Privacy Policy

Endesa s.r.l., acting as its legal representative, with a registered office in Rome, Via Savoia 78 00198 (VAT ID 14692041008) PEC: [email protected] PEO: [email protected] (the “Data Controller”), in its capacity as Data Controller under Art. 4, 7 and 24 of EU Regulation 2016/679 dated April 27th, 2016 on the protection of natural individuals regarding the processing of personal data (the “Regulation”) informs, in accordance with Articles 13 and 14 of the Regulation that processing of users personal data will be performed by the “Responsible”.

  1. Purpose of treatment (what data we process)

    REGISTRATION: When signing up (as an end user or as a company) we will collect the following data: Name and surname, postal code, city, state, e-mail, telephone, company name, tax / VAT ID number, PEC, unique code, bank name, IBAN, username and password.

    When you sign up, we will save your registration data and your IP address.

    IF YOU USE THE CHAT: We will have access to the following data:

    1. Date and time of access to the website;
    2. Technical information such as screen resolution, operating system, browser navigator and device type;
    3. Geolocation data (country and city);
    4. IP address;
    5. Name and/or surname;
    6. E-mail address;
    7. Telephone number.
    In any case: Please note that the e-mail address provided by the user will be exported to a CRM fornewsletters - or SMS - commercial purposes, in accordance with Art. 13, paragraph 4 of the Privacy Code.
  2. Legal basis and processing purposes

    The data will be processed to enable the performance of activities related to the development and management of the service requested to the Data Controller.

  3. Specifically, the processing will pursue the following purposes:

    1. In first instance, the processing of data is necessary for the pre-contractual measures or the implementation of the contract to which the concerned party is part of and, subsequently, for the fulfillment of legal obligations (including accounting and tax obligations).
    2. The processing of the data is necessary, when applicable, for the exercise of rights in court in case of crucial issues in pre-contractual / contractual disputes.
    3. Regarding saving of records and IP address at the time of registration, these data are necessary in case of dispute about registration on the website or, subsequently, in case of problems related to the invoicing of products purchased after registration. The company’s legitimate interest is to follow up from the moment of registration.
    4. The data will be processed in a legal, impartial and confidential manner, respecting the appropriate security measures established in the Code and The Regulation.
    5. The processing will be conducted by digital means. However, the data will not be disclosed publicly.
  4. Processing method

    The Data Controller will process your personal data for the necessary time to fulfill the purposes mentioned above and, in any case, as far as billing data is concerned, during a period not exceeding 10 years from the date of your purchase. The registration data will be treated until you decide to unsubscribe. We will delete “inactive” clients after 12 years from their last purchase. The e-mail included in the mailing list will be used for the purposes mentioned above until the user unsubscribes, or after a maximum of 5 years after the last e-mail with commercial information has been sent. Chat data will be deleted after 2 years.

  5. Data Disclosure

    The Data Controller will disclose the data for the purposes set in Art. 2 to all the parties to whom the law requires the transfer in order to fulfill the purposes established by the law. However, the data will not be subject to public disclosure. The sender's and addressee's data (name and surname, address and telephone number) will also be disclosed to courier companies (designated as Data Controllers) to provide the service requested. The list of Data Processors can be consulted at the company's headquarters.

  6. Storage and data transfer

    The management and storage of personal data will take place on the Controller's and/or third-party companies' servers designed and nominated as Data Processors located within the European Union.

  7. Legally protected rights of the person concerned

    The client, as a party concerned, has the rights established in Art. 15 of Regulation, as follows:

    1. The interested party has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if they have not been registered, as well as their disclosure in an intelligible manner.
    2. The interested party has the right to be informed of:
    3. The origin of the personal data;
    4. The purposes and methods of processing;
    5. The logical approach applied in the case of processing using electronic instruments;
    6. The identity of the person responsible, of the people in charge and of the authorized representative;
    7. The subjects or categories of subjects to whom the personal data are likely to be communicated or who can have access to them in their capacity as appointed representatives in the territory of the State, as Data Controllers or as people in charge.
    8. The person concerned has the right to obtain:
      1. the updating, the certification or, when requested, the integration of data;
      2. The cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
      3. The certification that the operations referred to letters a) and b) have been notified, also regarding their content, to the subjects to whom the data have been transmitted or disclosed, unless such requirement proves impossible or involves the use of resources that are manifestly disproportionate to the right being protected.
    9. The party concerned has the right to object, in full or in part:
      1. On legitimate grounds, to the processing of personal data concerning him/her, even if they are relevant to the purpose of the data collection;
      2. To the processing of personal data concerning him/her for purposes other than those referred to in Art. 2.

Moreover, in accordance with Art. 15 and subsequent of the GDPR, the user has the right to request at any time access to his / her personal data, their rectification or cancellation, the limitation of processing in the cases stipulated in the Art. 18 of the GDPR, to obtain in a structured, commonly used and easy to read format the data concerning him/her, in the cases stipulated in the Art. 20 of the GDPR. At any time, the user can revoke, in accordance with Art. 7 of the RGPD, the consent given; file a complaint with the competent regulatory authority, according to the Art. 77 of the GDPR, if he/she considers that the processing of his / her data is contrary to the legislation in force.

The user will be able to submit a request to refuse the processing of his / her personal data according to Art. 21 of the GDPR, in which he she has to prove the reasons justifying the refusal: the Data Controller reserves the right to evaluate the request, which cannot be accepted if there are compelling legitimate grounds for the processing that prevail over the interests, rights and freedom of the user.

The party concerned can be able to make use of the rights referred to in the preceding article at any time by sending:

  • a certified letter with acknowledgment of receipt to: Endesa s.r.l. with registered office in Rome, Via Savoia n.78 00198 (VAT ID: 14692041008)
  • an e-mail to the PEO address: [email protected]
Cookies In relation to cookies installed on your computer, we inform you that the supply of data is optional. However, some cookies are necessary to allow the proper navigation on the website so, therefore, without your consent, the website may not function properly. The website uses the following cookies:
cloudflareinsights.com dvaexpress.com_cfduid Necessary and technical cookie for the correct functioning of the website.
www.dvaexpress.comPHPSESSID; php-console Necessary and technical cookie for the correct functioning of the website.
Google.com - Google.it1P_JAR, ANID, APISID, HISID, NID, SAPISID, SID, SIDCC, SSID, DV Third-party cookies. Google Map: Unique identifiers for functionality required by Google maps. Google.com policy can be consulted here: http://www.google.it/intl/en/policies/privacy/
Cookies

In relation to cookies installed on your computer, we inform you that the supply of data is optional. However, some cookies are necessary to allow the proper navigation on the website so, therefore, without your consent, the website may not function properly.

The website uses the following cookies: