Privacy

1. Preconditions. Why are we providing this information?

For years, ESI srl has taken into consideration the protection of personal data of their own/potential customers by guaranteeing that the processing of their personal data, carried out in any way, whether automated or manual, is carried out in compliance with the protections and rights of Regulation (EU) 2016/679 of the European Parliament and of the Council, of the 27 April 2016 (hereinafter the ‘Regulation‘ or ‘GDPR‘), regarding the protection of individuals with regards to the processing of personal data, and of other applicable rules in terms of personal data protection.

By Personal Data, we refer to the definition of Article 4(1) of the GDPR: ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person‘ (hereinafter ‘Personal Data‘).

The Regulation provides that before being able to process the Personal Data, it is necessary that the natural person to whom the Personal Data belongs, hereinafter person concerned, is informed about the reasons why said data is being requested and in which way it will be used.

The Processing of personal data is understood in the sense of Article 4(2) of the GDPR: ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction‘ (hereinafter also ‘Processing‘).


In this regard, the present document is intended to provide the user/the person concerned with useful and required information so that they can provide their own Personal Data knowingly, having received adequate information and being able, at any time, to request and obtain clarifications and/or rectifications.

This information provides all the elements required by Article 13 of the Regulation and is divided into individual sections, each of which deals with a specific topic in order to make reading faster, more convenient and easier to understand.

This information provides all the elements required by Article 13 of the Regulation and is divided into individual sections, each of which deals with a specific topic in order to make reading faster, more convenient and easier to understand.

Where necessary, relatively and exclusively for the purpose of individual services on this website (Campioni Omaggio [Champion Tribute] Newsletter), this policy will be accompanied by a form for the issuance of consent under Article 7 of GDPR, for the specific purpose of the processing of personal data provided by the interested party.

2. Data Processed and Purpose

2.1. ESI srl may collect some personal data of the user/interested party while browsing the site, such as navigation Data (aggregated information, IP address, etc.) Contact/Identification Data (name, surname, place of residence, place and date of birth, e-mail address) Data provided Voluntarily (other personal data voluntarily provided by users/interested parties during registration or when requesting services submitted by the user through this Website).

2.2. The Website is accessible to users/interested parties without the need to provide personal data.

2.3. Some Services present on the Website are accessible only to users/interested parties who have given their express consent to the processing of personal data in the relevant Section (Subscription to the Newsletter; Request for free samples; Work with us – Sending the Curriculum Vitae; Contact).

2.4. Specific information will be published on the ESI srl website page expressly and specifically set up for the provision of certain services.

In particular:

A. Navigation data

A1. Collected data. The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data of which the transmission is implicit in the use of internet communication protocols.

This category of data includes IP addresses or domain names of computers and terminals used by users, the URI/URL notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response, the numeric code indicating the status of the response given by the server and other parameters relating to the operating system and the user’s computer environment.

A2. Purpose of Processing This information, necessary for the use of web services, is not collected to be associated with identified interested parties and can be used by ESI srl in order to:

(i) obtain statistical information on the use of the services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);

(ii) check the correct functioning of the services offered;

This information could also be used to ascertain responsibility in case of hypothetical computer crimes against the Site.

A3. Retention Period. The data relating to navigation on the Website will be retained for 24 months and in any case for the period provided for the fulfilment of legal obligations, provided that it is not necessary to retain the data longer to defend or enforce a right, or any other legal obligations or lastly by order of the Public Authorities.

B. Information regarding Cookies/Cookie Policy.

This Website uses cookies, users are therefore advised to carefully read the related cookie policy.

C. Data communicated voluntarily by the user/interested party

C1. The optional and voluntary sending of messages to the contact addresses or in the appropriate section, ‘Contacts‘ of the Website of ESI srl, as well as the compilation and submission of the forms present on this Website, involve the acquisition of contact details of the sender, necessary to provide a reply to the requests forwarded, as well as all the personal data included in the communications.

C2. The optional and voluntary compilation of data by the user/interested party in the special section ‘Work with us‘ involves the acquisition of contact data as well as all personal information provided. The interested party will also receive specific information regarding the treatment of their Curriculum Vitae via the first means of contact by ESI srl.

3. Method of processing

3.1. The processing of personal data will be carried out in compliance with the obligations of confidentiality and national and European Union regulations as defined pursuant to Article 4(2) of the Regulation, namely: ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction‘.

3.2. Data processing operations may be carried out using analogue-paper means or with the support of computerised, electronic or in any case automated means.

3.3. Personal data are not subject to disclosure or to any fully automated decision-making process including profiling.

4. Base Giuridica del trattamento

4. Legal Basis of processing

4.1. The processing of navigation data is based on the legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the GDPR.

4.2. The processing of personal data required by specific Sections of this website is carried out with the specific and informed consent of the user/interested party.4.1. Il trattamento dei dati di navigazione si basa sul legittimo interesse del Titolare del Trattamento ai sensi dell’art. 6, par. 1, lettera f) del GDPR.4.2. Il trattamento dei dati personali richiesto da specifiche Sezioni del presente Sito Web è effettuato con lo specifico ed informato consenso dell’utente/interessato.

5. Contribution and consequences of refusal to provide data transfer

5.1. The user/interested party is free to provide their personal data or not, the provision is therefore optional.

5.2. This Website presents specific sections regarding certain services that require the completion of specific forms and the provision of personal data by the user/interested party. Some fields of the aforementioned forms can be marked as mandatory (indicated with the symbol *) therefore the data marked as mandatory are necessary in order to provide the requested service. In the event that the mandatory data are not provided, the requested service cannot be provided and the related opportunities cannot be used. The Personal Data that will be requested for the pursuit of the purposes previously described will be those given in the registration and/or contact form (by way of example name, surname, address of domicile/residence, e-mail address, home/mobile number).

5.3. Some Sections of this Website require the provision of personal data by the user/interested party and the necessary informed consent so that the related processing can be considered lawful. Therefore, at the time of the possible provision of data, the interested party will be provided with information containing all the provisions stipulated by Article 13 of the GDPR through the link/connection to specific information and/or section of this document. The interested party must therefore declare their informed, free consent, in a specific manner. If the transfer of personal data takes place in successive phases, additions to the previously disclosed information may be provided and new consent to processing will be requested.

5.4. In the event that the consent of the user/interested party is required and the user is under the age of sixteen (16) years, Article 8 of the Regulation requires that this consent must be given and/or authorised by the Parents, the Tutor or the person with parental responsibility.

6. Communication of data

6.1. Personal data may be disclosed only for the purposes of the processing described above, to the persons in charge of and/ or responsible for the processing designated by the Data Controller due to, and with the limitations provided for, the duties, assignments assigned or finally by the contractual regulations.

6.2. In order to perform lawfully and correctly all the processing activities necessary to pursue the purposes referred to in this Policy, the personal data provided and/or collected by ESI srl may be communicated and/or processed by the following Recipients:

  • individuals, employees and/or collaborators of the Data Controller defined as persons in charge of processing, or as persons authorised to process Personal Data under the direct authority of the Data Controller or Data Processor. These subjects are entrusted with specific and/or more activities of processing Personal Data and specific instructions have been provided to them on the subject of safety and the correct use of Personal Data and act under the direct responsibility of the Data Controller;

  • third parties, appointed as data processors by the Data Controller, who carry out processing activities or activities related to and/or instrumental to them on behalf of the Data Controller;

  • if required by law or if necessary to prevent or punish the commission of an offence, the Personal Data of the user/interested party can be communicated to the Public Authorities and/or the judicial authority without these being defined as Recipients. In fact, the GDPR establishes that the public authorities that receive communication of Personal Data in the context of a specific investigation conducted in accordance with the law of the Union or the Member States are not considered Recipients.

7. Data retention period

7.1. All personal data provided may be stored by the Data Controller, ESI srl, and by the Data Processor, TLC Web Solutions Srl, for the entire duration of the services for the pursuit of the purposes previously described.

7.2. In any case, the collected data will be kept for the period provided for the fulfilment of legal obligations, provided that it is not necessary to keep the data longer to defend or enforce a right, or any other legal obligations, by order of the Public Authorities.

8. Transfer and/or dissemination of data to Third Countries

The personal data collected will not be transferred and/or disseminated to Third Countries with respect to the European Union and/or transferred or communicated to International Organisations.

9. Rights of the interested party

Pursuant to Chapter III of Regulation (EU) 2016/679 Articles 15 to 22, the interested party has the right, under the conditions and with the methods provided therein:

(i) To ask the Data Controller for access to Their personal data and information relating to them; the rectification of inaccurate data or the addition to incomplete data; the erasure of personal data concerning them (upon the occurrence of one of the conditions indicated in Article 17(1) of the GDPR and in compliance with the exceptions provided in paragraph 3 of the same article); the restriction of the processing of their personal data (in the event of one of the hypotheses indicated in Article 18(1) of the GDPR);

(ii) To request and obtain from the Data Controller, in cases where the legal basis for the processing is the contract or the consent, and the same is carried out by automated means, Their personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller (so-called right to data portability);

(iii) To oppose at any time the processing of Their personal data in the case of special situations that concern Them;

(iv) To revoke the consent at any time, limited to cases in which the processing is based on their consent for one or more specific purposes and concerns common personal data, or particular categories of data. However, the processing based on consent and carried out prior to revocation of the same preserves its lawfulness;

(v) To submit a complaint to the supervisory authority (Authority for the Protection of Personal Data).

10. Data Controller and Date Processor

10.1. The data controller of personal data is ESI srl legal registered office located at Albisola Superiore (SV), Corso Ferrari 74/6, and with its operational headquarters located at Albissola Marina (SV), Via delle Industrie 1 (CAP 17012), (VAT number 11264680155 , CF 01099380105), e-mail esi.spa@pec.it.

10.2. The Data Processor is TLC Web Solutions Srl based in Genova, Piazza Giacomo Matteotti 2/4.

10.3. The interested party may request information regarding the processing of their personal data by writing to the Data Controller as follows:

  • – by registered letter with acknowledgment of receipt addressed to: ESI srl, Albissola Marina (SV), Via delle Industrie 1, CAP 17012;
  • – by e-mail to Pec: esi.spa@pec.it

Or to the Data Processor as follows:

  • – by registered letter with acknowledgment of receipt addressed to: TLC Web Solutions S.r.l., Genova (GE), Piazza Giacomo Matteotti 2/4, CAP 16123;
  • – by e-mail to Pec: pec@pec.tlcws.it.