DATA CONTROLLER
Elica S.p.A.
Via Ermanno Casoli, no.2, 60044 Fabriano (AN)
PEC: elicaspa@sicurezzapostale.it 
Phone: +39-07326101
(hereinafter referred to as “Company” or “Data Controller”)

DATA PROTECTION OFFICER (DPO)
DPO can be contacted at: dpo@elica.com

Elica S.p.A., as Data Controller, pursuant to article 13 of the GDPR (“GDPR”), provides you with information regarding the processing of personal data (hereinafter referred to as "Data")  collected following your  browsing on this website (hereinafter referred to as " Web Site").

PERSONAL DATA PROCESSED, PURPOSES AND LEGAL BASIS OF DATA PROCESSING
1.    Data processed for Web Site operation purposes
The computer systems and software procedures used to operate the Web Site during standard operation, acquire some browsing data whose transmission is intrinsic in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, yet it could lead to the identification of  Web Site users, through processing and association with data held by the Company or by third parties.
This category of Data includes IP addresses or the domain names of the computers used by the users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the response file, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
Browsing data may be processed to: 
•    enable and monitor Web Site proper operation, as well as to carry out maintenance activities;
•    obtain anonymous statistical information on the use of the Web Site;
•    ascertain possible liability in the event of hypothetical computer crimes to the detriment of the Web Site and, therefore, to exercise and/or defend the Company's rights in a Court of Law.
Pursuant to art. 122, para. 1 of Legislative Decree 196/2003 ("Privacy Code"), the processing of the information mentioned herein, does not require any consent by the users. For the aforementioned purposes, the legal basis of data  processing is the legitimate interest of the data Controller, as pursuant to Art. 6, par.1, lett. f), GDPR.
2.    Data provided directly by the user or by third parties
In order to use certain Web Site services (e.g. in the "Apply", "Sign up", "Contact us" sections) it may be necessary to provide  some  Data, for  which reference shall be made to the specific information pursuant to Article 13 of the GDPR provided at the time of collection. Such data may be enriched with data collected from the user's browsing history on the Web Site. 
3.    Cookies
The Web Site uses cookies to ensure its proper operation and to improve the user’s experience. For further information on the use of cookies, please read the full related information notice.
4.    Direction to external links from the website
The Web Site may use links to other web pages relating to Elica, for which reference shall be made to the  specific information provided at the time of collection. The Web Site may also contain links to the web pages of other data controllers unrelated to Elica. For the latter, please refer to the specific information provided by the respective data controllers.

PROVISION OF DATA
With the exception of browsing data, which is necessary to carry out computer and telematic protocols, the provision of Data by users is free and optional. However, failure to provide such Data will make it impossible to follow up on  requests sent or that the user intends to send.

DATA RECIPIENTS
Data may be communicated to independent data controllers and processed by subjects designated by the Company as data processors, which  provide  the Controller  with services related to the purposes of underlying document, such as but not limited to:  the company in charge of the maintenance/management of the Company's website and of the electronic and/or telematic tools used by the latter.

SUBJECTS AUTHORIZED TO DATA PROCESSING
Data may be processed by the employees of the company, who have been expressly authorised to do so and who have received adequate operating instructions.

TRANSFER OF PERSONAL DATA TO EXTRA- EUROPEAN UNION COUNTRIES 
Data shall not be transferred to third countries and/or international organizations which are not within the European Union.

RIGHTS OF THE DATA SUBJECT - COMPLAINT TO THE SUPERVISORY AUTHORITY

In exercise of their  rights, the data subject may contact the Data Controller by sending a written communication to the address indicated above or by sending an email to: privacy@elica.com
The data subject may exercise the rights in Articles 15-22 of  GDPR towards the data Controller and, in particular, may request access to their own Data, as well as cancellation, amendment of inaccurate Data, integration of incomplete Data, limitation of data processing in the cases provided for by Article 18 GDPR , where applicable. 
Should data subjects intend to exercise their rights, then the Company may ask them to identify before handling their request.
The data subject is entitled to oppose to the processing of their Data at any time, in a simple manner and free of charge, for reasons concerning a specific situation in the case of legitimate interest of the Data Controller.

Lastly, the data subject is entitled to lodge a complaint with the competent supervisory authority in the Member State where he or she normally resides or works, or in the State where the alleged violation occurred.
 

 

(1) Pursuant to Article 18 of the GDPR, the data subject is entitled  to obtain a limitation  of  data processing from the data controller, in one of the following cases:
(a) the data subject disputes the accuracy of personal data, for the period necessary to the controller to verify accuracy of such personal data;
(b) data processing is unlawful and the data subject opposes the cancellation of personal data and instead requests to limit the use of the same; 
(c) although the data controller no longer needs the personal data for processing purposes, such personal data is necessary to the data subject to ascertain, exercise or defend one of their rights in a Court of Law;
(d) the data subject opposed to data processing pursuant to Article 21(1), pending the verification as to whether the legitimate grounds of the data controller prevail over those of the data subject.
Should data processing be limited  as pursuant to paragraph 1, such personal data shall, except for storage, only be processed with the consent of the data subject or to ascertain, exercise or defend one of their rights in a Court of Law or to protect the rights of another natural or legal person or for reasons of substantial public interest of  the European Union or of a Member State.
A data subject who obtained a limitation in data processing  pursuant to paragraph 1,  shall be informed by the data controller before such limitation is canceled.