INFORMATION PURSUANT TO THE GENERAL REGULATIONS ON DATA PROTECTION EU Reg. 2016/679
With this information, communicating the commitment of our Company to the protection of the right to privacy of those who choose our corporate services, we will explain the principles and methods of processing and protection of personal data.
The purpose of the information is to provide maximum transparency regarding the information that the site collects and how it is used.
1- PRINCIPLES APPLICABLE TO TREATMENT ACTIVITIES
The services provided by SOIMAR GROUP SPA provide for the processing of company data and personal data. According to article 13 of the European regulation we inform you that personal data are processed in compliance with the principles of: lawfulness, the treatment is based on compliance with the rules; correctness, the treatment respects the mutual needs as well as the rules; purpose limitation, the purposes of the processing are determined, explicit and legitimate; treatments after the initial ones will not have purposes incompatible with the original ones (without prejudice to further processing for archiving purposes in the public interest or for scientific and historical research purposes or for statistical purposes); data minimization, data are adequate, relevant and limited to what is necessary to meet the purposes; exactness, the data are accurate and, if necessary, updated; all reasonable measures are taken to cancel or correct inaccurate data in a timely manner; limitation of conservation, the data are stored in a form that allows your identification and for a period of time not exceeding the achievement of the purpose for which they were acquired; integrity and confidentiality, acquired data protected by technical and organizational measures to ensure adequate security, including protection, in order to avoid or minimize the risks of unauthorized or unlawful processing, loss, destruction or accidental damage; responsibility, the organization of the holder provides for the responsibilities identified, assigned and verified over time; revaluation of security policies applied to data, systems and information networks, are periodically reviewed and revalued; oblivion, after a reasonable period of time, which normally coincides with the end of processing operations, data deletion or transformation into anonymous form may be requested.
2- HOLDER OF THE TREATMENT
The data controller is SOIMAR GROUP SPA TORINO (TO) CORSO LUIGI EINAUDI 30 CAP 10129 – Tel. – Fax – email: -email@example.com
3- DATA PROTECTION OFFICER DPO
SOIMAR GROUP SPA has not designated Data Protection Officer because is not required.
4- PURPOSE AND LEGAL BASIS OF TREATMENT. DATA CATEGORIES
The personal data acquired, also through the website www.soimar.com, owned by us, pursuant to EU regulation 2016/679 of the European Parliament and Council of 27 April 2016, are processed for the following purposes:
- design activities, construction, production, sales and marketing of industrial plant and equipment
- establishment and management of the contractual relationship
- managing the customer / supplier / personnel / users database
- management of tax and tax data
- personnel selection
The legal basis justifying the processing of data is the employment contract.
For the above mentioned purposes, the SOIMAR GROUP SPA deals with the following categories of data:
- common personal data
- navigation data on the website
Our site does not use data for the purpose of sending advertising , does not use third-party services that collect data for purposes of sending advertising and does not use social plugins for sharing content that may collect data for purposes sendingadvertising.
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment. These data are used for the sole purpose of obtaining any anonymous statistical information on the use of the Site to check its correct functioning, to identify anomalies and / or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site or third parties.
The optional, explicit and voluntary sending of messages to the Company’s contact addresses, such as sending the curriculum via email, as well as filling in and forwarding the forms on the site, entail the acquisition of the sender’s contact details, necessary to respond, as well as all personal data included in communications.
Our website uses analytical cookies for statistical analysis of access through the Matomo / Piwik web analysis platform, which collects anonymous and aggregate data on how much and how users use our site and stores additional information for each visit, such as for example the page of origin or the type of browser used. The collected data are processed only for statistical purposes and exclusively by SOIMAR GROUP SPA.
Analytical cookies preferences (opt-in/opt-out)
Session cookies (non-persistent) are used strictly limited to what is necessary for the safe and efficient navigation of the site. The storage of session cookies in the terminals or browsers is under the control of the user, where on the servers, at the end of the HTTP sessions, information relating to cookies remain recorded in the service logs, with storage times no longer than seven days like the other navigation data.
It is also used a persistent cookie to store the choice of language for displaying the site.
You can configure your browser to completely disable cookies, the disabling modes offered by the main browsers are available at the following links: [Internet Explorer] – [Chrome] – [Firefox] – [Safari]
5- TREATMENT MODE
The processing of data is carried out on paper and electronic media (including management SW), by natural or legal persons designated to manage or support the company’s activities in compliance with logical, physical security and confidentiality. The data in question are treated, as “authorized persons”, by our collaborators and / or our employees.
6- DATA ADDRESSEES
With reference to the purposes of the processing for which they are acquired, the data can and must be communicated by express legal obligation, regulation and consequently of contract, to third parties identified in natural or legal persons and public authorities appointed to receive them. For example: Revenue Agency, Bankruptcy Court Registrar, Public Prosecutor’ss Office, INPS, INAIL, Social Security Office, Provincial Labor Office, Credit Institutes, Postal Institutes, School Institutes, Universities, Certification Bodies, and other subjects inspections and supervisory measures against which the communication / information of data is mandatory.
7- DATA CONSERVATION PERIOD
The data provided will be kept for the entire duration of the service provided, and for a subsequent period of up to 10 years to fulfill the conservation obligations required by civil, tax and tax regulations.
8- TRANSFER OF PERSONAL DATA TO COUNTRY THIRD OR TO AN INTERNATIONAL ORGANIZATION
Personal data may be transferred to countries outside the EU and in this case the Holder agrees to:
- ensure an adequate level of protection by setting appropriate guarantees and complying with the provisions of Regulation (EU) 2016/679;
- manage the transfer of personal data on the basis of:
a) decisions on the adequacy of the European Union;
b) standard contractual clauses / binding corporate rules;
c) code of conduct approved by the relevant control authority / official safety certifications..
- manage the transfer of personal data on the basis of the consent of the interested party whose personal data must be transferred, or on the basis of the exceptions pursuant to Article 49 of Regulation (EU) 2016/679 if the transfer can not be performed on the basis of the aforementioned cases a), b), c).
9- PROFILING ACTIVITIES
Personal data will be acquired and processed without carrying out analyzes aimed at “profiling” (any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects related to a physical person, in particular to analyze or predict aspects concerning the professional performance, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that physical person).
10-RECOGNIZED RIGHTS AND EXERCISE MODALITIES
Data subjects, in addition to the right to lodge a complaint with a supervisory authority, may exercise the following rights:
Art. 15 Right of access – he data subject has the right to obtain from the data controller confirmation that the processing of personal data concerning him or her is in progress and, in this case, to obtain access to personal data and information concerning the treatment.
Art. 16 Right of rectification – The data subject has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
Art. 17 Right to cancellation (right to be forgotten) – The data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay.
Art. 18 Right to limit the processing – The data subject has the right to obtain from the data controller the limitation of treatment when one of the following hypotheses occurs:
a) the data subject disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
d) the data subject objected to the treatment pursuant to article 21, paragraph 1 of the regulation, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
Art. 20 Right to data portability – The data subject has the right to receive, in a structured, commonly used and automatically readable form, personal data concerning him / her provided to a data controller and has the right to transmit this data to another unrestricted data controller by the data controller who supplied them. In exercising its rights with regard to data portability, the data subject has the right to obtain direct transmission of personal data from one data controller to another, if technically feasible.
Art. 21 Right to object – The interested party has the right to object at any time, for reasons connected with his particular situation, to the processing of personal data concerning him / her including profiling on the basis of these provisions.
Art. 22 Right not to be subjected to automated decision-making, including profiling – You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects your similarly significant on his person.
The rights can be exercised by making a request directly to the Data Controller, which can be contacted at the addresses indicated at point 2. If the person concerned finds anomalies or violations regarding the processing of personal data, he has the right to contact the Guarantor for the protection of personal data http://www.garanteprivacy.it or the European Data Protection Supervisor using the following link http://www.edps.europa.eu.
11- Failure to provide the personal data requested pursuant to point 4 makes it impossible to perform the services contractually requested to SOIMAR GROUP SPA