Metal Work S.p.A. with headquarters in Via Segni, 5/7/9, Concesio (BS), Postcode: 25062, VAT REG. No.: 03472820178, TEL. 030 218711, e-mail: firstname.lastname@example.org, certified e-mail: email@example.com, is the Data Controller for personal data.
The company also acts as an autonomous Data Controller for partner sites that may sometimes take part in data processing activities autonomously.
1) Browsing data
IT systems and software procedures used to operate this website capture personal data during normal operation, the transmission of which is implicit in the use of internet communication protocols.
This is information which could, by its very nature, through association and processing with data held by third parties, make it possible to identify users/visitors (e.g. IP address, domain names of computers used by visitors/users connecting to the site etc.).
This data is only used for statistical information and to check the site is operating correctly.
Web contact data is not however kept for more than seven days, subject to investigations into computer-related crime resulting in damage to the site.
No information resulting from the web service will be communicated or disclosed.
2) Data voluntarily provided by users/visitors
Users/visitors connecting to the site to send personal data to access services, send requests by e-mail or to send their CV, should be aware that this will involve the Data Controller acquiring the sender's address and/or other personal data, which will be processed for the sole purpose of responding to the request or providing the service.
Personal data provided by users/visitors will only be communicated to third parties if such communication is required to fulfil requests they submit, or to comply with legislation (e.g. invoicing or recruitment after submitting a CV).
Data is processed using automated tools (e.g. electronic media and procedures) and manually (e.g. paper copies) for the time strictly necessary for the purpose for which the data is gathered, and in accordance with data processing legislation.
Specific security measures are observed to prevent the loss, incorrect or illegal use of data or unauthorised access, such that access is only permitted to parties or data processors appointed in accordance with legislation. A list of data processors appointed in accordance with article 28 of EU Regulation 679/2016 is available at the headquarters of the Data Controller.
Purposes of data processing
The purposes of the data processing carried out by the Data Controller are as follows: a) to gather, store and process data to manage and fulfil contractual obligations to deliver the service offered on the site;
- to use the personal data provided by users (e-mail address in particular) to communicate in relation to executing the contractual agreement;
- to process the personal data provided and the data captured when browsing the site, to deliver a service consistent with the information sent during use of the service;
- to gather, store and process data to carry out statistical analysis in an anonymous and/or aggregate form;
- to carry out our business operations, such as offering customised content such as newsletters;
- to communicate business information on future initiatives and announcements on new products or services;
- to perform market research, statistical and economic analyses;
- to send advertising or promotional material, and to carry out competitions with prizes and promotional initiatives in general.
Legal basis of the processing
The legal basis for customer data being processed by the Data Controller via the site indicated is a request in contracts or precontractual understandings established with data subjects. If this is not the case, the legal basis is the data subject's consent.
In addition to the Data Controller, in some cases certain categories of data processors and authorised parties involved in the operation of the corporate website could have access to the data (administration, commercial, marketing and legal personnel and system administrators). Furthermore, the Data Controller may use external parties (suppliers of third-party technical services, transport providers, hosting providers, cloud services, IT companies, communication agencies) who may be appointed as external data processors. An up-to-date list of data processors can be requested at any time from the Data Controller, via the address indicated above.
Transfer of data to countries outside the EU
The Data Controller uses servers located in the following countries to provide the services offered on the site:
This is deemed suitable on the basis of Regulation 2016/679/EU as it is within EU territory.
Data processed by the Data Controller will not be disclosed.
Data processing location
Data relating to the web services on this site is processed on the Data Controller's premises, and only by technical personnel in the department appointed by the Data Controller.
Data storage location and timescales
Data is processed for the time required to provide the service requested by users, then destroyed using secure methods, such as shredding paper documents and wiping electronic copies.
Optional or compulsory data
Apart from the information stated regarding browsing data captured automatically, users/visitors can choose whether or not to provide their personal data. Failing to provide the data may prevent requests from being fulfilled. Expressly and voluntarily choosing to send an e-mail to addresses on this site will result in the user's address being captured, for the purpose of fulfilling requests for services and/or information, in addition to any other personal data entered on forms.
Rights of Data Subjects
In accordance with the GDPR, data subjects have the right to obtain information on its existence at any time, in addition to the content and origin, check its accuracy or ask for it to be supplemented, updated or amended.
Requests should be sent to: Metal Work S.p.A. with headquarters in Via Segni, 5/7/9, Concesio (BS), Postcode: 25062, VAT REG. No.: 03472820178, TEL. 030 218711 e-mail: firstname.lastname@example.org, certified e-mail: email@example.com.
With regard to processing the aforementioned data, users have the right to obtain the following from the Data Controller:
- confirmation of the existence of their personal data, its communication in an intelligible format, understanding of its origin, and the logic at the basis of its processing;
- deletion of their personal data within a reasonable timescale, its transformation to make it anonymous, or block data processed in breach of legislation,
- to have it updated, supplemented or amended;
- a statement that the operations referred to in 2 and 3 above were made known to parties to whom the data was communicated, except where this is impossible or involves disproportionate methods;
- Users also have the right to have their personal data amended or deleted, or its processing restricted;
- Users have the right to withdraw consent to processing which is optional and is not related to executing the contract agreed with the Data Controller;
- Users also have the right to object to their data being processed, even if it is relevant for the purpose it was collected, request data portability, exercise their right to be forgotten, and contact the Supervisory Authority for the protection of personal data to report any alleged breach. In Italy this Supervisory Authority can be contacted via certified e-mail sent to: firstname.lastname@example.org, or via registered post with acknowledgement of receipt sent to the Supervisory Authority for the protection of personal data, based at Piazza Venezia no. 11 – Postcode 00187, Rome (Italy).
Automated decision-making processes
Automated decision-making processes are not implemented on aggregate data collected, other than to improve site management.