QUALITY POLICY

Declaration

The e.RATIO Management and the whole Organization
declare their commitment to:

Adopt a Quality Management System compliant with the UNI EN ISO 9001/2015 standard, ensuring compliance with the specified requirements.
Ensure compliance of the Quality Management System with the applicable mandatory or voluntary standards and laws and with the relevant contractual obligations.
Disseminating the culture of a systematic risk assessment for each activity that can have an impact on the Business according to the expected results and the cost / benefit assessment.
Periodically check the degree of effectiveness and efficiency of the Quality Management System and initiate the appropriate corrective or containment actions where there are exposures for the company's business.
Place customer satisfaction as the primary objective to consolidate and increase market shares.
Systematically detect his level of satisfaction both in relation to the service provided and his expectations.
Guarantee suitable means and resources to conduct and continuously improve the Quality Management System.
Take care of professional growth for all company personnel.
Pursue the continuous improvement of the Quality Management System.

INFORMATION SECURITY POLICY

Declaration

The e.RATIO Management and the whole Organization
declare their commitment to:

Adopt an Information Security Management System (ISMS) compliant with the ISO 27001: 2013 standard, ensuring compliance with the specified requirements.
Ensure compliance of the Information Security Management System with applicable mandatory or voluntary rules and laws and relevant contractual obligations.
Disseminating the culture of a systematic risk assessment for each activity that may have an impact on the loss of Confidentiality, Integrity and Availability of Information depending on the probability of adverse events occurring.
Protect the confidentiality, integrity and availability of information managed by e.RATIO, the intellectual property and assets of e.RATIO.
Raise awareness that personal information and that of its customers are a primary asset for the organization to be protected and kept confidential.
Ensure awareness of the obligations and responsibilities of each in the management of information security and of the consequences that may derive from non-compliant or malicious behavior in relation to what is foreseen and documented.
Guarantee suitable means and resources to conduct and continuously improve the Information Security Management System, in particular as regards the mitigation / reduction of risk levels on information security and the adoption of suitable measures to prevent - or adequately manage - abnormal and emergency situations.
Take care of the material goods and resources of e.RATIO.
Pursue the continuous improvement of the Information Security Management System.

La Direzione

Information on the processing of personal data pursuant to Article 13 of EU Regulation 2016/679 for users / surfers who consult the website www.eratio.it.

Why do we provide you with this information?

Pursuant to EU Regulation 2016/679 (hereinafter "Regulation" ) the contents of the information describe the methods of processing personal data that the website www.eratio.it acquires during navigation or are provided directly by the user. This information does not concern other sites, pages or online services accessible via hypertext links that may be published on the sites but referring to resources outside the domain of www.eratio.it.

Who is the Data Controller ?

The Data Controller is e.RATIO s.r.l. based in via Bari 150 int. 19 - 70022 Altamura BA VAT number 06755470728 (hereinafter "Owner" ). The processing of personal data takes place within the company structure of the Owner and / or within the business group of the Owner .
The user who provides his personal data can contact the Owner , to exercise his rights, at the following address:

privacy@pec.eratio.it

The Owner , or a person authorized by him, is required to respond to user requests without undue delay and / or at the latest within one month.
The contacts of any Data Protection Officer (DPO) will be indicated, following any appointment, on the website at www.eratio.it.

What is meant by the legal basis of the processing?

It seems appropriate to explain, in clear and simple words, what is meant by “legal basis”.

Personal data cannot be used by anyone other than the legitimate owner. However, there are cases in which the legal system allows processing by other subjects, such as, for example, when the user / navigator decides to request information on our site, he contacts us through the appropriate section by entering his data and these they will subsequently be used to fulfill your specific request. Similarly, the user / navigator may decide to also provide his e-mail address to receive information about our specific activities.

What is the legal basis of the processing?

The user / navigator of the site, after reading the information, is free to provide or not the personal data requested in the service registration forms. These data are necessary for the provision of the requested service so that, if such data were not provided, the requested service cannot be provided and you will not be able to take advantage of the related opportunities.

The owner processes personal data relating to users if one of the following conditions exists:

The user has given consent for one or more specified purposes;
Il trattamento è necessario per l’adempimento di un obbligo legale al quale il Titolare è soggetto;
The processing is necessary for the pursuit of the legitimate interest of the Owner or of third parties.

The user can still ask the Owner to clarify the concrete legal basis of each treatment by contacting him at the aforementioned address.

What data are processed and how?

The data we collect is processed in full compliance with the provisions of the law on the protection of personal data and exclusively for the purposes indicated in this information, pursuing logic and methods aimed at guaranteeing the confidentiality, integrity and availability of the information communicated by users. .

User data is collected to allow the site to provide its services as well as for the following purposes:

Contact User

The types of personal data used for the aforementioned purposes are:

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data of the access logs with IP addresses are stored on the server hosting the site for a period of 3 (three) months.
The data from the webserver logs could be used, in the cases provided for by law, to ascertain responsibility in the event of hypothetical computer crimes against the site.
The systems hosting the site are protected by a firewalling system and are replicated to ensure correct conservation and availability.
The Google Analytics tracking code is installed on the site. The data are recorded by the Google Analytics service and are stored on Google's servers for a standard period of 26 (twenty-six) months.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of the e-mail address on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
No data sent to e-mail addresses or sent through forms is saved on the servers where the website resides. These data are stored on servers in the availability of e.RATIO srl, located on Italian territory, at the company datacenter and at an external datacenter. Specific summary information will eventually and progressively be reported or displayed on the pages of the site set up for particular services on request and in the relative data collection fields. Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request its integration or updating, or the rectification upon contact as previously reported.

Pursuant to the Regulations, one has the right to request the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, to their processing as illustrated below.

Details on the processing of Users' Personal Data

Moduli di contatto
- L’utente compilando con i propri dati i moduli presenti nel sito acconsente al loro utilizzo per rispondere alle richieste di informazioni. Ovvero, flaggando la casella specifica, presta il consenso al trattamento dei dati immessi per adempiere alla relativa richiesta.

Can the data be transferred outside the EU?

In the event that personal data are transferred outside the European Union, for technical and operational purposes and to ensure high continuity of the service, the Data Controller guarantees that the transfer will be carried out ensuring that the level of protection of the natural persons guaranteed by current legislation and in particular by EU Regulation 2016/679 is not affected.

Who is the data disclosed to?

The personal data provided may be disclosed to appropriately appointed recipients who will process the data as data processors and / or as persons in charge.

The Data Controller does not disclose any of the data subjects' information to third parties without their consent, except where required by law. In any case, the dissemination of personal data processed is excluded. The complete list of data processors, joint controllers and persons in charge of processing personal data can be requested by sending a specific request to the email address privacy@pec.eratio.it
or by contacting the owner in the aforementioned ways.

What are the rights of the site user?

The user who has provided the data, by virtue of the principle of transparency, has the right to:

Obtain the revocation of the consent given;
obtain , from the Owner, confirmation of the existence or not of personal data concerning him;
obtain the communication of the data in a clear and intelligible form;
obtain the indication :
the origin of the personal data;
the purposes and methods of treatment;
of the logic applied in case of processing carried out with the aid of electronic means;
of the identity of the Owner , of the data processor (s) and / or persons in charge;
of the subject (s) (s) to whom the data may be communicated and / or who can learn about them as appointed representative in the territory of the State, manager or appointee.
Obtain updating , rectification and / or integration , if there is interest, of the data provided ;
Obtain the cancellation, transformation into anonymous form or block of data processed in violation of the law, including those which do not need to be kept in relation to the purposes for which the data were collected or subsequently processed;
Obtain the attestation that the updating, rectification and deletion of the data, as already defined in the previous points, have been brought to the attention, also as regards their content, of those to whom the data have been communicated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.
Obtain the limitation of the processing of the data provided ;
Propose a complaint to the National Supervisory Authority.

The deadline for replying to the user is, for all exercisable rights, 1 (one) month, extendable up to 3 (three) months in particularly complex cases. The Owner is in any case required to provide a reply to the user , in writing, within 1 (one) month, even in the event of refusal, in a concise, transparent and easy way. accessible, with simple and clear language.

The exercise of the rights may involve the burden of a contribution to expenses for the user related to the difficulties, for the Owner , to follow up on requests in relation to resources. available.

These rights may be limited by a law or regulation, community or national, when the exercise of these rights could result in an effective and concrete prejudice.

Additions, updates and changes to the current information

The Data Controller reserves the right to modify, supplement or periodically update this Information in compliance with the applicable legislation or the measures adopted by the Guarantor for the Protection of Personal Data in its capacity as Supervisory Authority.

The aforementioned changes or additions will be brought to the attention of the interested parties. We invite users to review the Privacy Policy regularly, to check the updated information and decide whether or not to continue using the services offered.

The aforementioned information applies to data collected through the website www.eratio.it owned by e.RATIO srl in its capacity as Data Controller.

(Last updated 10/06/2019)