ISO/IEC 27001:2013 UNI CEI EN ISO/IEC 27001:2017
ISO / IEC 27001: 2013 (ISO 27001) is the international standard that describes the best practices for an ISMS (information security management system).
With this ISO 27001 accredited certification, we demonstrate that our company is following information security best practices and provides independent, qualified control over whether information security is managed in line with international best practices and business objectives.
ISO 9001:2015
The international standard specifies the requirements of a quality management system when an organization:
Information on the processing of personal data pursuant to Article 13 of EU Regulation 2016/679 for users / surfers who consult the website www.eratio.it.
Why do we provide you with this information?
Pursuant to EU Regulation 2016/679 (hereinafter "Regulation" ) the contents of the information describe the methods of processing personal data that the website www.eratio.it acquires during navigation or are provided directly by the user. This information does not concern other sites, pages or online services accessible via hypertext links that may be published on the sites but referring to resources outside the domain of www.eratio.it.
Who is the Data Controller ?
The Data Controller is e.RATIO s.r.l. based in via Bari 150 int. 19 - 70022 Altamura BA VAT number 06755470728 (hereinafter "Owner" ).
The processing of personal data takes place within the company structure of the Owner and / or within the business group of the Owner .
The user who provides his personal data can contact the Owner , to exercise his rights, at the following address:
The Owner , or a person authorized by him, is required to respond to user requests without undue delay and / or at the latest within one month.
The contacts of any Data Protection Officer (DPO) will be indicated, following any appointment, on the website at www.eratio.it.
What is meant by the legal basis of the processing?
It seems appropriate to explain, in clear and simple words, what is meant by “legal basis”.
Personal data cannot be used by anyone other than the legitimate owner. However, there are cases in which the legal system allows processing by other subjects, such as, for example, when the user / navigator decides to request information on our site, he contacts us through the appropriate section by entering his data and these they will subsequently be used to fulfill your specific request. Similarly, the user / navigator may decide to also provide his e-mail address to receive information about our specific activities.
What is the legal basis of the processing?
The user / navigator of the site, after reading the information, is free to provide or not the personal data requested in the service registration forms. These data are necessary for the provision of the requested service so that, if such data were not provided, the requested service cannot be provided and you will not be able to take advantage of the related opportunities.
The owner processes personal data relating to users if one of the following conditions exists:
The user can still ask the Owner to clarify the concrete legal basis of each treatment by contacting him at the aforementioned address.
What data are processed and how?
The data we collect is processed in full compliance with the provisions of the law on the protection of personal data and exclusively for the purposes indicated in this information, pursuing logic and methods aimed at guaranteeing the confidentiality, integrity and availability of the information communicated by users. .
User data is collected to allow the site to provide its services as well as for the following purposes:
The types of personal data used for the aforementioned purposes are:
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data of the access logs with IP addresses are stored on the server hosting the site for a period of 3 (three) months.
The data from the webserver logs could be used, in the cases provided for by law, to ascertain responsibility in the event of hypothetical computer crimes against the site.
The systems hosting the site are protected by a firewalling system and are replicated to ensure correct conservation and availability.
The Google Analytics tracking code is installed on the site. The data are recorded by the Google Analytics service and are stored on Google's servers for a standard period of 26 (twenty-six) months.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of the e-mail address on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
No data sent to e-mail addresses or sent through forms is saved on the servers where the website resides. These data are stored on servers in the availability of e.RATIO srl, located on Italian territory, at the company datacenter and at an external datacenter. Specific summary information will eventually and progressively be reported or displayed on the pages of the site set up for particular services on request and in the relative data collection fields.
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request its integration or updating, or the rectification upon contact as previously reported.
Pursuant to the Regulations, one has the right to request the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, to their processing as illustrated below.
Details on the processing of Users' Personal Data
Can the data be transferred outside the EU?
In the event that personal data are transferred outside the European Union, for technical and operational purposes and to ensure high continuity of the service, the Data Controller guarantees that the transfer will be carried out ensuring that the level of protection of the natural persons guaranteed by current legislation and in particular by EU Regulation 2016/679 is not affected.
Who is the data disclosed to?
The personal data provided may be disclosed to appropriately appointed recipients who will process the data as data processors and / or as persons in charge.
The Data Controller does not disclose any of the data subjects' information to third parties without their consent, except where required by law. In any case, the dissemination of personal data processed is excluded. The complete list of data processors, joint controllers and persons in charge of processing personal data can be requested by sending a specific request to the email address privacy@pec.eratio.it
or by contacting the owner in the aforementioned ways.
What are the rights of the site user?
The user who has provided the data, by virtue of the principle of transparency, has the right to:
The deadline for replying to the user is, for all exercisable rights, 1 (one) month, extendable up to 3 (three) months in particularly complex cases. The Owner is in any case required to provide a reply to the user , in writing, within 1 (one) month, even in the event of refusal, in a concise, transparent and easy way. accessible, with simple and clear language.
The exercise of the rights may involve the burden of a contribution to expenses for the user related to the difficulties, for the Owner , to follow up on requests in relation to resources. available.
These rights may be limited by a law or regulation, community or national, when the exercise of these rights could result in an effective and concrete prejudice.
Additions, updates and changes to the current information
The Data Controller reserves the right to modify, supplement or periodically update this Information in compliance with the applicable legislation or the measures adopted by the Guarantor for the Protection of Personal Data in its capacity as Supervisory Authority.
The aforementioned changes or additions will be brought to the attention of the interested parties. We invite users to review the Privacy Policy regularly, to check the updated information and decide whether or not to continue using the services offered.
The aforementioned information applies to data collected through the website www.eratio.it owned by e.RATIO srl in its capacity as Data Controller.
(Last updated 10/06/2019)