EOLO SpA acknowledges the importance of personal data protection and considers their protection one of the principal goals of its own activity, pursuant to EU Regulation 679/2016 - General Data Protection Regulation ("GDPR") –, to the “Codice in materia di protezione dei dati personali” (D. Lgs. 196/2003) as amended by D. Lgs. 101/2018 and to other applicable national legislation (hereinafter GDPR, the “Codice in materia di protezione dei dati personali” and other applicable national legislation are collectively referred to as "Applicable Law").
EOLO invites you to carefully read this policy before giving any personal data, as it contains important information on personal data protection and on security measures adopted.
EOLO informs that the processing of personal data will be based on the principles of lawfulness, correctness, transparency, purpose limitation and conservation, data minimization, accuracy, integrity and confidentiality.
Data Controller and Data Protection Officer
The Data Controller is EOLO SpA with headquarter in Via Gran San Bernardo, 12 - 21052 - Busto Arsizio (VA), (hereinafter, "EOLO" or "Controller"), mail: email@example.com.
EOLO appointed a Data Protection Officer ("DPO") for any information concerning the processing of personal data carried out by the Controller, available at: firstname.lastname@example.org.
Personal information we collect about you
The information we collect about you depends on how you interact with EOLO.
EOLO processes the personal data you directly provide during the performing of the contract for the provision of electronic communication services and any other connected services (hereinafter "Services") and / or subsequently collected during the contractual relationship.
EOLO collects data even if you are not a customer on the occasion of information requests, participation in events or our other initiatives. Sometimes, we may receive your data from third parties, if you have given them the consent to share it.
As example, EOLO processes the following categories of data:
1) Personal data (name, surname, age, gender, tax code, billing address), contact details (telephone number, e-mail address, installation address), payment details (credit card information where selected as payment method).
2) Telematic and telephonic traffic data that are connected to one of our services’ use (data, voice, mail).
3) Data related to your credit rating and your punctuality in payments.
4) Data related to the way you use our Products and Services, such as the received level of service and your customer satisfaction (for example, about customer support).
5) Data based on interests and preferences, only with your prior consent.
6) Data related to your personal account, such as access credentials (login, e-mail address, password), access log and performed activities, due or received payment dates, profile in use, subscribed offers and any other information included your Personal Area on the website www.eolo.it.
7) health data (sensitive data according to Article 9 of the GDPR) only where necessary for the activation of particular services and for the obtaining of benefit (as required by Agcom Resolution No. 46/17 / CONS).
8) Data related to criminal convictions or offenses only in case of authority requests that EOLO have to satisfy, or when the data processing is authorized by a law or by the regulation, which provide appropriate safeguards for the rights and freedoms of data subjects.
9) Data voluntarily provided during the use of support services through all available channels (for example, telephone call, ticket and chat).
10) Recordings of the content of the interactions with our support services (for example, welcome calls made within a few days from the order date to inform the Customer about the service activation process).
11) Data deriving from cookies and similar technologies (more information is available in the relative policy available at https://www.eolo.it/home/chi-siamo/informazioni-legali/privacy.html)).
EOLO processes data in compliance with the Applicable Law, assuming that they refer to the contractor or third parties who have expressly authorized him to provide them. According to this hypothesis, the contractor assumes all legal obligations and liabilities, indemnifyingEOLO from any dispute, claim, requests for compensation, etc. that should be received from third parties whose Personal Data have been provided in violation of the Applicable Law.
Purpose, legal basis and nature of the processing
1. EOLO will process Personal data for the performing or execution of the contractual relationship and for the fulfilment of a legal obligation based on the condition of lawfulness according to art. 6.1 letter b) and c) of the GDPR. For example, these purposes include:
a. Order / contract management and provision of purchased Products and Services.
b. Customer support, for any questions or reports on our network, Services or products and for the sending of service messages (to notify service interruptions due to maintenance activities, in case of inefficiencies or to send "institutional" communications).
c. Accounting, administrative and tax management of payments and invoicing.
d. Management and provision of interconnection services to other operators' networks.
e. Pre-sales support and contact with the interested party who specifically requested us to provide information.
2. Personal data may be processed in pursuit of a legitimate interest of EOLO, according to art. 6.1 letter f) of the GDPR, in particular for the following purposes:
3. Personal data will be processed, only with your prior consent, optional and revocable at any time, according to art. 6.1 letter a) of the GDPR, for the following purposes:
Data will be processed using instruments that guarantee security and confidentiality; the processing can also be performed using automated tools to store, manage and transmit data.
Data may be processed by EOLO's employees appointed to pursue the aforementioned purposes. The aforesaid employees have been expressly authorized by EOLO for processing and they received adequate operating instructions.
Your personal data may be transmitted to external subjects designated by EOLO as Data Processors and to whom are given adequate operating instructions. These subjects provide EOLO with activities or services that are instrumental to the purposes indicated above and are included in the following categories:
a. partners or agents in charge of selling, delivering and installing products and services;
b. companies’ part of EOLO's direct and indirect distribution network;
c. business partners in case of promotions / offers launch;
d. companies that perform, on behalf of EOLO, data acquisition and processing services necessary for the use of customer services;
e. companies that provide EOLO services for the information system management;
f. companies that carry out market research aimed at detecting the customer satisfaction;
g. companies that perform database management and archiving services;
h. companies that perform call center services.
In some cases, your data may be provided to individuals who are granted the right to access by Italian or EU legislation. Personal data may be disclosed to third parties entitled to receive them and that act as independent data controllers, such as:
a. authorized companies that provide fraud control services;
b. companies that provide services of control, revision and certification of the activities carried out by EOLO, even in the interest of its customers;
c. independent professionals, accountants, law firms that aid and consulting services;
d. law enforcement agencies, government agencies, regulatory bodies, judicial authorities or other public authorities authorized by law;
e. third parties or organizations to which the disclosure is required to comply with Applicable Law or other legal or regulatory requirement;
f. banking institutes and credit card issuing companies;
g. insurance companies;
h. other telecommunications operators, for the interconnection relationships management.
Data transfer outside the EU
Some personal data provided by the interested party may be transferred to Recipients that could be located outside the European Economic Area. In this case, EOLO ensures that the electronic and papery processing of Personal Data by the Recipients takes place in compliance with the Applicable Law. In such cases, transfers are based alternatively on a decision on adequacy regarding data protection and privacy, on the acceptance of the EU-US "Privacy Shield" agreement or on the Standard Contractual Clauses approved by the European Commission. The updated list of third countries to which EOLO may transfer personal data is always available upon request.
Data will be stored at our headquarters, located in Via Gran San Bernardo, 12 - 21052 Busto Arsizio (VA), for the time prescribed by Applicable Law.
EOLO will keep your Personal Data for a period not exceeding the achievement of the purposes for which it was collected or subsequently processed, as well as for the period established by law for administrative purposes, for the management of any complaints, disputes or for criminal proceedings.
i. EOLO will keep the data processed for the purposes described in point 1 (one) only for the time prescribed, in particular:
- data processed for provision or execution of the contractual relationship will be kept for the entire duration of the contract and for a period of 10 (ten) years after its conclusion, unless EOLO needs for further conservation to ascertain, exercise, defend his rights on behalf of a court. In this case, data will be kept for the entire duration of the judicial dispute, until the deadlines for the availability of appeal actions are exhausted;
- data processed for the fulfilment of legal obligations will be kept within the limits established by law and as long as needed to comply with that legal obligations;
- traffic data for purposes of ascertaining and suppressing crimes may be stored within the limit set by the relevant legislation and by the provisions of the “Autorità Garante per la protezione dei dati personali”;
- traffic data for technical purposes (such as troubleshooting) or billing, up to a maximum of 6 months;
- call record files for a 6 months period.
ii. data processed for the pursuit of EOLO’s legitimate interest (point 2) will be processed for the time strictly necessary to achieve the interest, in detail:
- data related to the status and punctuality of your payments will be kept for the entire contract duration and for a period of 12 (twelve) months after the conclusion of the contract, unless EOLO needs for further conservation to ascertain, exercise, defend his rights on behalf of a court. In this case data will be kept for the entire duration of the judicial dispute, until the deadlines for the availability of the appeal actions are exhausted;
- data related to the verification of our services’ level of satisfaction through surveys and data processed to improve and innovate our Products and Services, including services rendered by external suppliers, will be maintained for 36 (thirty-six) months;
- data necessary to prevent fraud and protect our networks, detect abuses or prejudicial actions, improve their use and monitor traffic volumes and calls will be kept for 12 (twelve) months, unless EOLO needs for a further conservation to exercise his rights on behalf of a court.
iii. data processed for the purposes explained in point 3:
- will be kept for profiling purposes for a period of 12 (twelve) months from collection and until the consent is revoked;
- will be kept for marketing purposes for a period of 24 (twenty-four) months and until the consent is revoked;
- personal data that could be communicated to third parties will be kept until the consent given for this purpose is revoked.
Once the aforementioned terms expired, data will be destroyed, deleted or made anonymous, compatibly with the technical procedures for deletion and backup.
Rights of interested parties
Within the limits of the Applicable Law, the interested party has the right to ask EOLO, at any time:
- access to his/her data, their cancellation, the correction of incorrect data, the integration of incomplete data, as well as the processing limitation;
- to receive data in a structured, commonly used and readable by an automatic device format, and, if technically feasible, to transmit them to another controller ("right to data portability") if the processing is based on consent or on the contract and is carried out with automated tools;
- to oppose the processing based on the legitimate interest of the Data Controller and / or to oppose, without limitation, the processing for direct marketing purposes;
- to revoke the consent given at any time.
Requests should be sent by e-mail to the address: email@example.com.
Consent and privacy settings are always modifiable, even after the conclusion of the contractual relationship, through a special section in your Reserved Area on the website www.eolo.it. We remind you that, following the revocation of the previously given consent, the same will be immediately implemented but definitively operative after the technical time necessary for the alignment between all our information systems.
Pursuant to the Applicable Law, the interested party has the right in any case to fill a complaint on behalf of the competent Control Authority (art. 77 GDPR), as well as to appeal to the competent judge (art. 79 GDPR).
Last update: October 2019