The “Data Controller”

In accordance with art. 13 of the Italian Legislative Decree. d.lgs 196/03, the Code that regulates the protection of personal data, Empson &CO. S.p.A. (hereafter “the Company” and/or “EMPSON”) Italian Headquarters (registered office) in Milano (MI), address: via Romolo Gessi, n°58 – 20146, is the Data Controller (ex art. 28 d.lgs 196/03) where your personal data are concerned. You are therefore informed that all personal data acquired in the framework of present or future business relations is classified as personal data treated according to the above mentioned Italian Legislative Decree. The Data Controller also provides the following information where personal data management is concerned:

Where the data are processed

Empson &CO. S.p.A. with Headquarters in Milano (MI), address:via Romolo Gessi, n°58 – 20146.

Type of data processed:

Data for personal identification as described in Art. 4 letters b and c of the Italian d.lgs. 196/03, as well as any information on a natural or legal person, public administration, body or association which is obliged to carry out the periodic back-up of data banks, personal identification data, traffic data and anonymous data. In addition there are the navigation data, the IT systems and the software procedures that implement the functions of this web site and which could, during the course of normal operative functioning, acquire personal data, the transmission of which is implicit in the use of the protocols of Internet communication. Such information is not gathered in order to be associated with identified persons, given the nature of the data in question; however, they could permit the identification of the user in the course of processing and associations with data held by third parties. The data that fall into this category are: IP addresses, domain names of the computers operated by the users who connect to the site, Uniform Resource Identifier addresses for the resources requested, the time of the request, the method used to make the request to the server, the size of the file received in response to the request, the numerical code that indicates the status of the reply received from the server (success or failure of the request) and other parameters relative to the operative system and the IT environment of the user. These data are only used in order to gather anonymous statistical information on the use of the site and to check that it functions correctly; the data are immediately cancelled after they have been processed. These data could be used to ascertain responsibility in the case of presumed computer crime to the detriment of the site.

Elective provision of data

Apart from the navigation data as specified above, the user is free to provide the personal data in the request forms or those indicated in the section “Contacts” in order to request informative material or other communications. If these data are not provided, it could result impossible to obtain the information requested, as described in detail hereunder.

The objectives of data processing

Personal data is processed for the following reasons:

  1. to carry out judicial relations with you, either ongoing or future;
  2. to act in accordance with legal requirements in the framework of the above mentioned judicial relations;
  3. the logistical management of any business relations that are ongoing or under definition as long as they are connected/ related to EMPSON company description;
  4. Protection of contractual rights;
  5. Internal statistical analysis;
  6. marketing activities by sending, advertising or promotional material relating to the products or services derived and / or similar to those of the commercial relationship.

Data provided voluntarily by the user

The data will be processed for the entire duration of the existing business relations and for the following ten years from the date on which the data were acquired. Unless the interested party provides other indications, it is understood that the data will be cancelled from the server at the end of the tenth year.

Duration of the data processing.

The data will be processed for the entire duration of the existing business relations and for the following ten years from the date on which the data were acquired. Unless the interested party provides other indications, it is understood that the data will be cancelled from the server at the end of the tenth year.

Social Media

The site can provide access doors to various Social media services (which may include, without limitation, the famous Facebook, Twitter etc.); these services provide comment areas, bulletin boards, forums and other public advertising media platforms available. EMPSON informs you to exercise caution about the disclosure of personal information when using these platforms. The terms of use and privacy policies applicable to each of these social media will govern the information provided and are available on these websites. EMPSON does not perform any form control over the use of personal information disclosed in a public forum, a comment, a bulletin board, making the user the solely responsible for any disclosure.

Means of data processing

Personal data will be processed in paper, digital and telematic form and inserted into the applicable data banks, which can be consulted (and the contents thereby viewed) by the operators designated by the Data Controller, such as the Data Processor and the Persons in charge of the Processing of personal data, who will be able to carry out the consultation, use, handling, comparison and any other appropriate operation, direct or automatic, respecting the legal requirements necessary to guarantee, inter alia, the confidentiality and security of the data, as well as their accuracy, updating, and their relevancy to the declared aims.

The data collected

The data collected are essentially those inherent to:

Identification data (company name, or name and surname allowing a data subject to be identified directly, address, telephone, fax, email, fiscal data etc.); data relative to economic and commercial activity (as an example that is by no means exhaustive: orders gathered, contracts stipulated, competitions, solvency, banking and financial data, accounts and fiscal data, etc.). These data are provided directly by the Client/Interested party, they can also be gathered from autonomous third parties, external Data Controllers/Processers on behalf of EMPSON Data Controller. The data gathered may have residual sensitive and/or judicial characteristics. In this case they will be treated in accordance with the protection contemplated by the Law and also in respect of art. 23 d.lgs. 196/2003.

How the data are provided

Provision of data and their relative processing are obligatory where aims n. 1, 2, 3, 4 e 5 are concerned and also in terms of the fulfillment of commercial requirements; refusal to provide data for these purposes could, therefore, make it impossible for the Controller to carry out these same contractual requirements as well as the legal obligations. Provision of data is elective where the aims described in point 6, those refer to the implementation of the main marketing activities that is established by the Controller and tracing users activities for analysis, saving preferences and credentials.

The framework relative to the communication and dissemination of data

With reference to the aims indicated, the data could be communicated to the following subjects/categories of subjects, in other words they could be communicated to companies and/or individuals, in Italy or abroad, which offer services – including external services – on behalf of the Controller. Among which*, for clarity’s sake, consider:

  • companies which collaborate with EMPSON Controller;
  • companies which are associated with/connected to EMPSON;
  • financial administrations and other companies or public bodies in accordance with legal requirements;
  • qualified authorities and/or supervisory bodies in the implementation of legal requirements;
  • companies and law offices for the protection of contractual rights;
  • for aims n. 3, 4, 5 e 6 the data could be communicated to qualified persons who operate for the undersigned, as well as contracted companies, freelance workers and commissioning companies;
  • is not provided for the transmission of personal data abroad.

(*) the list of External Processors, including other data useful for their identification, is available from the Data Processor.

The Data Subject’s rights

With reference to the above mentioned data processing, the data subject can exercise the rights described in art. 7 d.lgs. 196/2003 and these are:

A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist;

He can find out the source of the personal data; of the purposes and methods of the processing; of the logic applied to the processing;

Obtain the erasure, anoymization or blocking of data that have been processed unlawfully, the updating, rectification or integration of the data;

object on legitimate grounds, to the processing of the personal data collected in respect of the limits and the conditions described in articles 8, 9 and 10 of d.lgs. 196/2003, by contacting Empson &CO. S.p.A., at the Headquarter in Milano (MI), address:via Romolo Gessi, n°58 – 20146, telephoning +39.02.48010101, sending a fax to +39.02.48008036 or an email to the address: Further information on the processing and communication of data, either directly or acquired by other means, can be requested by applying to the Data Processor, with reference of Operation Supervisor of Empson & CO. S.p.A.. This information does not exclude the possibility for oral communication of other details at the moment of data collection. Seeing this communication implies the expression of agreement to the processing of your personal data in accordance with sect. 23 d.lgs. 196/2003.

It is understood that this agreement is covered by the legislation in force which will be respected at all times.

Further information on the processing of personal data can also be communicated verbally.

MILAN, 20TH February 2018