disclosure on the processing of personal data pursuant to art. 13 of EU Regulation 2016/679 ("GDPR")


    1. General provisions

    This privacy policy, made pursuant to art. 13 of the GDPR, describes how to manage the website ("Site") with specific reference to the processing of personal data of users who consult it (the "Users" or the singular "User").


    • The information is provided only for the use of the Website and does not concern other websites, pages or online services accessible through hyperlinks that may be published on the Website but refer to resources outside the domain of the Data Controller (as defined below).


    • The User acknowledges that when visiting the Website, the data acquired through browsing will be processed in accordance with the provisions of this policy and in compliance with what is indicated in the further information published on the Website to which reference is made. The processing will be based on the principles of fairness, lawfulness, transparency and protection of confidentiality and of the rights of data subjects.


    • The information is subject to change. The changes will be brought to the attention of the Users through publication of the same on the Website. Each User is required to periodically check this page to ascertain any changes that may have been made since the last consultation of the Website. In any case, use of the Website implies the acceptance of any changes made to this disclosure.


    1. Data Controller


    • The data controller is O.M.E. Metallurgica Erbese S.r.l., (Tax Code 00200910131 – MI Economic and Administrative Index no. - 2647374), with registered office in Corso Venezia n. 36, 20121 Milan (MI), in the person of its legal representative pro tempore. ("Data Controller"). The contact details of the Data Controller are as follows: e-mail:, tel.: +39 031641606.


    1. Type of data processed and purpose of processing


    • Browsing data and purposes


    The computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.


    This category includes, but is not limited to:

    • the IP addresses or domain names of computers and terminals used by Users;
    • the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources;
    • the time of the request;
    • the method used to submit the request to the server;
    • the size of the file obtained in response;
    • the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and to the User's IT environment.


    These data (collectively the "Browsing Data") are necessary for the use of the web services offered by the Data Controller and are also processed for the following purposes:

    • to obtain statistical information on the use of the services and of the Website (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
    • to check the correct functioning of the services offered and of the Website;
    • assessment of liability in the event of hypothetical computer crimes to the detriment of the Data Controller.


    • Data communicated by the User and purpose


    When browsing the Website, the User may voluntarily communicate certain personal data in order to access the services offered, such as the "Contact Us" service, the "Newsletter" service or the "Join Us" application transmission service. The optional, explicit and voluntary sending of messages/e-mails to the contact addresses of the Data Controller, and the possible completion of the form for the "Contact Us" service, for subscription to the newsletter or for the transmission of a curriculum vitae through the "Join Us" form , involve acquisition of the User's contact data, necessary to respond, as well as for acquisition of the personal data included in the communications and in any attachments.


    By way of example, the following data will be collected:

    • sender's e-mail address, first and last name, date of birth, telephone number;
    • date and time of the consent and the status of the same;
    • personal data further spontaneously indicated by the User, also included in the documents attached by the User;
    • curriculum vitae.


    Specific information pursuant to the GDPR relating to such data (collectively the "Voluntary Data") will be published on the pages of the Website by the Data Controller for the provision of services. By way of example, the Voluntary Data will be processed in order to respond to the sender's requests, to be able to use the free newsletter update service, and to complete subscription to the Newsletter, for archiving of the curriculum vitae in the company database and for the initiation of selection procedures.


    • Cookies and purposes


    As better explained in the cookie policy, which can be consulted through links on the Website, to which reference is made for all technical aspects, the Website uses cookies, intended as short fragments of text (letters and/or numbers) that allow the web server to store on the User's client (the browser) information to be reused during the same visit to the Website (session cookies) or later, for further visits to the Website (persistent cookies). The information received through these tools may in particular relate to the pages visited and to the duration of the time of the visit, information relating to statistics on the User's intentions.


    The Website uses:


    • technical cookies necessary to guarantee the browsability on its website and use of the same by the User. The User has the right to disable technical cookies, however, if the User sets their device to reject technical cookies, some services of the Website may not be displayed correctly or work optimally, in particular, the operations that allow identifying of the user and the maintaining of identification within the session may be more complex and less secure in the absence of cookies;
    • third-party cookies. The Website may also receive cookies managed by websites of other organisations aimed at the presence of parts of the page visited generated directly by said websites, integrated into the Website and containing content of social networks (Linkedin, Youtube), to be shared or related to the use of services provided by indicated third parties; it is also possible that said third parties may use these cookies for profiling. We inform you that the Data Controller does not control any monitoring systems of such websites to which this policy does not apply.


    No use is made of profiling or tracking or marketing or statistical cookies.



    1. Legal basis


    • The Browsing Data, the data collected through cookies, and the Voluntary Data (collectively also the "Data") are legitimately processed by the Data Controller in compliance with the provisions of the GDPR and with any other applicable legal provision according to the legal bases provided for by art. 6 of the GDPR, or, as the case may be, to execute a contract, or a pre-contractual measure requested by the User, pursuant to art. 6, para. 1., letter b) of the GDPR, for the pursuit of its legitimate interest in free economic initiative pursuant to art. 6, para. 1., letter f) of the GDPR and art. 41 of the Constitution), on the basis of the User's consent, pursuant to art. 6, paragraph 1, letter a) of the GDPR where necessary or to fulfil a legal obligation to which the Data Controller is subject pursuant to art. 6, paragraph 1, letter c) of the GDPR.


    1. Transfer of data to non-EU countries


    • The Data will not be transferred outside the territory of the European Union and will be stored on servers located within the European Union.


    1. Processing methods


    • Processing of the collected Data will be carried out by the Data Controller electronically, by means of suitable tools to guarantee its logical and physical security and, in general, confidentiality; the data will be processed by putting in place all the necessary technical and organisational measures to guarantee its security also with reference to measures aimed at preventing unauthorised access, disclosure, modification or unauthorised destruction of the data.


    • The processing of the Data will consist of the collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication, limitation, deletion or destruction.


    1. Security


    • This Website has been examined by the Data Controller, and by the technicians appointed by the same, and does not contain dangerous content.


    1. Nature of the provision of Data


    • The Browsing Data is automatically acquired by the Website. The provision of Voluntary Data or data collected through cookies by the User is optional and refers to the provisions of the current cookie policy and to the specific information relating to the services of the Website. Failure to provide data may result in the impossibility of obtaining what is requested, the impossibility of providing certain services and the experience of browsing the Website may be compromised.


    1. Data retention period


    • The Browsing Data will be kept exclusively for the time necessary to fulfil the specific purposes, and in any case not more than seven days.


    • For the data collected with cookies, please refer to the cookie policy and, specifically, to the settings panel shown in the cookie policy.


    • The Voluntary Data for which consent is required will be kept until the consent is revoked. The Voluntary Data collected for the execution of the services of the Website communicated by users that do not require consent will be kept for as long as is necessary to carry out the purposes indicated and, in any case, for the period indicated in the specific information for the services placed on the Website to which reference is made.


    • Once the retention period has expired, the Data will be deleted.


    1. Disclosure of Data


    • The Data Controller communicates the Data to third parties only when this is necessary and functional to achieve the purpose of data processing pursued according to the service requested by the User.


    • In general, the Data collected for the purposes indicated in this information can be communicated: (i) to subjects to whom the right to access them is granted by law or by regulations (public security authority and police force); (ii) to subjects appointed as external data controllers such as technical services, development and maintenance companies of the web platform, hosting providers, data processing and IT services companies (e.g. web hosting, data entry, management and maintenance of infrastructures and IT services) or companies providing development, delivery and operational management services of the technological platforms used; (iii) to subjects who provide administrative, commercial or legal services, also specifically appointed as external managers.


    • The Data may also be known and processed by the Data Controller's personnel, assigned to the processing and specifically to the processing to the extent that this is necessary for the performance of their duties, carrying out only the operations necessary for execution of the same.


    • The updated list of such subjects may be requested at any time from the Data Controller.


    • No Data is in any way disseminated.


    1. Place of processing


    • The processing of Data relating to the Website takes place at the headquarters of the Data Controller or in another place where the company server is located from time to time (in any case in Italy) and are handled by technical personnel assigned to the same processing. If required, the Data may be processed by the person who oversees maintenance of the technological part of the Website at the headquarters of the same who will be appointed as person responsible for external processing.


    1. Safety Measures


    • User Data is processed in a lawful and correct manner, adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or the unauthorised destruction of data. The Data Controller, specifically, has implemented appropriate measures to protect the Data from accidental loss and from unauthorised access, use, modification and disclosure.


    • In the unlikely event that the Data Controller believes that the security of the Data collected, in its possession or under its control, has been or may have been compromised, the Data Controller will inform Users of the event in the manner prescribed by law, using the methods prescribed by it.


    1. Rights of the User


    • In accordance with the provisions of Chapter III, Section I, GDPR, the User may exercise the rights indicated therein and in particular:


    • Right of access - to obtain confirmation as to whether or not data is being processed and, in this case, to receive information relating, in particular, to: the purposes of the processing, categories of personal data processed and retention period, recipients to whom these may be communicated (art. 15 of the GDPR);
    • Right to correction - to obtain, without undue delay, the correction of inaccurate data and the integration of incomplete personal data (art. 16 of the GDPR);
    • Right to deletion - to obtain, without undue delay, the deletion of data, in the cases provided for by the GDPR (art. 17 of the GDPR);
    • Right of limitation - to obtain the limitation of processing, in the cases provided for by the GDPR (art. 18, of the GDPR);
    • Right to portability - to receive in a structured format, commonly used and readable by an automatic device, the data provided, as well as to obtain a situation whereby the same are transmitted to another data controller without hindrance, in the cases provided for by the GDPR (art. 20 of the GDPR);
    • Right to lodge a complaint with the supervisory authority - to lodge a complaint with the competent supervisory authority for the protection of personal data in the EU member State in which the data subject habitually resides or works, or in which the GDPR is breached (art. 77 of the GDPR). In particular, with reference to Italy, the Authority for the Protection of Personal Data, Piazza Venezia n. 11, 00186 Rome (RM).
    • Right to object - to object to the processing of data, unless there are legitimate reasons to continue processing (art. 21 of the GDPR);
    • Right of revocation – if the User has given consent for the processing of data for the purposes for which it is requested, the latter will in any case remain free to revoke it at any time. Following the revocation, the data will no longer be processed for the purposes for which consent is required. The withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal.


    The User may also exercise these rights by simply sending a request by e-mail to the addresses or contact details indicated above.

    1. Absence of automated decision-making processes


    • The Data Controller will not make decisions based on automated processes.


    1. Minors


    • The Data Controller's products are not intended for minors under the age of 18 and the Data Controller therefore does not intentionally collect Data or, in general, personal information relating to minors. In the event that information concerning minors is inadvertently recorded, the Data Controller will delete it in a timely manner, at the request of Users.



    OME Metallurgica Erbese S.r.l.