In this section we describe the modalities for site management regarding handling of personal data collected from the user.
Data will be collected and handled according to Recommendation number 2/2001, adopted on May 17, 2001 by the European Authorities for the protection of personal data, in order to identify common minimum requirements for on-line collection of personal data within the European Union. Also, this Recommendation supplies added information on the subject, according to Article 13 of Law Decree dated June 30, 2003, number 196 – Codex, in the matter of personal data protection.
Ownership and responsibilities regarding handling of personal data
EEM srl (EEM) – Via E. L. Cerva 98, 00143 Rome – e-mail address firstname.lastname@example.org, has Ownership of Personal Data Handling.
Data handling location
Data will be handled at the Headquarters of the Data Handling Owner. According to provisions of article 43 and following of Law Decree 196/2003, explicit consent by the interested party must be secured prior to possible data handling outside the European Union.
Objectives of data handling and its modalities
Personal data and Navigation data, automatically gathered by the site or voluntarily supplied by the User or the interested party, are collected for the objectives and with the modalities indicated below.
Data will be handled through instruments and with modalities that ensure data privacy and security, in accordance with provisions of Law Decree dated June 30, 2003, number 196, and current regulations.
Cloudware will use both compulsory and voluntary Data supplied by Users exclusively for the purposes indicated below:
- Allowing delivery of services and goods purchased from the site, and, in general, meeting administrative, accounting or technical requirements.
- Answering specific requests for information by the user.
- Supplying the user with regular updates on new products or services offered by the site, or on specific commercial offers.
- Informing the User regarding site maintenance or possible disservice.
- Allowing commercial profiling of the User.
- Allowing the Owner of the Site to defend himself in Court, or prior to a Court action, from User’s abuse of the site itself or its services.
Whenever necessary, as per Law Decree 196/2003, EEM will request the user or the interested party for their approval before proceeding with data handling.
Types of handled data
Data automatically supplied by the User During operations, information systems and procedures connected with the EEM website collect some personal data about the User. It is navigation data connected with the technical use of the site, which allow the registered user to access the services that are offered. This information is given compulsorily.
This type of information allows the identification the user or the interested party. In this category of data we find name, surname, address, telephone number, e-mail address, fax, social security (tax) number, IP address and other information connected with the identity of the User or his/her technical modalities of accessing the site.
This data is used solely for the objectives indicated above, and only for the length of time that is necessary to execute the services requested by the User. The User will have the prerogative to request removal of such data at any time for legitimate reasons.
This kind of data could be used to verify responsibility in case of possible cybercrimes against the site.
Data voluntarily supplied by the User
Supplying sensitive personal data, such as data that might identify the user’s ethnic or racial background, religious or philosophical beliefs, political opinions, health conditions or sexual orientation, remains an optional and voluntary action, and requires explicit consent by the User.
In case the User should decide to utilize the site, in any way, for publishing or sharing a third party’s data, he/she will assume total and complete responsibility for such action. The Owner will be held harmless for the instrumental handling of data consequent to said communication or dissemination.
EEM declares its commitment to keep and control all data automatically gathered by the site or voluntarily supplied by the User in such a manner and with such measures as to reduce to the minimum all risks relating to destruction, loss, unauthorized access, not permitted or inappropriate handling of said data for objectives that are inconsistent with the original purpose of their collection.
Data handling outside the European Union
As per articles 43 and 44 from Law Decree dated June 30, 2003, number 196, and articles 25 and 26 from Directive 95/46/CE by the European Parliament and Council, dated October 24, 1995, personal data handling may take place in a Country that is not a European Union member only if said non-member Country can guarantee an adequate level of protection and safety. For this reason, EEM guarantees services from suppliers that conform to protection protocols for data safety, such as “Safe Harbor”, that is, a bilateral agreement between EU and USA that defines safe and shared rules for personal data transfer to companies located in the US.
Rights of the parties involved
In order to exercise the rights established by article 7 of Law Decree 196/2003 (confirmed existence of supplied data, knowledge of their content and source, request for blocking data in violation of law, opposition to data handling for legitimate reasons), the user or party involved may contact directly the Data Handling Owner at the address stated above.