This policy is provided in compliance with Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation” or “GDPR”) and outlines the processing methods for personal data of users who visit and interact with this website, accessible at DotEnv – La tua software house, il tuo partner tecnologico (hereinafter the “Website”). It also applies to services offered via the Website. Under the GDPR, personal data collection and processing will always adhere to principles of lawfulness, fairness, and transparency. Users accessing the Website (referred to as “data subjects”) may have their personal data processed, including any identifiable or identifiable natural persons.
The Data Controller is DOTENV S.R.L., located in Ferrara (FE), Via L.V. Beethoven 15/C, 44124 Ferrara (FE), VAT No. 02062960386. You can contact the Data Controller at the following email address: info@dotenv.it
DotEnv has appointed a Data Protection Officer (DPO) to whom you can direct inquiries, exercise your rights, or request information about data processing. The DPO can be reached via:
Email: massimo.dimenna@ingpec.eu
Email: massimo.dimenna@gruppoingegneria.it
1. Browsing Data
The Website’s IT systems and software procedures collect certain technical and computer-related data (e.g., IP address, browser type, operating system, domain name, and referring/exit web pages). This data collection occurs as part of the normal operation of the internet.
Purpose: These data are processed solely for anonymous statistical purposes and to ensure the Website functions correctly.
Retention: Such data is deleted immediately after processing.
Legal Basis: Processing is based on the Data Controller’s legitimate interest in making the Website accessible and secure (Article 6, para. 1, letter f). For profiling activities, the explicit consent of the user is required (Article 6, para. 1, letter a).
2. User-Initiated Contact via Email, Phone, or Forms
If a user voluntarily contacts DotEnv via email, phone, or a website form, their provided data (including their email address) will be processed to respond to their inquiry. Providing this data is optional but necessary for receiving a response.
Purpose: The data is used exclusively to respond to the user’s requests and is shared with third parties only when necessary to fulfill the request.
Retention: Data is retained only as long as necessary to fulfill the request, in accordance with applicable laws.
Legal Basis: Processing is based on fulfilling a contractual or pre-contractual obligation with the user (Article 6, para. 1, letter b).lett.b).
3. Submission of Curriculum Vitae via “Work with Us” Section
Users submitting their CVs through the “Work with Us” section provide personal data necessary to process their application, including name, email, phone number, and details included in their CV. No additional processing is carried out.
Purpose: Data is processed for recruitment and selection or to propose other suitable job opportunities.
Retention: Data of unsuitable candidates is deleted within 14 days of the decision. Data of candidates considered for other roles is retained for up to 12 months.
Legal Basis: Processing is based on pre-contractual obligations (Article 6, para. 1, letter b).
4. Newsletters and Commercial/Promotional Communications
Users may voluntarily provide their contact information to receive promotional or informational communications about DotEnv’s activities. Participation in this service is optional but essential for receiving newsletters.
Purpose: Data such as name, email, phone number, and company name are used for promotional communications and shared with third parties only with the user’s explicit consent.
Retention: Data is retained for up to two years unless consent is renewed or other legal purposes are applicable.
Legal Basis: Processing is based on the user’s explicit consent (Article 6, para. 1, letter a).
5. Links to External Websites
The Website may contain links to external websites. When users click on such links, they may be redirected to external platforms that may collect personal data via cookies or other technologies. DotEnv assumes no responsibility for these external websites, and users are encouraged to review their privacy policies.
6. Social Media Plugins
The Website integrates social media plugins (e.g., Instagram, LinkedIn, Facebook, TikTok). When users interact with these plugins, data may be shared with social media providers. If users are logged into their social media accounts, these interactions may be linked to their profiles.
7. Cookies
This Website uses technical, tracking, and profiling cookies. For more details, refer to the specific Cookie Policy. cookie policy
The personal data collected is processed by the Owner’s personnel, who operate under proper authorization and in accordance with specific instructions regarding the purposes and methods of processing.
Additionally, data may be shared with processors appointed under Article 28 of the GDPR, or with sub-processors engaged by the Owner to provide services or carry out activities within their scope of operations. These parties process the data strictly within the limits of their assigned responsibilities. A full list of such processors can be requested by contacting the Owner via the contact information provided in Section A. If a data processor or sub-processor is designated in connection with the services offered on the website, the data will be shared with their respective data controller or processor.
There is no transfer of the provided personal data outside the country.
Data subjects—identified or identifiable individuals to whom the data pertains—are entitled to exercise specific rights regarding their personal data protection, as outlined below:
a) Right of Access: The right to request confirmation from the Owner as to whether their personal data is being processed. If so, data subjects may access their personal data and detailed information about its origin, purposes, categories of processed data, recipients of any data sharing or transfer, and more.
b) Right of Rectification: The right to have inaccurate personal data corrected without undue delay, as well as to have incomplete data completed, including through a supplementary statement.
c) Right to Erasure (“Right to Be Forgotten”): The right to request the deletion of personal data without undue delay under specific circumstances, such as:
The data is no longer necessary for the purposes for which it was collected.
Consent for processing has been withdrawn, and no other legal basis exists.
The data has been processed unlawfully.
Deletion is required to comply with a legal obligation.
d) Right to Object: The right to object at any time to the processing of personal data where the legal basis is the Owner’s legitimate interest.
e) Right to Restriction of Processing: The right to request restricted processing under specific circumstances, such as when the accuracy of the data is contested (for the time needed for verification), if the processing is unlawful, or when the subject has objected to the processing.
f) Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller, where technically feasible, when the processing is based on consent or a contract and is carried out through automated means.
g) Right to Lodge a Complaint: Without prejudice to other administrative or judicial remedies, data subjects who believe their data has been processed in violation of the GDPR have the right to lodge a complaint with the supervisory authority in the Member State where they reside, work, or where the alleged violation occurred.
To exercise these rights, data subjects may contact the Owner using the details provided in Sections A and B:
Data Controller: info@dotenv.it
Data Protection Officer (DPO): massimo.dimenna@gruppoingegneria.it
This notice was last updated on October 18, 2023.
In accordance with the General Data Protection Regulation (EU Regulation 2016/679 – GDPR), this notice outlines how personal data is processed for individuals interacting with DotEnv S.r.l..
1. Data Controller
The Data Controller is DotEnv S.R.L., located at Via L.V. Beethoven 15/C, 44124 Ferrara (FE), Italy. VAT Number: 02062960386. For inquiries, contact info@dotenv.it.
The processed data includes personal information (e.g., identification and contact details of individuals interacting with the Data Controller in connection with contractual relationships), phone numbers, emails (personal or department-specific), addresses, as well as accounting, financial, administrative, and banking information necessary for fulfilling contractual obligations.
2. Purpose and Legal Basis of Processing
The personal data provided will be processed for purposes related to the execution of the contract, including pre-contractual activities. Specifically, this includes:
Maintaining client and supplier records.
Accounting and invoicing.
Communication through both paper and digital means.
Compliance with tax and legal obligations.
Management of requested services and contractual agreements.
Scheduling appointments, processing orders, and organizing deliveries.
The legal basis for processing is the contract established with the data subject (Art. 6, para. 1, lett. b) GDPR) and compliance with legal obligations (Art. 6, para. 1, lett. c) GDPR).
a) data will be retained only as long as necessary to fulfill the purposes for which it was collected. Generally, data will be stored for the duration of the contract and for up to 10 years after its termination, as required for tax and legal compliance (Art. 2220 of the Italian Civil Code).
Reg.Europeo;
b) the fulfillment of legal obligations established by legal provisions regarding tax and fiscal regulations. The legal basis for processing is the contractual relationship as provided by Article 6, letter c) of the European Regulation. Providing the data is mandatory; refusal to provide the data or a complete objection to its processing for the stated purposes may result in the inability to conclude the contractual relationship with you.
c) the sending of communications via email to the contact details provided to the Data Controller through the voluntary and optional submission of emails, phone contact, or participation in trade fairs results in the subsequent acquisition of the communicated data and consent to receive possible response messages to requests. These communications also include emails related to company initiatives and invitations to events where ongoing or potential business relationships can be further developed.
The personal data provided is used solely to fulfill or respond to submitted requests and is shared with third parties only when necessary for this purpose. Processing is carried out to fulfill a contractual or pre-contractual obligation undertaken by the Data Controller in connection with the service (Art. 6, para. 1, letter b).
3. Recipients of Data
Your data may also be shared with third parties for technical or operational needs, specifically:
a) organizations and professionals tasked with administrative, accounting, and management duties
b) public authorities and bodies to meet legal obligations
c) banks and financial institutions required for fulfilling contractual obligations
d) providers of IT and telecommunication services necessary for the contract’s execution. A detailed list of processors is available upon request.
4. Data Retention
Data will be retained only as long as necessary to fulfill the purposes for which it was collected. Generally, data will be stored for the duration of the contract and for up to 10 years after its termination, as required for tax and legal compliance (Art. 2220 of the Italian Civil Code).
5. Data Transfer
The Data Controller does not transfer personal data to non-EU countries or international organizations.
6. Rights of Data Subjects
As outlined earlier, data subjects have the right to access, rectify, delete, restrict, or object to the processing of their data, as well as the right to data portability. They may lodge a complaint with a supervisory authority if they believe their data has been processed unlawfully.
a) Right of Access: The right to request confirmation from the Owner as to whether their personal data is being processed. If so, data subjects may access their personal data and detailed information about its origin, purposes, categories of processed data, recipients of any data sharing or transfer, and more.
b) Right of Rectification: The right to have inaccurate personal data corrected without undue delay, as well as to have incomplete data completed, including through a supplementary statement.
c) Right to Erasure (“Right to Be Forgotten”): The right to request the deletion of personal data without undue delay under specific circumstances, such as:
The data is no longer necessary for the purposes for which it was collected.
Consent for processing has been withdrawn, and no other legal basis exists.
The data has been processed unlawfully.
Deletion is required to comply with a legal obligation.
d) Right to Object: The right to object at any time to the processing of personal data where the legal basis is the Owner’s legitimate interest.
e) Right to Restriction of Processing: The right to request restricted processing under specific circumstances, such as when the accuracy of the data is contested (for the time needed for verification), if the processing is unlawful, or when the subject has objected to the processing.
f) Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller, where technically feasible, when the processing is based on consent or a contract and is carried out through automated means.
g) Right to lodge a complaint with the supervisory authority: Without prejudice to any other administrative or judicial remedy, the data subject who believes that the processing concerning them violates the Regulation has the right to lodge a complaint with the supervisory authority of the Member State in which they reside, habitually work, or where the alleged violation occurred. Rights can be exercised by contacting the Data Controller at the following address: info@dotenv.it
This privacy notice is updated as of 31/07/2023.