OF THE EUROPEAN REGULATION 2016/679 (GDPR) AND OF THE D.LGS 169/2003
ECAM COUNCIL is a trademark of GK Investment Holding Group SA (hereinafter “GK” or the “Company”), an investment and private equity company based in Lugano.
GK considers the protection of the personal data of its and/or potential customers to be of fundamental importance, ensuring that the processing of personal data, carried out in any manner, whether automated or manual, takes place in full compliance with the safeguards and rights recognized by the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (hereinafter the “Regulation”), by Legislative Decree no. Lgs 169/2003 as applicable and by further applicable rules on the protection of personal data.
2. Data controller
GK Investment Holding Group SA – with registered office in Via Marconi 2 – Lugano, 6900 – Switzerland in the person of the actual legal representative, assumes the role of Data Controller (hereinafter “Data Controller”) according to the relevant definition in section 4 at point 7 of the Regulation, ” ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.
For the purposes of compliance with the aforementioned legislation on privacy, the Data Controller indicates the following e-mail address for the appropriate communications: [indicate the email address]
Your data may be shared with:
3. Type of data processed and purposes of the processing relating to navigation on the Website
The website http://www.ECAMCOUNCIL.com offers informative and, sometimes, interactive contents. While browsing the website, information about the user can then be acquired in the following ways:
The computer systems and software procedures used to operate the Website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the site, the access time, the stay on the single page, the analysis of the internal path and other parameters relating to the operating system and the user’s IT environment
These technical / IT data are collected and used exclusively in an aggregate and non-identifying manner and could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
This is all the personal data freely released by the visitor on the Website, for example, to register and / or access a reserved area and / or fill out forms useful for requesting information on a specific product or service, write to an address e-mail or call (in VoIP mode) a toll-free number to have direct contact with customer service or administration.
The processing of personal data will be conducted, electronically or manually, for the following purposes:
4. Methods of data processing
The processing of personal data is carried out mainly using electronic procedures and media, without excluding manual processing, for the time strictly necessary, in accordance with Section 5 of the Regulation.
Personal data will be processed by the Data Controller limited to what is necessary for the pursuit of the main purpose. In particular, personal data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulation, i.e. until the termination of the contractual relationships in place between the data subject and the Data Controller without prejudice to a further period of conservation that may be imposed by law as also provided for by Recital 65 of the Regulation and art. 2220 of the Italian Civil Code.
Personal data is stored on servers located within the European Union. These servers are owned by GK Investment Holding Group SA and are managed by DYNADOT LLC DYNADOT, LLC. The website of the Guarantor for the protection of personal data provides information and assistance in relation to the rights recognized by the Privacy Code and related legislation (www.garanteprivacy.it).
In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
GK uses your data to ensure an efficient response to the requests you have made. The provision of your data for this purpose is optional, but failure to provide them could make it impossible to provide the requested services. We also process your data to ensure compliance with legal obligations, regulations and community standards.
If you have expressly given us your consent – and after registering in the specific area – we will use your data to inform you about the latest news relating to ECAM COUNCIL as well as on events of ECAM COUNCIL.
The storage of personal data will take place in paper and / or electronic form and for the time strictly necessary to pursue the indicated purposes.
With reference to the processing of data relating to the provision of the requested services, we inform you that we will process your data for the time strictly necessary to process your request.
In particular, we inform you that the data sent to individual professionals entered in the special registration form for sending newsletters will be kept by the Data Controller for a period of time not exceeding the achievement of the purposes referred to in this Notice and, in any case , not exceeding 24 months.
Finally, we remind you that, in order to comply with the anti-terrorism requirements introduced by art. 24 of Law 167/2017, which transposed the EU Directive 2017/541, we will keep the data relating to telematic traffic, excluding the contents of communications, for a period not exceeding 72 months from the date of communication.
Your personal data are processed by the indicated subjects, in accordance with the provisions of current legislation. In particular, to ensure the security of your data taking into account the state of the art and the implementation costs, as well as the nature, object, context and purposes of the processing, as well as the risk of varying probability and severity for rights and freedoms of our users, we have adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
5. Redirect to external sites
The Website could use the so-called social plug-in. Social plug-ins are special tools that allows to incorporate the features of the social network directly within the website (eg the “like” function of Facebook).
All social plug-ins on the Website are marked with the respective logo owned by the social network platform.
When you visit a page of the Website and interact with the plug-in (eg by clicking the “like” button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform ( in this case Facebook) and stored by it.
6. Link to / from third party sites
From the Website it is possible to connect through specific links to other third party websites.
In this regard, in no way can Ricasoli Group be held responsible for any management of personal data by third party websites and for the management of authentication credentials provided by third parties.
7. Rights of interested parties
As foreseen by section 15 of the Regulation, the interested party can access their personal data, request their correction and updating, if incomplete or incorrect, request their cancellation if the collection took place in violation of a law or regulation, as well as oppose to the processing for legitimate and specific reasons.
In particular, we list below all the rights that can be exercised, at any time, towards the Data Controller and / or the joint Data Controllers:
Right of access: the right, pursuant to Section 15, paragraph 1 of the Regulation, to obtain from the Data Controller confirmation that personal data is being processed or not and, in this case, to obtain access to such personal data and the following information:
All this information can be found within this information which will always be available in the Privacy section of the Website.
Right of rectification: right to obtain, pursuant to Section 16 of the Regulation, the rectification of personal data that are inaccurate, taking into account the purposes of the processing; moreover, it is possible to obtain the integration of personal data that are incomplete, also by providing an additional declaration.
Right of cancellation: the right to obtain, pursuant to Section 17, paragraph 1 of the Regulation, the cancellation of personal data without undue delay and the Data Controller will have the obligation to cancel your personal data, if only one of the following reasons:
In some cases, as provided for by Section 17, paragraph 3 of the Regulation, the Data Controller is entitled not to delete your personal data if their processing is necessary, for example, to exercise the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.
Right to limit the processing: this is the right to obtain the limitation of processing, pursuant to Section 18 of the Regulation, in the event that one of the following hypotheses occurs, the interested party:
In case of limitation of the processing, the personal data will be processed, except eg: