Last Modified: November 23, 2020
The controller in terms of the GDPR, other national data protection laws of the EU member states and further data protection regulations is
Via Preferita 7
25014 Castenedolo (BS) – Italy
Tel.: +39 030 2731503
Fax: +39 030 2132523
email@example.comIn case of questions regarding data protection email: firstname.lastname@example.org
ERO, S.R.L. (“ERO”, “we”, “us” or “our”) has created this privacy statement in order to provide you with a clear understanding of our practices regarding the processing of your personal data while you use our website. We describe the types of personal data we collect, how we use that data and with whom we share it. We also describe the measures we take to protect the security of your personal data and how you can contact us regarding our privacy practices.
If you have any questions about this policy or our privacy practices, please email email@example.com or write to our Data Protection Officer at our offices at ERO, Via Preferita 7, 25014 Castenedolo (BS) – Italy, att. Data Protection Officer.
1.1. 1. General information on data processing
1.2. What is personal data?
“Personal Data” means any information relating to an identified or identifiable natural person, i.e. any information that can identify you personally, even if this is not directly possible (e.g. only by means of an identification number). Personal data is thus, for example, your name, postal address, telephone number, e-mail address or Internet Protocol (IP) address and others.
1.3. Scope of the processing of personal data
We collect your data when you provide us with this information during registration on the website or in the login area of the website. Other data is automatically collected by our IT systems when you visit the website. The processing of personal data of our users is regularly only carried out with the consent of the user or if the processing of the data is permitted by legal regulations.
1.4 No processing of sensitive data
We ask you not to transmit or disclose your sensitive personal data (for example, social security numbers, information relating to race or ethnic origin, sexual orientation, political opinions, religion or other beliefs, health, biometric or genetic characteristics, criminal background or union membership) through our website or otherwise.
1.5 Data protection for children
Our website is aimed at professionals. It is not targeted at children and we do not solicit or knowingly collect personal information from children under the age of 16 without verifiable parental consent. If you are not at least 16 years old, you are not authorized to use our website or services. Parents should be aware that there are online parental control tools available that can prevent children from submitting information online or accessing material harmful to minors without parental consent. If you learn that your child under the age of 16 has provided us with personal information without your consent, please contact us using the contact information above.
1.6 Legal basis for the processing of personal data
Generally, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications:
- Insofar as we obtain the consent of the data subject for processing of personal data, Article. 6, paragraph 1, subparagraph 1, section a of the GDPR serves as the legal basis.
- When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6, paragraph 1, subparagraph 1, section b of the GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
- Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6, paragraph 1, subparagraph 1, section c of the GDPR serves as the legal basis.
- In the event that vital interests of the person concerned or of another natural person require the processing of personal data, Article 6, paragraph 1, subparagraph 1, Section d of the GDPR serves as the legal basis.
- If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6, paragraph 1, subparagraph 1, section f of the GDPR serves as the legal basis for the processing.
For the processing operations carried out by us, we indicate below the applicable legal basis in each case.
1.7 Data deletion and storage period
For the processing operations we carry out, we specify in the following how long the data is stored by us and when it is deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose of storage no longer applies.
Any further storage can only take place if this has been provided for by the European or national legislator of Member States in ordinances, laws or other regulations to which the person responsible is subject.
1.8. Data processors
2. Provision of the website and creation of log files
2.1. Description and scope of data processing
Whenever our website is called up, our system automatically records data and information from the computer system of the calling computer – even without registration or other data input.
The following data is collected:
– information about the browser type and version used,
– user’s operating system,
– Internet service provider of the user,
– IP address of the user,
– date and time of access,
– websites from which the user’s system accesses our website,
– websites that are accessed by the user’s system via our website.
The data is stored in the log files of our system. This data is not stored together with other personal data of the user.
2.2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is found in Article 6, paragraph 1, subparagraph 1, section f of the GDPR. The purposes listed below also represent our legitimate interests.
2.3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
2.4 Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
2.5 Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.
When you return to our site, your browser sends the “user-related” information back to our site. Thanks to the cookies, our website knows who you are and offers you your usual default settings. However, cookies cannot directly identify a user.
Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans or other “pests”. Cookies also cannot access information on your device.
3.1 Description, scope and purposes of data processing
For our purposes we distinguish between three types of cookies:
1) Technically necessary cookies
These cookies are absolutely necessary to ensure the basic functions of the website. Some functions of our website cannot be offered without the use of these cookies. For these functions it is necessary that the browser is recognized even after a page change.
Technically necessary cookies are, for example, session cookies that save certain user settings (e.g. language settings), flash cookies for playing media content or opt-out cookies that can be used to revoke cookie consent.
The user data collected through technically necessary cookies is not used to create user profiles.
2) Functional Cookies
These cookies ensure a better user experience. For example, entered locations, font sizes or form data are stored. The purpose of using functional cookies is to simplify the use of websites for users.
3) Marketing Cookies
These include the so-called advertising, tracking and sharing cookies. Advertisement and tracking cookies are used to deliver customized advertising to the user. Sharing cookies are used to improve the interactivity of our website with other services (e.g. social networks).
Marketing cookies enable us to monitor the use and performance of our website, to compile statistics, to determine the number of visitors and the use of various website elements (which areas are most frequently accessed, which articles are most frequently read, etc.) to ensure that our services are as relevant and user-friendly as possible. This information enables us to improve and constantly optimize the quality of our website and its content.
3.2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 UAbs. 1 lit. f GDPR. Our legitimate interest here is to be able to offer you the basic functions of the website, without which the website will not function correctly.
The legal basis for the processing of personal data using functional cookies and marketing cookies is Art. 6 para. 1 subpara. 1 lit. a GDPR, if the user has given his/her consent in our cookie banner. When you visit our website for the first time, we ask you which cookies you wish to allow. When giving your consent, you can distinguish between functional cookies and marketing cookies. This decision is also stored in a cookie.
3.3. Duration of storage, possibility of objection and removal
Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit. In addition, we use permanent cookies that are stored beyond individual sessions. The expiration date of permanent cookies varies from a few minutes up to nine years.
You can prevent the collection of data generated by cookies and related to your use of the website (including your IP address) as well as the processing of this data by
- Not granting or revoking your consent to the setting of cookies:
You can withdraw your consent at any time with effect for the future by accessing the cookie settings in the lower left corner of our website and changing your preferences there.
- Preventing the storage of cookies by adjusting your browser software settings accordingly:
By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. You can find out how this works with the browser you are using from the help function of the browser. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
Please note that this website does not respond to DNT (Do Not Track) signals. Third party applications and plug-ins, such as social media integration, may treat DNT signals differently.
4.1 Description, scope and purposes of data processing
We can use so-called “pixel tags”, also known as “web beacons” or counting pixels. These are small graphic files that allow us to monitor the use of the website. A pixel tag is a technology that is placed on our website to track activity on the website and is often used in combination with cookies.
The “pixel tags” allow us to evaluate information such as visitor traffic on our website. The pseudonymous information may also be stored in cookies on your device and may contain, among other things, technical information about your browser and operating system, referring web pages, visiting time and other details about your use of our website, as well as being linked to such information from other sources. However, no comprehensive user profiles are created.
This data is used to statistically record the use of our website and to evaluate it for the purpose of optimizing our website.
4.2 Legal basis for data processing
The data processed by pixel tags is required for the above-mentioned purposes in order to safeguard our legitimate interests in the analysis, optimization and economic operation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
- Duration of storage and possibility of removal
The data retention period is 180 days.
5. Web analytics services
5.1 Google Analytics
5.1.1 Description, scope and purposes of data processing
If you have given your consent for marketing cookies, Google Analytics is used on our website. Google Analytics is a web analysis service of Google Inc. (“Google”), located at 1600 Amphitheatre Parkway, Mountain View, CA, 94043.
We use the User ID function. The User ID allows us to assign a unique, permanent ID to one or more sessions (and the activities within those sessions) and to analyze user behavior across devices.
During your visit to our website the following data, among others, is collected:
– The pages you have called up,
– Your “click path”,
– Achievement of “website goals” (conversions, e.g. newsletter subscriptions, downloads, purchases),
– Your user behavior (for example clicks, dwell time, bounce rates),
– Your approximate location (region),
– Your IP address (in abbreviated form),
– technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
– your Internet Service Provider;
– the referrer URL (via which website / via which advertising medium you came to this website).
On our behalf, Google will process this information to evaluate your use of the website and to compile reports on website activities. The reports provided by Google Analytics serve to analyze the performance of our website.
We use Google Analytics with the extension “_anonymizeIP()”. Due to the activation of IP anonymization on this website, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
5.1.2 Duration of storage and additional disposal option
The data retention period is 50 months.
However, the user data is reset by this user with each new event. This sets the expiration date to the current time plus the retention period mentioned above. The data retention period is 50 months, but if a user initiates a new session every month, the ID of this user is updated every month. If the user does not initiate a new session before the retention period expires, that user’s data is automatically deleted. If the user’s consent to the use of marketing cookies is revoked, this user’s data will not be updated when the user revisits the site.
In addition to the general options for preventing cookies (revocation of consent and browser settings) listed in section 3.3, you can specifically prevent the collection and processing of data by Google by downloading and installing the browser add-on for deactivating Google Analytics at http://tools.google.com/dlpage/gaoptout. In this way you can deactivate Google Analytics at any time
5.2 Interaction Studio
5.2.1 Description, scope and purposes of data processing
If you have agreed to the use of marketing cookies, our website uses Interaction Studio, an online personalization tool from Salesforce, Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA; email: firstname.lastname@example.org.
Based on a usage analysis, Interaction Studio allows personalized content to be displayed without identifying the person. The content displayed on our website is optimized for you through the collection and processing of your usage behavior, so that content tailored to your interests is displayed, e.g. by showing you targeted banners and relevant recommendations. We study the behavioral patterns of similar target groups who visit our websites, e.g., via an e-mail campaign or a link from a recommendation page, so that we can assess the effectiveness of our promotions and advertising campaigns and offer you more relevant content.
A marketing cookie is stored on your computer for this purpose. This cookie allows Interaction Studio to recognize you, but does not allow Interaction Studio to personally identify you. For example, this cookie can be used to determine whether you have visited a website before.
5.2.2 Duration of storage
Your information about the use of our website will be stored by Interaction Studio for two years.
Please, contact email@example.com or firstname.lastname@example.org if you want to learn more about Interaction Studio.
5.3.1 Description, scope and purposes of data processing
If you have given your consent for marketing cookies, our website uses Pardot, a marketing automation system (“MAS”) from Salesforce Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA; e-mail: email@example.com.
Pardot is a software module for recording and evaluating your use of our website. When you visit our website, Pardot MAS records your click path and creates an individual user profile using a pseudonym. Cookies are used for this purpose, which enable your browser to be recognized.
– if your account has no Vanity-CNAME,
– on https pages.
Pardot collects all information that you submit through website forms, including email, address, account name (company name), phone number, message, country, state, region, and opt-in and opt-out preferences.
5.3.2 Duration of storage
Pardot collects this information for a period of , which is reset each time you become active on ERO’s website.
Please, contact firstname.lastname@example.org or email@example.com if you want to learn more about how to use Pardot.
6. Processing of personal data within the scope of your contact
6.1. Description, scope and purposes of data processing
The processing of personal data is dependent on the contact method. A distinction can be made between contacting by e-mail and by contact form.
When you contact us by e-mail, the data you provide (name and surname, address), or at least the e-mail address, as well as the information contained in the e-mail (including any personal data you may have provided) are collected by us for the purpose of contacting you and processing your request.
As far as you use the contact form for communication, the indication of your first and last name, your e-mail address, the company name as well as the city and country of the company headquarters is required. Without this data, your request transmitted via the contact form cannot be processed. In addition, the IP address of the sender as well as the date and time of your request are recorded. The contents of the contact forms are transmitted via an encrypted https connection. If you do not agree with the processing of your data, you can cancel the contact process at any time until it is sent. Your message will then not be sent.
6.2 Legal basis for processing
The legal basis for this processing is Article 6 Paragraph 1 UAbs. 1 lit. f GDPR, since we have a legitimate interest in processing this data. This arises from the economic, idealistic and technical interest in the provision and use of a modern information medium. This interest outweighs the risk of possible adverse effects on data subjects as a result of the processing of their personal data.
6.3 Duration of storage, withdrawal and possibility of removal
The data will be deleted as soon as they are no longer necessary for the processing of your request or you have revoked the corresponding processing of your data via firstname.lastname@example.org.
We will not delete the data if we have the right to continue to store this data for another reason (for example, the processing is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures) or if we are obliged to do so by law.
7. Live chat WhosOn
7.1 Description, scope and purposes of data processing
We use Parker Software’s WhosOn live chat solution (“WhosOn”) of Parker Software Limited, Victoria Business Park, Prospect Way, Staffordshire, ST8 7PL which allows us to interact with you according to your needs.
The live chat solution helps us to identify and contact prospects, improve conversion rates, increase sales, and improve customer satisfaction. The live chat allows us to actively involve website users and provide real-time advice to find a solution from the first contact.
WhosOn collects the following personal information on our behalf: Name, e-mail address, company and country.
Name and e-mail address are mandatory. This information is necessary to determine whether the request is from an existing account or from a prospective customer. The name is required in addition to the email to determine which contact is communicating with our representative if the email address is shared by multiple contacts within an account.
In addition, it may also collect personal information that you provide to us via email, telephone, live chat or other communication methods and that is voluntarily disclosed during communication with us. We store the information collected during a WhosOn chat in our CRM and use it to create web or sales reports.
WhosOn uses a cookie that is issued by the WhosOn live chat application. It is used to associate a user with a ‘user record’ that stores the IP address and user agent.
7.2 Legal base for processing
WhosOn only allows live chat with website users if the user has given his or her consent.
The legal basis for the processing of personal data using the live chat function is the user’s consent pursuant to Art. 6 par. 1 UAbs. 1 lit. a GDPR, which is given in the live chat mask.
7.3 Duration of storage, withdrawal and possibility of removal
The consent can be revoked at any time by e-mail to email@example.com.
After revocation of the consent, the data will be deleted, unless we are entitled to further storage of this data for another reason (for example, processing is necessary for the fulfillment of a contract to which you are a party or for the implementation of pre-contractual measures) or we are obliged to do so due to statutory storage obligations.
WhosOn automatically deletes old chat records that are older than 1825 days. WhosOn always maintains traffic history, but automatically deletes old database records older than 95 days. Page and exception details older than 35 days are also automatically deleted. Chat logs are retained unless you decide to log out when prompted to do so. You can get a copy of your chat history if you provide your email address at the end of the session.
You can read more about WhosOn and its privacy practices at https://www.whoson.com/privacy/.
8.1 Description, scope and purposes of data processing
On our website you have the possibility to subscribe to a free newsletter. Newsletters are sent out monthly or quarterly and the frequency can be chosen by the recipient. When registering for the newsletter, the data from the input mask is transferred to us. This concerns the name and e-mail address of the user. The input of the name is optional.
In addition, the following data is collected during registration:
– IP address of the calling computer,
– date and time of registration.
After registration, the user will be contacted at the e-mail address and asked to confirm that he or she is the owner of the e-mail address provided and agrees to receive the newsletter (so-called “double opt-in”)
The collection of the user’s e-mail address is used to send the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
8.2 Legal base for processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 UAbs. 1 lit. a GDPR, if the user has given his consent.
8.3 Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The data is therefore stored as long as the subscription to the newsletter is active. Otherwise, we delete the data if we have indications that they are not (no longer) correct.
We will not delete the data if we have the right to continue storing the e-mail address for another reason or if we are obliged to do so by law.
8.4 Withdrawal and removal
The subscription to the newsletter can be cancelled by the affected user at any time. For this purpose there is a corresponding link in every newsletter. This also enables the user to revoke his or her consent to the storage of personal data collected during the registration process. Alternatively, the user can revoke his consent by sending an e-mail to firstname.lastname@example.org.
We use BriteVerify, an email validator service from Validity, Inc. 200 Clarendon Street, Boston, MA 02116; email: email@example.com.
BriteVerify is used within the forms on the website. BriteVerify processes the email address you enter on our behalf. BriteVerify determines whether the email address you enter is valid. Once the verification is complete, the data is sent back to the form via a secure connection to complete the process. This completes any engagement with your email address in the website form. No personal information is retained after the verification process is completed by BriteVerify.
10. Other recipients of your personal data
In addition to the above-mentioned recipients, we may disclose your personal data to IT service providers or forward it to them. These IT service providers are carefully selected by us and work for us as processors. They will only work according to our instructions and have been contractually obliged to comply with data protection regulations.
In order to fulfill our legal obligations for bookkeeping and the preparation of annual financial statements, we use third parties (tax consultants, auditors and lawyers) who are legally bound to secrecy, as we cannot provide these services ourselves (legitimate interest). These third parties may receive your personal data or have access to such personal data in the course of their work (legal basis is Art. 6 Par. 1 f) GDPR).
We use external service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to handle our business transactions.
Among others, we use the following hosting and backup services:
- Amazon Web Services Hosting
For the hosting of the database and web content we use Amazon Web Services Inc. (“AWS”), P.O. Box 81226, Seattle, WA 98108-1226, USA. For more information about AWS and data protection, please visit https://aws.amazon.com/de/privacy/.
- Backup-Service GoDaddy.com
In order to ensure the security and continuity of our website, we regularly make full backups of all data on our website and the associated databases. For this purpose, we use the service provider GoDaddy.com LLC (14455 N. Hayden Rd, Ste. 219, Scottsdale, AZ 85260, USA), which processes the data on our behalf for the purpose of backups.
For a complete list of contractors that ERO currently uses and additional information, please contact firstname.lastname@example.org.
11. Transfer of your data to the US
We are a US company, and collect your personal data during your use of our website directly in the US. This is a third country for which no adequacy decision by the EU Commission is currently available.
In July 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid. Following the ECJ ruling, the US Department of Commerce announced that it will continue to enforce the Privacy Shield for current registrants while working with the EU Commission to develop and implement a new data transfer framework.
ERO strives to implement appropriate safeguards to protect the privacy and security of your personal information and to use it only in accordance with your relationship with ERO and the practices described in this Privacy Notice. Please contact our data protection contact if you would like to receive more detailed information.
12. Third party websites
13. Your privacy rights
You can assert your rights as a data subject with regard to your processed personal data at any time by contacting us at the contact details given above. You have the right as a data subject:
– Right to be informed about your personal data processed by us
– Right to correct incorrect data or to complete your data stored with us
– Right to limit the processing if the accuracy of the data is disputed by you or the processing is unlawful
– Right of deletion, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims
– Right to data transferability, which means that you can receive your data that you have provided us with in a structured, common and machine-readable format or request that it be transferred to another responsible party
– Right to object to processing:
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article. 6, paragraph. 1, subparagraph. 1, letter section f of the GDPA; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless he it can be demonstrated that there are compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is related to such direct marketing.
If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures (e.g. by appropriate browser settings) using technical specifications.
You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes in accordance with Art. 89, paragraph 1 of the GDPR.
Your right of objection may be limited, among other things, to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impair it and the limitation is necessary for the fulfillment of the research or statistical purposes.
– Right to revoke declarations of consent under data protection law
– Right to complain about the processing of your personal data in our company to a data protection supervisory authority.