We wish to inform you that European Regulation 2016/679 (hereafter GDPR) establishes rules governing the protection of natural persons in the sphere of personal data processing, as well as rules on the free movement of such data aimed at protecting the fundamental rights and freedoms of natural persons, in particular the right to personal data protection. The free movement of personal data in the European Union may not be restricted or forbidden for reasons relating to the protection of natural persons in the sphere of personal data processing. “Personal data” is taken to mean, according to the GDPR, any information regarding you directly or indirectly as Data Subject, with special reference to an identifier, such as a name, identification number, data pertaining to location, an online identifier or to one or more characteristic elements of the data subject’s physical, physiological, genetic, mental, economic, cultural or social identity. We also describe the ways the website is managed with reference to the processing of personal data of users that consult it and gain access to the “private area”. This information is provided pursuant to articles 13-14 of the GDPR to those interacting with web services of METALGALANTE S.P.A. accessible online at the address:
This information is provided only for sites referable to METALGALANTE S.P.A. and not to other websites that may be consulted by the User by means of links. When this site is visited by users, data pertaining to persons that are identified or identifiable may be processed.
The information provided sets out to identify some minimum requirements for the online gathering of personal data, in particular the methods, timing and nature of information that data controllers must provide to users when they visit web pages, whatever the purpose of the connection.
1. IDENTITY AND CONTACT DETAILS OF DATA CONTROLLER
The identity of the Data Controller and its contact details, also given in the header, are as follows:
- METALGALANTE S.P.A.
- Address: Via A. VOLTA 2 – 30020 NOVENTA DI PIAVE (VE)
- contact details: Telephone operator 0421/65121 Fax 0421/658838 Email address: firstname.lastname@example.org
2. PURPOSE OF DATA PROCESSING
Processing relating to this site’s web services is carried out at the registered office of the Data Controller, only by personnel authorised to process data, or occasionally by technicians performing maintenance work. No data deriving from the web service is disseminated. Personal data provided by users that forward requests for the sending of materials on the requested service (or simply for information purposes) are used to handle the user’s requests, and may be disclosed to third parties only if necessary, and if the latter are involved in satisfying the above requests.
The User’s personal data will be collected and processed in compliance with the general principles of necessity, correctness, relevance and non-excess; in particular, data will be processed to:
- respond to questions and provide information requested by the user (optional, declared and voluntary submission of email messages to the addresses given on this website entails the acquisition of the sender’s address, necessary for replying to requests, and of other personal data contained in the message) and to contact the User regarding services provided by METALGALANTE S.P.A..
- register for events organised or coordinated by METALGALANTE S.P.A., educational or otherwise, possibly through the User compiling specific forms present on website page, and consequent issue of relative attendance certificates or similar;
- allow the User to gain access, via registration and creation of a User profile, to the site’s private area for the provision of services, products and any other type of request, and the subsequent, independent management of the User profile from the control panel, including the publication of special offers;
- receive the NEWSLETTER service, which the User:
- may voluntarily subscribe to, or
- may be subscribed to via the Professional Association he/she belongs to, for the purposes of providing vocational training services
- if personal data have been provided by subscribing to the above service, they will be used for the sole purpose of sending the newsletter, and will only be disclosed to third parties upon the consent of the data subject;
- access the e-learning platform to attend courses, vocational training and otherwise, that can be acquired directly
- process data for operational, management, accounting and other needs, in particular some data will be used for statutory registrations and communications;
- gauge the degree of customer satisfaction regarding services, products and any other type of request, by means of personal or telephone interviews;
- provide services subject to the «consent of the data subject» (any manifestation of the voluntary, specific, informed and unmistakable will of the data subject, with which the data subject expresses his/her consent, via an unmistakable declaration or positive action, further to which the relative personal data are processed) through traditional contact forms (mail or calls to the operator) and automated forms (email, SMS) for commercial/promotional purposes, such as commercial communications, sales, sending of advertising materials or market research on services offered (by way of example but not exhaustively: updates on initiatives, special offers and promotions regarding services and products referable to the activity of METALGALANTE S.P.A. and third parties it collaborates with, programmes and promotions, online and offline, designed to reward or seek the loyalty of potential customers);
The legal basis for processing is to be found in the Civil Code and Consumer Code
3. LAWFULNESS OF PROCESSING
Processing is lawful when at least one of the following conditions is met:
Art. 6 para. 1 letter a) b), c), f)
- the data subject has expressed consent for the processing of his/her personal data for one or more specific purposes;
- processing is necessary for the execution of a contract to which the data subject is a party or the execution of pre-contractual measures adopted at the data subject’s request;
- processing is necessary for fulfilling a legal obligation to which the data controller is subject;
- processing is necessary for pursuing the legitimate interest of the data controller (for instance for preventing fraud or abuse damaging our website – legitimate interest may be processing personal data for direct marketing purposes, as noted in recital no.47 of the GDPR ) or of third parties, providing the interests or rights and fundamental freedoms of the data subject, which require the protection of personal data, do not override such interest, especially
if the data subject is a minor.
4. RECIPIENTS OF PERSONAL DATA
Identified recipients will receive a communication only if they are involved and essential to the achievement of the purposes as per point 3 above, accordingly the personal data collected and processed may be:
- used in anonymous format for statistical purposes;
- made available to the Data Controller’s Collaborators, in their capacity as Processors or persons authorised to process personal data;
- disclosed to third parties, natural or legal persons, public administrations, professionals, law enforcement agencies, government bodies, supervisory bodies, courts or other public authorities authorised by law;
- disclosed to commercial partners, only after the prior express consent of the User;
- if necessary, transferred to another Data Controller in accordance with the provisions of the GDPR, also referring to the right to data portability;
The list of personal data Processors is available from the registered office of the Data Controller.
5. PERSONAL DATA CATEGORIES
Special categories of personal data (those revealing race or ethnic origin, political views, religious or philosophic beliefs, belonging to trade unions, data on health or sex life or sexual orientation of the individual), or data referring to minors are not processed.
The personal data processed are solely those needed and essential for the correct achievement of the purposes specified in point 3 above.
6. DATA STORAGE
The data provided for the purposes as per point 3 will be stored:
- For administrative/accounting purposes: for the period laid down by tax law and civil law provisions;
- For Marketing purposed and the sending of newsletters: until the consent given is revoked, until the right to object is exercised, and in any case for no longer than ten years after the data are collected
Personal data will not be disclosed, and will be destroyed, when they no longer need or have to be kept.
7. PROCESSING METHODS
IT systems and software procedures used for the functioning of the platform of this website acquire, during normal operations, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses (to check the user’s reliability and for security purposes) or domain names of computers used by users visiting the site, the URI (Uniform Resource Identifier) addresses of requested resources, time of the request, the method used to submit the request to the server, dimension of the response file, numerical code indicating the response status given by the server (completion, error, etc.) and other parameters regarding the user’s operating system and IT environment. These data are used only to obtain anonymous statistics on the use of the website and to check its correct operation, and are immediately deleted after processing. Data may be used to ascertain liability in the event of hypothetical computer-related crimes damaging the website: barring this eventuality, data on web contacts are held for no more than seven days.
The personal data in question will be processed:
- Manually and/or via electronic means, and will be stored in ad hoc paper-based and/or electronic archives. Paper-based and electronic documentation will be correctly maintained and protected for all the time needed for processing, using appropriate security measures, so as to minimise the risks of destruction or loss, unauthorised access or processing at odds with the agreed purposes of the data collection;
There is no automated decision-making process, nor user profiling.
Cookies are small files stored on the hard disk of the computer that provide services and/or information. Most cookies are “session cookies”, and are therefore deleted from the hard disk at the end of the session (when disconnecting or closing the browser). They may be present on some site pages in order to analyse access to web pages, customise services, contents and advertising messages, measure the efficacy of promotions and promote client loyalty and security. The so-called session cookies used by this site avoid the use of other IT techniques that may potentially jeopardise the confidentiality of Internet browsing, and do not permit the acquisition of personal data that may identify the user.
The policy on cookie use on our site can be consulted in the ad hoc section.
9. PROVIDING OF DATA
Unless otherwise specified for browsing data, the user is free to provide the personal data requested using the ad hoc web forms regarding services, products and any other type of request that the site administrator or its commercial partners are able to offer.
Refusal to provide the personal data in question may make it impossible to obtain responses to requests or to use the services or products that the site administrator or its commercial partners are offering.
Registration to the private area (mandatory) entails the automatic acquisition of data, such as:
- time, date, pages viewed and length of time spent on the site;
- IP protocol and Internet domain;
- search engine (if applicable) used to gain access to the site;
- User’s operating system and browser type.
Refusal to make available such data may make it impossible for the User to log in to the private area.
10. DATA SUBJECT’S RIGHTS
We inform you that, in your capacity as Data Subject, you have all the rights set forth in articles 15-16-17-18-20-21-22 of the GDPR, including:
- The Data Subject is entitled to obtain from the Data Controller confirmation that his/her personal data are being processed, and if so to gain access to said personal data and to the following information: a) processing purposes; b) the categories of personal data in question; c) the recipients or categories of recipients to whom said personal data have been or will be disclosed, particularly if they are recipients in third countries or international organisations; d) when possible, the period of time during which said personal data will be stored or, if this is not possible, the criteria adopted to determine said period; e) the data subject’s right to ask the data controller to correct or erase personal data or to restrict the scope of processing of his/her personal data or to object to their processing; f) the right to file a complaint with a supervisory authority; g) if the data are not collected from the data subject, all available information on their origin; h) the existence of an automated decision-making process, including profiling as per article 22, paragraphs 1 and 4, and, in such cases at least, relevant information on the logic used, and the relevance and expected consequences of said processing for the data subject.
- the data subject’s right to ask the data controller to gain access to personal data and to correct or erase personal data or to restrict the scope of processing of his/her personal data or to object to their processing, and the right to data portability, including all available information as to their origin; and to obtain the erasure of his/her personal data without undue delay in accordance with art. 17 (“right to be forgotten”).
- If processing is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), the right to revoke consent at any time without compromising the lawfulness of processing based on consent given prior to revocation;
- the right to file a complaint with a supervisory authority;
- to receive from the data controller a copy of the personal data being processed, providing it does not harm other people’s rights and freedoms; in the event of additional copies requested by the data subject, the data controller may charge a reasonable fee based on related administrative costs. If the request is received via electronic means, unless otherwise stated, the information will be provided in a commonly used electronic format;
The above information will be provided:
- within a reasonable length of time from the moment personal data are acquired, and at the latest within one month, in view of the specific situations in which personal data are processed;
- if personal data are used to be able to communicate with the data subject, by no later than the moment of the first communication with the data subject; or in the event of disclosure to another recipient, by no later than the first communication of personal data. All of the data subject’s rights as set forth in the GDPR shall be exercised via a simple request made to the Data Controller, also by means of a delegated person, a suitable reply to which will be given without undue delay.
Last updated on december 18, 2018