Privacy Policy

Pursuant to Art. 13 of EU Reg. 2016/679 (GDPR).

HARLEY & DIKKINSON ENVIRONMENTAL SOCIAL GOVERNANCE S.R.L., headquartered in Milan, Via dei Piatti No. 8, registered in the Milan Companies Register, VAT and Tax Code 12140700969, PEC [email protected] (hereinafter also "H&D ESG" or "the Company" or "the Data Controller") is the Data Controller and processes the personal data of users entered as part of the services provided by ESG and stored in the company CRM called "GAIA". GAIA, in particular, is the central CRM where the company's data also flows, dedicated to the collection, management and storage of personal data of users, customers and potential customers, also used for marketing and profiling purposes. Data managed on GAIA are accessible to H&D ESG and other partner companies in its network, as well as to authorized collaborators, according to the principles of lawfulness, fairness and transparency.

This information is provided pursuant to Art. 13 of EU Reg. 2016/679 (GDPR) and applies to the processing of personal data of users of the GAIA corporate CRM, operated by Harley & Dikkinson Consulting S.r.l. ("H&D ESG").

1. Legal Basis (Art. 6 GDPR), Purpose and Nature of Processing. (why we process your data)

HARLEY & DIKKINSON ENVIRONMENTAL SOCIAL GOVERNANCE S.R.L., headquartered in Milan, Via dei Piatti No. 8, registered in the Milan Companies Register, VAT and Tax Code 12140700969, PEC [email protected] (hereinafter also "H&D ESG" or "the Company" or "the Holder"). The Company manages the personal data entered in the GAIA CRM for purposes related to the provision of its services and for promotional or informational activities in relation to the products and services of the H&D ESG group. H&D ESG may use other companies in its network and business partners to carry out processing operations, with the latter appointed as external data processors where necessary.

Purpose of Treatment and Legal Basis

The processing of personal data within GAIA is done for the following purposes:

1. Contractual Execution and Provision of Services: Users' personal data are processed to ensure the proper delivery of services, including support, advice and customer service activities, through access to and use of the GAIA platform (Art. 6(1)(b) GDPR). This includes handling requests for information, updates, and other related services.
   
   
2. Fulfilment of legal obligations, administrative, accounting and tax obligations, or as required by regulation or European or international law.
   
   
3. Marketing and Sales Promotion Purposes: with the consent of the data subject, data may be used to send promotional, informational and advertising communications about products and services of H&D ESG and business partners. These communications may be by email, telephone or other electronic means of communication (Art. 6(1)(a) GDPR). Marketing purposes may include sending periodic product updates, special promotions, invitations to events or other commercial initiatives.
   
   
4. Purposes of Profiling via Artificial Intelligence: With the user's consent, data collected within the GAIA CRM may be analyzed through Artificial Intelligence systems for user profiling. Such profiling allows for a better understanding of user preferences and improved personalization of services and communications. Data analysis through AI can include processing historical purchase, behavioral, or browsing data in order to optimize interactions with users.
   
   
5. Soft spam: Users' personal data may be used, without explicit consent, to send promotional communications regarding products or services similar to those already purchased or used by the data subject. Such communications may be sent by email, SMS or other electronic means of communication, in compliance with the current legislation on the processing of personal data and commercial communications (art. 6(1)(f) GDPR). The data subject always has the possibility to object to such communications at any time, through the modalities provided for the exercise of rights under Chapter III of the GDPR.

2. Type of data processed

As part of the services provided by HD ESG, different types of users' personal data are processed, including:

1. Identifying data: First name, last name of the data subject.
   
   
2. Contact data: Phone number, email address, and other contact information provided.
   
   
3. Data related to the use of the GAIA platform: browsing information, interaction history, preferences, and specific requests recorded.
   
   
4. Profiling data: Information collected or derived about users' preferences, skills, and interests, analyzed via AI to improve offerings and marketing communications.
   
   
5. Administrative and payment data (where applicable): Used for the eventual administration of contracts, billing and transactions where necessary for service delivery.

3. Time, data processing methods and data security

Data are processed primarily through computer and telematic systems and are protected by appropriate technical and organizational security measures to ensure confidentiality and data integrity, in accordance with the principles of privacy by design and privacy by default. The CRM is equipped with secure authentication and encryption systems, with access restricted to authorized employees and data processors only. All activities are monitored to prevent unauthorized access, data loss or misuse.

Data are processed fairly and transparently, through electronic and computerized means and stored on cloud archives provided by third parties, located within the European Union. For further information you can submit a written request to. [email protected]

4. Communication and dissemination of data

H&D ESG undertakes not to transfer the personal data communicated and/or processed to anyone. However, they may be communicated to any third parties (whether appointed for this purpose as external Data Processors or as autonomous Data Controllers) in order to fulfill legal or contractual obligations, as well as to third parties that the Data Controller uses in the exercise of its activities, to the extent that this is necessary for the exercise of the Company's activities (such as teleselling companies for outsourced communications, IT consultants, public authorities, as well as other H&D branded companies, etc.).

5. Rights of the Interested Party

The Data Subject has all the rights provided for in Articles 15 et seq. of the GDPR. In particular, he/she has the right to obtain access, rectification, deletion, portability of the data, as well as the right to restriction of their Processing, the right to withdraw consent (without affecting the lawfulness of the previous Processing), to object to the Processing itself, and to lodge a complaint with a Supervisory Authority.

These rights may be exercised by the Data Subject by making a request addressed without formality to the Data Controller, which shall be responded to appropriately without delay, by mail or by fax to the contact details below, indicating on the envelope or sheet the words "Inherent to Privacy," or by sending an e-mail to [email protected]

Data Controller

The Data Controller è HARLEY & DIKKINSON ENVIRONMENTAL SOCIAL GOVERNANCE S.R.L., headquartered in Milan, Via dei Piatti No. 8, registered in the Milan Companies Register, VAT No. and Tax Code 12140700969.