PRIVACY POLICY


PRIVACY POLICY EUROSTEP
INTRODUCTION

Welcome to our website https://www.eurostep.it/en/
In accordance with the General Data Protection Regulation (EU) 2016/679, Eurostep S.r.l. is providing herewith the necessary information relating to the processing of the personal data provided. This information is not considered valid for other websites visited through links on websites belonging to the controller, which is not considered in any way responsible for third-party websites.
This refers to a disclosure that is made pursuant to Art. 13 of the General Data Protection Regulation (EU) 2016/679 – GDPR. This information is also inspired by Recommendation no. 2/2001 that the European authorities for personal data protection, collected in the Group established by Art. 29 of Directive no. 95/46/EC, adopted on 17 May 2001 to identify several minimum requirements for collecting personal data on-line, and, in particular, the methods, times and nature of the information that the Data Controllers must provide to users when they connect to website pages, regardless of the purposes of connecting, as well as what is provided for by Directive 2002/58/EC, as updated by Directive 2009/136/EC, regarding Cookies and measure of the Guarantor Authority “Identifying simplified procedures for the disclosure and the acquisition of consent for the use of cookies – 8 May 2014 (Published in the Gazzetta Ufficiale no. 126 of 3 June 2014)” and subsequent clarifications.

Personal data (Art. 4 GDPR).  “personal data”: any information concerning an identified or identifiable natural person (“interested party”); a natural person is deemed to be identifiable if he or she can be identified, directly or indirectly, with particular reference to an identifier such as a name, identification number, details of his or her location, an online identifier or one or more details characteristic of his or her physical, physiological, genetic, mental, economic, cultural or social identity; (C26, C27, C30)

Specific information could be presented on the website pages related to special services or processing of Data provided.

Cookies:
For more information on cookies used by this website, please see the cookies policy at the following link http://www.eurostep.it/en/privacy-cookies-policy/

THE DATA “CONTROLLER”
Pursuant to Articles 4 and 24 of the GDPR, the data controller is Eurostep S.r.l. – Via Feltrina Sud 192, 31092 Montebelluna, Treviso, Italia, P.IVA 03896260241, in the person of its pro-tempore legal representative. The controller’s email contact is privacy@eurostep.it.

The DATA PROTECTION OFFICER (DPO- Data Protection Officer) is determined pursuant to Articles 37 – 39 of Reg. EU 2016/679. The DPO’s email contact is gdpr@eurostep.it.

PURPOSE AND LEGAL BASIS OF THE PROCESSING
Eurostep S.r.l. informs you that we will process the data that by its nature can be qualified as personal. Personal data that Eurostep S.r.l. treats are those that you provide us when you request a quotation, conclude an order, purchase goods and those that we collect while you browse on our website or when you use the services offered on the site.

The personal data will be processed for the following purposes:

  • Purpose A)

Browsing on this website
During the usual website operation, computer systems and software procedures acquire personal data whose transmission is implicit in the use of internet communication protocols. This is the information that is not collected to be associated with identified interests, but by their very nature could allow, through processing and association with data held by third parties, to identify users. This category of data includes the IP addresses or the names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters related to the operating system and the user’s computer environment.
Personal personal data:
to access certain services of the website, the provision of personal data, such as a name,  an e-mail address, a telephone number, may be required.
Special categories of personal data:
the processing of data identified by Article 9 of Regulation No. 349/2016, personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions or union membership as well as genetic data, biometric data designed to uniquely identify a person, data related to health or sex life or sexual orientation will be treated with the express and specific consent of the person concerned.
Cookies see the following Cookies Policy
The personal data you provide are processed for the following purposes:

  • to conclude and execute contracts for the purchase of goods offered on the site or in the stores;
  • provide commercial marketing services such as signing up for the newsletter, sending newsletters;
  • allow registration on the website and the use of services reserved for registered users;
  • manage your incoming customer support requests;
  • carry out administrative-accounting activities. These is the processing of personal data connected to the performance of organizational, administrative, financial and accounting activities. These are internal organizational activities, related to the fulfilment of contractual and pre-contractual obligations and information activities.

In the above cases, the processing of your personal data is legitimate as it is necessary to execute a contract with you or to provide you with the service you have specifically requested. We also conduct statistical surveys and analyses with data in aggregate form to understand how users interact and use the website, to improve our offers and services.
Only with your express consent, however, we process your personal data to:

  • B) carry out commercial communications activities;
  • C) perform profiling activities, allowing us to elaborate your profile, analyze the consumption habits and choices, and purchase behaviour (if performed) that could improve our commercial offers and services. The processing of personal data may be related to customer care activities, personalized services and courtesy services. These activities are also pursued through their interment in customer relationship management.

WHO WILL PROCESS YOUR DATA
Your personal data is processed by duly trained and authorized in-house staff.

FOR HOW LONG WE STORE YOUR DATA
We store your personal data for a limited period depending on the purpose for which it is collected. At the end of this time, your personal data will be deleted or otherwise rendered anonymous in an irreversible way. The retention period depends on the purpose of the treatment. For instance, the retention period for GOOGLE ANALYTICS is equal to 38 months. The data is collected during the purchase of goods and processed until the completion of all administrative and accounting formalities. Therefore, it is filled in accordance with local tax regulations (ten years), while the data used to send you our newsletters is stored until you request to unsubscribe from it.

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
The personal data supplied will be sent to recipients, who will process the data as data protection officers (Article 28 of Reg. (EU) 2016/679) and/or as natural persons acting under the authority of the Data Controller and Data Protection Officer (Article 29 of Reg. (EU) 2016/679), for the purposes listed in point 3. and to third parties. More specifically, the data may be sent to companies contracted to Eurostep S.r.l., to associated and/or subsidiary companies within the European Union and non-EU countries, in compliance with applicable regulations, also through managing companies. Data may be communicated to third parties falling under the following categories: – sales/distribution network in the territory; – parties that provide services for managing the computer system used by Eurostep S.r.l. and the telecommunication networks (including email, CRM Data Base management and mailing lists, e-commerce platforms, APP providers, call centres, etc.); – third parties to support on-line purchases and administrative-accounting activities, shipping and returns (e.g. banks, shipping insurance);- offices or companies within the scope of assistance and consulting services; – the relevant authorities for compliance with legislative requirements and/or directives issued by public bodies, on request. Parties belonging to the categories above cover the function of Data Protection Officers or operate independently as Data Controllers. The list of Data Protection Officers is constantly updated and available at Eurostep S.r.l. – Via Feltrina Sud 192, 31092 Montebelluna, Treviso, Italia, by writing to privacy@eurostep.it.

TRANSFER OF DATA TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANIZATION AND GUARANTEES.
To manage its e-commerce activities, Eurostep S.r.l.  will be able to use cloud platforms provided by third parties as sub processors. In this regard, we inform you that your personal data acquired on the basis of this disclosure will be stored on servers located in the United States of America. The United States of America does not benefit from an EU Commission’s adequacy decision, therefore the transfer will take place on the basis of contractual clauses such as those approved by the Commission or by virtue of other suitable mechanisms for data transfer required by applicable regulations. For information on guarantees concerning data transfer outside the EU, please write to privacy@eurostep.it.

DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD
The data will be processed electronically or manually, with procedures and tools able to guarantee maximum security and confidentiality, by persons specifically authorized to do so. In accordance with the provisions of Article 5(1) letter e) of Reg. (EU) 2016/679, the personal data collected will be kept in a form that allows the identification of interested parties for a period no longer than that required to fulfil the purpose for which the personal data is collected. The retention of the personal data supplied depends on the purpose of processing:
– browsing on this website (please see the cookies policy at the following link http://www.eurostep.it/en/privacy-cookies-policy/ );
– for contact request (maximum 1 year);
– for restricted area for registered users/login (maximum 2 years);
– data collection for selecting personnel (maximum 2 years);
– receiving newsletters or promotional notices in general via e-mail (maximum 24 months);
– online sales (10 years)

Timing determined on the basis of criteria about which the interested party can obtain information by writing to privacy@eurostep.it.

RIGHTS OF DATA SUBJECTS
You may assert your rights as provided for by Regulation (EU) 2016/679, by contacting the Data Controller, by sending an email to privacy@eurostep.it  or by writing to the Data Controller’s premises indicated above. You are entitled to ask the Data Controller for access to your personal data at any time (Art. 15), to correct it (Art. 16) or to delete it (Art. 17), or to limit the processing thereof (Art. 18) or to object to the processing thereof based on a legitimate interest (Art. 21). Finally, you are entitled to data portability (Art. 20).
Right to revoke. Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.
To object to processing or to exercise any other rights, you can write to privacy@eurostep.it.
As an alternative to automatic-cancellation systems for e-mail, in order to stop receiving electronic direct marketing (e-mails, SMS, MMS, social networks), you can write to privacy@eurostep.it with the subject line “cancellation from electronic communications”. If you do not want to receive traditional direct marketing (telephone calls from operators, paper-based mail), you can write to privacy@eurostep.it with the subject line “cancellation of traditional”. If you do not want to receive any direct marketing, you can write to privacy@eurostep.it with the subject line ” marketing cancellation”. To object to profiling processing, you can write to privacy@eurostep.it with the subject line “no profiling”.
You are entitled to submit a claim to a supervisory authority.
There is no automated decision-making process.

NATURE OF SUPPLY AND REFUSAL
The transfer of data for the purposes stated under point A) above is optional, but necessary. The refusal to supply the necessary data regarding point A) makes it impossible to use the services of the Data Controller. The transfer and consent to processing for the purposes under point B) and/or C) is optional. Any refusal to provide consent for the purposes detailed under points B) and/or C) above, does not result in any negative consequence regarding the purposes referred to in point A). Profiling and marketing activities are only an eventuality and shall only be done with the specific consent of the data subject, should the party consent to the profiling of their data with these being entered into the CRM. Entering data into the CRM is optional and shall result in this becoming automatically visible to those that have access, or the data protection officers and persons in charge of the processing at the various points of sale worldwide.

CHANGES TO THE PRIVACY INFORMATION NOTICE
The Data Controller reserves the right to change, update, supplement or remove parts of the present Privacy Information Notice at its sole discretion at any time. The Data Subject must check periodically for any changes. To facilitate such checking, the Information Notice will contain the date of updating of the Information Notice.

SOCIAL LOGIN
Social Login is a technology that allows the user to share, in an automated way, personal data entered in a social network with the website administrator. For example, the user will be able to use this technology to register on a website quickly or to participate in an on-line contest or to make an on-line purchase (etc.). In short, subject to the user’s authorisation, the social network will send the website administrator the personal data necessary for the user to register on the site, participate in the contest, make the on-line purchase etc., without said user having to enter the requested data manually. To receive detailed information pursuant to Art. 13 of the GDPR regarding the use of personal data processed when using this technology, we invite you to visit the websites of third party administrators of the aforesaid technology. Below you will find references to these third parties, and next to each one of these you will find the link to the page where you can receive information on processing and, where required by the law, give or refuse your consent:

Facebook social login: https://developers.facebook.com/docs/plugins

Twitter social login: https://support.twitter.com/articles/20170519

Google account login: https://www.google.com/policies/privacy

Date updated: 21.05.2018