This information is provided – pursuant to Art. 13 and 14 of the EU Regulation No. 2016/679 (hereinafter General Data Protection Regulation, GDPR) – to users who access the www.ipcm.it portal.
The validity of this information does not extend to third-party websites accessible via hypertext links.
EOS Mktg&Communication Srl, with registered office in Via Pietro Mascagni, 8, 20811, Cesano Maderno (MB), Italy (hereinafter “EOS” or “Data Controller”) as the Data Controller, informs you of the following regarding the processing of your personal data in accordance with Article 13 of the European Regulation 2016/679.
1. Data Controller, Data Processor and appointees
The Data Controller is EOS Mktg&Communication Srl, with registered office in Via Pietro Mascagni, 8, 20811, Cesano Maderno (MB), Italy.
The Data Processor is Alessia Venturi.
In any case, the updated list of Data Processors and persons in charge of data processing is kept at the registered office of the Data Controller.
2. Object of treatment
The Controller processes the personal data that you provide when concluding contracts for the Controller’s services.
2.2. Categories of data that are processed
The data processed by the Controller are exclusively “personal data” (pursuant to Art. 4.1 of GDPR).
In particular, the relevant categories of personal data may include, but are not limited to:
- Personal and identification data (name, date of birth, place of birth, nationality, tax code, VAT number, occupation/occupation, etc.);
- Contact data (address, e-mail address, IP address, telephone number, and similar data);
- Data on the credit cards used (card number, first and last name, validity dates, etc.);
- Data on services provided and used, purchases made, and other non-particular data.
3. Lawfulness and purpose of processing
3.1. The personal data collected by EOS are processed in accordance with the principles established by the GDPR and the Italian Legislative Decree no. 196/2003, as amended by the Italian Legislative Decree no. 101/2018.
Personal data is processed in accordance with the provisions of the GDPR and any other applicable data protection legislation. Details are given below.
3.2. Purposes of fulfilling a legal obligation (Art. 6, par. 1 (c) of GDPR)
a. Fulfilment of obligations provided for by laws, regulations, and the Community legislation, or by provisions issued by authorities or supervisory and control bodies in relation to or in any case connected with the existing and/or future legal relationship.
The period of retention of personal data for the purposes set out in this section is:
For the purpose “a.”, 10 years from the end of the contractual or commercial relationship.
This period may be extended in the event of litigation or specific legal provisions.
3.3 Purposes of performance of a contract or of pre-contractual measures (Art. 6, par. 1 (b) of GDPR)
a. Carrying out of pre-contractual activities, also with reference to the user’s first contact and the request and sending of a quotation, as well as any subsequent contacts, clarifications, and further proposals relating to the quotation itself;
b. Fulfilment of contractual obligations and legal transactions and in particular of the contract entered into (e.g. the execution of the order, including the sending of functional communications by e-mail and/or SMS, as well as the provision of transport and after-sales services to customers);
c. Management of administrative, accounting, fiscal, and financial processes related to the provision of the product or service supplied;
d. Protection of contractual rights or rights arising from the relationship between the parties.
The period of retention of personal data for the purposes set out in this section is:
For the purpose “a.” until the end of the pre-contractual activity;
For the purposes “b.”, “c.”, and “d.”, 10 years from the purchase or termination of the contractual or commercial relationship.
These periods may be extended in the event of litigation or special contractual provisions.
3.4 Purposes of pursuing a legitimate interest (Art. 6, par. 1 (f) of GDPR)
Please note that the data provided may be processed to protect the legitimate interests of the Data Controller and in particular for as follows:
a. With regard to online sales only, conducting checks to prevent fraudulent activity through the use of credit cards;
b. Reporting and performing internal controls;
c. Carrying out checks and surveys on purchases made and services used, with particular reference to customer satisfaction, in order to improve the quality of the services offered.
The period of retention of personal data for the purposes set out in this section is:
For the purpose “a.”, within 24 months of the purchase or the signing of the contract.
For the purpose “b.”, up to 10 years from the date of purchase or termination of the contractual or commercial relationship.
For the purpose “c.”, within 72 hours of the purchase or the signing of the contract (in the case of a message inviting participation in a survey, as the data will then be processed in an aggregated and anonymous form that cannot be traced back to the person concerned).
3.5. Your personal data will be processed in order to provide you with the correct management of the requested service and for the purposes described above in the articles 3.1, 3.2, 3.3, and 3.4.
3.6. Marketing purposes i.e. commercial promotion (Art. 7 of GDPR)
Only with your specific and distinct consent, which may be revoked at any time, may your data be used for marketing activities, such as, for example, sending promotional and commercial communications relating to services and/or products offered and/or distributed by the Controller or notification of events, initiatives, and promotions, as well as carrying out market studies and statistical analyses, using automated (e.g. SMS, MMS, and e-mails) and, where applicable, conventional contact methods (e.g. telephone calls with an operator and post).
With regard to the processing of personal data for marketing purposes, such data will be stored in accordance with the principle of proportionality and in any case until the purposes of the processing have been pursued or until you revoke your specific consent, as well as for the time necessary to comply with legal obligations.
The period of retention of personal data for the purposes set out in this section is 24 months (maximum term indicated by the Italian Data Protection Authority).
4. Treatment modes
Personal data will be processed in paper, computer, and telematic form and entered into the relevant databases (customers, users, etc.), which may be accessed by, and therefore become known to, the employees expressly designated by the Data Controller as Data Processors and Authorised Persons for the processing of personal data. These persons may carry out consultation, use, processing, comparison, and any other appropriate operation, including automated operations, in compliance with the provisions of the law necessary to guarantee, among other things, the confidentiality and security of the data as well as their accuracy, updating, and relevance to the stated purposes.
Your personal data will be processed on paper, electronically, and/or automatically.
The Data Controller shall process personal data for the time necessary to fulfil the purposes of the service and in any case in accordance with the Data Controller’s contractual and legal obligations.
5. Possible consequences of not providing data, nature of providing data (Art. 13, par. 2 (e) of GDPR)
5.1 In case of fulfilment of legal or contractual obligations
Please note that if the purpose of the processing is based on a legal or contractual (or even pre-contractual) obligation, the Data Subject must necessarily provide the requested data.
Failure to do so will make it impossible for the Controller to pursue such specific processing purposes.
5.2 In case of pursuit of a legitimate interest
Similarly, with regard to purposes based on a legitimate interest and that do not require express consent, the objection of the Data Subject entails or will entail the impossibility of proceeding with the fulfilment of the purposes and any related services for which the Data Subject respectively objected, except for compelling legitimate reasons or for the protection of rights in court.
5.3 In case of consent of the person concerned
For the purposes set out above, which have express consent as their legal basis, the Data Subject may revoke their consent at any time and the effects will take effect from the moment of revocation, without prejudice to the periods provided for by law. In general terms, withdrawal of consent is only effective for the future.
Therefore, any processing activity carried out prior to withdrawal of consent will not be affected and it will retain its legitimacy.
Failure to give consent or partial consent may hinder the full provision of services, with reference to the individual purposes for which consent is withheld.
When the data are no longer needed for the above-mentioned purposes, they are regularly deleted. If deletion is impossible or only possible with disproportionate effort due to a particular storage method, the data may not be processed and must be stored in inaccessible areas.
6. Recipients or categories of Recipients of personal data (Art. 13, par 1 (e) of GDPR)
6.1. Within the framework of the above-mentioned purposes, the Data Controller may communicate your data to:
- offices and departments of the Data Controller itself;
- employees and collaborators of the Data Controller and outside, in their capacity as persons in charge and/or internal Data Processors and/or system administrators;
- third party companies specifically appointed to carry out checks on credit card data;
- service providers, such as, in particular, companies providing computer services, including hosting services;
- companies carrying out services of a commercial nature, with particular reference to transport and delivery;
- companies/consultants providing professional tax advisory and/or auditing services;
- third party companies or other entities (e.g. credit institutions, insurance companies for the provision of insurance services, etc.) that perform activities on behalf of the Controller, in their capacity as external Data Processors;
- any public administrations and public authorities, if requested by them in the context of their institutional activities.
6.2. The complete and updated list of both EU and non-EU Data Controllers, Processors, and Recipients (pursuant to Art. 4.9 of GDPR) is made available at the Data Controller’s offices.
7. Communication of data
7.1. Without the need for express consent (pursuant to Art. 24, lett. a), b), and d) of the Italian Privacy Code and Art. 6, lett. b) and c) of GDPR), the Data Controller may communicate your data to supervisory bodies, judicial authorities, and insurance companies for the provision of insurance services, as well as to those subjects to whom communication is obligatory by law for the fulfilment of the aforementioned purposes. These subjects will process the data in their capacity as autonomous Data Controllers. Your data will not be disseminated.
8. Data storage and transfer
8.1. Personal data is stored on servers located within the European Union. In any event, it is understood that the Data Controller may move the servers outside the EU if necessary. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the conclusion of the standard contractual clauses provided for by the European Commission.
9. Rights of the Data Subject (Art. 13, par. 2 (b) of GDPR)
9.1. The person concerned may assert the following rights:
- right of access by the data subject [Art. 15 of GDPR] (the possibility of being informed about the processing of one’s own personal data and, where appropriate, receiving a copy of it);
- right to rectify one’s own personal data [Art. 16 of GDPR] (the right to rectification of inaccurate personal data concerning the person);
- right to erasure of one’s own personal data without undue delay (“right to be forgotten”) [Art. 17 of GDPR] (the data subject has and will have the right to the erasure of their data);
- right to restriction of processing of one’s own personal data in the cases provided for in Art. 18 of GDPR, including in the event of unlawful processing or contestation by the Data Subject of the accuracy of personal data [Art. 18 of GDPR];
- right to data portability [Art. 20 of GDPR] (the Data Subject may request their personal data in a structured format in order to transmit them to another Data Controller, in the cases provided for by the same Article);
- right to object to the processing of one’s own personal data [Art. 21 of GDPR] (the Data Subject has and will have the right to object to the processing of their personal data);
- right not to be subjected to automated decision-making processes [Art. 22 of GDPR] (the Data Subject has and will have the right not to be subjected to decisions solely based on automated processing operations).
Further information on the rights of the Data Subject may be obtained by requesting the full extract of the above-mentioned articles from the Controller.
For the purposes set out above, for which consent was required, the Data Subject may revoke their consent at any time and the effects will take effect from the moment of revocation, without prejudice to the periods provided for by law. In general terms, withdrawal of consent is only effective for the future.
10. Methods of exercising your rights
10.1. The aforementioned rights may be exercised in accordance with the Regulation by sending an email to the following address: firstname.lastname@example.org.
You can also address the message to the customer security systems manager: email@example.com.
Otherwise, you can send a registered letter with acknowledgement of receipt to EOS Mktg&Communication Srl – Via Pietro Mascagni, 8 – 20811 Cesano Maderno (MB) – Italy.
In compliance with Art. 19 of GDPR, the Controller shall inform the recipients to whom the personal data have been disclosed of any rectification, erasure, or restriction of processing required, where this is possible.
11. Right to complain (Art. 13, par. 2 (d) of GDPR)
If you believe that your rights have been compromised, you have the right to lodge a complaint with the Italian Data Protection Authority, in accordance with the procedures indicated by the Authority on the following webpage
or by sending a written notice to the Italian Data Protection Authority – Piazza Monte Citorio, 121 – 00186 Rome – Italy.
12.1. Cookies are small text files that websites use to store and collect information through your browser. They are mainly used to assess and improve the quality of the site by analysing visitor behaviour, to personalise pages, and to remember user preferences.
Cookies therefore allow storing information about visitors’ preferences. They are used to verify the correct functioning of the site, to improve its functionality by customising the content of its pages according to the type of browser used, to simplify navigation by automating procedures (e.g. login, site language), and to analyse the use of the site by visitors.
Cookies are called “first-party cookies” when they are installed by the website you are visiting and “third-party cookies” when they are installed by a website other than the one you are visiting.
The duration of the cookies installed may be limited to the browsing session or it may extend for a longer period, even after the user has left the site visited. In order to disable, remove, or block cookies you can use your browser settings or the DoNotTrack option, where available. In the event of cookie deactivation, full usability of the website is not guaranteed.
12.2. This site makes use of the following categories of cookies:
a) technical cookies: these are essential for the proper functioning of the website and for the use of certain functionalities. For instance, they make it possible to identify a session, access reserved areas, remember the elements making up a previously formulated request, finalise a purchase order, or save a quotation. Without technical cookies, the services normally offered by the site may be partially or totally inaccessible. Since these cookies are essential for browsing and providing the services requested, it is not necessary to request and provide user consent. You can block or remove technical cookies by changing the configuration of your browser options; however, if you do so, you may not be able to access certain areas of the website or use some of the services offered. This type of cookie does not collect information that can be used for commercial purposes and its duration is limited to that of the browsing session.
Technical cookies will be stored until the end of your visit and will be deleted a few hours after you close your browser.
As mentioned, no consent is required for these cookies.
b) analysis cookies: they collect anonymous information about the users’ browsing behaviour and they are used to assess and improve the performance of the site, as well as to personalise the users’ online experience by targeting specific content. Information collected through analytical cookies (e.g. information on how users use the website and on the receipt of error messages) are used exclusively by EOS or by service providers acting on its behalf, which do not store, communicate, or disseminate the data to third parties.
For analysis cookies, it is not necessary to request and provide user consent. You can block or remove analysis cookies by changing the configuration of your browser options; however, if you do so, you may not be able to access certain areas of the website or use some of the services offered.
There are several ways to manage cookies and other tracking technologies.
By changing your browser settings, you will be able to accept or reject cookies or decide to receive a warning message before accepting cookies from the websites you visit. Please note that if you disable cookies in your browser completely, you may not be able to use all of our interactive features. If you use several computers in different locations, make sure that each browser is set to suit your preferences.
You can delete all cookies installed in the cookie folder of your browser. Each browser has different procedures for managing settings.
Analysis cookies are assimilated to technical cookies if the service is anonymised.
c) profiling and marketing cookies: they are used exclusively by third parties other than the owner of this website to collect information on users’ browsing behaviour, interests, and consumption habits, also in order to provide personalised advertising.
Consent is required for these cookies.
d) Third-party cookies:
This site also acts as an intermediary for third-party cookies (such as social networking buttons), which are used to provide additional services and features to visitors and to simplify the use of the site, or to provide personalised advertising. This site has no control over such cookies, which are entirely managed by the relevant third parties, and it has no access to the information collected through them. Information on the use of these cookies and their purposes, as well as on how to disable them, is provided directly by the relevant third parties on the pages listed below.
Please note that user tracking does not generally lead to user identification, unless the user has already subscribed to the service and is also already logged in, in which case it is understood that the user has already given consent directly to the third party when subscribing to the relevant service (e.g. Facebook).
12.3. Disabling cookies
- videos from YouTube or other video-sharing services;
- social network buttons;
- Google maps.
At the following addresses, you can find instructions on how to manage cookies on the relevant browsers: