Skip to content
Circularity - Logo
  • Circularity platform
  • Solutions
    Our services
    Sectors
    Segments
  • Courses
  • Information
  • Case History
Log in to the platform

Privacy Policy

The purpose of this privacy policy is to provide all relevant information regarding the processing of personal data by Circularity S.r.l. Società Benefit when you browse the website (as described in more detail below).

1. INTRODUCTION – WHO ARE WE?

Circularity S.r.l. Società Benefit, with registered office in Milan, Via Giovanni Bensi, no. 12/5, Tax Code/VAT No. 10388780966 and registration number with the Register of Companies of Milan Monza Brianza Lodi (hereinafter, the “Data Controller”), owner of the website www.circularity.com (hereinafter, the “Site”), as the controller of the personal data of the users of the Site (hereinafter, the “Users”), hereby provides the privacy notice pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulation”, or the “Applicable Law”).

 

2. HOW TO CONTACT US?

The Data Controller places the utmost importance on its Users' right to privacy and to the protection of their personal data.

Users may contact the Data Controller at any time, using the following methods:

  • By sending a registered letter with return receipt to the Data Controller's registered office in Milan, Via Giovanni Bensi, no. 12/5;
  • By sending an e-mail message to the address: circularity@legalmail.it.

The Data Controller has not appointed a Data Protection Officer (DPO), as it is not subject to the designation obligation provided for by Article 37 of the Regulation.

 

3. WHAT DO WE DO? – PURPOSES OF THE PROCESSING

By browsing the Site, the User can stay up to date on the services and activities developed by the Data Controller; register and use the service offered through the Site, which allows access to a network that connects Users (institutions, associations, organizations, producers, suppliers, transporters and recovery facilities) in order to promote the recovery of raw materials obtained from the efficient use of production waste (hereinafter, the “Service”). In relation to the activities that can be carried out through the Site, the Data Controller collects personal data relating to Users.

This Site and any services offered through the Site are reserved for persons who have reached eighteen years of age. The Data Controller therefore does not collect personal data relating to persons under 18 years of age. Upon Users' request, the Data Controller will promptly delete all personal data inadvertently collected relating to persons under 18 years of age.

Users' personal data will be lawfully processed by the Data Controller for the following processing purposes:

a) Contractual obligations and provision of the Service: to enable browsing of the Site and to allow the User to register on the Site and use the Service, as well as to make payments through the Site, or to perform the Terms and Conditions of the Site, which are accepted by the User during registration and purchase; to fulfill specific User requests (such as, by way of example, in the case of access to the “Contacts” or “Request information” section or to the chat made available by the Data Controller, requests relating to a callback or in any case to a response from the Data Controller).

User data collected by the Data Controller for the purposes of any registration and any purchase on the Site include:

  • name, surname, e-mail, bank details, as well as any personal information of the User voluntarily communicated to the Data Controller, including all data and information contained in documents (purely by way of example and not exhaustively, certifications and authorizations) which the User may upload to the Site;
  • personal data relating to job position and/or role held within the production chain and to the commercial interests of the User who intends to use the Service offered through the Site. During registration on the Site, the User is presented with a questionnaire in which to express their preferences regarding the materials available through the Site (purely by way of example and not exhaustively, type of raw materials of interest to their company). The personal data collected are necessary for the purposes of registration on the Site and to allow the User to use the Service. The User acknowledges that the information provided through the questionnaire completed during registration on the Site may be transmitted by the Data Controller and made available, through publication in the section reserved for registered Users of the Site, to other Users who have access to the network, for the purposes of the Service offered through the Site. Without prejudice to the provisions of this paragraph, as well as elsewhere in this privacy notice, in no case will the Data Controller make Users' personal data accessible to third parties;

(in the case of mere browsing) personal data whose transmission is implicit in the use of Internet communication protocols, such as: IP addresses used by users connecting to the Site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, log files and other parameters relating to the User's operating system and IT environment. The personal data that are necessary for registration purposes are marked with an asterisk within the request form.

User data collected by the Data Controller for the purposes of any contact or request for information include:

  • name, surname, contact details, as well as any personal information of the User voluntarily communicated to the Data Controller.

Unless the User gives the Data Controller specific and optional consent to the processing of their data for the additional purposes set out in the following paragraphs, the User's personal data will be used by the Data Controller for the sole purpose of verifying the User's identity (also through validation of the e-mail address), thus avoiding possible fraud or abuse, and contacting the User only for service reasons (e.g. sending notifications relating to the services offered on the Site). Without prejudice to the provisions of this privacy notice, in no case will the Data Controller make Users' personal data accessible to other Users and/or to third parties;

b) administrative and accounting purposes, i.e. to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;

c) legal obligations, i.e. to fulfill obligations provided for by law, by an authority, by a regulation or by European law.

The provision of personal data for the processing purposes indicated above is optional but necessary, as failure to provide it, within each specific form, will result in the User being unable to register, make purchases on the Site or submit their request to the Data Controller, respectively.

 

4. ADDITIONAL PROCESSING PURPOSES

Newsletter

Certain personal data of the User (i.e. name, surname, e-mail address) may be processed by the Data Controller for the purposes of sending the newsletter. Therefore, the User will receive from the Data Controller a periodic newsletter containing information, updates and news relating to Site activities and/or initiatives of the Data Controller, relating to the Site and/or projects connected to it.

If consent is not given, the possibility of registering on the Site will not be affected in any way.

In the case of consent, the User may revoke it at any time by making a request to the Data Controller using the methods indicated in the following paragraph 8.

The User may also easily object to further communications by clicking on the appropriate link to revoke consent, which is present in each e-mail containing the newsletter. Once consent has been revoked, the User will receive a confirmation message of the revocation of consent.

 

5. LEGAL BASIS

Contractual obligations and provision of the Service (as described in par. 3, letter a)): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, i.e. processing is necessary for the performance of a contract to which the User is a party or for the implementation of pre-contractual measures taken at the User's request.

Administrative and accounting purposes (as described in par. 3, letter b)): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or for the implementation of pre-contractual measures taken at the User's request.

Legal obligations (as described in the preceding par. 3, letter c)): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, as the processing is necessary to fulfill a legal obligation to which the Data Controller is subject.

Additional processing purposes: for the processing relating to the sending of the newsletter (as described in the preceding par. 4)), the legal basis is Article 6, paragraph 1, letter a) of the Regulation, i.e. the data subject's consent to the processing of their personal data for one or more specific purposes. For this reason, the Data Controller asks the User to provide specific free and optional consent in order to pursue this processing purpose.

 

6. PROCESSING METHODS AND DATA RETENTION PERIODS

The Data Controller will process Users' personal data using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data.

The personal data of Site Users will be retained for the time strictly necessary to fulfill the primary purposes illustrated in the preceding paragraph 3, or in any case as necessary for the protection in civil matters of the interests of both Users and the Data Controller (up to a maximum of 10 years).

It is specified that documents voluntarily uploaded by the User to the Site will be retained pursuant to the preceding paragraph (and only for the protection purposes indicated therein) even in the event of their removal, by the User, from their profile.

In the case referred to in the preceding paragraph 4, Users' personal data will be retained for the time strictly necessary to fulfill the purposes set out therein and, in any case, until the User revokes their consent.

In any case, any retention periods provided for by laws or regulations are unaffected.

As part of providing consultancy, analysis and technical support services, the Data Controller may make use of advanced IT tools, digital platforms and systems based on Artificial Intelligence (AI) technologies used as support tools for processing activities, data analysis, drafting of technical documents, reporting and information management.

Such tools are used in compliance with current legislation on the protection of personal data, including Regulation (EU) 2016/679 (GDPR) and the applicable national legislation. Any use of Artificial Intelligence systems takes place in any case under the human supervision of the Data Controller or of persons authorized to process the data and does not involve the adoption of automated decisions producing legal effects on the data subject, unless otherwise indicated in this privacy notice.

The Data Controller adopts appropriate technical and organizational measures to ensure that any technological tools used comply with the principles of lawfulness, fairness, transparency, minimization and security of personal data processing.

 

7. SCOPE OF DATA COMMUNICATION AND DISSEMINATION

The User's personal data may be transferred outside the European Union and, in such case, the Data Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfers on the basis of an adequacy decision) and 46 (Transfers subject to appropriate safeguards) of the Regulation.

Users' personal data may be accessed by employees and/or collaborators of the Data Controller responsible for managing the Site and User requests. Such persons, who have been instructed by the Data Controller pursuant to Article 29 of the Regulation, will process User data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Law.

Users' personal data may also be accessed by third parties who may process personal data on behalf of the Data Controller as Data Processors, such as, by way of example, IT and logistics service providers functional to the operation of the Site and the newsletter, outsourcing or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller using the methods indicated in the following paragraph 8.

Furthermore, Users' personal data may be communicated by the Data Controller, to the extent necessary to perform contractual obligations and/or to fulfill legal obligations, to other Users registered on the Site and/or to independent third-party data controllers, such as consultants, as well as other persons to whom the data must necessarily be communicated to allow the User to use the services offered through the Site.

 

8. RIGHTS OF DATA SUBJECTS

Users may exercise the rights guaranteed to them by the Applicable Law by contacting the Data Controller using the following methods:

  • By sending a registered letter with return receipt to the Data Controller's registered office (Via Giovanni Bensi, 12/5 Milan);
  • By sending an e-mail message to the address circularity@legalmail.it.

The Data Controller has not appointed a Data Protection Officer (DPO), as it is not subject to the designation obligation provided for by Article 37 of the Regulation.

Pursuant to the Applicable Law, the Data Controller informs that Users have the right to obtain the indication of (i) the origin of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the case of processing carried out with the aid of electronic tools; (iv) the identifying details of the data controller and processors; (v) the persons or categories of persons to whom the personal data may be communicated or who may become aware of them as processors or appointees.

Furthermore, Users have the right to obtain:
a) access, updating, rectification or, where they have an interest, integration of the data;
b) the deletion, anonymization or restriction of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in cases where such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right.

In addition, Users have:
a) the right to revoke consent at any time, where the processing is based on their consent;
b) the right (where applicable) to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format);
c) the right to object:
i) in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of collection.
ii) in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising material or direct sales or for carrying out market research or commercial communication;
iii) where personal data are processed for direct marketing purposes, at any time, to the processing of their data carried out for such purpose, including profiling to the extent that it is connected to such direct marketing.
d) where they consider that the processing concerning them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they habitually reside, in the one in which they work or in the one in which the alleged violation occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, with offices in Piazza Venezia no. 11, 00187 Rome (http://www.garanteprivacy.it/).

 

 

The Data Controller is not responsible for the updating of all the links displayed in this Notice; therefore, whenever a link is not functioning and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by such link.