Privacy Policy

Dear User,

This page provides information on how your personal data is managed through our website.

We provide this information not only to fulfill our legal obligations regarding personal data protection under Regulation (EU) 2016/679, or the “Regulation” or “GDPR,” but also because we believe that the protection of personal data is a fundamental value of our business, and we want to provide you with all the information that can help you protect your privacy and control the use of your data in connection with your browsing experience on our website.  

This Privacy Policy aims to describe how this website is managed concerning the processing of personal data of users/visitors who use it. This notice is provided under Articles 13-14 (C60-C62) of Regulation 679/16 and according to WP187-259-260 to those connecting to the website.

This notice applies to the website mentioned above and any other websites owned directly by the declaring company that the user may access through links.

The website is owned and managed by EUPRAXIA S.r.l., which ensures compliance with personal data protection legislation. Users/visitors should read this Privacy Policy carefully before submitting any personal information and/or completing any electronic form on the website.  

Information pursuant to Article 13 of Legislative Decree 196/2003 and Article 13 of Regulation (EU) No. 2016/679

Under Article 13 of Legislative Decree 196/2003 (hereinafter, “Privacy Code”) and Article 13 of Regulation (EU) No. 2016/679 (hereinafter, “GDPR 679/16”), containing provisions for the protection of individuals and other subjects regarding the processing of personal data, we wish to inform you that the personal data you provide will be processed in compliance with the aforementioned legislation and the confidentiality obligations to which EUPRAXIA S.r.l. is subject.  

DATA CONTROLLER

The Data Controller of personal data, i.e., the party that determines the purposes and means of the processing of personal data, is EUPRAXIA S.r.l., with registered office at Via Volta n. 1/1, 42123 REGGIO EMILIA (RE), Italy, Tel. 0522/791763; VAT No.: 02709230359, in the person of its legal representative, Salvatore Matrone.  

DATA VOLUNTARILY PROVIDED BY USERS/VISITORS

If users/visitors voluntarily submit personal data when connecting to this website, EUPRAXIA S.r.l. will acquire the sender’s email address and/or any other personal data, which will be processed exclusively to respond to the requests.

Any data you provide will be processed in accordance with the current legislation on personal data processing (curriculum vitae, personal information provided by you and/or present on the website).

Data provided when subscribing to the EUPRAXIA S.r.l. newsletter

  • Types of data: First name and last name, or other identification data; Telephone number; Email address for subscription
  • Purposes of processing:
    • The processing is carried out to provide the requested service of information on the activities carried out by EUPRAXIA S.r.l. and its partners.
    • The processing is carried out for establishing relationships with users, particularly to provide commercial information (marketing);
    • To send promotional and advertising communications.
  • Requirement to provide data: Refusal to provide the data will make it impossible to use the requested service.
  • Processing methods: Processing will be carried out in an automated and/or manual manner, following the provisions of Article 32 of GDPR 2016/679 and Annex B of Legislative Decree 196/2003 (Articles 33-36 of the Code) concerning security measures. Specific security measures are in place to prevent data loss, unlawful or incorrect use, and unauthorized access.
  • Legal basis for processing: The data is considered voluntarily provided by the user when submitting the subscription form.
  • Data recipients: Internal parties within the company, such as employees and/or consultants appointed by the Data Controller for the above purposes.
  • Data retention period: For the period strictly necessary to fulfill the purposes for which the data was collected (i.e., for the duration of the relationship with the customer). An additional ten years will be added to this period for storage for marketing, employment law, civil law, tax, and accounting purposes.  

Data provided for registration to EUPRAXIA S.r.l. initiatives

  • Types of data: First name and last name, or other identification data; Telephone number; Email address for registration
  • Purposes of processing:
    • The processing is carried out to provide the requested service for free initiatives organized by EUPRAXIA S.r.l. or paid initiatives, or to register participation in seminars by the Company or Body and the relevant Delegate/Registrant/Participant;
    • The processing of images/videos is carried out to create advertising and institutional communications for the promotion of EUPRAXIA S.r.l.;
    • The processing is carried out for establishing relationships with users, particularly to provide commercial information (marketing);
    • To send promotional and advertising communications.
  • Requirement to provide data: Refusal to provide the data will make it impossible to register for the requested service or receive the requested information.
  • Processing methods: Processing will be carried out in an automated and/or manual manner, following the provisions of Article 32 of GDPR 2016/679 and Annex B of Legislative Decree 196/2003 (Articles 33-36 of the Code) concerning security measures. Specific security measures are in place to prevent data loss, unlawful or incorrect use, and unauthorized access.
  • Legal basis for processing:
    • The data is considered voluntarily provided by the user when submitting the registration form.
    • Participation in events implies the option to accept subsequent communication campaigns from participating third-party companies.
  • Data recipients:
    • Internal parties within the company, such as employees and/or consultants appointed by the Data Controller for the above purposes.
    • Third parties belonging to the staff of Partner companies and/or Sponsors of the event, for sending their information communications.
  • Data retention period: For the period strictly necessary to fulfill the purposes for which the data was collected (i.e., for the duration of the relationship with the customer). An additional ten years will be added to this period for storage for marketing, employment law, civil law, tax, and accounting purposes.  

Data provided for non-binding demonstration requests at your office:

  • Types of data: First name and last name; Email address for registration; Office address; Mobile phone number; Type of service requested
  • Purposes of processing:
    • The processing is carried out to provide the requested service.
    • The processing is carried out for establishing relationships with users, particularly to provide commercial information (marketing);
    • To send promotional and advertising communications.
  • Requirement to provide data: Refusal to provide the data will make it impossible to use the requested service.
  • Processing methods: Processing will be carried out in an automated and/or manual manner, following the provisions of Article 32 of GDPR 2016/679 and Annex B of Legislative Decree 196/2003 (Articles 33-36 of the Code) concerning security measures. Specific security measures are in place to prevent data loss, unlawful or incorrect use, and unauthorized access.
  • Legal basis for processing: The data is considered voluntarily provided by the user when submitting the request form.
  • Data recipients: Internal parties within the company, such as employees and/or consultants appointed by the Data Controller for the above purposes.
  • Data retention period: For the period strictly necessary to fulfill the purposes for which the data was collected (i.e., for the duration of the relationship with the customer). An additional ten years will be added to this period for storage for marketing, employment law, civil law, tax, and accounting purposes.  

Data provided for participation in surveys provided by EUPRAXIA S.r.l.

  • Types of data: First name, last name, or other identification data; Profession; Company name; Municipality of residence; Telephone number; Registration email address (company domain); Photographic images collected at the event; Video images collected at the event.
  • Purposes of processing:
    • The processing is carried out to provide the requested service of information on the activities carried out by EUPRAXIA S.r.l. and its partners;
    • The processing is carried out for establishing relationships with users, particularly to provide commercial information (marketing);
    • To send promotional and advertising communications.
  • Requirement to provide data: Refusal to provide the data will make it impossible to use the requested service.
  • Processing methods: Processing will be carried out in an automated and/or manual manner, following the provisions of Article 32 of GDPR 2016/679 and Annex B of Legislative Decree 196/2003 (Articles 33-36 of the Code) concerning security measures. Specific security measures are in place to prevent data loss, unlawful or incorrect use, and unauthorized access.
  • Legal basis for processing: The data is considered voluntarily provided by the user when submitting the registration form.
  • Data recipients: Internal parties within the company, such as employees and/or consultants appointed by the Data Controller for the above purposes.
  • Data retention period: For the period strictly necessary to fulfill the purposes for which the data was collected (i.e., for the duration of the relationship with the customer). An additional ten years will be added to this period for storage for marketing, employment law, civil law, tax, and accounting purposes.  

Data provided by candidates for personnel selection:

  • Types of data: First name, last name, or other identification data; Occupation (e.g., VAT number, tax code, address, company name); Racial or ethnic origin; Education and training; Data relating to family and personal circumstances (if included in the curriculum vitae); Religious beliefs (if included in the curriculum vitae); Philosophical or other beliefs (if included in the curriculum vitae); Sending email address.
  • Purposes of processing: The processing is carried out to evaluate curricula vitae sent through the website.
  • Requirement to provide data: Mandatory for evaluating the professional profile of the data subject and the potential establishment of an employment relationship.
  • Processing methods and location: Evaluation through computer viewing of the document and information uploaded in the form. Possible paper storage of the CV for practical purposes during the interview.
  • Legal basis for processing: The data is considered voluntarily provided by the user when submitting the curriculum vitae.
  • Data recipients: Exclusively internal parties within the company, such as employees and/or consultants appointed by the Data Controller for the above purposes.
  • Data retention period: For the period strictly necessary to achieve the purposes of evaluating the professional profile for which they were collected. Until the end of the employment relationship in case of collaboration between the data subject and EUPRAXIA S.r.l. An additional ten years will be added to this period for storage for employment law, civil law, tax, and accounting purposes.  

Browsing data

The computer systems and software procedures used to operate this website acquire, during normal operation, some personal data that is then implicitly transmitted through the use of Internet communication protocols. This information, by its nature, could allow identification of users/visitors (e.g., IP address, etc.) through associations and processing with data held by third parties.  

  • Types of data: IP address and browsing data
  • Purposes of processing: Website navigation; To fulfill legal obligations
  • Requirement to provide data: Mandatory to visit the website and access its various features.
  • Processing methods and location: Processing related to the web services of this website takes place at Genesis srl Firenze – Hosting Solutions. Personal data is mainly processed using automated tools. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.  
  • Legal basis for processing: The data is processed based on the necessity to provide the tools required to visit the website and access the available features.
  • Data recipients: Exclusively internal parties within the company, such as employees and/or consultants appointed by the Data Controller for the above purposes.
  • Data retention period: For the duration of the browsing session and the entire period of website use.
  • Regarding time markers (i.e., cookies), please see the specific policy.  

PROCESSING METHODS

Processing will be carried out in an automated and/or manual manner, following the provisions of Article 32 of GDPR 2016/679 and Annex B of Legislative Decree 196/2003 (Articles 33-36 of the Code) concerning security measures. The processing is carried out through operations or a set of operations, such as:

  • collection, recording, organization, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, and deletion of data;  
  • operations may be carried out with or without the aid of electronic or automated tools;
  • processing is carried out by the data controller and/or by data processors (including external processors).  

Please note that, following the principles of lawfulness, purpose limitation, and data minimization, under Article 5 of GDPR 2016/679, and with your freely given and explicit consent, your personal data will be stored for the period necessary to achieve the purposes for which it is collected and processed.  

OPTIONAL NATURE OF DATA PROVISION

Except for browsing data, which is provided directly by the system when connecting to this website, the provision of personal data by users/visitors is entirely optional.

However, failure to provide your personal data may make it impossible to provide the service, whether commercial or informational.  

DATA COMMUNICATION

The data will be disclosed to data processors and persons in charge of processing, and may be communicated to external collaborators and, in general, to all those parties that EUPRAXIA S.r.l. deems necessary for the proper fulfillment of the stated purposes.  

DATA DISSEMINATION

The data you provide on the website will not be directly disseminated by EUPRAXIA S.r.l. unless expressly requested by the user.

Information that users of the website choose to make public (e.g., Facebook, LinkedIn, etc.) is managed by the user knowingly and voluntarily, exempting this website from any liability regarding violations of the law.

It is the user’s responsibility to verify that they have permission to enter personal data, third-party data, or content protected by national and international regulations.

EUPRAXIA S.r.l. is not responsible for any improper or fraudulent use of data provided to EUPRAXIA S.r.l. by unauthorized third-party users.  

TRANSFER OF DATA ABROAD

Personal data may be located in countries within the European Union and in countries outside the European Union, as the website management providers may be located outside EU member states.  

To ensure international compliance, it’s important to add details about:

  • Specific Transfer Mechanisms: If data is transferred outside the EU/EEA, you should specify the legal mechanisms used to ensure data protection. This might include:
    • Adequacy Decisions: Transfers to countries that the European Commission has deemed to provide an adequate level of protection (e.g., Canada, Japan).
    • Standard Contractual Clauses (SCCs): Contracts with data importers that include specific clauses approved by the European Commission to protect data.
    • Binding Corporate Rules (BCRs): Internal rules adopted by multinational companies for intra-group data transfers.
    • Other Legitimate Mechanisms: Any other legally recognized transfer mechanism.
  • Additional Safeguards: If relying on SCCs or other mechanisms, mention any additional safeguards implemented to protect data, such as encryption or pseudonymization.
  • US Transfers: Given the complexities of US data protection law, it’s crucial to be specific about transfers to the US. You may need to refer to the EU-US Data Privacy Framework if applicable.

DATA RETENTION PERIOD

Sent messages will be kept within the computer systems and paper archives for ten years.

If an employment contract is established, further information will be provided when the employment contract is defined.

The Data Controller reserves the right to keep the data for an additional period of 10 years for reasons related to