Last update: July 2024
PRIVACY POLICY
In this Privacy Policy (“Privacy Policy“), provided pursuant to Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (“GDPR“), EDERA S.r.l. Impresa Sociale (“Edera“, “we“, “our“, “us“), in its capacity as data controller, provides information regarding the ways in which it will process your personal data through its websites https://edera.city/ and https://www.energiesprong.it/ (the “Website“) and when you decide, with your express consent, to subscribe to the newsletter, in order to be up-to-date on the initiatives promoted by Edera and thus become part of our community (the “Newsletter“).
1. DATA CONTROLLER
Pursuant to this Privacy Policy and the processing thereof, the Data Controller (pursuant to Article 4, no. 7 of the Regulation) is Edera S.r.l. Impresa Sociale with registered office in Milan, Via Bergognone, 34 postcode 20144
2. HOW WE PROCESS YOUR PERSONAL DATA
This section summarises and describes all the processing of personal data carried out by Edera through the Website.
For each processing operation, you will find a table summarising the processing operations in which the categories of data, the purposes, the legal bases, the source of the data and the retention time are indicated.
I. Sending newsletters
Categories of data | • Personal information (first name, last name) • Contact details (professional e-mail address) • Professional and Company Data |
Purpose and legal basis for processing | • Purpose: Sending promotional communications relating to Edera’s products and services. Edera processes your personal data for the sole purpose of sending you the newsletter or the main updates on our activities, also for promotional purposes (in particular to enable you to register to our courses, our events; use our services; participate in other initiatives organised by us or download our documents). • Legal basis: The legal basis for the processing of your personal data is your consent (art. 6, par. 1. a) GDPR), which you may freely express through the online or paper form (distributed during the events organised by Edera in which you have participated) that will be submitted to you by Edera. When you register, you will be able to indicate your preferences in order to receive offers personalised according to your interests. In some cases, the legal basis will be the legitimate interest of Edera in relation to e-mail communications addressed to its users and relating to products or services similar to those purchased or in any case used by the latter pursuant to Article 6(1)(f) of the GDPR and Article 130(4) of the Privacy Code. |
Consequences of failing to provide the requested data | • The provision of data is optional. Without your consent, Edera will not be able to register you to the newsletter and thus send you communications about our activities. |
Data source | • Data subject |
Maximum retention period | • Your data will be stored for a maximum period of 24 months, before which Edera will ask you again to give/renew your consent to continue receiving our newsletter. In any case, you are free to revoke your consent at any time (even before the expiry of 24 months) and in the latter case Edera will immediately delete your personal data. |
II. Subscribing to the WhatsApp or Telegram channel
Categories of data | • Personal information (first name, last name) • Phone number and profile picture if subscribing to our WhatsApp or Telegram channel |
Purpose and legal basis for processing | • Purpose: sending users information messages, news. Subscription to the service is voluntary and free of charge. • Legal basis: your consent will be required, and this consent is given by subscribing to the WhatsApp or Telegram channel (Art. 6(1)(a) GDPR). |
Consequences of failing to provide the requested data | This is necessary in order to join the channel, which will be used by the platform to send the information. Failing this, Edera will not be able to send you information through the channel. |
Data source | Data subject |
Maximum retention period | The data will be retained until the person concerned expressly unsubscribes from the service, leaving the channel to revoke the consent given. |
III. Registration for our events
Categories of data | • Personal information (first name, last name) • Contact details (professional e-mail address) • Professional and Company Data |
Purpose and legal basis for processing | • Purpose: To enable your registration for our events, including through third-party accounts and websites. • Legal basis: the performance of contractual obligations or related pre-contractual measures to register you for our events (Art. 6(1)(b) GDPR).. |
Consequences of failing to provide the requested data | • This is necessary in order to participate in our events. Without it, you will not be able to register for the event. |
Data source | • Data subject |
Maximum retention period | Your data will be stored for a maximum period of 10 years. |
IV. When you decide to contact us
Categories of data | • Personal information (first name, last name) • Contact details (e-mail address • Any other data or personal information that the user decides to share and that is contained within the message sent or its attachments. |
Purpose and legal basis for processing | • Purpose: To provide feedback on your request; • Legal basis: Execution of contractual obligations of related pre-contractual measures for the proper handling of your request (Art. 6(1)(b) GDPR). |
Consequences of failing to provide the requested data | Confirmation is necessary in order to be able to process your request. Without it, Edera will not be able to respond to your request. |
Data source | Data subject |
Maximum retention period | Your data will be retained for the period necessary to provide a response to your request without prejudice to the possibility of extending the period in question where this is necessary to comply with a legal obligation or to defend a right of Edera before a judicial, administrative or other kind of authority. |
V. Navigation Data
In this paragraph, we explain what information Edera collects when a user browses the pages of the Website.
In general, we collect (directly or through our partners) navigation data, requesting your prior consent when necessary:
This information is collected for the proper operation, management, maintenance and improvement of our Website, to ensure that your browsing experience is safe, as well as to ascertain liability in the event of security breaches or illegal access. This information, including aggregated data, is also used to enable us to obtain statistics on the performance of the Website, and to enable you to receive promotional announcements in line with your preferences and interests.
You are always free to decide whether to provide us with your navigation data. However, refusal to provide information necessary for navigation purposes may render impossible to carry out activities strictly related to navigation.
We will store these data as long as they are necessary for the purpose for which they are collected.
Navigation data is collected through the use of cookies. To learn more about how cookies work, how to activate and deactivate them, please consult the Cookie Policy of Edera and Energiesprong in the relevant section of the Website.
VI. Edera Social Networks
With social networks, users can also write to us, share, comment or simply like our content. In this regard, we process the user’s profile data, such as their name, and any data that is exchanged during interactions with us through social networks. We also process the content of messages in order to effectively respond to user requests via social networks. This processing is based on the legal basis of providing the services requested by users (Article 6(1)(b) GDPR).
When you visit an Edera page on a social network (“Edera Social Network Page”), whether this is done by clicking on a link button to/from the social network or by navigating directly between the pages of the social network (including advertisements), the operator of the social network may share certain information about you with Edera and in particular:
Please note that where a service is installed that involves interaction with social networks in any way, it is possible that, even if you are not using the service, these social networks may collect traffic data relating to the pages on which the service is installed.
Depending on the case, Edera may act as data controller or joint controller.
VII. Compliance with legal obligations
Categories of data | • All categories of personal data covered by this Privacy Policy. |
Purpose and legal basis for processing | • Purpose: compliance with legal obligations. • Legal basis: need to comply with a legal obligation – Art. 6(1)(c) GDPR. |
Consequences of failing to provide the requested data | Data already held by Edera in accordance with the provisions of this Privacy Policy. |
Data source | Sources indicated in this Privacy Policy. |
Maximum retention period | Time needed to fulfil the specific legal obligation concerned*. *= Without prejudice to the need to extend the retention period in the event that this is necessary to protect Edera’s rights before a judicial, administrative or other authority. |
VIII. Exercising a right before a competent authority
Categories of data | • All categories of personal data covered by this Privacy Policy. |
Purpose and legal basis for processing | • Purpose: to exercise or defend a right of Edera before a judicial, administrative or other authority; • Legal basis legitimate interest – Art. 6(1)(f) GDPR. |
Consequences of failing to provide the requested data | Data already in the possession of Edera according to this Privacy Policy. |
Data source | Sources indicated in this Privacy Policy. |
Maximum retention period | Time required to exercise or defend a right before a judicial, administrative or other authority *. *= Without prejudice to the need to extend the retention period in the event that this is necessary to comply with a legal obligation binding on Edera. |
3. PRINCIPLES OF DATA PROCESSING AND PROTECTION
Your personal data is processed by means of computerised, telematic and/or paper-based tools in compliance with the principles of lawfulness, fairness, transparency, accuracy, integrity, minimization and limitation of purposes and retention, as well as in accordance with the provisions of the GDPR and applicable legislation on the protection of personal data.
Edera takes appropriate security measures (physical, logical and organisational) to protect your data against possible breaches (such as destruction, loss, alteration, unauthorised disclosure or access, whether accidental or unlawful) and to ensure that processing is only carried out for the purposes described in this Privacy Policy.
4. TO WHOM EDERA COMMUNICATES YOUR PERSONAL DATA
To the extent that this is necessary to pursue the purposes described in this Policy, your personal data may be disclosed to the following entities:
a) Service providers such as Website managers, webmasters, IT consultants;
b) Edera’s business partners;
c) Newsletter service operators;
d) Social networks and third-party websites accessible from the Website;
e) Universities and other training institutions;
f) Agencies and other entities specialising in the organisation of events;
g) Accountants and other freelancers who enable us to run our business;
h) Websites providing payment services;
i) The European Commission in the context of European projects.
Where this is necessary for the exercise or protection of our rights, as well as to comply with legal obligations, your personal data may also be disclosed to third parties such as judicial and/or administrative authorities, law enforcement agencies, legal advisors, auditors, or providers of technical and security services.
Subjects belonging to the above-mentioned categories may process the personal data of data subjects as autonomous data controllers, joint data controllers or data processors, depending on the specific agreements in place between those subjects and Edera.
You may request the identity and contact details of the persons to whom your data is disclosed by contacting us as indicated in the paragraph “How to exercise your rights – How to contact Edera“. We will provide you with such data, unless this is not permitted by other laws or by legitimate confidentiality obligations to which we may be subject, and which override your right to know the recipients.
5. DATA TRANSFER OUTSIDE EEA
As a rule, Edera will not transfer your personal data to countries outside the European Economic Area (“EEA”), which includes, in addition to the Member States of the European Union, Norway, Lichtenstein and Iceland.
Should such transfers become necessary, they will be carried out in compliance with the provisions of Articles 44-50 GDPR. In particular, in the case of transfers to countries that do not ensure an adequate level of data protection, Edera will undertake to adopt one of the appropriate safeguards referred to in Article 46 GDPR, as well as to carry out an assessment as to its actual ability to ensure an adequate level of protection for the personal data being transferred in light of the legislation of the destination country, as established by the Court of Justice of the European Union in the Schrems II judgment (CJEU, 16 July 2020, C-311/18).
6. WHAT ARE YOUR RIGHTS?
In accordance with applicable law, and in particular with the GDPR, the rights of data subjects in relation to personal data processed under this Privacy Policy are as follows:
7. RIGHT TO CLAIM TO A COMPETENT SUPERVISORY AUTHORITY
In order to protect your rights and to safeguard your personal data, you may, at any time, decide to lodge a complaint with the competent supervisory authority, i.e. the Garante della Privacy – Data Protection Authority (Piazza Venezia n. 11 – 00187 Roma, tel. +39 06.696771, e-mail address: protocollo@gpdp.it or urp@gpdp.it) or to file an action before the competent national courts. In any case, we always invite you to contact Edera first for any needs relating to the exercise of your rights. We are sure that together we will be able to find a solution.
8. HOW TO EXERCISE YOUR RIGHTS – HOW TO CONTACT EDERA
To exercise your rights, and for any questions or clarifications on how your personal data are processed and used under this Privacy Policy, you may contact Edera by writing to privacy@edera.it.
If you decide to contact Edera, all the data you provide us with will be processed exclusively for the purpose of providing a prompt reply and to ensure the proper handling of your requests and will be kept for the time strictly necessary for this purpose, without prejudice to Edera’s right to extend the aforementioned retention period when necessary to fulfil its legal obligations or protect its rights before competent authorities.
9. AMENDMENTS TO THIS PRIVACY POLICY
Attention to the security and confidentiality of your data is a priority for Edera. This Privacy Policy is subject to periodical update. To this end, we report the last date of update at the beginning of the Privacy Policy. If you have already shared your data with Edera, any substantial change to the Privacy Policy will be communicated to you through the appropriate channels, always in such a way as to ensure that you are fully aware of the processing methods, with a view to ensuring full transparency and adequate protection of your rights. Otherwise, we invite you to regularly visit the Privacy Policy to stay up to date.