Privacy Policy
Privacy Policy of the www.etacarinae.org website
INFORMATION NOTICE ABOUT THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of Regulation (EU) 2016/679 (the “GDPR”)
Dear User,
This information is for transparency purposes only: it serves to clarify, as required by law (Article 13 GDPR), what type of processing of your personal data we perform when you connect to our site and browse our pages. Personal data means only information referring to a natural person who can be identified directly or indirectly.
You can also download this notice in .pdf format [ click here ].
- Data controller and contacts
- Categories of personal data processed by the etacarinae.org website
- Additional personal data categories for the private.etacarinae.org service
- Purpose of the processing, legal bases and retention – etacarinae.org website
Purpose 1 – Site viewing/browsing and solving technical problems
Purpose 2 – Handling requests
Purpose 3 – Marketing
Purpose 4 – Follow-up
Purpose 5 – Establishment/exercise/defence of rights
- Additional purposes, bases, retention – private.etacarinae.org service
Purpose 6 – Provision of access to the biofuels database
Purpose 7 – Registration/authentication
- Transmission outside the EU
- Automated decision-making processes
- Providing data required/not required
- Recipients or categories of recipients
- Cookie policy
- Rights of the data subject
- Changes
1. Data controller and contacts
- Data controller: Etacarinae s.r.l., VAT No.: 09163840961, website: etacarinae.org.. Etacarinae s.r.l. is the entity that determines the purposes and means of processing of data concerning you that is collected during your interaction with the site.
- Privacy contact details: privacy@etacarinae.org, tel.: 02/786112090, location: 20017 – Via Paolo Lomazzo, no. 34, Milan.
2. Categories of personal data processed by the etacarinae.org website
The categories of personal data processed through this site are as follows:
- Data implicit in the internet connection: viewing and browsing the site involves, for reasons intrinsic to the use of computer protocols, an exchange of technical information between our computer system and yours. The information transmitted includes the following: User type, User’s agent, IP, page opening requests and date. Providing this type of data is necessary because it is implicit in the computer protocols for accessing a web domain.
- Data relating to the types of activities carried out on the site: types of actions in connection with the activity carried out on the site, which we collect for the purpose of solving technical or security problems and protecting rights, by intercepting suspicious activities. The information obtained includes IP address, browser used and version, time of the request, log type, response code, message, agent, size, source, API requests, event and response code for browsing and access. The domain administrator analyses this information following alert events. This information is provided automatically when browsing the site.
- Data related to your requests for information and assistance: information associated with your requests for information, assistance or otherwise. The data processed include: identification of the sender (where this is relevant, e.g., a request for contractual assistance or you gave us that data), contact details necessary to respond, the substance of your requests and our subsequent replies. Providing this information is optional, but without it we will not be able to handle and respond to your request.
- Evaluation data: your opinions about our services, events, activities collected by us for Purpose 4 described below. Providing this information is optional and has no effect on the use of our services.
- Data related to marketing and events: contacts for sending newsletters, expressing/revoking consent for marketing purposes and similar activities, related organisational information (e.g., date, time, how to connect to events we propose). Providing this information is optional and has no effect on the use of our services; the only consequence of refusal will be not receiving our promotions.
3. Additional personal data categories for the private.etacarinae.org service
In addition to the categories of personal data described above, the biofuel database consultation service requires the processing of the following additional categories of personal data:
- Registration/authentication data: full name, company telephone, company headquarters, company name, country, username/email and password, as credentials to access the platform. Providing this information is optional, but if you do not provide the information marked as compulsory (in the form on the site), you will not be able to register for the service content. During authentication, only credentials will be collected, the processing of which is necessary for access to the reserved content on the site.
4. Purpose of the processing, legal bases and retention – etacarinae.org website
Purpose 1 – Displaying/browsing the site and solving technical problems: the purpose is to allow the site to be displayed correctly and its pages to be browsed, as well as to solve technical operating problems (e.g., unblocking the authentication function after a certain number of incorrect attempts). Category of data processed: for site viewing/browsing, see point i above, for other technical purposes see point ii above. In any case, the information collected for this purpose is not intended to identify you, but may be able to do so if an offence is committed, see purpose no. 5.
Legal basis: for site viewing/browsing, the basis is Article 6.1.(b) GDPR (pre-contractual and contractual measures), since this is an activity generated by the user through a request for direct connection from the user’s computer system to our servers. For solving technical problems, the basis is Article 6.1.(f) GDPR.
Data retention: personal data collected for this purpose are retained for one month, unless they are necessary for the exercise or defence of rights, see purpose 5 below. This is the case, for example, if you carried out or are involved in a cyber-attack on our site or if you used our contact form to defame or commit offences, etc.
Purpose 2 – Handling user requests: the purpose of the processing is to follow up on your request for assistance or information, which may include filling in forms. We will access the semantic content of the information. The processing relates to the category of data described in point iii above. This purpose also includes your requests to register for webinars, events and seminars (please note that you must give us specific prior consent to receive our invitations by email, see purpose 3 – marketing below).
Legal basis: Article 6.1.(b) GDPR taking into account requests directly generated by the user and which require a response from us.
Data retention: if the requests are part of a service activity under a contract, we will retain them to document/demonstrate the relevant obligations; see purpose 5, establishment/exercise/protection of rights. Otherwise, the data are deleted for internal management reasons, including backups, no later than one month after fulfilment of the request/closure of the ticket (where a ticket system is used), unless we have a legitimate interest in applying also in this case purpose 5.
Purpose 3 (the data controller reserves the right to activate/deactivate this purpose on the site) – Marketing: this purpose includes all our promotional activities via email, which includes sending our newsletter or, more generally, informative emails or invitations to events, webinars, seminars, other initiatives for continuing education and training in the biofuels industry, and market surveys. Signing up for the activity described above is optional: it therefore requires consent (if you provide it for a legal entity, make sure you have the authority to do so). If you do not provide your consent, we will not be able to send you communications for the purpose described above. Not subscribing to the newsletter/email invitations to events has no effect on your use of the site and our services. In addition, you may revoke your consent at any time, easily and free of charge, by writing to us or using the “unsubscribe” link (or similar terminology) found in each of our emails. Similarly, you may at any time object to the marketing processing easily and free of charge by contacting us (see Data controller and contacts). Withdrawal of consent and/or objection to marketing processing does not have retroactive effect. You will only receive our promotions; we will not disclose your information to “third parties” (Article 4, para. 10 GDPR) for their marketing activities. The category of data processed is described in point v above.
Legal basis: consent, particularly Article 6.1.(a) GDPR (consent) and 130, para. 2, Italian Legislative Decree No. 196/03. However, we may, as permitted by law, send promotional emails to natural persons even without consent, provided that they relate to products and services similar to those you previously purchased. In this case, the legal basis is Articles 6.1.(f) GDPR (legitimate interest) and 130, para. 4, Italian Legislative Decree No. 196/03.
Data retention: subject to prior revocation of consent/objection to processing, 5 years from when consent was provided or, in the situations referred to in Article 130, para. 4, Italian Legislative Decree No. 196/03, since you last purchased an Etacarinae service. We may, unless you object, send you email reminders close to the expiry of the deadline, pursuant to Article 6.1.(f) GDPR. If purpose 5 (establishment/exercise/protection of rights) applies because the conditions are satisfied, see the retention periods indicated therein.
Purpose 4 – Follow-up with regard to the quality of our services, our assistance or the events you registered for.
Legal basis: Article 6.1.(f) GDPR (legitimate interest). The issuing of any certificates of participation is considered to be included in this purpose (if you asked us for them, Article 6.1.(b) GDPR will be the basis). You can object at any time to the follow-up purpose by writing to us at the contacts given above (see Data controller and contacts). Your objection to follow-up is free and has no effect on your use of our site and services. Category of personal data: iv.
Data retention: Personal data collected in follow-up will be retained no longer than 1 month after collection. They will then be deleted or anonymised by conversion into aggregated form, which will help us, for example, to assess the general public’s satisfaction with certain editorial content and to develop proposals for improvement. In any case, this is subject, where applicable (e.g., defamatory content) to purpose 5 (see below).
Purpose 5 – Establishment/exercise/enforcement of rights, including out-of-court. Depending on the specific case, the processing may concern all categories of personal data collected. Processing also includes any preparatory control activity, such as setting up tools to obtain alerts triggered by specific events (suspicious activity) or to protect the Data Controller’s intellectual property and contractual rights with respect to the contractual obligations in the general terms and conditions. Any objection by you to processing will be assessed in accordance with the GDPR.
Legal basis: Article 6.1.(f) GDPR (legitimate interest). For activities that are also provided by contract, Article 6.1.(b) GDPR may also be applicable, depending on the case.
Data retention: proportionate to the length the statute of limitations period. For example, in the event of tort liability, up to 10 years (5 years for a tort, from learning of the tort) following termination of the contract for any reason, subject to longer retention if the statute of limitation period is interrupted, as provided by law. The data controller may, however, consider a shorter retention period. Retention for this purpose will in any case be applied in all pre-litigation situations (e.g., sending a formal notice letter, suspected illegal activity, etc.).
5. Additional purposes, bases, retention – private.etacarinae.org service
In addition to the purposes indicated above, the biofuel database subscription service fulfils the following additional purposes:
Purpose 6 – Providing access to biofuel database: the online biofuel database consultation service serves the general purpose of fulfilling contractual obligations to subscription subscribers or demo users (with limited access functionality). Categories of data processed: see the other purposes described in this policy, as applicable from time to time.
Legal basis: Article 6.1.(b) GDPR for direct contractors who are natural persons, and Article 6.1.(f) GDPR (legitimate interest) for natural persons delegated by direct contractors.
Data retention: see the other purposes described in this notice, as applicable from time to time.
Purpose 7 – Registration/authentication: the purpose of processing is to respond to your request for registration/authentication and the related request for credential recovery. Categories of personal data processed: vi.
Legal basis: Article 6.1.(b) GDPR, taking into account requests directly generated by the user directed to our computer systems or to our company. Registration or recovery of credentials may involve security checks (e.g., two-factor authentication or sending recovery links), in which case the legal basis also includes Article 6.1.(f) GDPR (legitimate interest).
Data retention: Registration data are retained for the entire term of the contract or subscription and are deleted within a month thereafter (for administrative management reasons, also related to backups). Authentication data are stored until you log out (see also the cookie section below). The data required to retrieve credentials are deleted once the activity is completed or if the cut-off time for completing it lapses. In any event, purpose 5, establishment/exercise/enforcement of rights, applies as the relevant requirements are met.
6. Transmission outside the EU
We only process your personal data within the European Union.
7. Automated decision-making processes
We do not use any automated decision-making processes on your data, as described in Article 22 GDPR.
8. Providing data required/not required
See above, details for the various categories of personal data.
9. Recipients or categories of recipients
As a general rule, the following persons may learn of your personal data in their capacity as data controllers, data processors or persons authorised to process data:
– hosting, housing, cloud and email service providers (to confirm registration and respond to email requests). These parties do not perform actions aimed at learning the content of personal data, but only technical retention activities;
– providers of maintenance on this website and on our databases. These entities do not perform actions aimed at learning the content of personal data, but only technical activity that may lead to occasional knowledge of the content;
– consultants and professionals assisting us (including in the legal and tax areas). These parties may learn the information content concerning you, to the extent they are involved by us;
– public agencies and police authorities where their involvement is necessary. These parties may learn the information content;
– courts in the exercise of their functions when deemed necessary or when required by law. These parties may learn the information content;
– persons authorised by the Data Controller to process data who are bound to confidentiality or have an appropriate legal non-disclosure obligation (e.g., employees and collaborators); and
– other potential private or public parties, for regulatory reasons or to fulfil a legitimate interest of the Data Controller.
10. Cookie policy – including related purposes
We use both technical and non-technical cookies. Cookies are short pieces of text that are stored on your device and can be consulted at a later date until they expire or are deleted, which you can do at any time.
Technical cookies – Purpose: the technical cookies used are necessary for the operation of the site or to remember your settings such as your preferred language. Disabling or deleting them may cause the site to malfunction or require you to repeat your choices, e.g., language or new authentication (where required). Legal basis: The installation of this type of cookie does not require your consent by law but responds to our legitimate interest under Article 6.1.(f) GDPR and Article 122, Italian Legislative Decree No. 196/03. Technical cookies are automatically deleted when you stop browsing the site, unless you expressly requested a longer retention period (e.g., ticking the box to remember authentication, where present on the site). In the latter case they will be deleted on the set expiry date or when the cookies are manually deleted.
Non-technical cookies – Purpose: some of the site’s functionalities, such as the insertion of video content or maps, are possible through the installation of third-party cookies from Google LLC, a company based in the United States. In addition, we use Google LLC analytics cookies for statistical purposes to gain a better understanding of technical aspects relating to the operation of our site, including its effectiveness and usability. From this link you can consult Google’s information sheet and make the necessary control choices (we are completely unaware of these choices, which you make directly with Google LLC).
Legal basis: these cookies are installed on your device pursuant to your consent, in accordance with Article 122, Italian Legislative Decree No. 196/03. You are asked for your consent on a case-by-case basis for the type of services. For analytics, you can give your consent via the cookie banner > “view preferences” > “statistics”. Not providing consent has no effect on your use of our website and services.
Retention: cookies required to display multimedia content and the map last 10 days, analytics cookies last 2 months. In addition, through your browser settings, even if you accept analytics activity, you can still choose to anonymise your IP.
Browser settings – In general, you can set your browser to automatically refuse the installation of cookies. Below is information on the main browsers:
Chrome: information here
Firefox: information here
Internet Explorer: information here
Microsoft Edge: information here
Safari MAC: information here
Safari iPhone, iPad, or iPod touch: information here
Opera: information here
11. Rights of the data subject
You have the right to:
- access your personal data (Article 15 GDPR), i.e., to know information about their existence, categories of data, retention period, purpose of the processing, legal basis, recipients, any processing solely by automated means, and rights that can be exercised;
- rectify (Article 16 GDPR) your personal data of an objective nature, in the event of errors, or supplement them if they are incomplete;
- delete your personal data (Article 17 GDPR) when they are no longer necessary, if there is no legal basis for the processing, you validly object to the processing, the processing is unlawful, or the data must be deleted to comply with a legal obligation;
- restrict processing (Article 18 GDPR), i.e., you can have your personal data specifically marked for the time necessary to verify its accuracy in the event of a dispute, to verify the validity of any opposition you may have made, if you request restriction, if unlawful processing took place or if you need the personal data to exercise a right;
- request the portability of your personal data (Article 20 GDPR) processed by automated means on the basis of consent or contract (thus you do not have this right, e.g., in cases where the legal basis is Article 6.1.(f) GDPR). In this case, the data will be transmitted to you in a structured format and/or, at your request, will be transmitted to another data controller, if technically feasible, in compliance with the GDPR.
- object (Article 21 GDPR) to any processing based on a legitimate interest or marketing purposes. You do not need to provide a reason to object to processing for marketing purpose. For other purposes, you will have to provide us with reasons related to your particular situation. In such cases, we may not accept the opposition, where the law allows us to do so; and
- lodge a complaint with the competent supervisory authority (Article 77 GDPR and Article 140-bis et seq. of Italian Legislative Decree No. 196/03): the authority of the place where you normally reside or work or where the alleged infringement occurred. For Italy, the competent authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it). For countries other than Italy: https://edpb.europa.eu/about-edpb/board/members_en
- Changes
This information notice about the processing of personal data is effective as of 26 March 2021 and supersedes all previous policies. We reserve the right to modify or update its content. Changes will be binding as soon as they are published on the website. We suggest that you regularly visit this section to become aware of the most recent and updated version of this information notice in order to stay up-to-date. We may also notify you by email of the new version of the policy. In that event, processing is deemed to be carried out in accordance with Article 6.1.(f) GDPR (legitimate interest). We will retain all emails forwarding new information for ten years, in accordance with Purpose 5 above.
This post is also available in: Italiano (Italian) Français (French) Deutsch (German) Español (Spanish) 繁體中文 (Chinese (Traditional))