Privacy policy
CUSTOMER PRIVACY NOTICE
Information document Article 13 EU Regulation 2016/679 - GDPR ESUI’, with legal headquarters located at Via di Meleto 2 int. 5, 50022 Greve in Chianti (FI), (hereinafter, "Controller"), in its capacity as data controller, informs you pursuant to Art. 13 EU Regulation no. 2016/679 (hereinafter, "GDPR") that your data will be processed in the following manner and for the following purposes:
1. Data Processing Subject
The Controller processes personal data, identifying information (e.g., name, surname, company name, address, telephone, email, banking and payment details) - hereinafter referred to as "personal data" or simply "data" - provided by you in the context of concluding contracts for the services provided by the Controller.
2. Purposes of Processing
The collection and processing of personal data are carried out in order to:
A. Without your express consent [Art. 6 lett. b), e) GDPR], for the following Service Purposes:
1. Compliance with all operations required by legal obligations, tax and fiscal provisions arising from the conduct of business activities;
2. Establishment and execution of ongoing contractual relationships;
3. Operations strictly connected and instrumental to the initiation of the aforementioned relationships, including the acquisition of preliminary information before concluding the Contract;
4. Compliance with legal obligations concerning administrative activities on our behalf;
5. Providing requested services, allowing effective management of customer relationships to respond to requests for information, assistance, and/or specific needs requested by you;
6. Assessing customer satisfaction;
7. Execution of transport, logistics, and shipment management services for the requested product;
8. Execution of all necessary procedures for the correct and complete management of the shipment and/or the product in transit.
B. Only with your specific and separate consent (Art. 7 GDPR), for the following Marketing Purposes:
1) Sending you communications regarding the services offered, newsletters, and personalized news, containing promotional material and initiatives related to our own activities and services through traditional methods (phone calls with an operator) or automated methods (email);
2) Sending you commercial and/or promotional communications via email, mail and/or SMS and/or telephone contacts from third-party entities (e.g., business partners).
Please note that if you are already our customer, we may send you commercial communications related to services similar to those you have already used, unless you dissent.
Contractual, service, commercial, and non-commercial litigation, and promotional purposes concern the processing of personal data of the Customer only. The personal data of the Customer will be processed for the entire duration of the established contractual relationships and also subsequently for compliance with all legal obligations as well as for future commercial purposes.
3. Processing Methods
The processing will be carried out in an automated and/or manual manner, with methods and tools, in compliance with the security measures set out in Art. 32 of GDPR 2016/679, by specifically authorized subjects, in accordance with what is provided for in Art. 29 GDPR 2016/679. Security measures will be employed to ensure the confidentiality of the data subject to which such data refer and to prevent unauthorized access by third parties or unauthorized personnel.
The provided data will be stored in our archives according to the following parameters:
- For administrative activities, accounting, orders, quotation management, entire production flow management, assistance and maintenance, shipping, billing, services, and management of any disputes: 10 years as established by Law pursuant to Art. 2220 of the Italian Civil Code, subject to any delayed payments of consideration justifying an extension;
- For the purposes mentioned in paragraph 2.A points 1-2-3-4-5-6-7-8 above, the retention times are until the expiration of the contract;
- For marketing purposes (paragraph 2.B points 1-2): they will be retained until the exercise of the right to object by the data subject; in the absence of this, they will be kept as long as ESUI’ continues its activities.
4. Data Access
Your data may be made accessible for the purposes described in the previous paragraph 2.A:
- To partners, employees, and collaborators of the data controller in their capacity as data processors and/or internal data processing managers and/or system administrators;
- Competent authorities;
- Third-party companies or other entities that carry out outsourcing activities on behalf of the data controller, in their capacity as external data processors (indicatively: software houses, associated firms, lawyers, certifying bodies, tax/accounting consultants, and, in general, all bodies responsible for inspections and checks regarding the correct fulfillment of the aforementioned purposes, Municipal Entities and/or Municipal Offices, consultants and service companies, and workplace safety, which may, in turn, communicate the data or grant access to it within their associated members, users, and related parties for specific market research.
The collected and processed data may also be communicated, both in Italy and abroad, to subcontractors/suppliers.
For the sake of brevity, the detailed list of such figures is available at our headquarters and is at your disposal.
5. Data Communication
Without the need for explicit consent (Art. 6 lett. b) and c) GDPR), the Controller may communicate your data for the purposes set out in point 2.A to supervisory bodies, judicial authorities, and to those subjects to whom communication is mandatory by law for the performance of said purposes. These subjects will process the data as independent data controllers.
Your data will not be disclosed.
6. Data Transfer
Personal data is stored on servers located within the European Union, both in the offices of the legal headquarters. It is understood, however, that the Controller, if necessary, may have the option to move the servers outside the EU as well. In such cases, the Controller hereby ensures that the transfer of data outside the EU will take place in compliance with applicable legal provisions, subject to the conclusion of the standard contractual clauses provided by the European Commission.
7. Nature of Data Provision and Consequences of Refusal to Respond
The provision of data for the purposes set out in point 2.A is mandatory. In their absence, we will not be able to guarantee you the Services of point 2.A.
The provision of data for the purposes set out in point 2.B is optional. You may therefore choose not to provide any data or later deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications, and advertising materials related to the services offered by the Controller. However, you will still have the right to the Services referred to in point 2.A.
8. Data Subject Rights
In relation to the aforementioned processing, each data subject may exercise the rights set out in Articles 15 to 22 of the Regulation.
a) the right of access to personal data (Art. 15 GDPR);
b) the right to obtain the rectification or erasure (right to be forgotten) of such data or the restriction of processing concerning them (Art. 16, 17, and 18 GDPR);
c) the right to object to processing (Art. 21 GDPR);
d) the right to data portability (Art. 20 GDPR);
e) the right to withdraw consent;
f) the right to lodge a complaint with the supervisory authority (Privacy Guarantor - www.garanteprivacy.it).
In cases of opposition to data processing under Article 21 of the Regulation
Information document Article 13 EU Regulation 2016/679 - GDPR ESUI’, with legal headquarters located at Via di Meleto 2 int. 5, 50022 Greve in Chianti (FI), (hereinafter, "Controller"), in its capacity as data controller, informs you pursuant to Art. 13 EU Regulation no. 2016/679 (hereinafter, "GDPR") that your data will be processed in the following manner and for the following purposes:
1. Data Processing Subject
The Controller processes personal data, identifying information (e.g., name, surname, company name, address, telephone, email, banking and payment details) - hereinafter referred to as "personal data" or simply "data" - provided by you in the context of concluding contracts for the services provided by the Controller.
2. Purposes of Processing
The collection and processing of personal data are carried out in order to:
A. Without your express consent [Art. 6 lett. b), e) GDPR], for the following Service Purposes:
1. Compliance with all operations required by legal obligations, tax and fiscal provisions arising from the conduct of business activities;
2. Establishment and execution of ongoing contractual relationships;
3. Operations strictly connected and instrumental to the initiation of the aforementioned relationships, including the acquisition of preliminary information before concluding the Contract;
4. Compliance with legal obligations concerning administrative activities on our behalf;
5. Providing requested services, allowing effective management of customer relationships to respond to requests for information, assistance, and/or specific needs requested by you;
6. Assessing customer satisfaction;
7. Execution of transport, logistics, and shipment management services for the requested product;
8. Execution of all necessary procedures for the correct and complete management of the shipment and/or the product in transit.
B. Only with your specific and separate consent (Art. 7 GDPR), for the following Marketing Purposes:
1) Sending you communications regarding the services offered, newsletters, and personalized news, containing promotional material and initiatives related to our own activities and services through traditional methods (phone calls with an operator) or automated methods (email);
2) Sending you commercial and/or promotional communications via email, mail and/or SMS and/or telephone contacts from third-party entities (e.g., business partners).
Please note that if you are already our customer, we may send you commercial communications related to services similar to those you have already used, unless you dissent.
Contractual, service, commercial, and non-commercial litigation, and promotional purposes concern the processing of personal data of the Customer only. The personal data of the Customer will be processed for the entire duration of the established contractual relationships and also subsequently for compliance with all legal obligations as well as for future commercial purposes.
3. Processing Methods
The processing will be carried out in an automated and/or manual manner, with methods and tools, in compliance with the security measures set out in Art. 32 of GDPR 2016/679, by specifically authorized subjects, in accordance with what is provided for in Art. 29 GDPR 2016/679. Security measures will be employed to ensure the confidentiality of the data subject to which such data refer and to prevent unauthorized access by third parties or unauthorized personnel.
The provided data will be stored in our archives according to the following parameters:
- For administrative activities, accounting, orders, quotation management, entire production flow management, assistance and maintenance, shipping, billing, services, and management of any disputes: 10 years as established by Law pursuant to Art. 2220 of the Italian Civil Code, subject to any delayed payments of consideration justifying an extension;
- For the purposes mentioned in paragraph 2.A points 1-2-3-4-5-6-7-8 above, the retention times are until the expiration of the contract;
- For marketing purposes (paragraph 2.B points 1-2): they will be retained until the exercise of the right to object by the data subject; in the absence of this, they will be kept as long as ESUI’ continues its activities.
4. Data Access
Your data may be made accessible for the purposes described in the previous paragraph 2.A:
- To partners, employees, and collaborators of the data controller in their capacity as data processors and/or internal data processing managers and/or system administrators;
- Competent authorities;
- Third-party companies or other entities that carry out outsourcing activities on behalf of the data controller, in their capacity as external data processors (indicatively: software houses, associated firms, lawyers, certifying bodies, tax/accounting consultants, and, in general, all bodies responsible for inspections and checks regarding the correct fulfillment of the aforementioned purposes, Municipal Entities and/or Municipal Offices, consultants and service companies, and workplace safety, which may, in turn, communicate the data or grant access to it within their associated members, users, and related parties for specific market research.
The collected and processed data may also be communicated, both in Italy and abroad, to subcontractors/suppliers.
For the sake of brevity, the detailed list of such figures is available at our headquarters and is at your disposal.
5. Data Communication
Without the need for explicit consent (Art. 6 lett. b) and c) GDPR), the Controller may communicate your data for the purposes set out in point 2.A to supervisory bodies, judicial authorities, and to those subjects to whom communication is mandatory by law for the performance of said purposes. These subjects will process the data as independent data controllers.
Your data will not be disclosed.
6. Data Transfer
Personal data is stored on servers located within the European Union, both in the offices of the legal headquarters. It is understood, however, that the Controller, if necessary, may have the option to move the servers outside the EU as well. In such cases, the Controller hereby ensures that the transfer of data outside the EU will take place in compliance with applicable legal provisions, subject to the conclusion of the standard contractual clauses provided by the European Commission.
7. Nature of Data Provision and Consequences of Refusal to Respond
The provision of data for the purposes set out in point 2.A is mandatory. In their absence, we will not be able to guarantee you the Services of point 2.A.
The provision of data for the purposes set out in point 2.B is optional. You may therefore choose not to provide any data or later deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications, and advertising materials related to the services offered by the Controller. However, you will still have the right to the Services referred to in point 2.A.
8. Data Subject Rights
In relation to the aforementioned processing, each data subject may exercise the rights set out in Articles 15 to 22 of the Regulation.
a) the right of access to personal data (Art. 15 GDPR);
b) the right to obtain the rectification or erasure (right to be forgotten) of such data or the restriction of processing concerning them (Art. 16, 17, and 18 GDPR);
c) the right to object to processing (Art. 21 GDPR);
d) the right to data portability (Art. 20 GDPR);
e) the right to withdraw consent;
f) the right to lodge a complaint with the supervisory authority (Privacy Guarantor - www.garanteprivacy.it).
In cases of opposition to data processing under Article 21 of the Regulation
