Easysnap Technology S.r.l. – Easysnap Co-Packing S.r.l. (collectively "Easysnap” or “Controller”) is committed to a responsible handling and protection of personal data in compliance with privacy protection standards, including the EU General Data Protection Regulation 2016/679 (“GDPR”) and laws enacted thereunder. This policy applies when Easysnap collects, stores and processes data to carry out its functions and activities, supplies products and services to its stakeholders and who for any other reasons, have a relationship with or have contacted Easysnap (“Data Subjects”), and is designed to help them understanding how the Controller processes the information collected on or from them, how it uses and shares such data with others, how it manages the information held, how personal data of its website users is processed (www.easysnap.com), and how to exercise their rights and contact Easysnap (art. 13 GDPR).
Types of data collected
Easysnap collects and processes common identification information that can identify the data subjects (including, but not limited to, full name, phone and mobile numbers, postal and e-mail addresses, date of birth, gender, civil status, nationality, identification number, photographs, etc.) provided voluntarily when getting in touch with the Controller via web form, in person, by post, e-mail or telephone, or by virtue of consenting to its collection. The Controller does not usually process special data (i.e. information revealing a person ethnic, or racial origin, religious beliefs, trade union membership, genetic, biometric or health data). Personal data are collected and processed at the offices of the Controller and handled by internal personnel appointed and in charge of the processing, or by external duly contracted Data Processors (art. 28 GDPR). When visiting Easysnap website, it is not necessary for data subjects to provide personal data. For the technically required data, we refer to the execution under "Provision of the website and creation of log files / log files" and "Use of cookies".Purpose and lawful grounds for data processing
Easysnap processes personal data on appropriate legal grounds (art. 6, para b,c,f GDPR legitimate interests, explicit data subjects’ consent granted to the Controller, legal or statutory obligations) in order to: i) respond to requests for information/products/services/quotes/job vacancies/customer care, or contact after filling in the forms on its website; (ii) fulfill pre-contractual commitments, contractual and fiscal obligations and related communications; (iii) send commercial and marketing information, reports, updates; provide commercial communications via any means (via e-mail, telephone, text message, social media, post or in person), news items and other information of interest; manage subscriptions to newsletters/mailing lists, commercial profiling, statistical analysis and market research; (iv) manage and store business contacts (customers/business partners/suppliers/interested parties) through a group-wide CRM software of Easysnap parent company; (v) organise events/training online or in-person: managing registrations to webinars or events in-person, interacting with speakers/panellists/participants; (vi) gauge data subjects interest in events (e.g. exhibitions, expo, tradeshows) and request meetings for networking and B2B; (vii) register as a user to access the website reserved area for services; (viii) collect job applicants personal details and manage recruitment processes; (ix) process its website users’ IP addresses, any mobile device used to surf the net, the pages data subjects visit when using Easysnap services and how they use those services Privacy Policy Website; data is collected by installing small text files called “cookies” and other, similar IT techniques as described on the web Cookie Policy; (x) manage Easysnap communications systems and IT security operations; (xi) exercise a legitimate interest and any right of the Data Controller (e.g. the right of defense in court and manage of any dispute, the protection of credit positions, the ordinary internal operational, managerial and accounting requirements). (xii) comply with legal and regulatory obligations under applicable laws, or fulfill the obligations established by an order of a public authority; Data subjects have the right to object to the processing of personal data and to withdraw their consent at any time. However, such refusal may disqualify data subjects from availing of services and communication from Easysnap, or even terminate the relationship with the Controller when the processing is mandatory. With reference to the processing of personal data for the purposes above the Controller may not ask for the data subject’s consent, provided that the latter has been duly informed and has not refused to allow such use, initially or during subsequent communications. Upon collection and in any communication sent for the purposes under this section, the data subject will be informed of the possibility to object to the processing at any time, smoothly and free of charge.Processing methods and data security storage
Personal data are processed both in paper and electronic formats. Data will be stored in a form that allows the identification of the data subject only for the time strictly necessary to achieve the purposes for which it was originally collected and, in any case, within the limits provided by law. Data collected and recorded in relevant databases can be accessed and managed by duly authorized personnel (art. 29 GDPR) of the Controller to carry out collection, registration, organization, storage, consultation, extraction, use, blockage, communication, processing, comparison, cancellation and destruction and any other appropriate operation in compliance with the legal provisions necessary to guarantee its accuracy, relevance and security. Data can be communicated, even without the data subjects’ consent, to authorities, law enforcement agencies or the judiciary, upon an express request, which will treat them as independent Data controllers for institutional purposes, and/or pursuant to the law during investigations and controls. If service providers are acting as Data Processors (art. 28 GDPR), Easysnap ensures that they have taken adequate security measures, that suitable technical and organizational measures are in place and that any processing complies with the requirements of the GDPR to guarantee the safeguarding of data subjects’ rights. Besides, Easysnap implements specific security measures to prevent data loss, unlawful or improper use and unauthorized data access (art. 32 GDPR) and stores personal data on its IT systems based in the European Union.Data Retention period
Personal data will be retained only as long as strictly necessary to achieve the purposes for which it was collected and processed, or as required by law, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. Upon completion of the processing, or in case of exercise of the right to object to the processing or withdrawal of the given consent, the Controller will be entitled to further retain, in whole or in part, personal data for the purposes permitted by the GDPR (such as the needs to enforce a right in court proceedings, to address any claim, or to protect Easysnap’s interests related to potential liability on the provision of services). As a rule, personal data is stored and processed for: a) 24 months from their recording, or any longer period established by applicable laws or by competent authorities; b) from the moment the consent is granted to Easysnap until withdrawn. If not withdrawn, the Controller will ask data subjects for their consent renewal at intervals every 24 months. Once consent is withdrawn (or not granted, following a renewal request) personal data will ceased to be used for the above purposes, although it may still be kept by Easysnap as it may be necessary to protect its interests related to potential liability on the processing; c) delete personal data upon data subjects’ requests, if permitted, in line with applicable data protection laws; d) take reasonable steps to destroy or de-identify personal information held if it is no longer needed for the purpose for which it was collected.Cross-border and international transfers
Easysnap will circulate personal data collected within countries belonging to the EU. Data may be transferred and stored outside the European Economic Area (E.E.A.), including to centrally manage customer/supplier data with its parent company and its affiliates located outside Italy or the E.E.A. that will process them for their own purposes as autonomous data controllers, in compliance with the conditions set out in Chapter V (artt.45-47, 49 GDPR) to ensure that the level of protection of data subjects is not affected (i.e. the EU-U.S. Data Privacy Framework and the EU Standard Contractual Clauses). Data subjects may obtain information on the guarantees for data transfer by sending an email to the Controller.Data Controller
Each Easysnap company acts as an independent data controller, with reference to commercial relationships with each of its customers and suppliers, for the abovementioned purposes:- Easysnap Technology S.r.l. Via Carlo Mussa, 266 – Castellazzo Bormida 15073 (AL) – Italy
- Easysnap Co-Packing S.r.l. Via Della Colombaia, 14/D - San Giovanni in Persiceto 40017 (BO) – Italy