Privacy Policy
Notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)
Table of Contents
We are EOLIANN S.R.L. SOCIETÀ BENEFIT, VAT no. 12457140965, with registered office at Corso Raffaello 28, 10125, Turin (TO) and, pursuant to Articles 13 – 14 of Regulation (EU) no. 2016/679 (hereinafter “GDPR 2016/679”), laying down provisions for the protection of individuals and other subjects with regard to the processing of personal data, we inform you – in your capacity as a user browsing the website www.eoliann.com – that your personal data that you provide to us will be processed in compliance with personal data protection legislation and confidentiality obligations.
We inform you of the following:
1. WHO PROCESSES YOUR PERSONAL DATA
Data Controller
The Data Controller is EOLIANN S.R.L. SOCIETÀ BENEFIT, VAT no. 12457140965, with registered office at Corso Raffaello 28, 10125, Turin (TO).
Contact details: e-mail: info@eoliann.com PEC: eoliannsrl@legalmail.it
2. WHY WE PROCESS YOUR PERSONAL DATA
Purposes of processing
“Processing” means any operation applied to personal data: collection, recording, organization, storage, processing, modification, extraction, consultation, use, communication, dissemination, blocking, erasure or destruction (Art. 4, no. 2 GDPR). Your personal data as a user browsing the website www.eoliann.com are processed for the following purposes:
a) to ensure the proper technical functioning and security of the website www.eoliann.com, as well as to allow you to browse and be redirected to our social pages;
b) to allow you, subject to your explicit, free, informed, specific consent and the completion of the forms available on the website www.eoliann.com, to subscribe to the monthly newsletter and receive by e-mail periodic update communications on the activities of the Data Controller;
c) to send you, upon your request, with the first newsletter message (“welcome message”), as digital welcome content included in the newsletter subscription, the Guide (technical document on the AIRIS product) or the annual Report on infrastructure resilience, according to the choice expressed at the time of subscription; receipt of such digital contents is available exclusively through newsletter subscription;
d) to allow you to book a Demo of the AIRIS product and schedule an appointment with a member of the team of EOLIANN S.R.L. SOCIETÀ BENEFIT, at your request through the completion of the form available on the website www.eoliann.com;
e) to respond to your requests for information or appointments through the completion of the form available in the “Let’s talk” section of the website www.eoliann.com;
f) to carry out, subject to your separate and specific consent and completion of the form available on the website www.eoliann.com, automated profiling (segmentation) activities for direct marketing purposes in order to send you personalized communications; for details, please refer to chapter 14;
g) to manage unsolicited applications through the “Work with us” form available on the website www.eoliann.com: you will be redirected to a dedicated external platform, where you can find all information for the protection of your personal data in the dedicated specific Privacy Notice to which full reference is made;
h) to comply with legal obligations, regulatory obligations or orders of competent Authorities, as well as to exercise or defend a right of the Controller.
3. WHAT PERSONAL DATA WE PROCESS
Type of data processed for each purpose
Browsing and security of the website www.eoliann.com Personal data processed automatically: IP address, device and browser technical data, access and browsing logs, date/time of requests, URI of resources. For Cookies, please refer to the “Privacy and Cookie Policy” of the website www.eoliann.com. Provision is automatic and implicit in browsing.
Monthly newsletter Personal data processed: e-mail address. Provision is optional; in its absence, it will not be possible to subscribe to the newsletter or receive the digital welcome content. Where technically предусмотрено, interaction data with sent communications may also be processed (opening, clicks).
AIRIS product Guide and annual Report Personal data processed: e-mail address. Provision is necessary; in its absence, the request cannot be fulfilled.
Demo booking and Let’s talk section Personal data processed: first and last name, company, role, e-mail address, phone number (optional), message (optional). First name, last name and e-mail address are necessary to manage the request.
Profiling for personalized communications Personal data processed: e-mail address, selected digital content (Guide or Report), interaction data with sent communications (opening, clicks). No personal data belonging to special categories under Art. 9 GDPR are processed. For details, please refer to chapter 14.
Work with us For the processing relating to the search and selection of work resources, you can find all the information for the protection of your personal data and the ways in which they are processed in the dedicated specific Privacy Notice to which full reference is made, which we invite you to read.
4. PROVISION OF PERSONAL DATA – WHAT HAPPENS IF YOU DO NOT PROVIDE IT
Nature of provision
Provision of data is generally optional; however, failure to provide the necessary data makes it impossible to proceed with the specific request:
➢ Newsletter: it is optional and requires explicit, free, specific, informed and unequivocal consent; failure to provide consent does not affect any other functionality of the website www.eoliann.com
➢ Guide and Report: without an e-mail address it is not possible to send the digital content in PDF format;
➢ Demo and Let’s talk: without first name, last name and e-mail address it is not possible to manage the request; phone number, company, role and message are optional;
➢ Profiling: it is optional and requires explicit, free, specific, informed and unequivocal consent, separate and specific with respect to the consent given for newsletter subscription; failure to provide consent does not affect newsletter subscription or any other functionality of the website www.eoliann.com
5. ON WHAT LEGAL BASIS WE PROCESS YOUR PERSONAL DATA
Conditions for lawful processing
a) Browsing and security of the website www.eoliann.com (technical logs) Legal basis: legitimate interest of the Data Controller (Art. 6 para. 1, lett. f) GDPR) in ensuring the proper functioning and security of the website www.eoliann.com. Processing is limited to the sole necessary technical data and takes place in anonymized form. Necessary technical Cookies: legitimate interest. Non-necessary Cookies: explicit consent (Art. 6 para. 1, lett. a) GDPR) via banner/preferences center. For more information, please refer to the Cookie Policy.
b) Monthly newsletter Legal basis: explicit, free, specific, informed and unequivocal consent (Art. 6 para. 1, lett. a) GDPR and Art. 130 Legislative Decree 196/2003) via Checkbox.
c) AIRIS product Guide or annual Report on infrastructure resilience At your request, receipt of the AIRIS product Guide or the annual Report on infrastructure resilience may constitute the welcome digital content of the first newsletter message and is not available as an autonomous and independent service from the subscription. You may withdraw consent at any time through the unsubscribe link at the bottom of each communication or by contacting the Data Controller at the e-mail address info@eoliann.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
d) Demo booking Legal basis: pre-contractual measures taken at your request (Art. 6 para. 1, lett. b) GDPR). The Demo constitutes a typical pre-contractual measure for evaluating the AIRIS product before a possible purchase.
e) Let’s talk – Requests for information and appointments Legal basis: pre-contractual measures taken at your request (Art. 6 para. 1, lett. b) GDPR).
f) Automated profiling for personalized communications Legal basis: explicit, free, specific, informed and unequivocal consent (Art. 6 para. 1, lett. a) GDPR) via Checkbox separate from the consent for newsletter subscription. Profiling is never carried out in the absence of your consent. You may withdraw it at any time by contacting the Data Controller at the e-mail address info@eoliann.com; withdrawal does not affect the lawfulness of processing carried out before withdrawal and does not entail deletion from the newsletter. For operational details of profiling, please refer to chapter 14.
g) Work with us For the processing relating to the search and selection of work resources, you can find all the information for the protection of your personal data and the ways in which they are processed in the dedicated specific Privacy Notice to which full reference is made, which we invite you to read.
h) Legal obligations and legitimate interest of the Controller Legal obligations or orders of Authorities: necessity to comply with legal obligations (Art. 6 para. 1, lett. c) GDPR). Exercise or defense of a right of the Controller: legitimate interest (Art. 6 para. 1, lett. f) GDPR).
6. HOW LONG WE RETAIN YOUR PERSONAL DATA
Duration of processing and retention criteria
Personal data are retained for the period strictly necessary to achieve the purposes for which they are collected, in compliance with the principles of purpose limitation and data minimization (Art. 5 GDPR):
➢ Browsing data and technical logs: maximum 7 days, unless retention is necessary for the ascertainment of unlawful acts or at the request of the Authority;
➢ Cookies: according to their type, as indicated in the Cookie Policy; for non-necessary Cookies processing takes place only after consent has been obtained;
➢ Demo and Let’s talk: 12 months from the last useful interaction; in the event of a contractual relationship, for the time necessary to manage the relationship and comply with civil and tax obligations;
➢ Newsletter (including interaction data): until consent is withdrawn and, in any case, no longer than 24 months from the last significant interaction (opening, clicks), unless legal obligations apply;
➢ Profiling (data and profiles): until consent is withdrawn or an objection to direct marketing is made and, in any case, no longer than 12 months from the last significant interaction. Profiles are deleted simultaneously with the deletion of the underlying data;
➢ Work with us: for the processing relating to the search and selection of work resources, you can find all the information for the protection of your personal data and the ways in which they are processed in the dedicated specific Privacy Notice to which full reference is made, which we invite you to read.
7. TO WHOM WE DISCLOSE YOUR PERSONAL DATA
Recipients and data processors
Your personal data are disclosed exclusively to qualified third parties, within the limits strictly necessary for the performance of the services, in compliance with the GDPR and the Privacy Code, appropriately appointed as data processors pursuant to Art. 28 GDPR or subjects authorized to process data:
a) Hosting, infrastructure and IT security providers, appointed as data processors pursuant to Art. 28 GDPR;
b) E-mail delivery, newsletter management and marketing automation service providers (including segmentation functions), appointed as data processors pursuant to Art. 28 GDPR;
c) Other service providers instrumental to the Controller’s activity, appointed as data processors pursuant to Art. 28 GDPR;
d) Employees and collaborators of the Data Controller authorized to process data, within the limits of their respective duties;
e) Public authorities, judicial authorities and supervisory authorities, in the cases provided for by law or by their order.
The updated list of data processors may be requested from the Data Controller by e-mail at eoliannsrl@legalmail.it
8. YOUR PERSONAL DATA ARE NOT DISCLOSED
No disclosure to unspecified subjects
Your personal data are not subject to disclosure to unspecified subjects.
9. WHERE YOUR PERSONAL DATA ARE PROCESSED
Transfer of data abroad
Your personal data are stored mainly on servers located within the European Economic Area (EEA). If service providers (e.g. cloud platforms, marketing automation) require transfers to non-EEA Third Countries, the Data Controller ensures that the transfer will take place in compliance with Articles 44 et seq. GDPR, through an adequacy decision of the European Commission (Art. 45 GDPR), or standard contractual clauses (Art. 46 para. 2, lett. c) GDPR) or another adequate instrument, possibly accompanied by supplementary measures.
For updated information on transfers and the safeguards adopted, contact the Data Controller by e-mail at eoliannsrl@legalmail.it
10. YOUR PERSONAL RIGHTS
Data subject rights (Articles 15-22 GDPR)
You may exercise the following rights at any time:
a) Access (Art. 15 GDPR): confirmation of the existence of your data, access to them and to information relating to the processing;
b) Rectification (Art. 16 GDPR): correction of inaccurate data or completion of incomplete data;
c) Erasure / right to be forgotten (Art. 17 GDPR): deletion of your data in the cases provided for by law;
d) Restriction (Art. 18 GDPR): temporary suspension of processing in the cases provided for by law;
e) Portability (Art. 20 GDPR): receipt of your data in a structured and readable format and their transmission to another controller;
f) Objection (Art. 21 GDPR): objection to processing for direct marketing purposes and related profiling, with immediate and unconditional effect (Art. 21 para. 2 GDPR);
g) Withdrawal of consent (Art. 7 para. 3 GDPR): withdrawal at any time without prejudice to the lawfulness of previous processing. For the newsletter: unsubscribe link at the bottom of each e-mail. For profiling: contact the Data Controller by e-mail at eoliannsrl@legalmail.it
h) Complaint (Art. 77 GDPR): lodging a complaint with the Data Protection Authority.
You may exercise your rights by e-mail at eoliannsrl@legalmail.it, or by post by writing to EOLIANN S.R.L. SOCIETÀ BENEFIT, Corso Raffaello 28, 10125, Turin (TO).
You will receive a response within 1 month from the request, extendable by a further 2 months in the cases provided for by Art. 12 para. 3 GDPR.
11. HOW TO LODGE A COMPLAINT
Complaint to the Data Protection Authority
If you believe that the processing of your data violates the GDPR or Legislative Decree 196/2003, you may lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the supervisory authority of the EU Member State in which you reside, work, or in which the alleged violation occurred.
12. HOW WE PROTECT YOUR PERSONAL DATA
Technical and organizational security measures
The Data Controller processes your personal data lawfully, fairly and transparently. Appropriate technical and organizational security measures have been adopted (Art. 32 GDPR) to minimize the risks of destruction, loss, unauthorized modification, disclosure or unauthorized access to personal data. Processing takes place using IT tools and logical procedures strictly related to the stated purposes.
13. SPECIAL CATEGORIES OF PERSONAL DATA – NOT PROCESSED
Special categories of personal data (Art. 9 GDPR)
The Data Controller does not process personal data belonging to special categories pursuant to Art. 9 GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership; genetic data, biometric data, data concerning health, sex life or sexual orientation) and does not process your personal data relating to criminal convictions and offences or related security measures pursuant to Art. 10 GDPR.
We invite you not to enter such personal data in any field of the website www.eoliann.com; any such personal data that may be received will be immediately deleted without being retained.
14. PROFILING FOR PERSONALIZED COMMUNICATIONS
Notice pursuant to Art. 4, no. 4 and Art. 13 para. 2, lett. f) GDPR
The legal basis for profiling is indicated in chapter 5, lett. g). The operational details are described below.
What profiling consists of
Profiling (Art. 4, no. 4 GDPR) consists of the automated segmentation of newsletter subscribers into two distinct groups, determined by the chosen digital product (Guide or Report) and/or by interactions with the communications sent (opening, clicks, emerged thematic preferences). This segmentation allows the Data Controller to send you newsletter content relevant to your interests, without producing legal effects or similarly significant consequences for you (see also chapter 15).
How to withdraw consent and object
Pursuant to Art. 21 para. 2 GDPR, you have the absolute and unconditional right to object at any time to profiling connected with direct marketing, with immediate effect. As an additional voluntary transparency measure, the Data Controller also offers you the possibility to:
a) object to profiling connected with direct marketing (Art. 21 para. 2 GDPR), by contacting the Data Controller by e-mail at eoliannsrl@legalmail.it
b) withdraw consent to profiling, by contacting the Data Controller by e-mail at eoliannsrl@legalmail.it
c) request, as a voluntary measure offered by the Data Controller, the involvement of a natural person in evaluating your profile;
d) express your point of view on the profile created and contest its results.
Objection and withdrawal do not affect the lawfulness of processing carried out before the withdrawal/objection. Withdrawal of consent to profiling does not entail deletion from the newsletter.
Retention
Personal data and profiles created through profiling are retained until consent is withdrawn or an objection to direct marketing is made and, in any case, no longer than 12 months from the last significant interaction. Profiles are deleted simultaneously with the deletion of the underlying data.
15. NO AUTOMATED DECISION-MAKING WITH SIGNIFICANT EFFECTS
Art. 22 GDPR – statement of the Data Controller
Pursuant to Art. 22 GDPR, the Data Controller does not adopt any decision-making process based solely on automated processing – including profiling – that produces legal effects concerning the user or similarly significantly affects him or her.
By way of example, no systems are adopted for: automatic rejection of requests or access to services; automated determination of prices or contractual conditions; profiling resulting in exclusions or discrimination to the detriment of the user.
The profiling described in chapter 14 – segmentation of newsletter subscribers for the sending of relevant contents – does not fall within the scope of Art. 22 para. 1 GDPR: the only consequence is the receipt of newsletter contents more relevant to one’s interests, without any negative consequence for those who do not consent or object.
You may exercise your rights by writing to the Data Controller by e-mail at eoliannsrl@legalmail.it, or by post at EOLIANN S.R.L. SOCIETÀ BENEFIT, Corso Raffaello 28, 10125, Turin (TO).
Privacy Notice updated on 5 March 2026 The Data Controller – EOLIANN S.R.L. SOCIETÀ BENEFIT