Privacy

POLICY

DISCLOSURE FOR THE DATA SUBJECT

Disclosure pursuant to arts. 13 and 14 of European Regulation 2016/679 (hereinafter "GDPR")

Dear Sir/Madam,

as we will be processing some of your personal data, in compliance with the provisions of art. 13 and art. 14 of the GDPR, in order to fulfil the contractual or pre-contractual measures requested by you, or to comply with a legal obligation, or to process certain personal data that you have voluntarily provided to us for commercial, administrative and marketing purposes, we would like to provide you with the information due to data subjects in relation to the processing of your personal data that we will put in place.

Data Controller identity and contact details

The data controller is O.M.E. Metallurgica Erbese S.r.l. (tax code and VAT number 00200910131), in the person of the legal representative pro tempore, with registered office in Milan, Corso Venezia, n. 36 (hereinafter the "Company" or the "Data Controller"); tel. +39 031641606 – e-mail: privacy@ome.it.

For any comments or questions on this Privacy Policy and to speak with the person authorised to manage requests relating to data processing, you can write to the following e-mail address privacy@ome.it or call the following telephone number: +39 031641606.

The list of data processors and of any authorised persons is kept at the headquarters of the Data Controller and made available at the request of the data subject.

Type of Personal Data processed and sources of Personal Data

The data that is processed are common personal data, not belonging to the categories of personal data listed by art. 9 of the GDPR, such as personal identification data (first name and surname) and contact data (address of residence or domicile, e-mail address, telephone number), any bank and payment references, role and/or company classification, tax data (hereinafter the "Personal Data") collected in the management of relations with customers and/or suppliers for the purposes indicated below.

Personal Data is collected by the Data Controller:

when concluding contracts or requesting pre-contractual measures;
at events or trade fairs;
through online channels such as, by way of example, websites;
by commercial partners, or Internet portals of third-party companies;
on the occasion of any other type of commercial contact.

Purposes of processing and legal bases

Commercial Purposes

The Personal Data collected will be processed by the Data Controller for the performance of the activities of the Data Controller, for the purposes and by virtue of the legal bases indicated below.

Personal Data will be processed primarily for the purposes related to the fulfilment of obligations relating to commercial and/or contractual relationships to which your employer or client, or you personally, is a party, or to execute pre-contractual measures required or to fulfil a legal obligation (hereinafter "Commercial Purposes"). In particular, Personal Data for Commercial Purposes will be processed in paper-based or computerised form:

to conclude and execute contracts concerning the products and services of the Data Controller, including the execution of all activities related or ancillary to the execution of contracts, including, but not limited to, the execution of sales and after-sales services and the management of returns and warranties;
to conclude and execute the contracts to which the Data Controller is a party, including the execution of all related or ancillary activities such as, but not limited to, the management of orders, shipments, deliveries and all related administrative activities;
to follow up on pre-contractual measures in general, such as, but not limited to, the sending of quotes, commercial information on products, contractual proposals;
to respond to any request relating to the products or services purchased from customers or suppliers of the Data Controller or to respond to any request relating to the supply of products and services;
for the management of receipts and payments;
to fulfil the legal obligations provided for by law, by the GDPR, by national or Community regulations or by an order of the authority, to which the Data Controller is subject, such as, by way of example, civil, tax, accounting laws or regulations, national and international measures;
to fulfil the management activities of administrative, tax and accounting obligations;
to provide news and information related to the activity carried out by the Data Controller;
to manage and carry out the necessary customs procedures in the case of import/export activities, including storage at own customs warehouses and assistance in inspection by the competent Authorities;
to perform freight transportation, logistics and freight handling services;
if necessary, to keep the goods entrusted at a storage depot;
to carry out all the procedures necessary for the correct and complete management of the shipment and/or goods in transit;
to provide any third parties with the necessary information for the sole purpose of the contractually agreed obligations;
to possibly exercise the rights of the Data Controller, such as, for example, the right to exercise a right in court.

Legal bases for the use of Personal Data for Commercial Purposes and legitimate interests pursued: Personal Data for Commercial Purposes will be processed legitimately, without your express consent, pursuant to art. 6. lett. b), lett. c) and lett. f) of the GDPR, in competition with each other, therefore, to fulfil commercial obligations (art. 6, paragraph 1, lett. b) GDPR) or legal obligations (art. 6, paragraph 1, lett. c) GDPR) and also on the basis of our legitimate interest (art. 6, paragraph 1, lett. f) GDPR) given the need to be able to carry out correct commercial relations with customers and suppliers, and with the subjects who work for them.

Marketing purposes

The Personal Data collected during any type of commercial contact or during registration on the website of the same (if the online registration service is active) may possibly be processed, subject to your consent, for marketing purposes (hereinafter "Marketing Purposes"), in paper-based and computerised or automated form, for the following purposes:

to send, by e-mail, post, sms, fax, or telephone contacts of advertising material, communications for commercial and marketing purposes and promotional or advertising relating to the products and services of the Data Controller;
to perform direct activities of sale or placement of the products and services of the Data Controller;
to send, by e-mail, mail, sms, fax or telephone contacts newsletters, invitations to events, meetings or trade fairs organised by the Data Controller or by a party thereof;
to carry out sample marketing searches;
to send out invitations to participate in webinars and online events generally aimed at presenting the Data Controller's products, also through the help of third-party platforms.

Legal bases for the use of Personal Data for Marketing Purposes and legitimate interests pursued: Personal Data for Marketing Purposes will be processed, pursuant to art. 6. lett. a) and art. 7 of the GDPR, therefore on the basis of your consent, or, if the conditions are met, in the absence of consent, pursuant to art. 6. lett. f) of the GDPR, therefore on the basis of a legitimate interest of the Data Controller to promote the sale of its products or services to subjects with whom the Data Controller has had a previous commercial relationship, and, therefore, there is a relevant and appropriate relationship. In the event that the processing is carried out in the absence of your consent, on the basis of legitimate interest, the direct marketing activity, in order to send commercial communications, will be limited to services and products of the Data Controller similar or related to those previously sold to you, or to the person for whom you work, and will be carried out in a manner that does not affect your rights and fundamental freedoms.

Personal Data Recipients

Personal Data processed for Commercial Purposes may be communicated to the following categories of recipients:

persons, public or who perform services of public utility, who may access Personal Data under the provisions of law or of the GDPR, within the limits provided by these rules (for example: Judicial authorities, offices of the Financial Administration or similar third parties);
other subjects to whom communication is necessary in relation to the execution of contracts to which the Data Controller is a party, such as, by way of example, credit institutions, shippers, carriers and any other third party possibly involved in the execution of contracts to which the Data Controller is a party, in addition to the Data Controller, the data subject or the entity to which the data subject works;
manufacturers, distributors and suppliers of the Data Controller, to the extent necessary for the performance of the activities covered by the contractual relationships and/or requests of the data subject.

The Personal Data processed for Commercial Purposes may also be made accessible to subjects who have assumed the quality of external managers or data processors such as:

agents, distributors or third-party professionals who collaborate in various capacities with the Data Controller;
employees or collaborators of the Data Controller;
external subjects who carry out consultancy activities in the administrative, accounting, legal, tax or commercial field or in any case connected to the activity of the Data Controller;
websiteproviders , cloud providers, IT service technicians.

The Personal Data processed for Marketing Purposes may be made accessible to subjects who have assumed the role of external managers or data processors such as:

employees or collaborators of the Data Controller;
subjects appointed by the Company to carry out commercial promotion activities on behalf of the Data Controller;
subjects appointed by the Company to support participation in webinars or online events through online platforms.

The Personal Data provided for Commercial Purposes and for Marketing Purposes will not be disseminated.

In the case of asset or corporate transactions (for example mergers or acquisitions) the Personal Data will probably be transferred and may be shared with legal successors, to the extent permitted by law and by the GDPR, by virtue of a legitimate interest of the Data Controller.

Transfer of Personal Data to third countries or to international organisations

Personal Data will not be transferred outside the territory of the European Union. Personal Data will be stored on company servers located in the territory of the European Union.

Retention period of Personal Data

The Personal Data collected for Commercial Purposes will be processed and stored:

for the entire duration of the contractual relationship between you and the Data Controller, or between the Data Controller and the subject on whose behalf you work or otherwise collaborate in various capacities;
for the following period, until the expiry of the statutory limitation periods, for actions in contractual and non-contractual matters, during which it is necessary to keep information that also includes your Personal Data in order to be able to prove exact fulfilment by the Data Controller of the contracts to which it is a party.

The Personal Data collected for Marketing Purposes, taking into account the purposes of the processing and the peculiarities of the sector in which the Data Controller operates, will be processed and stored until your consent is revoked.

Methods of processing Personal Data

The processing of Personal Data will be carried out using paper-based, computer or electronic tools and supports in compliance with the provisions aimed at guaranteeing security and confidentiality, as well as, among other aspects, the accuracy, updating and relevance of the Personal Data with respect to the purposes declared.

The processing of Personal Data will consist of the collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication to the subjects listed above, limitation, deletion and destruction.

Nature of the provision of data

The provision of Personal Data for Commercial Purposes is optional, however the failure to provide Personal Data could make it impossible to stipulate and execute commercial and/or contractual relationships between the data subject and the Data Controller.

The provision of Personal Data for Marketing Purposes is always optional. Failure to provide data will have the sole consequence that you cannot be contacted to be informed about commercial initiatives or about the products and services marketed by the Data Controller, unless you specifically request it, unless the marketing activity can be carried out on the basis of a legitimate interest pursuant to art. 6 letter f) of the GDPR. You may deny consent to the use of Personal Data for Marketing Purposes even if you had to provide Personal Data for Commercial Purposes. The consent for the Marketing Purposes may also be revoked at any time by simply sending a communication to the following e-mail address privacy@ome.it privacy@ome.it or to the contact data.

Minors

The Data Controller's products are not intended for children under the age of 18 and the Data Controller therefore does not intentionally collect Personal Data or, in general, personal information referring to minors. In the event that information concerning minors is inadvertently recorded, the Data Controller will delete it in a timely manner, at the request of users.

Rights of the data subject

In accordance with the provisions of Chapter III, Section I, of the GDPR, you can exercise the rights indicated therein and in particular:

Right of access - Obtain confirmation whether or not Personal Data concerning you is being processed and, in this case, receive information relating, in particular, to: purposes of processing, categories of Personal Data processed and retention period, recipients to whom these may be communicated (article 15, GDPR);
Right of correction - Obtain, without undue delay, the correction of inaccurate Personal Data concerning you and the integration of incomplete Personal Data (article 16, GDPR);
Right to deletion- Obtain, without undue delay, the deletion of Personal Data concerning you, in the cases provided for by the GDPR (article 17, GDPR);
Right of limitation - Obtain from our Company the limitation of processing, in the cases provided for by the GDPR (article 18, GDPR);
Right to portability - Receive in a structured format, commonly used and readable by an automatic device, the Personal Data concerning you provided to our Company, as well as obtain a situation whereby the same are transmitted to another data controller without hindrance, in the cases provided for by the GDPR (article 20, GDPR).

You may exercise these rights by simply sending a request to our Company to that effect:

by e-mail to the following e-mail address: privacy@ome.it.
by ordinary mail to the following address: Via Milano, 15 – 22036 Erba (CO) or to the addresses indicated in the contact details.

It should be noted that any corrections or deletions or limitations of the processing carried out at your request, unless this proves impossible or involves a disproportionate effort, will be communicated by the Company to each of the recipients to whom the Personal Data have been transmitted. The Company will notify you of these recipients if you request it.

If you believe that the processing that concerns you breaches the GDPR or Italian Legislative Decree 196/2003, you may lodge an appeal or complaint with the supervisory authority for the protection of personal data in the EU member State in which you habitually reside or work or in that of breach of the GDPR (article 77 of the GDPR). In particular, with reference to Italy, the appeal may be submitted to the Guarantor for the Protection of Personal Data, Piazza Venezia 11 - 00186 Rome; E-mail: garante@gpdp.it.

Right of objection and revocation

If the conditions set out in art. 21 of the GDPR are met, you will have the right to object to the processing of Personal Data concerning you, unless there are legitimate reasons for our Company to continue the processing.

You may exercise this right by simply sending a request to that effect to the same addresses indicated above for the exercise of the other rights of the data subject.

If you have provided consent for the processing of Personal Data for the purposes for which it is requested, you will in any case remain free to revoke it at any time by sending a communication to this effect without formalities to the e-mail address privacy@ome.it or to further contact details. Upon receipt of such a request, the Personal Data will no longer be processed for the purposes for which consent is required.

Automated processes and profiling

The Data Controller will not carry out any profiling activities with your Personal Data, nor will it make decisions based on automated processes.

Further information

Further information regarding the processing and communication of Personal Data provided directly or otherwise acquired may be requested from the Data Controller at the relevant contact details. This information does not exclude a situation whereby other information is also given verbally to the data subjects at the time of collection of Personal Data.

Personal Data are processed lawfully and correctly, adopting appropriate security measures to prevent unauthorised access, disclosure, modification or the unauthorised destruction of Personal Data. Specifically, the Data Controller has implemented suitable measures to protect Personal Data from accidental loss, from unlawful access, use, modification and from unauthorised disclosure.

If Personal Data is collected from third parties, the information is given to the data subject within a reasonable period, and in any case within one month. In the event that the Personal Data are intended for communication with the data subject, the information is provided at the latest at the time of the first communication with the data subject, and in the event that communication to another recipient is envisaged no later than the first communication.

In the unlikely event that the Data Controller deems that the security of the Personal Data collected in its possession or under its control has been or may have been compromised, the Data Controller will inform you of the incident in the manner prescribed by the law in force, using the methods prescribed by it.

07/10/2022

O.M.E. Metallurgica Erbese S.r.l.