This Privacy Policy is intended to describe the purposes and methods by which SURGE S.R.L., as Data Controller (“Company” or “Data Controller”), collects and processes personal data relating to the user (“User”) who interacts with the website https://www.surge.eu/ (“Website”) and with the various services offered by the same. The information contained in this Privacy Policy is provided pursuant to art. 13 of the EU Regulation of 27 April 2016 n. 679 (“Regulations”), as well as the Measures issued by the Authority for the Protection of Personal Data and Guidelines of the European Authorities. The information about the processing of data is made only for the Site and for the treatment operated by the Company and does not extend to the processing operations performed by third parties through other sites that may be consulted by the User through links. With respect to these further treatments, the Company assumes no responsibility, as the User must refer to the individual Privacy Policy of third party websites.
Owner and place of treatment
The Data Controller is the Company SURGE S.R.L., with registered office in Bologna (Italy), Via Guelfa 5. The data are mainly processed at the headquarters of the Data Controller, by the technical staff of the appointed company in charge of processing, within the territory of the European Union and, in relation to the services entrusted or offered by third parties, even outside of the Italian State and / or outside the European Union. In case of transfer of data in countries that do not present a standard of protection equal to the Italian one, the Company undertakes to adopt the necessary measures for this transfer.
Method of data processing
The Company processes User data by adopting all appropriate security measures to prevent unauthorized access, as well as the disclosure, modification or destruction of unauthorized data. The processing is carried out with both manual and computerized and / or telematic tools, with organizational methods and with logic strictly related and limited to the purposes indicated.
Finalità del trattamento dei dati e base giuridica del trattamento
The Company, through the Website, may process User data for the following purposes:
Contact the company. The Company offers the User the ability to send communications to the Company via email, requests, questions and information on the activities, initiatives and services of the Company. In this regard, the personal data provided by the User (eg email address, telephone number and / or other information spontaneously provided to the User) will be processed by the Company to take charge, correctly manage and respond to the User’s communication . The legal basis of the processing is represented by the execution of the service expressly requested by the User, and any refusal to provide personal data implies the impossibility for the Company to manage and find the communication or request for information.
Marketing activities. The User’s data may be used for the Company’s marketing activities relating to the products and / or services offered, such as the sending of informative material and commercial communications via e-mails on services, initiatives and / or offers of Events. The legal basis of the processing is represented by the consent issued by the User.
Pursuit of the legitimate interests of the Company and / or third parties. The User’s data may also be used for the exercise of the rights and legitimate interests of the Company and / or third parties, for example the right to defense in court, the management of complaints and litigation, the possible recovery of claims , prevention of fraud and / or illegal activities. In these cases, even if the provision of personal data is not mandatory, it is still necessary as these data are closely connected and instrumental to the pursuit of such legitimate interests, which do not prevail over the rights and fundamental freedoms of the User, and any refusal to supply them may result in the inability to provide the requested services (eg requesting information from the Company).
Comply with legal obligations and / or applicable obligations. The Company may also use the personal data provided by the User or otherwise acquired during the User’s interaction with the Site for purposes related to the implementation of legal obligations, regulations, national and Community regulations as well as deriving from provisions issued by authorities to this legitimized by the law, which represent the legal basis of the processing, without the need to obtain the prior consent of the User.
Perform aggregated statistical analysis on an anonymous basis in order to improve the services and services offered by the Company through the Site. In this case, no consent of the User will be requested, as the indicated processing will be performed only on anonymous data
Categories of data processed
The Company receives and collects, through the Website, information relating to the User who visits the pages of the Website and uses the web services available on the Website. In particular, the Company acquires and processes the following information.
4.1 Data collected through browsing and through cookies
When the User visits the Site, the latter collects some data such as the pages viewed, the links or buttons clicked by the User, the date and time of access, the IP address of the User, the browsing browser and the operating system used (so-called “browsing data”). The navigation data could, by their very nature, allow the identification of the User also through processing and association with data held by third parties. However, the Company uses these data for the sole purpose of obtaining statistical and anonymous information on the use of the Site for purposes strictly related to the functioning of the same. The navigation data could also be used to ascertain responsibility in case of any computer crimes against the Site.
Secondly, in relation to the collection of User data through cookies and similar technologies, please visit the Cookie Policy.
4.2 Data provided voluntarily by the User
The Company limits the collection of information voluntarily provided by the User to those necessary for the pursuit of the purposes described in paragraph 3 above and the services expressly requested. In addition, the Company may collect and process additional personal data, where the same are voluntarily provided by the User in connection with the services offered by the Site, for example in the event that the User contacts the Company to report malfunctions or malfunctions, exercise the own rights on the processing of personal data, etc. These data will be processed by the Company solely for the purposes strictly related to the User’s request. Failure to provide data may make it impossible to obtain the requested service.
Communication of data to third parties
The data provided by the User as well as those collected by the Site as part of the related services (eg IP address) will not be disclosed and may be communicated, for the purposes and methods described in this Privacy Policy, to the following categories of subjects
SURGE S.R.L., for administrative and accounting purposes, for the pursuit of the legitimate interests of the Company and / or third parties, and for purposes of performance of the services expressly requested by the User;
companies, collaborators, consultants or freelancers that the Company uses to perform technical or organizational tasks (such as for example IT service providers), or with which the Company collaborates, for the purpose of providing and operating its own services, or for any communication activities;
persons, companies or professional firms that provide assistance and advice to the Company, with particular but not exclusive reference to accounting, administrative, legal, tax and financial matters;
subjects whose right to access data is recognized by legal provisions or by orders of the authorities.
The subjects belonging to the above categories will use the data as independent data controllers in accordance with the law or data processors duly appointed by the Company. These subjects may be established in EU and non-EU countries. In particular, in the event that said subjects are established in non-EU countries, the Company adopts the measures envisaged by the Regulations to legitimize the transfer of personal data to them, and specifically the stipulation of specific contracts. The list of subjects to whom the data are or may be communicated, as well as the indication of the privacy measures adopted to legitimize non-EU transfers, can be requested from the Company by contacting the addresses indicated in the “User Rights and Contacts” section.
Data retention
The data are processed for the time necessary to carry out the activities indicated in paragraph 3 above, and are canceled as soon as the purposes for which they were collected and processed cease to exist. In particular, the Company will delete the personal data of the User who requested information or sent communications by contacting the Company via the Website after 24 months from the date they were received. Secondly, the Company will delete the personal data of the User who has sent his candidacy to positions of employment of the Company after 24 months from the conferment of the same, in case the candidate does not establish a working relationship / collaboration with the society. Finally, in relation to the processing of data for marketing purposes, the data will be retained until the User expresses his opposition to the treatment.
Diritti dell’Utente e contatti
The User can exercise, in the cases expressly foreseen by the law and where applicable, the rights foreseen by the Regulations. In particular, the User has the right to:
to obtain confirmation that the processing of personal data is being processed and, in this case, to ask the data controller to access the information relating to the processing itself (eg purposes, categories of data processed, recipients or categories of recipients of data, the retention period, etc.);
request the correction of inaccurate or incomplete data;
ask the data controller to delete the data (eg if the personal data are no longer necessary in relation to the purposes for which they were collected, in case of revocation of the consent on which the treatment is based, etc.);
equest the limitation of processing (eg in case of dispute on the accuracy of data, if the processing is illegal and the same is opposed to the cancellation of personal data, if the data are necessary for the exercise or defense in the judgment of a User right, even if the holder no longer needs it, in case of exercising the right of opposition, for the time necessary to verify the existence of legitimate reasons);
receive in a common and readable format from an automatic device (eg pdf) the personal data concerning him and transmit them to another holder, or obtain direct transmission from one owner to another, if technically feasible (so-called portability of data).
The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him / her. These rights can be exercised directly by sending a communication to the following email address: info@surgetech.eu
Finally, if you believe that the processing of the data provided violates the law regarding the protection of personal data, the User has the right to propose a complaint to the Authority for the protection of personal data (www.garanteprivacy.it).