Privacy policy

Last update: July 2024

PRIVACY POLICY

In this Privacy Policy (“Privacy Policy“), provided pursuant to Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (“GDPR“), EDERA S.r.l. Impresa Sociale (“Edera“, “we“, “our“, “us“), in its capacity as data controller, provides information regarding the ways in which it will process your personal data through its websites https://edera.city/ and https://www.energiesprong.it/ (the “Website“) and when you decide, with your express consent, to subscribe to the newsletter, in order to be up-to-date on the initiatives promoted by Edera and thus become part of our community (the “Newsletter“).

1. DATA CONTROLLER

Pursuant to this Privacy Policy and the processing thereof, the Data Controller (pursuant to Article 4, no. 7 of the Regulation) is Edera S.r.l. Impresa Sociale with registered office in Milan, Via Bergognone, 34 postcode 20144

2. HOW WE PROCESS YOUR PERSONAL DATA 

This section summarises and describes all the processing of personal data carried out by Edera through the Website.
For each processing operation, you will find a table summarising the processing operations in which the categories of data, the purposes, the legal bases, the source of the data and the retention time are indicated.

I. Sending newsletters

Categories of data • Personal information (first name, last name)
• Contact details (professional e-mail address) 
• Professional and Company Data 
Purpose and legal basis for processingPurpose: Sending promotional communications relating to Edera’s products and services.
Edera processes your personal data for the sole purpose of sending you the newsletter or the main updates on our activities, also for promotional purposes (in particular to enable you to register to our courses, our events; use our services; participate in other initiatives organised by us or download our documents).

Legal basis: The legal basis for the processing of your personal data is your consent (art. 6, par. 1. a) GDPR), which you may freely express through the online or paper form (distributed during the events organised by Edera in which you have participated) that will be submitted to you by Edera. When you register, you will be able to indicate your preferences in order to receive offers personalised according to your interests.
In some cases, the legal basis will be the legitimate interest of Edera in relation to e-mail communications addressed to its users and relating to products or services similar to those purchased or in any case used by the latter pursuant to Article 6(1)(f) of the GDPR and Article 130(4) of the Privacy Code.
Consequences of failing to provide the requested data• The provision of data is optional. Without your consent, Edera will not be able to register you to the newsletter and thus send you communications about our activities.
Data source• Data subject
Maximum retention period• Your data will be stored for a maximum period of 24 months, before which Edera will ask you again to give/renew your consent to continue receiving our newsletter. In any case, you are free to revoke your consent at any time (even before the expiry of 24 months) and in the latter case Edera will immediately delete your personal data.

II. Subscribing to the WhatsApp or Telegram channel

Categories of data• Personal information (first name, last name)
• Phone number and profile picture if subscribing to our WhatsApp or Telegram channel
Purpose and legal basis for processingPurpose: sending users information messages, news. Subscription to the service is voluntary and free of charge. 
Legal basis: your consent will be required, and this consent is given by subscribing to the WhatsApp or Telegram channel (Art. 6(1)(a) GDPR).
Consequences of failing to provide the requested dataThis is necessary in order to join the channel, which will be used by the platform to send the information.
Failing this, Edera will not be able to send you information through the channel.
Data sourceData subject 
Maximum retention periodThe data will be retained until the person concerned expressly unsubscribes from the service, leaving the channel to revoke the consent given.

III. Registration for our events

Categories of data• Personal information (first name, last name)
• Contact details (professional e-mail address) 
• Professional and Company Data
Purpose and legal basis for processingPurpose: To enable your registration for our events, including through third-party accounts and websites. 
Legal basis: the performance of contractual obligations or related pre-contractual measures to register you for our events (Art. 6(1)(b) GDPR)..
Consequences of failing to provide the requested data• This is necessary in order to participate in our events. Without it, you will not be able to register for the event.
Data source• Data subject
Maximum retention periodYour data will be stored for a maximum period of 10 years. 

IV. When you decide to contact us 

Categories of data• Personal information (first name, last name)
• Contact details (e-mail address
• Any other data or personal information that the user decides to share and that is contained within the message sent or its attachments.
Purpose and legal basis for processingPurpose: To provide feedback on your request; 
Legal basis: Execution of contractual obligations of related pre-contractual measures for the proper handling of your request (Art. 6(1)(b) GDPR).
Consequences of failing to provide the requested dataConfirmation is necessary in order to be able to process your request. Without it, Edera will not be able to respond to your request.
Data sourceData subject 
Maximum retention periodYour data will be retained for the period necessary to provide a response to your request without prejudice to the possibility of extending the period in question where this is necessary to comply with a legal obligation or to defend a right of Edera before a judicial, administrative or other kind of authority.

V. Navigation Data  

In this paragraph, we explain what information Edera collects when a user browses the pages of the Website.

In general, we collect (directly or through our partners) navigation data, requesting your prior consent when necessary:

  1. Technical information, including IP address, information on devices used by visitors to the website, browser and operating systems, etc.
  2. Information about your navigation on the Website, including URLs of the pages you visit and activities that take place on these page (e.g. products viewed and eventually purchased), dates and times of access, duration of access, clickstream.

This information is collected for the proper operation, management, maintenance and improvement of our Website, to ensure that your browsing experience is safe, as well as to ascertain liability in the event of security breaches or illegal access. This information, including aggregated data, is also used to enable us to obtain statistics on the performance of the Website, and to enable you to receive promotional announcements in line with your preferences and interests.

You are always free to decide whether to provide us with your navigation data. However, refusal to provide information necessary for navigation purposes may render impossible to carry out activities strictly related to navigation. 

We will store these data as long as they are necessary for the purpose for which they are collected.

Navigation data is collected through the use of cookies. To learn more about how cookies work, how to activate and deactivate them, please consult the Cookie Policy of Edera and Energiesprong in the relevant section of the Website.

VI. Edera Social Networks

With social networks, users can also write to us, share, comment or simply like our content. In this regard, we process the user’s profile data, such as their name, and any data that is exchanged during interactions with us through social networks. We also process the content of messages in order to effectively respond to user requests via social networks. This processing is based on the legal basis of providing the services requested by users (Article 6(1)(b) GDPR).

When you visit an Edera page on a social network (“Edera Social Network Page”), whether this is done by clicking on a link button to/from the social network or by navigating directly between the pages of the social network (including advertisements), the operator of the social network may share certain information about you with Edera and in particular:

  1. People’s actions, such as: viewing and interacting with the Edera Social Network Page and the content posted on it (including shares, reactions, comments), clicks, initiating private email communications within the Edera Social Network Page
  2. Information about the actions, the people performing the actions and the browsers/apps used for them, such as: date and time of the action; country/city (estimated from the user’s IP address or profile – if the user has interacted with the Edera Social Network Page after accessing the social network); language; age /gender (from user profile only for users who logged in); website visited previously; whether the action was carried out on a computer or mobile device; social network user ID (only for users who logged in first).

Please note that where a service is installed that involves interaction with social networks in any way, it is possible that, even if you are not using the service, these social networks may collect traffic data relating to the pages on which the service is installed.

Depending on the case, Edera may act as data controller or joint controller.

VII. Compliance with legal obligations  

Categories of data• All categories of personal data covered by this Privacy Policy.
Purpose and legal basis for processingPurpose: compliance with legal obligations. 
Legal basis: need to comply with a legal obligation – Art. 6(1)(c) GDPR.
Consequences of failing to provide the requested dataData already held by Edera in accordance with the provisions of this Privacy Policy.
Data sourceSources indicated in this Privacy Policy. 
Maximum retention periodTime needed to fulfil the specific legal obligation concerned*.

*= Without prejudice to the need to extend the retention period in the event that this is necessary to protect Edera’s rights before a judicial, administrative or other authority.

VIII. Exercising a right before a competent authority

Categories of data• All categories of personal data covered by this Privacy Policy.
Purpose and legal basis for processingPurpose: to exercise or defend a right of Edera before a judicial, administrative or other authority;

Legal basis legitimate interest – Art. 6(1)(f) GDPR.
Consequences of failing to provide the requested dataData already in the possession of Edera according to this Privacy Policy.
Data sourceSources indicated in this Privacy Policy. 
Maximum retention periodTime required to exercise or defend a right before a judicial, administrative or other authority *.

*= Without prejudice to the need to extend the retention period in the event that this is necessary to comply with a legal obligation binding on Edera.

3. PRINCIPLES OF DATA PROCESSING AND PROTECTION

Your personal data is processed by means of computerised, telematic and/or paper-based tools in compliance with the principles of lawfulness, fairness, transparency, accuracy, integrity, minimization and limitation of purposes and retention, as well as in accordance with the provisions of the GDPR and applicable legislation on the protection of personal data.

Edera takes appropriate security measures (physical, logical and organisational) to protect your data against possible breaches (such as destruction, loss, alteration, unauthorised disclosure or access, whether accidental or unlawful) and to ensure that processing is only carried out for the purposes described in this Privacy Policy.

4. TO WHOM EDERA COMMUNICATES YOUR PERSONAL DATA 

To the extent that this is necessary to pursue the purposes described in this Policy, your personal data may be disclosed to the following entities:

a) Service providers such as Website managers, webmasters, IT consultants;
b) Edera’s business partners;
c) Newsletter service operators;
d) Social networks and third-party websites accessible from the Website;
e) Universities and other training institutions;
f) Agencies and other entities specialising in the organisation of events;
g) Accountants and other freelancers who enable us to run our business;
h) Websites providing payment services;
i) The European Commission in the context of European projects.

Where this is necessary for the exercise or protection of our rights, as well as to comply with legal obligations, your personal data may also be disclosed to third parties such as judicial and/or administrative authorities, law enforcement agencies, legal advisors, auditors, or providers of technical and security services.

Subjects belonging to the above-mentioned categories may process the personal data of data subjects as autonomous data controllers, joint data controllers or data processors, depending on the specific agreements in place between those subjects and Edera.

You may request the identity and contact details of the persons to whom your data is disclosed by contacting us as indicated in the paragraph “How to exercise your rights – How to contact Edera“. We will provide you with such data, unless this is not permitted by other laws or by legitimate confidentiality obligations to which we may be subject, and which override your right to know the recipients.

5. DATA TRANSFER OUTSIDE EEA

As a rule, Edera will not transfer your personal data to countries outside the European Economic Area (“EEA”), which includes, in addition to the Member States of the European Union, Norway, Lichtenstein and Iceland.

Should such transfers become necessary, they will be carried out in compliance with the provisions of Articles 44-50 GDPR. In particular, in the case of transfers to countries that do not ensure an adequate level of data protection, Edera will undertake to adopt one of the appropriate safeguards referred to in Article 46 GDPR, as well as to carry out an assessment as to its actual ability to ensure an adequate level of protection for the personal data being transferred in light of the legislation of the destination country, as established by the Court of Justice of the European Union in the Schrems II judgment (CJEU, 16 July 2020, C-311/18).

6. WHAT ARE YOUR RIGHTS?

In accordance with applicable law, and in particular with the GDPR, the rights of data subjects in relation to personal data processed under this Privacy Policy are as follows:

  1. Access: you may obtain information on the processing of your personal data and a copy of such data (Art. 15 GDPR);
  2. Rectification: if you consider that your personal data are inaccurate or incomplete, you may request that such data be corrected or amended in accordance with your instructions (Art. 16 GDPR);
  3. Erasure (e.g. “Right to be forgotten”): except as provided for by applicable laws you have the right to request the erasure of your personal data when: (i) the data are no longer necessary for the purposes for which they were collected and processed; (ii) you withdraw your consent to the processing if the processing is based on your consent; (iii) you object to the processing for direct marketing purposes or to the processing carried out for other purposes and there are no overriding legitimate reasons to continue the processing; (iv) your data are processed unlawfully; (iv) deletion is required by law (v) you are a minor and your personal data were collected in connection with the direct offer of information society services (art. 17 of the GDPR);
  4. Limitation: you may request the restriction of the processing of your personal data when: (a) you contest the accuracy of the personal data; (b) the processing is unlawful and you request the restriction of its use instead of erasure; (c) the Data Controller no longer needs the personal data for the purposes of the processing but you need it to establish, exercise or defend a legal claim; (d) you have objected to the processing pursuant to Article 21(1) pending verification of whether the Data Controller’s legitimate grounds prevail over yours (Art. 18 GDPR); 
  5. Objection: for reasons related to your particular situation, you have the right to object to the processing of your personal data based on the legitimate interest of the data controller (Art. 6(1)(f) of the GDPR) and the data controller will only continue to process your data for compelling legitimate reasons that prevail over your interests and rights and/or to promote, exercise or defend a legal claim. Your right to object to direct marketing purposes is absolute and may be exercised at any time in the manner indicated in the section “How to exercise your rights – How to contact Edera“. Your objection to processing carried out with automated tools is also valid for processing carried out with traditional tools (art. 21 of the GDPR);
  6. Withdrawal of consent: if the processing of your personal data is based on consent, you have the right to withdraw your consent at any time (Art. 7 GDPR);
  7. Data portability: if the processing is based on consent or on a contract and is carried out by automated means, you have the right to obtain – in a structured, commonly used and machine-readable format – the personal data you have provided us with and, if technically feasible, to have them transmitted to another data controller.

7. RIGHT TO CLAIM TO A COMPETENT SUPERVISORY AUTHORITY

In order to protect your rights and to safeguard your personal data, you may, at any time, decide to lodge a complaint with the competent supervisory authority, i.e. the Garante della Privacy – Data Protection Authority (Piazza Venezia n. 11 – 00187 Roma, tel. +39 06.696771, e-mail address: protocollo@gpdp.it or urp@gpdp.it) or to file an action before the competent national courts. In any case, we always invite you to contact Edera first for any needs relating to the exercise of your rights. We are sure that together we will be able to find a solution.

8. HOW TO EXERCISE YOUR RIGHTS – HOW TO CONTACT EDERA

To exercise your rights, and for any questions or clarifications on how your personal data are processed and used under this Privacy Policy, you may contact Edera by writing to privacy@edera.it.

If you decide to contact Edera, all the data you provide us with will be processed exclusively for the purpose of providing a prompt reply and to ensure the proper handling of your requests and will be kept for the time strictly necessary for this purpose, without prejudice to Edera’s right to extend the aforementioned retention period when necessary to fulfil its legal obligations or protect its rights before competent authorities.

9. AMENDMENTS TO THIS PRIVACY POLICY  

Attention to the security and confidentiality of your data is a priority for Edera. This Privacy Policy is subject to periodical update. To this end, we report the last date of update at the beginning of the Privacy Policy. If you have already shared your data with Edera, any substantial change to the Privacy Policy will be communicated to you through the appropriate channels, always in such a way as to ensure that you are fully aware of the processing methods, with a view to ensuring full transparency and adequate protection of your rights. Otherwise, we invite you to regularly visit the Privacy Policy to stay up to date. 

Share:

SIGN UP NEWSLETTER

ADDRESS

Via Bergognone, 34 - 20144 Milano

PEC

EDERA@PECIMPRESE.IT

CONTACT US

    I have read the Privacy Policy and I consent to the processing of my personal data for the purposes stated therein.