Welcome to the Green Mill Solutions’ website www.greenmill.it.
We appreciate your interest in our company. Protection of the personal data you entrust to us is a priority for us, and we want you to feel safe and secure when you visit our website. It is important to us that you are fully informed about the personal data that we collect when you use our online offers and services, and are familiar with how we use them.
Green Mill Srl. is the legal rappresentative of Green Mill Solutions and acts as the Data Controller for all processing of Personal Data according to the italian privacy law:
D.lgs n. 196/03 “Tutela delle persone e di altri soggetti rispetto al trattamento dei “dati personali” and according to the European General Data Protection Regulation (GDPR UE) 2016/679 dated 27 aprile 2016 for the protection of subjects and their personal data. This policy explains how we operate.
Intended use of data processing
Green Mill Solutions is a leading training and consultancy organization operating in various market segments. Its range of services embraces consultancy, coaching, assessments as well as certification and training. Its objectives are reliability, safety, security, and quality, environmental protection, and profitability. Wherever Green Mill Solutions processes personal data, such processing is carried out for the purposes defined in this data privacy statement.
For any questions, issues, claims, etc.. related to Privacy and Personal Data processing, please contacts us any time at:
Green Mill Srl.
Piazza IV Novembre, 4
20124 Milano (MI)
Tel.: (+39) 02.6716 5351
Last update: 02 September 2019
Processing of personal data
Transfer of personal data
We only transfer your personal data (first name, last name, email) to our business partners and service providers for the delivery of training courses and certification exams.
These service providers / processors are bound by instructions. Given this, they are subject to our requirements, which include processing of your data exclusively in line with our instructions and in compliance with the applicable Data Protection Act. They are contractually bound to treat your data with strict confidentiality, and are not permitted to process data for other purposes than the ones agreed. Data transfer to the data processor is effected on the basis of Art. 28 (1) GDPR.
We will not sell your data to third parties or otherwise share them for commercial purposes.
Beyond the above, we will transfer your personal data to prosecution authorities and, if applicable, damaged third parties without your explicit consent where this is necessary for clarifying illegal use of our services or for legal prosecution. However, such a transfer will only take place if there is concrete evidence of illegal conduct or misuse. Transfer of your data may also take place where this contributes to enforcing the conditions of use or other agreements. We are also under legal obligation to provide information to certain public bodies on request. These comprise prosecution authorities, authorities prosecuting offences punishable by a fine, and financial authorities.
The transfer of these data is based on our legitimate interest in fighting misuse, prosecuting criminal acts, and securing, asserting, and enforcing claims unless our interests are overridden by your rights and interests in the protection of your personal data, Art. 6 (1) lit. f GDPR.
Intended data transfer to third countries
At present, data transfer to third countries is not planned. Otherwise we will establish the required legal conditions. You will be informed of the respective recipients or categories of recipients of the personal data in line with the legal requirements.
Green Mill Solutions takes appropriate technical and organizational measures to protect any personal data you provide to us from accidental or intentional manipulation, loss, destruction, or access by unauthorized parties. This also applies to any external services purchased. We verify the effectiveness of our data protection measures and continuously improve them in line with technological development.
Standard periods for deletion of data:
Legislation has defined numerous data storage periods and obligations. At the end of these periods, the relevant data will be routinely deleted. Data that are not affected by the above storage periods and obligations are deleted or anonymised as soon as the purposes defined in this data privacy statement no longer apply. Unless this data privacy statement includes other deviating provisions for data storage, we will store any data we collect for as long as they are required for the above purposes for which they were collected.
Other data use and deletion of data
Any further processing or use of your personal data will generally only be carried out to the extent permitted on the basis of a legal regulation or where you have consented to data processing or data use. In the case of further processing for other purposes than the ones for which the data were originally collected, we will inform you about these other services and provide you with all other significant information before further processing.
Identification and prosecution of misuse
We will store any information for the identification and prosecution of misuse, in particular, your IP address, for a maximum period of 7 days. Legal basis in this case is Art. 6 (1) lit. f GDPR. Our legitimate interest in keeping your data for 7 days is to ensure the functioning of our website and the business transacted via this website and to be able to fight off cyberattacks and similar malicious actions. Where appropriate, we may use anonymous information to tailor the design of our website to user needs.
Rights concerning the processing of personal data.
Right of access
On request, you have the right to obtain information from us about the personal data concerning you and processed by us, to the extent defined in Art. 15 GDPR. You can send your request either by mail or email to the addresses given above, under Contact Info.
Right to rectification
You have the right to require us to rectify any inaccurate personal data concerning you without undue delay (Art. 16 GDPR). For this purpose, please contact the address given above, under Contact Info.
Right to deletion
Where the legal reasons defined in Art. 17 GDPR apply, you have the right to immediate deletion (“right to be forgotten”) of personal data concerning you. These legal reasons include: the personal data are no longer necessary for the purposes for which they were processed, or you withdraw your consent, and there are no other legal grounds for processing; the data subject objects to the processing (and there are no overriding legitimate grounds for processing––does not apply to objections to direct advertising). To assert your above right, please contact the contact address given above, under Contact Info.
Right to restriction of processing
If the criteria defined in Art. 18 GDPR are fulfilled, you have the right to restriction of processing as established in the above article of the GDPR. According to this article, restriction of processing may be called for if processing is unlawful and the data subject opposes deletion of the personal data and requests the restriction of their use instead, or if the data subject has objected to processing according to Art. 21 (1) GDPR as long as it is unclear whether our legitimate interest overrides the interest of the data subject. To assert your above right, please contact the contact address given above, under Contact Info.
Right to data portability
You have the right to data portability as defined in Art. 20 GDPR. This means you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller, such as another service provider. Prerequisite is that processing is based on consent or a contract, and is carried out using automated means. To assert your above right, please contact the contact address given above, under Contact Info.
Right to object
You have the right to object at any time under Art. 21 GDPR to processing of personal data concerning you which is based on Art 6 (1) lit. e or f GDPR, on grounds relating to your particular situation. We will desist from processing your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or unless processing is for the establishment, exercise, or defence of legal claims. To assert your above right, please contact the contact address given above, under Contact Info.
Right to file a complaint with a supervisory authority
If you think that processing of personal data concerning you and carried out by us is unlawful or impermissible, you have the right to file a complaint with the supervisory authority responsible for us. You can contact :
Garante per la protezione dei dati personali
Piazza Venezia n. 11
00186 – ROMA
Tel.: (+39) 06.696771
Fax: (+39) 06.69677.3785
Amendment of this data privacy statement
The most recent version of this data privacy statement can always be accessed on our website : www.greenmill.it www.greenmill.it