contacts given above of anything you fail to understand in this document and suggest any improvements we can make.

DOWNLOAD

INFORMATION RESELLERS
MODEL OF PRIVACY POLICY NOTICE FOR CANDIDATES
SUPPLIERS PERSONAL DATA