Ask our experts for information
For information fill out the form below. Before sending the email, read the information on the data.
Information on the processing of personal data for the Contact Service ("Information Notice") provided pursuant to Article 13 Regulation (EU) 2016/679 ("GDPR")
Data Controller and Data Protection Officer
The data controller is eCO2care (hereinafter the "Data Controller"). For the exercise of your rights, listed in Article 6 below, as well as for any other request relating to the same and/or this Policy, you may contact the Data Controller at the following contact details:
- email: email@example.com
Personal data processed, purpose of processing and legal basis
The Data Controller will process your personal identification and contact data (such as, first name, last name, email address) directly provided by you by filling in the specific data collection form in the "Contact us" sections of the Data Controller's website.
The Data Controller intends to process your personal data in order to: reply to your message or your request for information; the legal basis for this is the provision of your consent, pursuant to Article 6(1)(a) of the GDPR; your personal data are processed by the Data Controller in order to respond to your contact request;
Nature of the provision, data retention period and processing methods
For the purpose referred to in paragraph 2 above, the provision of your personal data is compulsory for the purposes of formulating a response to your request, given that your refusal to provide such data will make it impossible for the Controller to reply to your message, acknowledging your request for information. The storage period of your personal data:
- for the purpose referred to in paragraph 2 above, shall last for the period necessary to reply to each individual request for information and, in any case, for no longer than 30 days from the collection of the data. Once the aforementioned period has elapsed or the current requests have been dealt with, your data will be destroyed or rendered anonymous;
- processing is carried out in compliance with the requirements of the GDPR, according to the principles of correctness, lawfulness and transparency and the protection of your rights as described therein. Personal data is processed by means of computerised, telematic and/or paper-based tools, as well as with the use of security measures aimed at guaranteeing the confidentiality of personal data and preventing undue access by unauthorised parties. The Controller does not carry out an automated decision-making process on your personal data, including profiling as referred to in Article 22(1) and (4) of the GDPR.
Communication of data
For the pursuit of the purposes described in paragraph 2 above, the personal data processed will be known to the employees, assimilated personnel and collaborators of the Controller, who will act as authorised subjects for the processing of personal data.
Furthermore, your personal data may be processed by third parties belonging, by way of example, to the following categories:
- technical assistance service providers for the management of the computer system, logistics providers, advertising agencies or other service providers;
- business partners;
- suppliers of external telematic platforms for sending communications;
The subjects belonging to the above categories operate, in some cases, as data controllers specifically appointed by the Data Controller in compliance with Article 28 GDPR, and in other cases completely independently as separate data controllers, it being understood that, in the latter case, the communication of your personal data to such independent data controllers would take place solely for the purposes of pursuing the purposes set out in paragraph 2 above.
The complete and updated list of the entities to which your personal data may be communicated may be requested by contacting the Controller at the address indicated in paragraph 1 of the Information Notice.
Your personal data will not be disclosed.
Transfer of personal data outside the European Union
The Controller does not intend to transfer your personal data outside the European Union.
Should this circumstance become necessary due to technical-organisational requirements, such a transfer will in any case be preceded by prior verification of the existence of the conditions of legitimacy and adequate guarantees prescribed by Articles 44 et seq. of the GDPR. In such a circumstance, you may request information from the Data Controller about the transfer of your personal data outside the European Union and obtain a copy of the protection measures adopted by making a specific request to the Data Controller via the e-mail address firstname.lastname@example.org.
Rights of data subjects
In relation to the processing described in this Notice, as a data subject, you may, under the conditions set out in the GDPR, exercise the rights set out in Articles 15 - 21 of the GDPR, in particular:
- right of access: right to obtain confirmation as to whether or not personal data relating to you are being processed and, if so, to obtain access to your personal data - including a copy thereof - and communication of, inter alia, the information referred to in Article 15 of the GDPR
- right to rectification: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning him/her and/or the supplementation of incomplete personal data pursuant to Article 16 of the GDPR;
- right to erasure (right to be forgotten): the right to obtain, without undue delay, the erasure of personal data concerning him/her, in the cases indicated in Article 17 of the GDPR; the right to erasure does not apply to the extent that the processing is necessary for the performance of a legal obligation or the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims
- right to restriction of processing: right to obtain the restriction of processing, in the cases indicated in Article 18 of the GDPR;
- right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without hindrance, where the processing is based on consent and is carried out by automated means, as indicated in Article 20 of the GDPR. In addition, the right to have your personal data transmitted directly by the Controller to another controller if this is technically feasible;
- right to object: right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Controller to continue the processing, pursuant to Article 21 of the GDPR;
- right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation;
- right to lodge a complaint with the Garante per la protezione dei dati personali, Piazza Venezia n. 11, 00187, Rome (RM).
The above rights may be exercised vis-à-vis the Data Controller by contacting the references indicated in paragraph 1 above. The Data Controller shall take charge of your request and provide you, without undue delay and, in any case, no later than one month from receipt of the same, with information regarding the action taken in respect of your request.
The exercise of your rights as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the case of requests that are manifestly unfounded or excessive, including due to their repetitiveness, the Data Controller may charge you a reasonable expense contribution, in light of the administrative costs incurred in handling your request, or deny satisfaction of your request.
Finally, we inform you that the Controller may request further information necessary to confirm the identity of the data subject.
The Data Controller