top of page


EX REG NEWS: 2016/979

Pursuant to Articles. 13 of Regulation (EU) 2016/679 ("the Regulation" or "GDPR"), we wish to inform users about the methods and purposes of the processing of personal data of those who interact with our websites: /


The information is not to be considered valid for other websites that may be consulted through links on the websites of the owner's domain, which is not to be considered in any way responsible for the websites of third parties.

Data Controller

The Data Controller of the personal data collected through this site is Hevolus s.r.l., with registered office in Via G. Agnelli,31-31A – Zona ASI – 70056 Molfetta (Bari), Fiscal Code e VAT Number 05612750728 in the person of pro tempore legal representative., Tel.  +39, e-mail:, (hereinafter "the Owner" or "Hevolus").

Purpose of the processing, legal basis, nature of the provision

For the purposes expressed in this information, non-particular personal data will normally be processed. The data will be processed in compliance with the conditions of lawfulness pursuant to art. 6 of the Regulation, for following reasons:

·        allow navigation on this website and the technical management of connections to the same

The computer systems used to operate the websites acquire, during their normal operation and only for the duration of the connection, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes, for example: the IP addresses or the names of the computers used by users who connect to websites, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the characteristics of the browser used for navigation, the resolution of the screen in which the browser is run on the device used,  and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the sites and to check their correct functioning, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the sites.

Legal basis of the processing: the legitimate interest of the Data Controller (Article 6 paragraph 1 letter f of the GDPR).

The data required for the purposes indicated are necessary to allow navigation on the site.

·        follow up on requests for information or contact and other types of requests, made by customers / users regarding the services offered by the Data Controller

The voluntary sending of e-mails to the e-mail addresses indicated on the website mentioned above, the compilation of the contact form on the site involves the subsequent acquisition of the User's Name and Surname, his e-mail address and any data entered in the communication.

These data are necessary to respond to requests,

Legal basis of the processing: execution of pre-contractual measures adopted at the request of the same (Article 6 paragraph 1 letter .b of the GDPR) and legitimate interest of the Data Controller (Article 6 paragraph 1 letter f of the GDPR).

The data requested for the purposes indicated are necessary to be able to follow up on the requests of the interested party. Failure to provide data has the sole effect of being unable to send and/or receive and/or respond to the request of the interested party.

·        manage the selection process in case of application and spontaneous sending of the curriculum vitae

The user is also free to provide their personal and particular data (exclusively for the purposes mentioned above), through online forms and contact forms, to send the CV or submit specific applications.

Legal basis of the processing: the execution of pre-contractual or contractual obligations (Article 6 paragraph 1 letter .b of the GDPR) and consent for particular data (Article 9 letter a GDPR).

The data required for the purposes indicated are necessary to be able to start the personnel selection procedure. Failure to provide data has the effect of making it impossible to include the candidate in the selection and consequently to evaluate his recruitment.

Personal data will not be processed using the automated decision-making processes referred to in art. 22 of the GDPR.

The information pursuant to art. 13 GDPR will be provided at the time of the "first useful contact", following the sending of the curriculum pursuant to Legislative Decree. 101/2018.

Within the limits of the purposes established by Article 6, paragraph 1) letter b) of the GDPR, the consent of the candidate to the processing of personal data contained in the curriculum is not required.

Methods of data processing

The processing will be carried out with manual, computerized and telematic tools in compliance with the rules in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non-excess, accuracy and with organizational and processing logics strictly related to the purposes pursued and in any case in order to guarantee the security, integrity and confidentiality of the data processed,  in compliance with the organizational, physical and logical measures provided for by the provisions in force.

Data retention period

In compliance with the provisions of art. 5 paragraph 1 letter e) of EU Reg. 2016/679 the personal data collected will be kept in a form that allows the identification of the interested parties for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The storage of personal data provided depends on the purpose of the processing:

·        for contact request and information, they will be deleted within one month of the response if they do not give rise to the execution of a contract.

·        personnel selection process, maximum 1 year

After these terms, the data will be deleted or transformed into anonymous form, unless their further storage is necessary to fulfill contractual obligations, legal obligations or to fulfill orders given by Public Authorities and / or Supervisory Bodies.

Nature of the provision of data

The user is free to provide their personal data. Failure to provide data may make it impossible to obtain what has been requested or to use the web services of the Data Controller.

Recipients of the data or categories of recipients

For the pursuit of the purposes described, or in the event that this is indispensable or required by law or by authorities with the power to impose it, the Data Controller reserves the right to communicate the data to recipients belonging to the following categories:

·        subjects that perform IT maintenance services or similar;

·        subjects that provide services for the management of the information system used by the Data Controller and telecommunications networks, including e-mail and website management;

·        Authorities and Supervisory and Control Bodies and, in general, subjects, public or private, with functions of public importance (eg .: Prefecture Police Headquarters, Judicial Authority, in any case only to the extent that the conditions established by the applicable legislation are met);

·        other companies of the group to which the Data Controller is a party, or in any case parent companies, subsidiaries or associates, pursuant to art. 2359 c.c.;

·        professional firms or companies in the context of assistance and consultancy relationships;

·        the data may also be known, in relation to the performance of the tasks assigned, by the staff of the Data Controller, including interns, temporary workers, consultants, employees of companies outside the Data Controller, all specifically authorized to process.

Transfer of data abroad

The user's data will not be transferred to non-EU countries.

Dissemination of data

The user's data will not be disclosed.


Use of Social Networks

From the website it is possible to connect to the company pages on the Social Networks, through the respective icons (Facebook).

As known, Social Networks independently manage their privacy for those who browse, publish posts and communicate through them, being in this case the main data controllers.

The user is therefore invited to visit, for more information, the following links:







However, when the user is on the social pages managed by the Data Controller and communicates, in various ways, his personal data (e.g. through a private message or commenting on a post or leaving a review), or when the Social Networks provide some statistics on the use of the pages in a non-anonymous way (and therefore linked to the activity carried out on the page by the specific person),  It is Hevolus that becomes the Data Controller.

The processing of data that is carried out takes place exclusively for the ordinary management of the pages and for the verification of the contents entered by users (, if a comment is posted insulting other users, the Data Controller may decide to remove it from the page as illicit) and to answer the user's questions (both public and private) about the characteristics of the goods or services provided.

In this case, the legal basis of the processing is the legitimate interest of the Data Controller to propose to the user and illustrate its services and their characteristics, as well as the need to answer any possible user question.

The processing of the user's personal data will take place by means of the tools made available by the Social Networks themselves.

In this phase of simple contact, the Data Controller will not transfer or communicate the user's personal data to other subjects.

The user is always free to decide when to remove the like, delete a comment, a review, etc., simply by returning to the page of the relevant Social Network and directly deleting it.

As for private messages, these are kept for up to 6 months from the last contact, after which they are deleted.

The user is always free to provide their personal data. Failure to provide data may make it impossible to obtain what has been requested or to use the services of the Data Controller.

Rights of the interested party

Articles. 15, 16, 17, 18, 20, 21 of the GDPR confer on the interested party the exercise of specific rights that may be exercised against the Data Controller.

In particular, the user, under the conditions provided for by the GDPR, may exercise the following rights:

·        right of access: the right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to his personal data, including a copy thereof;

·        right of rectification: right to obtain the rectification of inaccurate personal data concerning him or her and/or the integration of incomplete personal data;

·        right to cancellation (right to be forgotten): right to obtain the cancellation of personal data concerning him, if they are no longer necessary for the purposes pursued by the Data Controller, in case of revocation of consent (and there is no other legal basis for processing) or his opposition to processing, in case of unlawful processing, or if there is a legal obligation to cancel. The right to erasure does not apply to the extent that the processing is necessary for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of a right in court.

·        right to restriction of processing: right to obtain the limitation of processing, when: a) the interested party disputes the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that their use be restricted; c) the personal data are necessary for the interested party to ascertain, exercise or defend a right in court;

·        right to data portability: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to the Data Controller and the right to transmit them to another data controller without hindrance, if the processing is based on consent and is carried out by automated means;

·        right to object: right to object, at any time, to the processing if personal data are processed for purposes other than those for which the interested party has consented to the processing.

Pursuant to art. 77 of the Regulation, the interested party is granted the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he habitually resides, works or in the place where the alleged violation occurred, which in Italy corresponds to the Guarantor Authority for the Protection of Personal Data, whose references can be found on

In addition, the GDPR gives the data subject the right to revoke the consent given at any time and with the same ease with which it was granted.

The exercise of the rights of the interested party is free of charge pursuant to Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge a reasonable expense contribution, in light of the administrative costs incurred to manage the request, or deny the satisfaction of the same.

The rights of the interested party can be exercised using the attached form that must be sent in paper form to the address of the Data Controller, or by e-mail or fax to the addresses in this statement.

This Information was updated on 18/02/2022.

Any updates will always be published on this page.

The Data Controller


Hevolus s.r.l

bottom of page