(complying with Article 13 e 14 of GDPR Regulation EU 2016/679)
Edisfera Srl gives you some information about the handling of your personal data during the visit of website www.edisfera.com (hereinafter: “Site”).
The data voluntarily provided by the user or otherwise acquired within the online forms of this "Site", or also present in the Edisfera databases as freely communicated to the company and acquired by the professional activity carried out, will be the object of treatment in compliance with the aforementioned provisions and confidentiality obligations, of which Edisfera takes charge.
The process is always based on principles of lawfulness and fairness in compliance with all current regulations and appropriate security measures are adopted to protect the data.
The data controller
The data controller of personal data you provide is Edisfera srl in the person of its pro tempore legal representative, with office located at via Sistina 121 - 00187 Roma and at via M.D'Azeglio 5 - 08100 Nuoro.
The data protection officer
Any request on the processing of the personal data may be sent to the Data Protection Officer, appointed by Edisfera Srl in compliance with art. 37 of GDPR, at the following email address: firstname.lastname@example.org or at:
Data Protection Officer
Via Sistina 121- 00187, Roma
Via M. D’Azeglio 5, 08100 Nuoro
Types of data collected
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. Such information is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties. This data category includes IP addresses and/or the domain names of the computers used by any user connecting with this web site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment. These data are only used to extract anonymous statistical information on website use as well as to check its functioning; they are erased immediately after being processed. The data might be used to establish liability in case computer crimes are committed against the website.
Data Provided Voluntarily by Users
Edisfera collects personal information and other data that is communicated through the forms on the website “Contacts” and “Request a quotation”, as well as optional and explicit data submitted to the Company by email. This data may be information that is necessary for providing the services requested by the individual, or other services (e.g. newsletter) and/or for contacting the individual (name, address, any other personal data entered in the letter). In this instance you will receive the specific information notice complying with Article 13 of the Decree of Law 196/2003 about the handling of personal data in relationship with the individual purposes to be achieved.
Provision of personal data
The personal data requested in the website forms it may be necessary to manage the communication/request, therefore, are mandatory or optional. The mandatory or optional is specified from time to time during the collection of individual data. If the provision of data is required, the refusal to provide the requested data will make it impossible to refine the procedure attached to the form for which the data are required. If the provision of data is optional, the refusal to provide the requested data will have no consequence in relation to the proper end of the procedure connected to the form for which the data are required. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no. If after you opt-in, you change your mind, you may withdraw your consent for us revoking it at any time by the unsubscribe link within the communications.
Purpose of treatment
The personal data provided by users on this Site are used only to perform the service or provision requested and are communicated to third parties only if this is necessary for that purpose.
With reference to the current regulations (art. 13 Dlgs 196/2003 – art. 13 e 14 GDPR EU Regulation 2016/679) Edisfera will acquire, collect and process user’s personal data information for the following purposes:
- to provide required services by this website;
- for the management of requests and reports received through the Contact form e Request quote form on this website;
- send, after an expressed and optional consent, email/newsletter* about our business activities and other website updates;
- produce aggregate statistical analysis;
- to fulfill the obligations required by laws and regulations;
- in the case of sending curriculum vitae, exclusively for human resource selection purposes.
*Sending email newsletters via Mail Up Platform
Place of data processing
The data are processed at the place of business of the Controller and any other place where the parties involved in the treatment are localized.
Personal data will host on virtual servers and in cloud, located in Germany, managed by Edisfera and contractors of the latter designated as data controllers.
Processing methods and data retention policy
Personal data is processed with automated means for the amount of time necessary to achieve the purposes for which it is collected, in compliance with the requirements of current Low.
The information systems and computer programs used by Edisfera are configured in such a way as to minimize the use of personal and identification data; these data are processed only for the achievement of the specific purposes pursued from time to time; in any case, the criterion used to determine the retention period is based on compliance with the terms permitted by applicable laws and by the principles of minimization of treatment and rational management of archives.
Automated decision-making process
The Data Owner do not execute handling of registration data that consists in automated decision-making processes.
Legal basis of the processing
The legal basis for processing is the execution of a contract of which the data subject is a party or the execution of pre-contractual measures taken at the request of the latter, and/or because we have a legitimate interest. In the cases expressly indicated, the legal basis is the consent freely given by the interested party.
Communication and dissemination of data
- will be communicated in cases prescribed by the law;
- will be handled by employees and collaborators of Edisfera in quality of trustees and controller for the handling;
- may be processed by third companies to perform technical and organizational tasks on our behalf. These companies work with us and perform the function of data controller. Their list is constantly updated and is available on request by sending a written notice to the “data controller”.
Transmission of data
The Data Controller uses CrashPlan for Small Business service by Code42 Software (for backup and restore), located in the United States of America outside the European Union area. The transfer of data to this is authorized on the basis of the adoption of Standard Contractual Clauses (SCC) approved by the European Commission and the adoption of additional measures to ensure that US legislation does not interfere with the adequate level of protection guaranteed by SCC and by the supplementary measures themselves (encryption of data before transfer and not sharing the private key with the supplier).
In any case, it is understood that the Data Controller, if necessary, will have the right to select new or additional services both in the EU and outside the EU. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, i.e. either by virtue of an adequacy decision by the European Commission or following the stipulation of standard contractual clauses envisaged by the European Commission. The owner reserves the right to use cloud services and in this case the service providers will be selected from among those who provide adequate guarantees, as required by Article 46 of the GDPR 679/16.
Security of data
Edisfera undertakes to protect the security of the user's personal data and complies with the security provisions established by applicable law to avoid data loss, illegal use of data and unauthorized access to them, with particular but not exclusive reference to Annex B of the Privacy Code (Technical Disciplinary regarding minimum security measures) and pursuant to art. 25-32 of Regulation 2016/679 / EU. Our servers are protected by SSL protocol and accurate encryption.
The data is kept for the time strictly necessary to manage the purposes for which the data is collected in compliance with current regulations and legal obligations.
The User can always, at any time, request the interruption of the Processing or the cancellation and/or limitation of the Data through the contacts and methods specified in this document.
When Edisfera will no longer need to use the personal data, they will be removed from the systems and registers and/or the appropriate measures will be taken to make them anonymous so as to prevent the user from being identified (except for the case in which need to maintain such data in order to comply with regulatory obligations).
Under Article 23 of Legislative Decree 196/2003 and Article 6 of GDPR 679/16, the concerned party may revoke consent at any moment.
Rights of the concerned parties
With reference to Article 7 of Legislative Degree 196/2003 and Articles 15 Rights of access, 16 – Rights of rectification, 17 – Rights of cancellation, 18 – Rights to limitation of handling, 20 – Rights of portability, 21 – Rights of opposition, 22 – Rights of opposition to automated decision processes from GDPR 679/16, the concerned party exercises his/her rights by writing to the Owner of the service at the address listed, or by email to email@example.com, specifying the subject of his/her request, the rights that he/she intends to exercise and attaching a photocopy of the ID document that certifies the legitimacy of the request.
The concerned party has the right to submit a complaint to the Local Authority for the Protection of Personal Data in the European Economic Area (EEA).
Please note that in order to provide a complete service, our portal contains links to other web sites which are not operated by us. We are not responsible for errors, content, cookies, publication of immoral or unlawful content, advertising, banners or files which fail to conform to current regulations or for failure to comply with privacy legislation by these websites not operated by us.
The User's Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services. The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.
Information contained in this Policy
More information in relation to the processing of Personal Information may be requested at any time to the Owner using the contact information
Last Updating: 17/03/2023