1.  Foreword

EU Regulation 2016/679 on "protection of individuals with regard to the processing of personal data and on the free movement of such data" (hereinafter "EU Regulation 2016/679" or "GDPR") contains a set of rules aimed at ensuring that the processing of personal data is carried out in accordance with the fundamental rights and freedoms of individuals.

Following consultation of this website (hereinafter the "Site"), data relating to identified or identifiable persons may be processed.

2. Personal data controller

Pursuant to Articles 13 and 14 of the GDPR, the following information is provided regarding the processing of personal data of the interested parties.

The Data Controller is Nelly Dominguez De Juan, P.I. 02525290181- C.F. DMNNLY74A69Z131B resident in Via Certosa 1/G, 27100 San Genesio ed Uniti, Italy, hereinafter also only the "Data Controller").

The contact details are as follows:

Phone: +39 320 3353099

E-mail: info@ei-design.org

3. Categories of personal data and data source

Personal data may be freely provided by the User or, in the case of navigation data, automatically collected while browsing the Site.

Navigation data provided by the User's computer

When connecting to the Site, the computer systems and procedures software which are responsible for their operation automatically and indirectly administer and/or acquire certain information (such as, purely by way of example, the so-called "cookies" as specified in the "Cookies Policy"). The processing of this data is necessary to ensure the best possible browsing experience for the User and to provide him with all the functions and services available on the Site. It is possible, however, to limit the processing of such personal data by using certain features made available by the Site (with reference, in particular, to the transmission of cookies or similar instruments, please refer to the "Cookie Policy"of the Site) or by your device or browser/application. In this event, navigation on the Site may be limited and some of its functions/services may be inaccessible.

Data provided voluntarily by the visitor.

Requests for contact and/or information forwarded by the Interested Parties through the e-mail and/or telephone channels present on the Site and made available by the Owner, will involve the collection and subsequent processing of personal data of the requesting parties (by way of example, the e-mail address and other personal data contained in the e-mail message or freely provided by telephone).

In addition, the Data Controller will process the identification and contact data of the Interested Parties who have requested the creation of their own account personal access to the reserved area ("LOG IN") allowed only to registered subjects.

The personal data processed by eiDesign are normally collected directly from the interested party and freely provided by the latter.

The processing of personal data will take place according to the purposes indicated below and will be based on principles of correctness, lawfulness, transparency and protection of confidentiality and rights of the interested party.

4. Purpose of processing and legal basis

The data collected will be processed for the following purposes:

1. a) respond to requests for information from the interested party by sending e-mails to the e-mail address and more generally to the contact channels indicated on the Site;
2. b) allow the registration of the interested party to the area of the Site ("LOG IN") and the proper use of specific online content accessible only to registered subjects, through the creation and subsequent technical and administrative management of the personal account of the interested party;
3. c) send advertising material and/or communications of a commercial nature regarding new products and/or services offered by the Owner. This may be done both through traditional contact systems (paper mail or calls through a telephone operator) and through automated call or call communication systems without the intervention of an operator and/or through electronic communications (electronic mail; SMS-type messages - Short Message ServiceMMS etc.);
4. d) fulfil obligations provided for by laws and regulations to which the Data Controller is subject and/or execute orders of Authorities legitimately entitled to do so.
5. e) to assert their rights and interests in judicial and/or administrative proceedings.

The Data Controller may also send commercial communications aimed at the promotion and/or direct sale of products or services similar to those already purchased or used by the interested party, using the e-mail addresses indicated on such occasions (so-called " ").soft spam"), without prejudice to the right of the Interested Party to object at any time with the modalities reported at the bottom of the communication or at the addresses indicated in the following par. 11, for the exercise of the rights under Articles 15 et seq. of EU Regulation 2016/679.

The legal basis for the processing is:

- for the purposes set out sub (a), by the legitimate interest of the Controller to respond to the contact or information requests received (art. 6, par. 1, lett. (f) EU Reg. 2016/679);

- for the purpose sub b), from the correct and timely execution of the contract to which the Data Subject is a party or to the execution of pre-contractual measures adopted at the request of the same (art. 6, par. 1, lett. (b) EU Reg. 2016/679);

- for the purposes set out sub c) by the free consent expressed by the Data Subject (art. 6, par. 1, letter A) EU Reg. 2016/679);

- for the purpose sub (f), from the fulfilment of a legal obligation (art. 6, par. 1, lett. (c) EU Reg. 2016/679).

- for the purposes set out sub e), by the legitimate interest of the Owner to provide for the defence of its rights and interests.

The conferment of data and their communication to the categories of subjects indicated in paragraph 7 is not compulsory, but any refusal by the interested party to provide their data will make it objectively impossible for them to eiDesign to meet the requests for contact and/or information received as well as to be able to correctly fulfil its legal and contractual obligations. On the contrary, it is understood that the refusal of the interested party to give his/her consent to the processing of personal data for the purposes of which sub c), will only make it impossible for the Data Controller to pursue the purposes indicated therein.

5. Treatment modes

The processing of personal data is carried out using manual, computerised and telematic tools with logic strictly related to the purposes stated in this document and, in any case, in such a way as to guarantee the security and confidentiality of the data in accordance with the regulations in force.

In the case of processing carried out by means of electronic and other processing methods, as well as by means of management systems and storage even with hardware and software cutting edge, eiDesign may use third party service companies that will be made aware of their responsibilities with notification of appointment as Data Processor pursuant to Article 28 of the GDPR.

6. Period of data retention

The data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed ("principle of limitation of storage", art. 5 GDPR), except in cases of compliance with a legal obligation or order of an authority. Verification on the obsolescence of the retained data in relation to the purposes for which they were collected is carried out periodically. At the end of the retention period, personal data will be deleted, destroyed or made anonymous, without prejudice to any retention periods provided for by law. Therefore, at the expiry of this period, the right to access, cancel, rectify and the right to data portability can no longer be exercised.

7. Categories of subjects to whom the data may be communicated

In some cases the execution of all the activities connected and/or instrumental to the management of the requests implies by eiDesign the communication of personal data of the interested parties:

- employees and/or collaborators of the Owner as persons authorized to process data and/or system administrators;

- to subjects whose right to access them is recognized by law;

- to companies or third parties who carry out activities for the Owner that are strictly connected or instrumental to the operation of the Site, such as the company that manages the personal data of users and the management of the computer systems on which they are stored. The personal data provided by users who submit requests are used only to perform the service or provision requested and are communicated to third parties only where this is necessary for that purpose. Outside of these cases, personal data will not be communicated unless required by contract or law or unless specific consent is requested from the interested party. In this sense, personal data could be transmitted to third parties but only and exclusively in the case in which a) there is explicit consent of the interested party to share the data with third parties; b) there is the need to share information with third parties in order to provide the requested service c) this is necessary to comply with requests from judicial authorities or public security.

The subjects belonging to the categories to which the data may be communicated will carry out the processing of the data and will use them, depending on the cases, in their capacity as Data Processors expressly appointed by the Data Controller in accordance with the law or, rather, in their capacity as independent data controllers.

The Owner designates as authorized persons all the employees also pro temporeand collaborators, including occasional ones, who carry out tasks involving the processing of personal data.

The updated list of data processors is kept at the registered office of the Data Controller.

8. Place of treatment

The data will be processed by the data controller at its domicile.

9. Transfer of personal data outside the EU

For matters of a technical and/or operational nature, the personal data of Data Subjects may be transferred from eiDesign in non-EU countries, such as in the case of cloud storage with server located outside the territory of the European Union.

In this case, the Data Controller assures as of now that the transfer of data outside the EU will be regulated in accordance with the provisions of Chapter V of the Regulation and authorized on the basis of specific decisions of the European Union. Therefore, all necessary precautions will be taken in order to guarantee the total protection of personal data basing such transfer: a) on adequacy decisions of the receiving third countries expressed by the European Commission; b) on adequate guarantees provided by the receiving third party pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules.

10. Rights of the interested parties

The interested party has the right to ask the Data Controller:

- access to data;

- data portability;

- opposition to the treatment;

- the rectification of data, the limitation of data processing, the cancellation (oblivion) of data;

as well as:

- revoke consent to the processing of your personal data;

- Propose a complaint to the Control Authority (Privacy Guarantor).

11. How to exercise your rights

The interested party may at any time exercise the rights attributed to him by sending a registered letter with return receipt to Nelly Dominguez De Juan, domiciled in Via Certosa 1/G, 27100 San Genesio ed Uniti, Italy or an email to the address: info@ei-design.org

12. Minors

Minors under the age of 18 should not provide information or Personal Data to eiDesign absence of the consent of those exercising parental responsibility over them. In the absence of such consent, it will not be possible to respond to the requests of the child.

eiDesign invites all those who exercise parental responsibility over minors to inform them about the safe and responsible use of the Internet and the Web.

13. Modifications:

The Data Controller reserves the right to make changes to this information notice at any time by informing the Data Subjects on the Site. We therefore ask that you consult this "Section" periodically, taking as reference the date of the last modification indicated. If you do not accept the changes made to this Policy, you must notify the Data Controller and you may request to remove your Personal Data. Unless otherwise specified, the previous Policy will continue to apply to Personal Data collected up to that moment.

Last modification date April 2021