Privacy Policy - Ermes | Intelligent Web Protection

Estimado Visitante/Usuario,

La Ley de Privacidad (en particular el Reglamento de la UE 2016/679, el “Reglamento General de Protección de Datos” – en lo sucesivo denominado “RGPD”) nos obliga, como Operador del Sitio, a proporcionarle la siguiente información sobre el procesamiento de sus Datos Personales, de conformidad con el artículo 13 del RGPD.

El “Tratamiento de Datos Personales”, en términos simples, es cualquier operación relativa a cualquier “información relacionada con una persona física identificada o identificable”. Por ejemplo, su nombre y apellido, o un correo electrónico con un “nombre de usuario” que lo identifique (por ejemplo, mariorossi@….), se consideran “Datos personales”. Las operaciones de “procesamiento” incluyen acciones como recopilar, registrarse con nosotros y utilizarnos para enviarle una comunicación, así como la comunicación de Datos personales a otras organizaciones y el archivado.

Nuestra compañía se conoce como un “Controlador de Datos” porque determinamos cómo y con qué propósitos procesamos información sobre personas físicas; personas bajo nuestra autoridad directa (por ejemplo, nuestros empleados) deben cumplir con la Política de Privacidad.

Usted, como la “persona física a la que se relacionan los Datos Personales”, se define como “Sujeto de datos” y tiene derecho a recibir la siguiente información sobre quiénes somos, qué Datos personales procesamos, por qué, cómo y durante cuánto tiempo los procesamos, y qué obligaciones y derechos tiene a este respecto.

Las definiciones de los términos y expresiones utilizados en esta Política de Privacidad están contenidas en el Glosario en la parte inferior de esta página. Para algunos términos con una letra mayúscula no definida aquí, consulte los Términos y Condiciones Generales; en caso de conflicto entre definiciones, a los efectos de esta Política de Privacidad las definiciones en el Glosario (en la parte inferior de la página) prevalecerán sobre las contenidas en los Términos y Condiciones Generales.

¿Quiénes somos?

Ermes Cyber Security S.r.l. con domicilio fiscal en Via Corso Bernardino Telesio n. 29, Turín (TO), código postal 10146, código fiscal, número de IVA y número de registro en el Registro de Sociedades de Turín 1171620019 (en lo sucesivo también denominado “ECS” o “Responsable del tratamiento”).

 ¿Qué categorías de interesados están cubiertos por este aviso de información?

Visitante: la persona física o jurídica que utiliza un dispositivo y navega, a través de la red de Internet, en las páginas públicas del Sitio.

Usuario: un Visitante que se beneficia de los Productos o Servicios de ECS proporcionados a través del Sitio.

 What categories of Personal Data do we process?

Common Data (surname and first name, e-mail address, telephone number, name of the organisation you work for and your role within that organisation), to the minimum extent necessary to achieve each of the Purposes set out below.

In order to allow You to use the Site, we also process Browsing Data, which sometimes does not consist of Personal Data because it does not allow Your identification. For more information on what Browsing Data means and under what conditions it is Personal Data, please refer to the respective Glossary entry at the end of this policy.

 Why do we process Personal Data (Purpose), what is the basis of the Processing (Legal Basis) and what is the Data Retention Period?

Purpose 1: provision and use of the Site. It should be noted that for this purpose the Data Controller makes use exclusively of Browsing Data, with Common Data being expressly excluded.

  • Legal Basis: performance of a contract to which you are a party (We remind you that according to our General Terms and Conditions, “By using the Site, the Visitor declares to have read and accepted the present Terms of Use” and that “the Company recommends the Visitor to carefully read the Terms of Use, as they represent a binding contract between the Visitor and the Company with respect to the use of the Site“);
  • Retention Period: 1 week from the date of your last access to the Site.

Purpose 2: to provide the Newsletter Service.

  • Legal Basis: execution of a contract to which you are a party (We remind you that according to our General Terms and Conditions, “By subscribing to the Newsletter by means of the form available on the Site, the User declares that he/she has the legal capacity, according to his/her national law, to act in order to accept these General Terms and Conditions. This acceptance is made by point-and-click mode“).
  • Retention Period: until unsubscription from the Newsletter, or no longer than two years after the last unopened e-mail.

 

Purpose 3: to provide the Service called Request Demo.

  • Legal Basis: performance of a contract to which you are a party (We remind you that according to our General Terms and Conditions, “By submitting the application form, the User declares that he/she has the legal capacity, according to his/her national law, to act in order to accept these General Terms and Conditions. This acceptance is made by point-and-click mode“).
  • Retention Period: until unsubscription from the Newsletter, or no longer than two years after the last unopened e-mail.

To whom do we disclose the Data (Categories of Recipients)?

To the minimum extent necessary to achieve each of the Purposes, on one of the legitimacy prerequisites described above and on the basis of the Applicable Legislation and/or a contractual agreement with the Controller, to:

  1. Persons Authorised by us (e.g. our employees), committed to confidentiality or subject to a legal obligation of confidentiality;
  2. external organisations necessary for the performance of activities connected with and consequent to the management of the Site and the provision of the Services, which act as Data Processors (e.g. suppliers of IT services, etc.) obliged to maintain confidentiality and comply with Privacy Law;
  3. consultants and/or professionals appointed by us, autonomous Data Controllers.

 Do we transfer Personal Data outside the European Union?

We will not transfer Personal Data outside the European Union.

Are you obliged to provide us with Personal Data?

For Purpose No. 1, there is no obligation to do so, as the acquisition of Browsing Data is sufficient to allow the Controller to provide the Site.

Of course you are not obliged to use our Services (Purposes 2 and 3), but if you wish to do so you are obliged to provide us with the Data we require from you because it is necessary for the performance of the contract (the General Terms and Conditions).

What happens if you do not provide us with your Data?

If your refusal relates to Purpose 1, you will simply cease to use the Site and your Browsing Data will be deleted within 1 week from the date of your last access to the Site.

If your refusal relates to the Services referred to in Purposes 2 and 3, it will not be possible to provide the Service you require.

What rights do you have?

You have the right to:

  1. access to your Data in our possession, and to request a copy thereof, except where the exercise of the right affects the rights and freedoms of other natural persons;
  2. request the rectification of any incomplete or inaccurate Data;
  3. request the erasure of Data, subject to the exclusions or limitations established by the Applicable Legislation (e.g. Article 17 § 3 GDPR);
  4. request the Restriction of Processing, where the conditions are met and subject to the exclusions set out in Article 18 § 2 GDPR;
  5. request the portability of the Data (i.e. to receive them in a structured, commonly used and machine-readable format, in order to be able to transmit them to another Data Controller without hindrance), to the extent that the Processing is based on consent or on the need to perform a contract, where technically possible and except where the exercise of the right affects the rights and freedoms of other natural persons;
  6. lodge a complaint with the Italian Data Protection Authority (in Italy, www.garanteprivacy.it), or with the national Data Protection Authority of the EU country in which he/she normally resides or works, or of the place where the alleged infringement occurred.

 

The exercise of the above rights may also be delayed, limited or excluded in the cases provided for in Article 2-undecies of Italian Legislative Decree 196/2003.

If you have any doubts or questions about the Processing of your Data, what can you do?

You can contact us at the following e-mail address: support@ermes.company.

This Privacy Policy is effective from 21 Enero 2021; we reserve the right to modify its content, in part or in full, also as a result of changes in the Privacy Policy; we will publish the updated version of the Privacy Policy on the Site and from that moment it will be binding: you are therefore invited to visit this section regularly.

ECS does not knowingly collect personal information about individuals who, according to their national legislation, lack the legal capacity to act for the purpose of entering into contracts. In the event that information about such individuals is recorded, ECS will delete it in a timely manner, at the request of the data subject or of the person exercising parental authority over them.

GLOSSARY

Applicable Law“: any provision, of whatever rank, belonging to Italian law or to the law of the European Union, in any way applicable to the Site and/or the Services.

Authorised Person“: the natural person, placed under the direct authority of the Controller, who receives from the latter instructions on the Processing of Personal Data, pursuant to and for the purposes of Article 29 of the GDPR.

Authority“: a body or organisation, public or private, with administrative, judicial, police, disciplinary or supervisory powers.

Board” or “EDPB” means the European Data Protection Board, established by Article 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, replacing WP29 as of 25/5/2018.

Browsing Data“: these are the data that the computer systems and software procedures used to operate the site acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or the domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check that it is functioning correctly, and are deleted immediately after processing.

Common Data“: any of the following types of Personal Data – surname and first name, e-mail address, telephone number, name of the organisation you work for and your role within that organisation.

Communication“: “the giving of knowledge of personal data to one or more determined persons other than the data subject, the data controller’s representative in the territory of the European Union, the data processor or its representative in the territory of the European Union, the persons authorised, pursuant to Article 2-quaterdecies, to process personal data under the direct authority of the data controller or processor, in any form, including by making them available, consulting them or by interconnecting them” (as defined in Article 2-ter, paragraph 4, letter a of the Privacy Code).

Data Controller” or, briefly, “Controller” means “the natural or legal person, public authority, service or other body which alone or jointly with others determines the purposes and means of the processing of personal data”, as defined in Article 4, subsection 1, no. 7, of the GDPR, and here specifically ECS.

Data Processor“: “the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller”, as defined in Article 4, subsection 1, no. 8, of the GDPR.

Data Subject“: an “identified or identifiable natural person”, as defined in Article 4, subsection 1, no. 1, of the EU Regulation 2016/679 (the “GDPR”), which in this case is a Visitor or a User.

Data“: all information directly or indirectly referable to the Data Subject, including Browsing Data and Personal Data.

Dissemination“: “giving knowledge of personal data to unspecified subjects, in any form, also by making them available or consulting them” (as defined in Article 2-ter, paragraph 4, letter b of the Privacy Code).

ECS” or “Company“: Ermes Cyber Security S.r.l., with registered office in Corso Bernardino Telesio 29, 10146 Turin, Italy, VAT number 11716270019, registered in the Turin Register of Companies, REA TO-1171620019.

GDPR“: the EU Regulation 2016/679 “on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)”.

Law(s)” or “Regulation(s)“: one or more of the sets of regulations referred to in this Deed as the Privacy Law and Applicable Law.

Legal Basis“: any of the legal bases on which the Controller carries out the Processing among those indicated in this Privacy Policy and expressly provided for in Article 6 § 1 of the GDPR.

Limitation” means “the marking of personal data stored with the aim of limiting their processing in the future”, as defined in Article 4, subsection 1, no. 3, of the GDPR.

Personal Data“: “any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is any natural person who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural or social identity”, as defined in Article 4, subsection 1, no. 1, of the GDPR).

Privacy Code“: Legislative Decree No. 196/2003 as amended and/or supplemented (in particular by Legislative Decree No. 101/2018).

Privacy Legislation“: EU Regulation 2016/679 (“GDPR”), Legislative Decree 196/2003 as amended and/or supplemented (“Privacy Code”), as well as the measures adopted by the Supervisory Authority in execution of the tasks established by the GDPR and the Privacy Code, and further applicable legislation, of whatever rank, including the opinions and guidelines developed by the Committee.

Privacy Policy“: this information on the Processing of Personal Data of Visitors and Users carried out by ECS.

Processing“: “any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as defined in Article 4, subsection 1, no. 2, of the GDPR.

Publication“: the action by which the Owner communicates information on the Site, without the implementation of procedures that require the Visitor to view it.

Purposes“: any of the purposes for which the Controller carries out the Processing among those set out in this Privacy Policy.

Recipient“: “the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a Third Party”, as defined in Article 4, subsection 1, no. 9, of the GDPR.

Retention Period“: the maximum period for which, according to the Privacy Law, taking into account the Purpose and the Legal Basis of the Processing, the Controller may process the Personal Data of the Data Subjects.

Site“: the web pages displayed through https://www.ermes.company/e related subdomains.

Supervisory Authority“: the independent public authority established by a State of the European Union, or by the European Union itself, in charge of supervising the application of Privacy Law (for Italy, the Italian Data Protection Authority, http://www.garanteprivacy.it).

Third Party“: “the natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process personal data under the direct authority of the controller or processor”, as defined in Article 4, subsection 1, no. 10, of the GDPR.

User“: a Visitor who uses the Products or Services of ECS provided through the Site.

Visitor“: the natural or legal person who uses a device and navigates, via the Internet, on the public pages of the Site.
WP29“: the Working Party on the Protection of Individuals with regard to the Processing of Personal Data, set up pursuant to Article 29 of Directive 95/46/EC, whose tasks are laid down in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.