INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA
pursuant to Article 13 of EU Regulation 2016/679 of 27/04/2016

Pursuant to Article 13 of EU Regulation 2016/679 of 27/04/2016, hereinafter referred to as GDPR (General Data Protection Regulation), we hereby provide information regarding the processing of the personal data you provided.

Identity and contact details of the data controller
The data controller is Euro Italian Freight Systems S.r.l. (VAT n. 06882180158), a company with registered office in Via Cassanese 224, Segrate (Milan, Italy) hereby represented by its pro-tempore Legal Representative.
You can contact the data controller by e-mail at: info@euroitalianfreight.it.

Purpose of the data processing
We process the personal data you provided us with when using the website and/or after registering with the form.
In particular, we process:
personal, identification and non-sensitive data (such as for example, first name, last name, address, age, gender, e-mail address, phone number, etc. hereinafter referred to collectively as “personal data” or “data”) directly provided by you, by registering with the website and/or following the purchase of products; data not directly provided by you – and in any case acquired within the limits of the provisions of art. 14, paragraph 5 of the GDPR – the transmission of which is connected to the use of Internet communication protocols (such as for example, access to the page, quantity of data transferred, status message after logging in, session ID numbers, IPs, URLs, etc.). This data is used to track your visits to the website.

Purposes and legal basis of the processing
The personal data you provided will be processed exclusively for the following purposes:
Establishment and administrative-accounting management of the sales relationship and all related activities, such as, for example: payments, invoicing, shipping, returns, credit protection, administrative, managerial, organisational and functional services for the execution of the relationship, prevention or countering of frauds or misuse, exercise of the Controller’s rights, (for example, the right to defence in court proceedings); fulfilment of the obligations provided for by law, regulations, applicable legislation and other provisions issued by authorities vested with the law and by supervisory and control bodies.
The processing of your personal data for the above purposes does not require your express consent (art. 6 lett. b) and c) of the GDPR).
Execution of marketing and promotional activities for the Controller’s products and services, commercial communications, both by automated means without the data controller’s intervention (e.g. SMS, e-mail, etc.) and traditional means (via telephone, postal mail).
Various types of profiling activities, including the processing of studies and market research. These activities are carried out for the sole purpose of proposing to the customer the types of products that best suit their profile, without this implying any preclusion from the purchase of any type of product offered through the website. Under no circumstances will the information collected by us be used for discriminatory purposes.
The processing of your personal data for the above purposes requires your express consent (art. 7 of the GDPR). This consent concerns both automated and traditional methods of communication described above. You will always have the right to object easily and free of charge, in whole or in part, to the processing of your data for said purposes, e.g. by excluding automated contact methods and expressing your wish to receive commercial and promotional communications exclusively through traditional contact method.
Mandatory or optional nature of disclosure of data and consequences of refusal.
The data requested for the purposes referred to in points a) and b) above must be provided in order to fulfil legal obligations and/or for the completion and execution of the contractual relationship and the sale of the products and services requested. Therefore, your refusal, even partial, to provide such data would make it impossible for the Supplier to guarantee your registration on the website and, consequently, to establish and manage the supply of the products or services you have requested.
The provision of the personal data necessary for the purposes referred to in points c) and d) above is optional, therefore your refusal to provide such data shall make it impossible to carry out the activities described therein.

Data processing method
The processing of your personal data is carried out by means of the operations indicated in Art. 4, Privacy Code and Art. 4, no. 2) of the GDPR and precisely: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The processing of your data will be based on the principles of correctness, lawfulness and transparency and may also be carried out by means of automated methods designed to store, manage and transmit this data, and will take place using tools that guarantee security and confidentiality using suitable procedures that avoid the risk of loss, unauthorised access, unlawful use and disclosure.
The processing is carried out directly by the Controller’s organisation and/or by its specifically appointed and trained staff, except as provided for in point 6 below.
Communication, Dissemination and Transfer
Your personal data may be communicated, within the limits strictly pertaining to the obligations, tasks and purposes referred to above and in compliance with the regulations in force, to the following categories of subjects:
subjects to whom such communication must be made in order to fulfil or to require the fulfilment of specific obligations provided for by laws, regulations and/or Community legislation; banking institutions which the Controller uses to complete its payment transactions, as well as subjects operating within them, for the sole purposes of administrative and accounting management of the contract/relationship and for feedback concerning the execution of said payments; third-party physical and/or legal persons, professionals whom the Controller uses for advice or assistance in the performance of its business activities, in particular lawyers, auditors, tax and labour consultants, supervisory bodies, certification bodies, forwarding agents, IT and security consultants, etc. These subjects will operate as external data processors and will receive, from the Controller, precise instructions on the processing methods pursuant to Art. 28 of the GDPR.
The complete and updated list of external data processors can be requested to the Data Controller at the following e-mail address: info@euroitalianfreight.it.
The management and storage of personal data will take place on the Data Controller’s and/or third-party companies’ servers, duly appointed as Data Processors, located within the European Union, or in compliance with the provisions of Art. 45 et seq. of the GDPR. The servers are currently located in the European Union. The data will not be transferred outside the European Union. It is understood that, should it become necessary to transfer the location of the servers, to Italy and/or the European Union and/or countries outside the EU, such a transfer will always take place in compliance with Art. 45 et seq. of the GDPR. In this case, however, the Data Controller assures that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by entering into, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.
Retention period for personal data
In compliance with the provisions of Article 5 paragraph 1 letter e) of EU Regulation 2016/679, the personal data collected will be stored in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed. The retention of data is also determined based on current legislation regarding the retention of accounting records and, specifically, for 10 years. The data collected for the purposes referred to in letters c) and d) above will be kept and processed for the time necessary to fulfil these purposes and, in any case, for a period not exceeding 3 years from the date you granted your consent.

Navigation Data and Cookie Policy
The computer systems and software procedures used to operate this website acquire, during normal operation, some personal data that are then implicitly transmitted when using Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. All our activities are governed by strict ethical principles and we are committed to protecting the privacy of all visitors to our website. For this reason, the way we collect and store data is closely linked to the way you use our website and its services.
This website uses technical cookies to ensure the proper functioning of procedures and to improve the user’s experience of online applications.
Cookies are small text files placed on a visitor’s computer, where they are stored and then retransmitted to that same website on their next visit. Third-party cookies, on the other hand, are placed by a website other than the one the user is visiting. This is because websites may contain elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than that of the website visited.
The website also includes components transmitted by Google Analytics, a web traffic analysis service provided by Google, Inc. (“Google”). These cookies are used for the sole purpose of monitoring and improving the performance of the website.
The user can decide whether to accept cookies by using the settings on their browser.

Rights of the data subjects
As a data subject, you are entitled to the rights provided for in Articles 15 et seq. of the GDPR and specifically the rights to:
request confirmation as to whether or not personal data concerning them are being processed; obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, when possible, the storage period; obtain the rectification and erasure of the data; obtain the restriction of the processing; obtain the portability of the data, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and disclose them to another data controller without hindrance; object to the processing at any time and in the case of processing for direct marketing purposes; object to automated decision-making regarding physical persons, including profiling; ask the controller for access to personal data and correction or cancellation of data or restriction of processing of data concerning them or to object to the processing of personal data, as well as the right to data portability; withdraw consent at any time without prejudice to the lawfulness of the processing based on consent given before the revocation; lodge a complaint with a supervisory authority.
For the exercise of the rights under Articles 15 et seq. of the GDPR, for questions or information regarding the processing of your data and the security measures taken, you may in any case send your request to the following address:

Euro Italian Freight Systems S.r.l.,
In the person of its legal representative
Registered address: Via Cassanese 224, Segrate (Milan, Italy), 
E-mail: info@euroitalianfreight.it