Privacy Policy

Privacy Policy under Article 13 of General Regulation for the Protection of Personal Data

EU 2016/679 (“GDPR”)

​

Under Article 13 of General Regulation for the Protection of Personal Data EU 2016/679 (“GDPR) we would like to inform users about purposes and method of Data Processing for the utilization of the website:

https://hartist.io

This Privacy Policy is not valid for other websites which might be visited through links contained on all the websites of data controller's domain name. The data controller shall not be held responsible, in any way, for third parties' websites.

 The Data Controller is Hevolus s.r.l., registered office: Via G. Agnelli, 31 - Zona ASI - 70056 Molfetta (Bari), ITALY – VAT Number.: 05612750728, tel.: +39 080 9648300, E-mail: info@hevolus.it; PEC: pec@pec.hevolus.it

PURPOSES OF THE PROCESSING AND LEGAL BASIS

For the purposes expressed in this policy, will be treated:

• General Personal Data, Contact Detalis (e.g. name, telephone number/address/ e-mail/ Tax Codes/VAT number) voluntarily provided by you using the services offered by our website (contact form, career page);

• Browsing Data (IP address, domain names)

The personal data provided will be treated in compliance with the conditions of lawfulness pursuant to art. 6 of the Regulation, in order to:

• Browse this website and technical management of its connections.

The software systems and procedures required for the smooth functioning of this website acquire, as part of their usual cycle and during connection, some personal data that is sent when internet communications protocols are used. This is information is not collected for the specific purpose of identifying a user, but - in consideration of its own nature - processed and assembled with other data, could enable the identification of a user. This category includes, for instance: IP addresses or names with domains of computers used by persons logging onto the site, URI (Uniform Resource Identifier) addresses of the resources required, browser’s characteristics, as well as other parameters related to the users' operative system. This information is only used to prepare anonymous statistics on site use and to ensure the proper operation of the site itself and will be immediately deleted after being processed. The above-mentioned data may be also used to assess liability in the event of IT crimes committed with damage to our website and/or to Platforms.

Legal Basis: the legitimate interest of the Data Controller (pursuant to Article 6, point f) of EU GDPR 2016/679)

The navigation data collected are necessary to allow the data subject to browse the site.

• Respond to requests for information or contact and other types of requests, made by customers/ users about the services offered by the Owner

The voluntary and explicit sending of emails to the addresses in this website, the filling in of the contact form or the registration to the reserved area in the career page and its use, entail the subsequent acquisition of personal data provided (e-mail, name, surname), this is necessary to comply with any requests from users. This also applies to the management of complaints submitted by users and the feedback given to them.

Legal Basis: the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (pursuant to Article 6, point b) of EU GDPR 2016/679);

The conferment of data is optional, any missing data and consent to their processing/ communication will make it impossible for the company to enter into subsequent contact’s requests.

Furthermore, we inform you that we do not use automated decisions, according to Art 22 GDPR.

​

DATA PROCESSING METHOD

Personal data will be processed with paper-based, electronic or telecommunications means and with suitable security measures to safeguard the security and confidentiality of your personal data, pursuant to Articles 6 and 32 of EU GDPR 2016/679.

​

DATA RETENTION

Pursuant to Article 5, part 1, point e), of EU GDPR 2016/679 Personal Data will be collected and stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. The retention period of provided Personal Data depends on the purpose:

1. For contact requests, maximum 1 year;

2. For Tax obligations, maximum 10 years;

After this period, personal data will be destroyed, cancelled or make them anonymous, unless the further storage is necessary for contract obligations, legal reasons or to comply with orders from Public Authorities and/or Supervisory Bodies.

​

RECIPIENTS OF THE DATA OR CATEGORIES OF RECIPIENTS

For the pursuit of the purposes described, or in cases in which it is strictly necessary or required by law or by authorities empowered to impose said law, the Data Controller reserves the right to communicate the data to recipients in the following categories:

• subjects who carry out IT maintenance or similar services;

• subjects who provide services for the management of the information system used by the Data Controller and of the telecommunications networks, including email and website management; -

• Supervisory and control authorities and bodies and, in general, subjects, public or private, with public-related functions (e.g.: Prefecture, Police Headquarters, Judicial Authority, in any case only to the extent that the conditions established by the applicable legislation exist) ; -

• other companies of the group of which the Data Controller is part, or in any case parent, controlled or associated companies, pursuant to art. 2359 of the Civil Code;

• professional firms or companies in the context of assistance and consultancy relationships;

• the data may also be known, in relation to the performance of the assigned tasks, by the Data Controller's staff, including interns, temporary workers, consultants, employees of companies external to the Data Controller, all specifically authorized for processing.

​

TRANSFER OF PERSONAL DATA

The provided Personal data will not be transferred to third countries or international organizations.

​

DATA DISSEMINATION

Your Personal Data will not be disseminated.

​

SOCIAL NETWORK PLATFORMS

From the website it is possible to connect to the company pages present on Social Networks, through the icons (Facebook, Instagram, Youtube e Linkedin).

 As is known, Social Networks independently regulate their privacy for those who browse, publish posts and communicate through them, being in this case the main Data controller.

The user is therefore invited to visit the following links for further information:

• https://www.facebook.com/privacy/policy/

• https://help.instagram.com/155833707900388

• https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/

• https://privacy.linkedin.com/it-it [AD1] 

However, when the user is on the social pages managed by Hevolus s.r.l and communicates, in various ways, their personal data (e.g. through a private message or commenting on a post or leaving a review), or when the Social Networks provide some statistics on the use of the pages in a non-anonymous way (and therefore linked to the activity carried out on the page by the specific person), it is Hevolus s.r.l  that becomes the Data Controller.

The data processing that is carried out occurs exclusively for the ordinary management of the pages (e.g., if a comment is posted in which it insults other users, Hevolus s.r.l  may decide to remove it from the page as it is illegal) and to respond to user questions (both public and private) about the characteristics of Hevolus s.r.l products.

In this case, the legal basis of the processing is the legitimate interest of Hevolus s.r.l in offering the user and illustrating its products and their characteristics, as well as the need to answer any possible user questions. The processing of the user's personal data will take place using the tools made available by the Social Networks themselves. In this contact phase, Hevolus s.r.l. will not sell or communicate the user's personal data to other parties. The user is always free to decide when to remove likes, delete comments, reviews, etc., simply by returning to the page of the relevant Social Network and directly deleting it. As for private messages, these are kept for a maximum of 6 months from the last contact, after which they are deleted. The user is always free to provide their personal data. Failure to provide data may make it impossible to obtain what is requested or to use the Data Controller's services.

RIGHTS OF THE DATA SUBJECT

Articles 15, 16, 17, 18, 20, 21 of General Regulation for the Protection of Personal Data EU 2016/679 (“GDPR)

confer on the interested party the exercise of specific rights that may be exercised before the Data Controller.

As a Data Subject, you may excercise the following rights:

• Right of access: Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.

•  Right to rectification: each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

•  Right to erasure (Right to be forgotten): each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, so long as the processing is not necessary:

• Right of restriction of processing: each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

• Right to data portability: each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her that was provided to a controller, in a structured, commonly used and machine-readable format. of a task carried out in the public interest or in the exercise of official authority vested in the controller;

• Right to object: each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her. This also applies to profiling based on these provisions.

Moreover, the data subject shall have the right to object, wholly or in part, for legitimate reasons, to the processing of his or her personal data and the right to lodge a complaint with a supervisory authority, pursuant to Article 77 of EU GDPR 679/2016. Those rights may be exercised by contacting the Data Controller.

You can exercise your rights using the form provided, which must be sent to the adress of the Data Controller or via e-mail/fax using the details indicated in this Policy.

This policy was updated on 19/12/2024 , any furhter updates will be published on this page.