Nature of data provision

The personal data requested are collected by eResult S.r.l. and processed by computer, in order to satisfy requests for contact, information, or to fulfil the obligations arising from the contract concluded with Customers. The provision of data is compulsory as it is necessary for the performance of the services requested.

Data controller

eResult S.r.l. with registered office in Cesena, Piazzale Luigi Rava, 46, VAT no. 02089480392 is the Data Controller pursuant to and for the purposes of EU Reg. 2016/679.

Data Processing and Data Protection Officers

Users’ personal data may be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as “External Data Processors” and “Data Protection Officers”, such as, by way of example, suppliers of IT services functional to the company’s operations, suppliers of outsourced services or cloud computing, professionals and consultants.

The Data Protection Officer (DPO) is Avv. Francesco Amato, who can be contacted at: dpo@eresult.it.

Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller in the manner set out below.

Purpose of the treatment

The data provided will be retained by the Controller for the following purposes and in accordance with EU Regulation 2016/679 (GDPR):

1. install technical and analytics cookies on the user’s device;
2. make the data available to third parties for purposes strictly necessary to perform the services requested by the data subject or to comply with legal requirements;
3. use the data provided for personnel selection purposes;
4. managing customer and supplier data to provide contracted services
5. to execute requests to exercise the rights of the data subject;
6. ensure the correct and lawful processing of data, safeguarding their confidentiality, including by applying appropriate security measures.

The forms to be filled out include data that are strictly necessary to adhere to what you are interested in and whose failure to indicate does not allow the request to be processed, but also optional data. Compulsory data are generally marked with an asterisk.

All processing carried out within the framework of this site will be carried out by electronic or telematic means, with logics related to the purposes for which the data have been collected and in compliance with the security regulations in force, for the purposes specified.

Data recipients

For purposes related to the provision of the service to which the interested party has subscribed, the data will be made available to third parties, who will act as data processors, and who provide services instrumental to satisfying the user’s request (for example, consultants of labour, banking institutions, professionals in the administrative/accounting field) or to whom the communication of data is necessary to comply with laws or regulations or community legislation (for example, public bodies). They may also be made available to law enforcement agencies (e.g.: prevention and repression of crimes, including computer crimes), the judiciary, authorities and public bodies competent for individual matters for their institutional activities or in case of asserting or defending their own rights in court. The list of names of these third parties can be requested directly from the Data Controller in the ways specified in this privacy policy.

Personal data will be made available to persons expressly authorized by the Data Controller – and appointed for this purpose in charge of processing – who carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons in charge are specified from time to time in the information. In general, these are people in charge of providing specific services, administration, management of IT services, relations with actual and potential customers, marketing and sales, the call centre.

The data provided will not be transmitted outside the Community territory.

Storage period

Based on the purposes identified, the following data retention periods are defined:

1. installation of technical and analytics cookies on the user’s device: as per cookie policy: https://www.eresult.it/cookie-policy
2. make the data available to third parties for purposes strictly necessary to carry out the services requested by the data subject or to comply with legal regulations: until the user requests cancellation or for the periods identified by legal regulations;
3. use the data provided for personnel selection purposes: two years after collection;
4. managing customer and supplier data to provide contracted services: up to 10 years after collection;
5. to execute requests to exercise the data subject’s rights: up to 10 years after collection. The retention periods for personal data are documented in our records of processing activities.

Rights of the interested party

The following rights of the data subject are guaranteed:

• Right of access to data (Art. 15 EU Reg. 2016/679)
• Right of rectification (Art. 16 EU Reg. 2016/679)
• Right to erasure (Art. 17 EU Reg. 2016/679)
• Right of restriction (Art. 18 EU Reg. 2016/679)
• Right to data portability (Art. 20 EU Reg. 2016/679)
• Right to object (Art. 21 EU Reg. 2016/679)

If the acquisition of data by the data controller has taken place after consent has been given, the data subject has the right to withdraw consent at any time.

Furthermore, if the data subject considers that one or more of his or her rights have been violated, he or she may lodge a complaint with the Privacy Authority in accordance with the procedures indicated at the following link

Please also note that no automated decision-making processes are used by the Data Controller.

All the above rights may be exercised, at any time and without any charge, by writing to privacy@eresult.it or by sending a written request to eResult S.r.l., Piazzale Luigi Rava, 46 47522 Cesena (FC).

Security of Personal Data

The security standards used by the Data Controller to make your personal information private and confidential, including ‘firewalls’ and data transmission via SSL (Secure Socket Layer), are the highest state of the art. In addition, specific techniques are used to protect this data from unauthorised access by third parties. In any case, the minimum security measures indicated in the Privacy Code and subsequent amendments are guaranteed.

You can check whether you are operating in safe mode in several ways:

• receiving a warning message from your navigation programme;
• by checking that the address of the page you are at is preceded by the abbreviation Https;
• by checking the symbol that appears at the bottom, left or right of your browser window: if you see a full key or a closed padlock, it means that SSL is active.

In any case, the Data Controller adopts suitable and preventive security measures to safeguard the confidentiality, integrity, completeness and availability of personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organisational measures are put in place to prevent damage, loss (including accidental loss), alteration, improper and unauthorised use of data. Similar preventive security measures are adopted by third parties (data processors) who are entrusted with data processing operations on our behalf and in respect of whom the Data Controller has laid down rules of conduct and instructions on security procedures to be followed, and supervised over their proper implementation by the data processors.

The Controller shall not be liable for untruthful information sent directly by the user (e.g. correct e-mail address or postal address or other personal data), as well as for information concerning the user that has been provided by a third party, even fraudulently.

Browsing data

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify such users. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site.