Privacy Policy

Privacy Policy

The purpose of this Privacy Policy is to describe the methods of collecting the personal data of the website users performed through the website www.eposrl.com (the “Website“) pursuant to Articles 13 and 14 of European Regulation 2016/679 concerning the protection of personal data (the “Regulation“).

Users are advised to read the Privacy Policy carefully before submitting any personal information and/or filling in any Section on the Website.

1) Data Controller of collected data 

The Data Controller of collected data on the Website pursuant to the Regulation, is the company EPO Estratti Piante Officinali S.r.l. (the “Company“), with its registered office in Via Stadera, n. 19 – 20141, Milano (MI) and with operational offices in Via Friuli, n. 12/14 – 20090 and Via Norma Parenti, n. 20 – 20090, Fizzonasco di Pieve Emanuele (MI), VAT Registration no. and Tax Code 00714770153, tel. +39.02895571, fax +39.0289557490, e-mail address epo@eposrl.com, CEM (certified email address) eposrl@legalmail.it.

2) Purpose and legal basis of the processing carried out on the Website

Personal data are collected and processed through the Website for the following purposes:

• Subscription to the Newsletter service: personal data supplied by filling out the “Subscribe to Newsletter” section form (first name, surname, e-mail address, Company name) are processed by the company to send updates and information, through the sending of newsletters and promotional material.
• “Information Request”: personal data supplied by filling out the “Contact Us” section form (first name, surname, e-mail address, Company name) are processed by the company to contact the user who fills the form to provide feedback about his/her request.
• Cookies: on the Website, in addition to data expressly conferred, other data derived from the browsing by the user can be recorded: when the user accesses it the Site may send them a “cookie“. The term “cookie” means a small text file that the Website can autonomously send to user’s computer when they view our pages. “Cookies” serve to make browsing more convenient, as well as to allow the operation of some services that require the identification of the user through the different pages of the website. For any access, independent of the presence of a “cookie”, the Website records the type of browser (e.g. Internet Explorer, Chrome, Firefox), the operating system (e.g., Windows, Macintosh) and the host and URL of origin of the browsing user, in addition to the data of the page requested. This data can be used in an aggregated and anonymous form for statistical analyses on the use of the Website. On this point we invite you to read the specific Cookie Policy.

The personal data collected and processed by the Company are supplied directly by the user, except for the browsing data referred to in the “Cookies” section of the previous point 2 (c) regulated by the Cookie Policy.

The legal basis of the processing of users’ personal data reside:

• concerning purposes referred to in the above point 2 (a), on the specific consent given by the user. Should the user wish to revoke his/her consent, he/she may do so at any time through the appropriate link that will be found within each communication received;
• concerning purposes of the above point 2 (b), in the legitimate interest of the company to give a response to requests for services made by the user.

For the purposes referred to in paragraph 2 (c), please refer to the specific Cookie Policy (.

3) Categories of recipients of personal data

The Company shall communicate the personal data of the Website users’ solely within the limits permitted by law and in accordance with what is illustrated below. In particular, users’ personal data may be processed or known by:

• employees of the company, who operate as authorised subjects to process it and, in this sense, trained by the Company;
• companies that provide specific technical and organizational services for the Company connected to the Website, in the capacity of Data Processors pursuant to art. 28 of the Regulation;
• police forces or court authorities, in accordance with the law and after formal request on the part of the same, or in the case where there are good reasons for believing that the communication of such data is reasonably necessary to: (a) investigate, prevent, or take action regarding suspected illegal activity or assist the state authorities of control and supervision; (b) defend itself against any complaint or accusation by third parties or protect the security of its website and of the company or (c) exercise or protect the rights, property or safety of the company, its clients, its employees or any other subject.

Personal data will not be disclosed. In any event, the possible transfer of data abroad, also in countries outside the EU, will only take place ensuring adequate standards of protection and safeguarding according to the applicable law.

4) Methods of processing of personal data and retention period

The personal data collected through the Website is processed with methods and instruments that are mainly digital and computerised, adopting appropriate security measures to minimize the risks of destruction or loss, even accidental, of the said data, of unauthorised access or processing not permitted or not in conformity with the purposes of collection indicated in this Privacy Policy. However, these measures, for the nature of the transmission medium online, may not limit or exclude absolutely any risk of access not permitted or dispersion of the data. For this purpose, it is recommended to periodically check that the computer has appropriate software devices to protect against the network transmission of data, both incoming and outgoing (such as an updated antivirus systems) and that the Internet service provider has adopted appropriate measures for the security of the transmission of data over a network (such as a firewall and anti-spamming filters).

As regards the period of retention of personal data supplied by the user during browsing and inherent thereto will be kept for the time strictly necessary to achieve the purposes for which it is collected and processed. Personal data processed to render the services offered will be preserved for the time strictly necessary to fulfil the request of the user or as long as the service will be active.

5) Mandatory or optional nature of the provision of data

Except for data ruled by the Cookie Policy, the provision of personal data collected through the Site is optional. The refuse to provide personal data does not limit the use of the Website but can however make it impossible for the same deal with requests made.

6) Rights granted to the user

The users have the right to:

• access personal data that concern them and to obtain confirmation of the existence or not of the same, the communication thereof in an intelligible form and supplementing thereof;
• request the updating, correction or, if interested, supplementing of personal data;
• the limitation of the processing which concerns them, the erasure, transformation into anonymous form or the blockage of processed data in breach of the law, including any data whose conservation is not required in relation to the purposes for which the same has been collected or subsequently processed;
• oppose, wholly or in part, the processing of their personal data for legitimate reasons, even if pertinent for the purpose for which it was collected;
• obtain the transmission of their data to another data controller (so called right to data portability).

The user may exercise the rights listed above by writing to the e-mail address epo@eposrl.com, or by sending a registered letter to EPO Estratti Piante Officinali S.r.l., Via Stadera, n. 19, Milano – 20141.

Further, if the processing is based on consent, the user can withdraw the consent given pursuant to art. 7, paragraph 3, of the Regulation, without prejudice to the lawfulness of the processing carried out before the withdrawal (please refer paragraph 2).

7) Right to make a complaint

The user has the right to make a complaint, pursuant to art. 77 of the Regulation, to the national supervisory Authority (for Italy the “Garante per la protezione dei dati personali” [Italian Data Protection Authority] www.garanteprivacy.it).

8) Final Clause

Given the current state of development of the legislation on the protection of personal data, please note that this Privacy Policy may be subject to updates.