PERSONAL DATA PROCESSING INFORMATION
Pursuant to the European Regulation 679/2016 providing for personal data protection
By this information about personal data handling, Evolvere Srl, owner of the website www.evolvere.it, describes the personal data processing of the data subject: users/visitors browsing across the website, registering the website or an application thereof, who apply to the company, entertain a business relation and/or have entered into an agreement with the same.
The information is given pursuant to Part III, sections 2 and 3 of the European regulation providing for personal data protection 679/2016.
The present document has no validity for other websites referenced by the user through links, if any, found in the pages of the website mentioned above owned by Evolvere.
Please, read this information carefully and should you need any clarification, contact us at firstname.lastname@example.org
Data controller and contacts
The Data Controller is Evolvere Srl, with registered office in Monza, via Oslavia 22A, and operations office in Milan, Via Ampère 61/A.
For further information, please address your e-mail to email@example.com
Type of data processed
Throughout the interaction with clients, prospective clients, suppliers, employees, collaborators, partners, etc., Evolvere handles varying types of personal data.
1) Navigation data and cookies
In principle, navigation of the website does not imply the need to provide personal data. While the website is split into various sections, some require entering data, others do not.
The IT systems designated to the website functioning, acquire some personal data which are implicitly transferred when using Internet communication protocols.
The information may concern the geographic area where navigation takes place, the device and the type of browser used, the pages the user browses during the session. It has been decided not to save the user’s IP address, thus making identification of the user impossible.
Navigation data are therefore saved in anonymous form and mainly used for statistical purposes, to check the correct functioning of the website and to improve the interaction.
2) Data intentionally provided by the users/visitors
When the users/visitors communicate some personal data to either access specific services or submit requests via e-mail, Evolvere acquires such data and handles it exclusively to reply, identify the user and provide the service.
The user’s registration to the website of Evolvere or enquiry to access information and services might imply the collection and processing of personal data such as name, surname, e-mail address, telephone number, address, occupation, etc.
This type of data could be collected on the following occasions:
- Completion of application and/or registration forms to the website or to reserved areas
- Events attendance/participation
- Participation to trade exhibitions and events
- Submission of requests via e-mail
3) Data provided by the clients
Clients provide Evolvere with the personal data of end consumers (contact names and other identification details) for market research and analysis purposes. Evolvere acquires such data and handles them exclusively to carry out the service contracted and always gives the client results in aggregate, anonymous form.
In the framework of market research, depending on the client profile, data processing might concern personal data, pursuant to art. 9 Part I (“specific categories of personal data”) of the Regulation (namely the data “…likely to disclose information such as racial and ethnical belonging, religious, philosophical belief and the like, political opinions, membership to political parties, trade unions, religious, philosophical, political or trade union associations or organizations as well as personal data likely to disclose details about health and sexual orientation”).
Data processing purposes and legal basis
The processing of personal data occurs for multiple purposes, some of which are closely related to the supply of services, others concern pieces of communication about Evolvere’s initiatives and products. Please find below a detailed description alongside the legal basis.
|Nr||Purposes||Legal basis||Data provision|
|1||Handling registration to the website and/or related APPs, besides activities related to using the services therein provided and access to specific sections of the website (e.g. reserved areas). Sending so-called “transactional” e-mails concerning the website or APP registration procedure and maintaining the account||Execution of a contract or of pre-contractual measures (ensuring the functioning of a service)||Optional|
|2||Improving and personalizing the user’s website experience||Execution of a contract (ensuring the functioning of a service)
|3||Improving and optimizing product and service characteristics||Execution of a contract (ensuring the functioning of a service)
|4||Activities from services contracted to the clients (market research and mystery shop)||Execution of a contract or of pre-contractual measures||Mandatory in case of contract execution|
|5||Replying to users’ requests, comments or complaints, also to address complaints, if any||Execution of a contract or of pre-contractual measures
|6||Sending appropriate communications about products, services and corporate initiatives, sending newsletters, measuring the customer satisfaction, also via email, sms, mms||Vested interest (principle of so-called soft spam).Giving consent, when required||Optional|
|7||Managing accounting, administrative, fiscal obligations, etc., provided for by the Italian, European or international law||Legal obligation||Mandatory in case of contract execution|
|8||Respecting fulfilment of obligations and contract terms and conditions||Execution of a contract||Mandatory in case of contract execution|
|9||Managing credit protection and assessing the financial solvency and reliability of the person concerned||Legal obligation
Execution of a contract
|Mandatory in case of contract execution|
|10||Settling disputes, if any, and enforcing the rights of the Data controller||Legal obligation
Execution of a contract
|Mandatory in case of contract execution|
Should the Data Controller add data processing purposes other than those described, they will arrange to amend the present information and ask for the data processing consent (if deemed necessary) in the most appropriate manner.
The user will always and anyway be entitled to withdraw their consent, unsubscribe the newsletter, if he/she previously agreed to it (based on purpose-built IT procedures) and to object any direct marketing activity by contacting the Data Controller.
Data retention period
Personal data processing occurs through electronic procedures and format and/or manually (e.g. on paper) throughout the time strictly necessary to fulfil the purposes for which data have been collected and, anyway, in keeping with the regulations in force. For marketing purposes, the data will be stored until consent is withdrawn.
The personal data of consumers and end users used for market research are stored for 6 months after results have been delivered to the client.
In addition, the company is held responsible for storing some information in accordance with the regulations and for a time reasonably long to meet legal requirements, settle disputes, avoid fraud and misuse and apply its own terms and conditions. Personal data processed for administrative, contractual and legal purposes are therefore stored for at least 10 years.
Be advised that Evolvere abides by the professional standards and the Code of Conduct of MSPA (European Association of Market Research Agencies carrying out Mystery Shopping studies) and of ESOMAR (non-profit organization promoting the quality and value of market/social research and opinion polls).
As detailed in the purposes table, the provision of processed data is necessary for legal obligations and contract execution purposes. Objecting data processing entirely or partially might prevent Evolvere from entering into an agreement.
For all purposes other than those specified in relation to navigation data, users/visitors are free to provide their personal data. Failure to provide data may only imply the impossibility to have one’s request fulfilled or to be given relevant information.
Communication and Transfer of Personal Data
Personal data can be communicated to Evolvere’s employees or collaborators who, based on specific operating directions, are formally in charge of and authorized to data processing.
Evolvere has the faculty to communicate such data to:
- third parties responsible for carrying out activities connected to contracted services
- third parties in charge of fulfilling obligations provided for either by the law or by the agreement (e.g. Public Bodies, Supervisory Authorities, Police Forces, Banks, etc.).
- associated companies, partners and/or affiliated companies
For technical-practical needs related to the processing of information, some personal data could be displayed in the servers of suppliers and sub-suppliers or be simply processed by third parties who, be that as it may, fully abide by Evolvere’s standards about the protection of personal data processing.
At present we do not avail ourselves of technological services which envisage the transfer of personal data to third countries (outside the EU), provided for by Part V of the Regulation.
Personal data will in no way be disclosed.
Rights of the Data Subject
The European Regulation understands the data subject has multiple rights which you are required to read carefully. In the case in point, we wish to draw your attention to the following rights:
- right of access by the data subject:
- confirmation that personal data processing concerning him/her is under way or not;
- communication of the data transfer to a third country or to an international organization;
- obtain copy of the personal data being processed (if and only it does not infringe upon other people’s rights and freedom);
- right to rectification;
- right to deletion (right to be forgotten);
- right to restriction of processing;
- notification obligation regarding rectification or deletion of personal data or restriction of processing;
- right to data portability;
- right to object.
The data subject is also entitled to be promptly notified in case his/her personal data have been infringed upon, thus being susceptible of causing harm to his/her dignity and freedom.