Privacy Policy

  1. Home
  2. / Privacy Policy

Privacy Policy in accordance with EU Regulation 2016/679 (GDPR)

ESG Cert S.r.l., registered office Via Privata del Gonfalone 3, Milano (MI) 20123, P.IVA IT12063010966 (hereinafter referred as Data Controller), acting as Data Controller, informs you that Your Personal Data will be processed in accordance with EU Regulation 2016/679 (GDPR) in the following ways and for the following purposes.

A. Data to be processed

The Data Controller processes Personally Identifiable Information such as name, surname, email address and CV, as well as other data not explicitly requested, that is communicated by you by filling in the forms on this site or by email.

B. Purpose of data processing

The Personally Identifiable Information collected will be used:

  1. Without your explicit consent, as indicated in art. 6 b), e) GDPR, for the following purposes:

    1. Close contracts for the Controller’s services;
    2. Fulfill pre-contractual, contractual and tax obligations deriving from the relationship between the Data Controller and the Data Subject;
    3. Comply with obligations established by laws, regulations community legislation or orders from Authorities;
    4. Excercise the rights of the Data Controller;
  2. With your explicit consent, as indicated in art. 7 GDPR, for the following purposes:

    1. Send you via email newsletters, commercial communications and promotional material about products and services provided by the Data Controller;
    2. Collect feedback about the quality of our services through surveys and/or interviews;
    3. Send you emails containing commercial and/or promotional material of third party partners of the Data Controller.

C. Methods of data processing

The processing of your personal identifiable information is carried out in compliance with art. 4 paragraph 2) GDPR. Your personal data are processed electronically for the time necessary to fulfill the aforementioned purposes and in any case for no more than 5 years from the termination of the relationship with the Data Subject.

D. Access to data

In order to pursue the purposes explained in letter B of this policy, your data will be made accessible to employees and collaborators of the Data Controller, in their role of persons authorized to the processing of data, data processors or system administrators.

E. Data disclosure

Without your explicit consent, as indicated in art. 6 lett. b), c) GDPR, the Data Controller may communicate your data for the purposes described in letter B.1. of this policy to Supervisory Bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to all subjects to whom communication is mandatory by law for the aforementioned purposes. These entities will process the data in their capacity as independent Data Controllers.

Your personal data will not be disclosed.

F. Data transfer

Data are stored within the European Economic Area. In the event that it is made use of third-party suppliers for the processing of the data you have provided, the Data Controller ensures that the data is transferred only to suppliers chosen after an accurate due diligence process. The data transfer will be carried out in compliance with the applicable regulation and legal provisions. If data are transferred to non-EU countries, the standard contractual clauses provided by the European Commission apply.

G. Nature of the data collection and consequences of refusal to respond

The provision of data for the purposes described in letter B.1. of the present policy is mandatory. Failure to provide the requested data will result in the impossibility to fulfill such purposes.

The provision of data for the purposes described in letter B.2. of the present policy is optional. You can decide not to provide any data or to deny the right to process your data at any time. If that is the case, you will not receive any newsletter, commercial communication or promotional material for services provided by the Data Controller or its partners. Anyhow you will continue to be entitled to the services described in point B.1. of this policy.

H. Rights of the data subject

As Data Subject, you have the rights described in articles 15 to 21 GDPR, which as right of access, right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition, as well as the right of complaint to the Data Protection Authority.

I. Exercising of the rights of the data subject

You can exercise your rights at any time by sending:

  • a registered mail to ESG Cert S.r.l., Via Privata del Gonfalone 3, Milano (MI) 20123;
  • an email to privacy@esgcert.eu.

J. Data Controller

The data controller is ESG Cert, registered office Via Privata del Gonfalone 3, Milano (MI) 20123, P.IVA IT12063010966