DISCLOSURE FOR THE DATA SUBJECT
Disclosure pursuant to arts. 13 and 14 of European Regulation 2016/679 (hereinafter "GDPR")
as we will be processing some of your personal data, in compliance with the provisions of art. 13 and art. 14 of the GDPR, in order to fulfil the contractual or pre-contractual measures requested by you, or to comply with a legal obligation, or to process certain personal data that you have voluntarily provided to us for commercial, administrative and marketing purposes, we would like to provide you with the information due to data subjects in relation to the processing of your personal data that we will put in place.
The data controller is O.M.E. Metallurgica Erbese S.r.l. (tax code and VAT number 00200910131), in the person of the legal representative pro tempore, with registered office in Milan, Corso Venezia, n. 36 (hereinafter the "Company" or the "Data Controller"); tel. +39 031641606 – e-mail: firstname.lastname@example.org.
The list of data processors and of any authorised persons is kept at the headquarters of the Data Controller and made available at the request of the data subject.
The data that is processed are common personal data, not belonging to the categories of personal data listed by art. 9 of the GDPR, such as personal identification data (first name and surname) and contact data (address of residence or domicile, e-mail address, telephone number), any bank and payment references, role and/or company classification, tax data (hereinafter the "Personal Data") collected in the management of relations with customers and/or suppliers for the purposes indicated below.
Personal Data is collected by the Data Controller:
The Personal Data collected will be processed by the Data Controller for the performance of the activities of the Data Controller, for the purposes and by virtue of the legal bases indicated below.
Personal Data will be processed primarily for the purposes related to the fulfilment of obligations relating to commercial and/or contractual relationships to which your employer or client, or you personally, is a party, or to execute pre-contractual measures required or to fulfil a legal obligation (hereinafter "Commercial Purposes"). In particular, Personal Data for Commercial Purposes will be processed in paper-based or computerised form:
Legal bases for the use of Personal Data for Commercial Purposes and legitimate interests pursued: Personal Data for Commercial Purposes will be processed legitimately, without your express consent, pursuant to art. 6. lett. b), lett. c) and lett. f) of the GDPR, in competition with each other, therefore, to fulfil commercial obligations (art. 6, paragraph 1, lett. b) GDPR) or legal obligations (art. 6, paragraph 1, lett. c) GDPR) and also on the basis of our legitimate interest (art. 6, paragraph 1, lett. f) GDPR) given the need to be able to carry out correct commercial relations with customers and suppliers, and with the subjects who work for them.
The Personal Data collected during any type of commercial contact or during registration on the website of the same (if the online registration service is active) may possibly be processed, subject to your consent, for marketing purposes (hereinafter "Marketing Purposes"), in paper-based and computerised or automated form, for the following purposes:
Legal bases for the use of Personal Data for Marketing Purposes and legitimate interests pursued: Personal Data for Marketing Purposes will be processed, pursuant to art. 6. lett. a) and art. 7 of the GDPR, therefore on the basis of your consent, or, if the conditions are met, in the absence of consent, pursuant to art. 6. lett. f) of the GDPR, therefore on the basis of a legitimate interest of the Data Controller to promote the sale of its products or services to subjects with whom the Data Controller has had a previous commercial relationship, and, therefore, there is a relevant and appropriate relationship. In the event that the processing is carried out in the absence of your consent, on the basis of legitimate interest, the direct marketing activity, in order to send commercial communications, will be limited to services and products of the Data Controller similar or related to those previously sold to you, or to the person for whom you work, and will be carried out in a manner that does not affect your rights and fundamental freedoms.
Personal Data processed for Commercial Purposes may be communicated to the following categories of recipients:
The Personal Data processed for Commercial Purposes may also be made accessible to subjects who have assumed the quality of external managers or data processors such as:
The Personal Data processed for Marketing Purposes may be made accessible to subjects who have assumed the role of external managers or data processors such as:
The Personal Data provided for Commercial Purposes and for Marketing Purposes will not be disseminated.
In the case of asset or corporate transactions (for example mergers or acquisitions) the Personal Data will probably be transferred and may be shared with legal successors, to the extent permitted by law and by the GDPR, by virtue of a legitimate interest of the Data Controller.
Personal Data will not be transferred outside the territory of the European Union. Personal Data will be stored on company servers located in the territory of the European Union.
The Personal Data collected for Commercial Purposes will be processed and stored:
The Personal Data collected for Marketing Purposes, taking into account the purposes of the processing and the peculiarities of the sector in which the Data Controller operates, will be processed and stored until your consent is revoked.
The processing of Personal Data will be carried out using paper-based, computer or electronic tools and supports in compliance with the provisions aimed at guaranteeing security and confidentiality, as well as, among other aspects, the accuracy, updating and relevance of the Personal Data with respect to the purposes declared.
The processing of Personal Data will consist of the collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication to the subjects listed above, limitation, deletion and destruction.
The provision of Personal Data for Commercial Purposes is optional, however the failure to provide Personal Data could make it impossible to stipulate and execute commercial and/or contractual relationships between the data subject and the Data Controller.
The provision of Personal Data for Marketing Purposes is always optional. Failure to provide data will have the sole consequence that you cannot be contacted to be informed about commercial initiatives or about the products and services marketed by the Data Controller, unless you specifically request it, unless the marketing activity can be carried out on the basis of a legitimate interest pursuant to art. 6 letter f) of the GDPR. You may deny consent to the use of Personal Data for Marketing Purposes even if you had to provide Personal Data for Commercial Purposes. The consent for the Marketing Purposes may also be revoked at any time by simply sending a communication to the following e-mail address email@example.com firstname.lastname@example.org or to the contact data.
The Data Controller's products are not intended for children under the age of 18 and the Data Controller therefore does not intentionally collect Personal Data or, in general, personal information referring to minors. In the event that information concerning minors is inadvertently recorded, the Data Controller will delete it in a timely manner, at the request of users.
In accordance with the provisions of Chapter III, Section I, of the GDPR, you can exercise the rights indicated therein and in particular:
You may exercise these rights by simply sending a request to our Company to that effect:
It should be noted that any corrections or deletions or limitations of the processing carried out at your request, unless this proves impossible or involves a disproportionate effort, will be communicated by the Company to each of the recipients to whom the Personal Data have been transmitted. The Company will notify you of these recipients if you request it.
If you believe that the processing that concerns you breaches the GDPR or Italian Legislative Decree 196/2003, you may lodge an appeal or complaint with the supervisory authority for the protection of personal data in the EU member State in which you habitually reside or work or in that of breach of the GDPR (article 77 of the GDPR). In particular, with reference to Italy, the appeal may be submitted to the Guarantor for the Protection of Personal Data, Piazza Venezia 11 - 00186 Rome; E-mail: email@example.com.
If the conditions set out in art. 21 of the GDPR are met, you will have the right to object to the processing of Personal Data concerning you, unless there are legitimate reasons for our Company to continue the processing.
You may exercise this right by simply sending a request to that effect to the same addresses indicated above for the exercise of the other rights of the data subject.
If you have provided consent for the processing of Personal Data for the purposes for which it is requested, you will in any case remain free to revoke it at any time by sending a communication to this effect without formalities to the e-mail address firstname.lastname@example.org or to further contact details. Upon receipt of such a request, the Personal Data will no longer be processed for the purposes for which consent is required.
The Data Controller will not carry out any profiling activities with your Personal Data, nor will it make decisions based on automated processes.
Further information regarding the processing and communication of Personal Data provided directly or otherwise acquired may be requested from the Data Controller at the relevant contact details. This information does not exclude a situation whereby other information is also given verbally to the data subjects at the time of collection of Personal Data.
Personal Data are processed lawfully and correctly, adopting appropriate security measures to prevent unauthorised access, disclosure, modification or the unauthorised destruction of Personal Data. Specifically, the Data Controller has implemented suitable measures to protect Personal Data from accidental loss, from unlawful access, use, modification and from unauthorised disclosure.
If Personal Data is collected from third parties, the information is given to the data subject within a reasonable period, and in any case within one month. In the event that the Personal Data are intended for communication with the data subject, the information is provided at the latest at the time of the first communication with the data subject, and in the event that communication to another recipient is envisaged no later than the first communication.
In the unlikely event that the Data Controller deems that the security of the Personal Data collected in its possession or under its control has been or may have been compromised, the Data Controller will inform you of the incident in the manner prescribed by the law in force, using the methods prescribed by it.
O.M.E. Metallurgica Erbese S.r.l.