Dear data subject, EVIDILYA S.R.L cares about your privacy. Data that user can eventually transmit to the web site will be stored with methods that guarantee integrity and safety, fully respecting the data confidentiality regulation. We would like to inform you that the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (“GDPR” from now on) provides user protection, with particular regard to personal data processing. According to GDPR’s article 13, we inform You that:

A. CATEGORIES OF DATA: data being processed may be your personal data such as:
a. Data collected automatically. The computer systems and applications dedicated to the operation of this website detect, during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected includes the IP addresses and domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters concerning the operating system, the browser and the COMPUTER environment used by the user, name of the internet service provider (ISP), date and time of visit, web page of origin of the visitor (referral) and exit.
b. Data provided voluntarily by the user. The voluntary and explicit sending of e-mails to the addresses indicated in the different access channels of this site does not imply a request for consent and involves the acquisition of the sender’s address and data, necessary to respond to requests, as well as any other personal data included in the message. These data are voluntarily provided by the user at the time of the request for the provision of the service. By entering a comment or other information, the user expressly accepts the privacy policy, and in particular consents that the contents inserted are freely spread to third parties. On the contrary, specific summary information will be reported or displayed on the pages of the site prepared for particular services on request (form). The user must therefore explicitly consent to the use of the data contained in these forms in order to send the request.
c. Cookies. The site uses cookies. The data collected thanks to cookies can be used to access parts of the site or for statistical purposes or to make the browsing experience more pleasant and more efficient in the future, trying to evaluate the behavior of users and to modify the offer of content according to their behavior. For more information, a dedicated cookie policy is available.
d. Plug-ins. The site also incorporates/does not incorporate plugins and/or buttons for social networks.

B. DATA CONTROLLER: the data controller is EVIDILYA S.R.L., Via Brisa,3 – 20123 Milano (MI), P. iva 06957380964, and can be reached by phone at 02.49530065 or by email at privacy@evidilya.com

C. SOURCE OF PERSONAL DATA: personal data are collected directly from the data subject.

D. PURPOSE OF DATA PROCESSING AND LEGAL BASIS: the processing of your data has as its purpose and legal basis:

1. 1. For data collected automatically, the legal basis is the legitimate interest of the controller and the purpose is to guarantee and improve the web browsing experience.
   2. For data provided voluntarily by the user, the legal basis varies depending on the purpose pursued, indicated in the specific information, to which reference is made.
   3. For cookies: see the specific cookies policy.

E. DATA RECIPIENTS: within the limits relevant to the processing purposes indicated, your data may be communicated to partners, consulting companies, private companies, third-party technical service providers, hosting providers, IT companies, communication agencies,…

F. TRANSFER OF PERSONAL DATA BETWEEN COUNTRIES: your personal data are not transferred to or accessed by entities outside the European Union

G. DATA RETENTION PERIOD: According to the “storage limitation principle” (Article 5 of the GDPR), a verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically. In particular:
the data collected automatically are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular functioning, also for security purposes or according to the deadlines provided for by law.
The data provided voluntarily by the user will be kept for a period of time not exceeding the achievement of the purposes for which they are processed or according to the deadlines provided for by law.

H. RIGHTS OF THE DATA SUBJECT: the data subject always has the right to request from the Data Controller access to his data, the correction or erasure of the same, the limitation of the processing or the possibility of opposing the processing, to request the portability of the data, to revoke the consent to the processing by asserting these and the other rights provided for by the GDPR by simple communication to the Data Controller. The data subject can also lodge a complaint with a supervisory authority.

I. OBLIGATION OF THE DATA SUBJECT TO PROVIDE PERSONAL DATA: the provision of your data is mandatory while browsing our website with regard to point D.1 of the aforementioned purposes, to allow the correct provision of the service. With regard to the provision of your data for the purposes indicated in point D.2. please refer to the specific information at the bottom of the reference form. The provision of consent of your data for point D.3 is optional and will not compromise in any way the provision of the service.

J. METHODS OF PERSONAL DATA PROCESSING: the personal data you provide will be subject to processing operations in compliance with the aforementioned legislation and the confidentiality obligations that inspire the activity of the Data Controller. The data will be processed both with IT tools and on paper and on any other type of suitable support (e.g., cloud systems, digital replacement storage and preservation systems, …), in compliance with adequate technical and organizational security measures provided for by the GDPR.

K. FINAL NOTES AND UPDATING METHODS: the information is provided only for this website and not for other websites that may be consulted by the user through links contained in this site. The information may be subject to changes due to the introduction of new rules in this regard, therefore the user is invited to periodically check this page to be always updated on the latest legislative news. The withdrawing versions of this information can always be requested from the Data Controller.

L. CONTACT DETAILS OF THE D.P.O. : the Controller has appointed the D.P.O. who can be contacted by email at the address dpo@evidilya.com.

M. AUTOMATED DECISION-MAKING PROCESSES: there are no automated decision-making processes.