Website Policy on the Protection of Personal Data

This Privacy Policy governs access to and use of the services offered on the Site by Users, in their capacity as interested parties to whom the protected personal data belong, in accordance with EU Regulation 2016/679 on the protection of personal data and the free movement of such data, as well as current legislation on the protection of personal data.


Data controller

It is the company ESTON CHIMICA s.r.l. with sole shareholder, C.F. /VAT 03402060283, Via Maiorana, n. 5 - CAP 35010 - Cadoneghe ( Padova ) contact address and - mail:


In line with its mission and values, Eston Chimica s.r.l. is committed to protect the personal data of each person with respect for the identity, dignity of each human being and the fundamental freedoms constitutionally guaranteed in accordance with EU Regulation 2016/679 ("EU Reg.") on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("Personal Data").


Our policy

The protection of Personal Data is based on the observance of the principles illustrated in this document, which the Data Controller undertakes to circulate, respect and ensure that its members, employees and collaborators and the recipients or third parties with whom it collaborates in the context of its activities and mission respect it.

The Data Controller is committed to ensure that the Personal Data Protection Policy, and all that is thereby entailed, is understood, implemented and supported by all subjects, internal and external, involved in its activities taking into account its concrete reality, its investment possibilities and above all its values.

In particular, Eston Chimica s.r.l. undertakes to :

  • communicate and circulate its policy on the protection of personal data;
  • to listen and pay attention to all its interested parties - partners, employees, collaborators, investors, promoters, beneficiaries, customers, suppliers, consultants - and taking due account of their requests regarding the processing of personal data and giving prompt feedback;
  • treat personal data: in a lawful, correct and transparent manner in line with constitutional principles and current legislation, in particular the new EU Regulation, and only for the time strictly necessary for the purposes envisaged, including those to comply with legal obligations;
  • collect personal data only to the extent necessary to carry out the activities (relevant and limited personal data);
  • treat personal data according to the principles of transparency, only for the specific purposes that are expressed in its information;
  • adopt processes of updating and rectification of personal data processed to ensure that personal data are, as far as possible, correct and up to date;
  • to store and protect the personal data in its possession with the best preservation techniques available, also using service contracts with suppliers that provide sufficient guarantees on the security of processing and ensure the protection of the rights of the person concerned;
  • guarantee the continuous updating of the measures for the protection of personal data. This commitment will be constantly followed within the framework of the principle of accountability by implementing, on a consistent basis, appropriate technical and organisational measures and appropriate company policies, to ensure and be able to demonstrate that the processing is carried out in accordance with the EU Regulation, taking into account the state of the art, the nature of the personal data stored and the risks to which they are exposed.
  • make clear, transparent and relevant the way in which Personal Data is processed and stored so as to ensure adequate security
  • provide training and information to its members and staff, on the basis of the work carried out, on the principles of lawfulness and correctness to which this Policy for the Protection of Personal Data and the Processing of Personal Data must conform and on compliance with the safeguard measures adopted
  • to encourage the development of a sense of responsibility and awareness of the entire organization towards personal data, seen as data owned by the individuals concerned;
  • ensure compliance with the legislative and regulatory provisions applicable to the protection of personal data, updating the management of the protection of personal data where necessary;
  • prevent and minimize, in so far as this is compatible with available company resources, the impact of potential violations or unlawful and/or damaging processing of personal data;
  • promote the inclusion of personal data protection in the continuous improvement plan that the organization pursues with its management systems
  • This Personal Data Protection Policy will be brought to the attention of all internal personnel, members and collaborators, also through specific awareness meetings.



Why this policy and who it is addressed to

This policy is addressed to the users of the site (" Site") and all individuals interested in the processing of their personal data by the Data Controller, in the context of their business activities (" Interested " or " User ").

Access to certain sections of the Site and/or any requests for information or services by users may be subject to the inclusion of Personal Data which will be processed in accordance with the EU Regulation.

For the use of specific services by the User, specific information will be provided from time to time and specific consents will be requested, where necessary, for the processing of Personal Data.

This information is provided only for the Site and not for other websites accessed by users through links that may be referred to on this site.



The term "personal data" refers to the definition contained in Article 4(1) of the EU Regulation, i.e. " any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" ("Personal Data").

The EU Reg. provides that, before proceeding with the processing of Personal Data - this term being understood, according to the definition contained in the EU Reg. EU, " any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction" (" Processing "), it is necessary that the person to whom such Personal Data belong is informed about the reasons and purposes for which such data are requested and how they will be used.

Personal Data may be communicated to specific subjects considered recipients of such Personal Data. The EU Regulation defines as the recipient of a Personal Data "the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party" (hereinafter the "Recipients").

Personal Data may also be communicated to specific subjects considered by the EU Reg. as "persons authorised to process Personal Data under the direct authority of the Owner or the Data Controller" (hereinafter the "Authorised Persons").

Among other things, according to the EU Regulation, "public authorities that may receive communication of Personal Data within the framework of a specific investigation in accordance with the law of the Union or the Member States are not considered Recipients".

In this regard, the purpose of this document is to provide, in a simple and intuitive manner, all the information that is useful and necessary for the User to be able to provide Personal Data in an informed and informed manner and, at any time, to request and obtain clarifications and/or corrections.


Categories of Data and Treatments


Navigation data

The computer systems and software procedures used to operate this portal acquire, in their normal operation and for the sole duration of the connection, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected for the purpose of associating it with the identified interested parties but, by their very nature, could, through processing and association with data held by third parties, allow the identification of users visitors (eg IP addresses), domain names of terminals used, addresses in URI (Uniform Resource Identifier) of applicants, the time of requests, etc.. These data, deleted immediately after processing, are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its proper functioning. The data on web contacts are not stored for more than seven days, except for any computer crimes against the sites. No data deriving from the service will be communicated or circulated.

To learn more about the subject, the interested party can read the cookies policy in the Privacy section of the site.


Contact details provided by the User

The optional, explicit and voluntary sending of your Personal Data to access the services, and make requests via e-mail, involves the subsequent acquisition by the Owner of the sender's address or any other personal data that will be processed to respond to the request or for the provision of the service as well as to carry out all related activities and to comply with legal obligations (for example in tax). Failure to provide such data, even partially or inexactly, would make it impossible not only to use the services requested but also, in some cases, to comply with regulatory obligations.

In order to take advantage of the services offered or make requests, it may be necessary to register by filling out a registration form or first contact ("Form").

The provision of personal data indicated in the above form is required to complete the registration procedure only for data marked with an asterisk (*), so the failure, partial or incorrect entry of such data invalidates the registration and therefore will not allow you to take advantage of the services themselves.

In the forms of the site may be provided, pursuant to Articles. 12 and 13 of EU Regulation, information for specific purposes related to the use by the User of these parts of the site.

The treatment will be carried out with both manual and computerized and telematic tools in compliance with the rules in force and the principles of correctness, lawfulness, transparency, relevance, completeness and not excessive, data minimization and accuracy and with logic of organization and processing closely related to the purposes pursued and in any case in order to ensure the security, integrity and confidentiality of the data processed, in compliance with organizational, physical and logical measures provided for by the provisions in force. Which will be implemented and increased from time to time also in relation to technological development to ensure confidentiality, availability and integrity of data processed.


Purposes of processing and legal bases of processing

The User's navigation data are used only to obtain statistical information on the use of the Site. With regard to the data provided directly by the User, in order to use the services of the Data Controller or to make requests via e-mail, they are collected and processed, within the limits of the information provided in the appropriate sections in order to respond to requests received. The processing of Personal Data provided by filling in the first contact form (" Form ") and in the subsequent stages of treatment with respect to the selection of the Project is carried out for the purposes of: managing requests for contact and offer of a service in all its stages, including contractual or provide technical material.

The legal basis of the treatment can be identified in accordance with art. 6 of the EU Regulation in: pre-contractual and contractual obligations in the context of the execution of a contract; legal obligations to which the Data Controller is subject; the need to pursue a legitimate interest (eg. right to defense) of the Data Controller.


Automated decisions

The Data Controller declares that he/she does not make any decisions that may influence the interested party based exclusively on the automated processing of his personal data. All decision-making processes associated with the purposes of the processing described above are carried out with human intervention.


By whom are processed and communicated personal data

Personal Data may be communicated to specific subjects considered Recipients or Persons Authorized to process such Personal Data under the Authority of the Data Controller. In this context, in order to correctly carry out all the processing activities necessary to pursue the purposes of this Policy, the following Recipients may be in a position to process Personal Data:

- employees and/or collaborators of the Data Controller performing the functions involved in the activities of the Data Controller who have received, in this regard, adequate instructions on security and proper use of your personal data.

- third parties who carry out part of the processing activities and/or activities connected with or instrumental to the same on behalf of the Data Controller, such as, for example, persons, companies, associations or professional firms based in European Union countries, who have been assigned the task of providing services, including maintenance of the Site and other assistance and/or consultancy activities on behalf of the Data Controller. The third parties mentioned above are essentially included in the following categories: (a) parties with whom the Data Controller has concluded agreements for collaboration and supply of services; (b) parties operating in the Sector; (c) credit institutions involved in the provision of the Services; (d) Consultants;

- Public authorities or public bodies for the fulfilment of the legal obligations to which the Data Controller is subject, and any other public body entitled to request data, in the cases provided for by law.

Where required by law or to prevent or suppress the commission of an offence, Personal Data may be communicated to public bodies or judicial authorities.

It is understood that the data processed will be exclusively those necessary to achieve the specific purpose, it follows that the data managed through third parties will be limited to the specific purpose.

Personal Data will not be disclosed.


International transfers of personal data

Personal Data will be processed by the Data Controller within the territory of the European Union.

In the event that for technical and/or operational reasons it becomes necessary to make use of parties located outside the European Union, the transfer of your Personal Data, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the EU Regulation. We will therefore take all necessary precautions to ensure the full protection of your Personal Data by basing such transfer: (i) on decisions of adequacy of the third country recipients expressed by the European Commission; (ii) on adequate guarantees expressed by the third party recipient pursuant to Article 46 of the EU Regulation; (iii) on the adoption of binding business rules.


Storage period

One of the principles applicable to the Processing of your Personal Data concerns the limitation of the storage period. In the light of this principle, Users' Personal Data will be processed by the Data Controller only to the extent necessary to achieve the purposes of this Policy. Navigation data will be stored according to the terms illustrated by the cookies policy.

The Personal Data collected in the "contact form" will be processed for a period of time equal to the minimum necessary, i.e. until the termination of any pre-contractual and contractual relations in place with the Data Controller, taking into account the legal limitation periods and tax or other conservation obligations provided for by law or EU Regulation, for which the principle of no excess will apply (art.6 letter f).

Commercial communications and revocation of consent

The data provided with particular reference to the mere promotional purpose, may be used by the Data Controller to send information material related to the activities and products provided by the owner. These communications may be made by sending e-mails, by telephone, or by sending advertising material to the domicile of the person concerned.  For this purpose, specific consent may be required.

Failure to provide and consent for this purpose has the sole consequence of not being able to carry out the activities of commercial communication.

The data provided for the above purposes will be kept for a maximum period of 10 years and, in any case, until revocation of your consent. In fact, as provided for by the EU Reg., if the Interested party has given his/her consent to the Processing of his/her Personal Data for one or more of the purposes for which it was requested, he/she may, at any time, withdraw his/her consent in whole and/or in part without prejudice to the lawfulness of the Processing based on the consent given prior to the withdrawal.

The procedures for revoking consent are very simple and intuitive, just contact the Data Controller using the contact channels provided in this Policy.

In addition to the above and for the sake of simplicity, if the Interested party is in a position to receive e-mail messages published by the Data Controller that are no longer of interest, simply click on the unsubscribe button at the bottom of them to no longer receive any communication through other contact channels for which consent has been obtained (SMS, paper, fax, telephone, social).


The rights of the interested party and their exercise

As provided for in Article 15 of the EU Regulation, the Interested party may access his/her Personal Data, request their rectification and updating, if incomplete or incorrect, request their deletion if the collection was made in violation of a law or EU Regulation, and oppose the Processing for legitimate and specific reasons.

In particular, the rights that you may exercise, at any time, against the Data Controller are as follows.

Right of access: the right, pursuant to Article 15(1) of EU Reg. EU, to obtain confirmation from the Data Controller that the Personal Data are being or are not being processed and in this case, to obtain access to such Personal Data and the following information: a) the purposes of the Processing; b) the categories of Personal Data in question; c) the Recipients or categories of Recipients to whom the Personal Data has been or will be communicated, in particular if Recipients from third countries or international organizations; d) where possible, the period of retention of Personal Data or, if this is not possible, the criteria used to determine such period; e) the existence of the right of the Interested party to request the Data Controller to rectify or erase Personal Data or to limit the Processing of Personal Data concerning him/her or to object to their Processing; f) the right to lodge a complaint with a supervisory authority; g) where Personal Data are not collected from the Interested party, all available information on their origin; h) the existence of an automated decision-making process, including profiling as per Article 22, paragraphs 1 and 4, of EU Reg. EU and, at least in such cases, significant information on the logic used and the importance and expected consequences of such processing for the interested party.

Right of rectification: in accordance with Article 16 of the EU Regulation, the rectification of your Personal Data if they are inaccurate. Taking into account the purposes of the processing, you may also obtain the integration of your personal data that is incomplete, even by providing an additional statement.

Right to cancellation: you may obtain, in accordance with Article 17, paragraph 1 of EU Reg. EU, the cancellation of your Personal Data without undue delay and the Data Controller shall be obliged to cancel your Personal Data, if there is even only one of the following reasons: a) the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; b) you have revoked the consent on which the Processing of your Personal Data is based and there is no other legal basis for their Processing; c) you have opposed the Processing pursuant to Article 21, paragraph 1 or 2 of Reg. EU and there is no longer any overriding legitimate reason to process your Personal Data; d) your Personal Data has been processed unlawfully; e) it is necessary to delete your Personal Data in order to comply with a legal obligation established by a Community or national law. In some cases, as provided for by Article 17, paragraph 3 of the EU Regulation, the Data Controller is entitled not to delete your Personal Data when their processing is necessary, for example, for the fulfillment of a legal obligation, for reasons of public interest, for purposes of filing in the public interest or for statistical purposes, for the establishment, exercise or defense of a right in court.

Right to limitation of processing: it will be possible to obtain limitation of processing, in accordance with Article 18 of EU Reg. EU, in the event that one of the following situations applies: a) has contested the accuracy of the Personal Data (the limitation will last for the period necessary for the Data Controller to verify the accuracy of such Personal Data); b) the Processing is unlawful but has opposed the deletion of Personal Data requesting, instead, that its use be limited; c) although the Data Controller no longer needs it for the purposes of Processing, the Personal Data is used to ascertain, exercise or defend a right in court; d) has opposed the Processing pursuant to Article 21, paragraph 1, of EU Reg. EU and is awaiting verification as to whether the legitimate reasons of the Data Controller take precedence over those of the Interested party. If the Processing is limited, the Personal Data will be processed (and we will inform you before such limitation is lifted) except for storage, only with your consent or for the establishment, exercise or defence of a right in court or to protect the rights of another natural or legal person or for reasons of overriding public interest.

Right to data portability: the Interested Party may, at any time, request and receive, in accordance with Article 20(1) of the EU Regulation, that all Personal Data be processed by the Data Controller in a structured, commonly used and readable format or request their transmission to another data controller without particular difficulty. In this case, it will be the responsibility of the Interested Party to provide us with all the exact details of the new data controller to whom he/she intends to transfer the Personal Data by providing us with written authorisation.

Right of objection: in accordance with Article 21, paragraph 2 of the EU Regulation, you may at any time object to the Processing of Personal Data if it is processed for marketing purposes, including profiling to the extent that it is related to direct marketing.

Right to lodge a complaint with the supervisory authority: without prejudice to your right to appeal to any other administrative or judicial body, if you believe that the Processing of Personal Data carried out by the Data Controller is in breach of the EU Regulation and/or applicable legislation, you may lodge a complaint with the competent authority for the Protection of Personal Data.


These rights may be exercised by contacting the Data Controller

In order to exercise the rights listed above, the Interested Party may contact the Data Controller at the following e-mail address:

For any request or need the interested party will send a communication that should be addressed to the company Eston Chimica s.r.l. - Via Maiorana, n. 5 - CAP 35010 - Cadoneghe (Padua).

Furthermore, at any time you may consult the "Privacy Section" of the Website where you will find all the information concerning the Policy on the processing of Personal Data applied by the Data Controller, the use and processing of Personal Data, updated information on contacts and communication channels made available to the interested party by the Data Controller.



The Data Controller

The company Eston Chimica s.r.l.