Privacy Policy

01Foreword

E-Plato S.r.l., with registered office in Milan (MI), Piazza Eleonora Duse no. 1, 20122, enrolled with the Companies Register of Milan Monza Brianza Lodi, no. 2763526, VAT and Tax ID no. 01830500334, provides this notice pursuant to Regulation (EU) 2016/679 (hereinafter, the “GDPR”) and to Italian Legislative Decree no. 196/2003, as subsequently amended by Legislative Decree no. 101/2018 (hereinafter, the “Privacy Code”), in order to describe how it processes the personal data of users (hereinafter, the “Data Subjects”) who access the website https://e-plato.com (hereinafter, the “Site”) via personal computer, mobile device or any other type of electronic instrument.

02Data controller

The data controller is E-Plato S.r.l., with registered office in Milan (MI), Piazza Eleonora Duse no. 1, 20122 (hereinafter, the “Controller”). Data Subjects may contact the Controller in order to exercise the rights granted to them under the GDPR and the Privacy Code at the following email address: [email protected].

03Scope of processing

Processing concerns the identifying and contact data collected from Data Subjects, such as, by way of example: first name, last name, company name, email address, telephone number, as well as documents, files and archives; and any information voluntarily provided by the user.

04Legal basis and purposes of the processing

The Controller processes the data of Data Subjects for the following purposes:

• to respond to, manage and handle contact requests addressed to the Controller. Providing this data is necessary for the performance of pre-contractual measures taken at the request of the Data Subjects (Art. 6(1)(b) GDPR); failure to provide it makes it impossible for the Controller to carry out such measures;
• to receive or deliver the service, and to fulfil the contractual obligations arising from existing relationships between the Data Subjects and the Controller. Providing this data is necessary for the performance of contracts to which the Data Subjects are a party (Art. 6(1)(b) GDPR); failure to provide it makes it impossible for the Controller to perform such contracts;
• to comply with obligations arising from tax and accounting law, or with any other applicable legal obligation. Providing this data is necessary in order to fulfil the legal obligations to which the Controller is subject (Art. 6(1)(c) GDPR);
• to customise the Data Subjects' personal area in the course of service delivery (Art. 6(1)(b) GDPR), proposing any updates to ensure greater convenience for the Data Subjects.

05Technical cookies

A cookie is a short text string stored on the Data Subject's computer when accessing a website. The Controller uses cookies on the Site in order to offer Data Subjects a better and more secure browsing experience, and therefore on the legal basis of the Controller's legitimate interest (Art. 6(1)(f) GDPR).

The Controller uses the technical cookies listed in the summary table below:

The Google Analytics 4 analytical cookies (_ga, _ga_*) are loaded only after the Data Subject has provided explicit consent through the banner shown on first access. The IP address is anonymised (anonymize_ip) and no personally identifiable data is transmitted to Google. Consent can be withdrawn at any time by reopening the banner from your browser preferences.

To protect the contact form we use Cloudflare Turnstile, a privacy-friendly anti-bot solution that does not use profiling tracking cookies and does not share personal data with third parties for advertising purposes.

06Processing methods

The personal data of Data Subjects will be processed by the Controller using electronic tools and/or paper supports, in accordance with the principles of lawfulness, fairness and transparency of processing (Art. 5(1)(a) GDPR), and applying technical and organisational measures suitable to ensure an adequate level of security (Art. 32 GDPR).

07Retention period for personal data

The personal data of Data Subjects will be retained by the Controller for the period of time necessary to fulfil the purposes for which such personal data was provided and/or collected. Once the personal data of Data Subjects is no longer necessary for the aforementioned purposes, the Controller will delete or anonymise it so that the personal data can no longer be associated with the Data Subject who provided it or from whom it was collected.

Where personal data is provided by Data Subjects in the form of a recorded communication, by telephone, electronically, in person or by other means, it will be retained in accordance with applicable local legislation for a period of 10 years following the conclusion of the business relationship with the Controller. Where Data Subjects have opted out of receiving marketing communications, the Controller will keep their email address on a dedicated exclusion list in order to respect the Data Subjects' refusal to receive such communications.

08Recipients of the personal data

Within the processing carried out for the purposes set out in paragraph 3 of this notice, the personal data of Data Subjects will not be disseminated, nor transferred outside the European Economic Area (hereinafter, “EEA”). Such personal data may be shared with:

• employees of the Controller's business functions, previously authorised for this purpose and instructed in such a way as to ensure processing methods of the personal data of Data Subjects that comply with the GDPR;
• third parties acting as data processors (Art. 28 GDPR) such as, by way of example: (i) individuals, companies or professional firms providing advisory services (e.g., accounting, tax, legal, administrative) to the Controller; (ii) banks and credit institutions; (iii) public authorities and bodies to whom the sharing of the personal data of Data Subjects is made mandatory by law or regulation;
• any other third party with whom sharing of the personal data has been previously authorised by the Data Subjects.

The Controller requires external parties who manage and process personal data to acknowledge the confidentiality of such data, to commit to respect the right to privacy of any individual, and to operate in accordance with the legal provisions in force regarding data protection, as well as with this privacy notice.

09Rights of Data Subjects

Data Subjects shall have the right to exercise the rights granted to them by Articles 15–22 of the GDPR: in particular, they may at any time request the Controller to (i) access the personal data concerning them; (ii) where they consider it inaccurate, rectify, integrate, restrict or erase it; and (iii) port the personal data concerning them, in a suitable format. At any time, the Data Subjects may withdraw any consent given to the processing, without prejudice to the lawfulness of the processing carried out on the basis of the consent previously given.

10Changes to this Privacy Policy

E-Plato reserves the right to amend this Privacy Policy at any time to reflect changes in its business processes or in applicable laws. Users are advised to consult this notice periodically to remain informed about how their personal data is processed.

11Right to lodge a complaint

Where Data Subjects believe that the processing of their personal data carried out by the Controller is in violation of the rights granted to them under the GDPR or the Privacy Code, they shall have the right to lodge a complaint pursuant to Art. 77 GDPR with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), with offices in Rome (RM), Piazza Venezia no. 11, 00187 (garanteprivacy.it), or to bring an action before the competent judicial authorities pursuant to Art. 79 GDPR.

12Contacts

For any questions, requests or clarifications regarding this Privacy Policy, users may contact E-Plato at the following email address: [email protected].