Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”)
Information to be provided where personal data are collected from the data subject
The information is to be considered valid only for the domain of the owner and is not valid for other pages or external websites that can be consulted through the links provided.
DATA CONTROLLER, pursuant to art. 4 and 24 of the Regulation (EU) 2016/679, is Duferco Travi e Profilati S.p.A., having its head office in Armando Diaz, 248 – 25010, San Zeno Naviglio (BS), as represented by the pro-tempore legal representative.
RESPONSIBLE FOR DATA PROTECTION (RPD | DPO) pursuant to articles 37 – 39 of the EU Reg. 2016/679 – the Data controller does not fall within the mandatory designation perimeter of the DPO.
|PURPOSES OF THE PROCESSING||LAWFULNESS OF THE PROCESSING||DATA RETENTION PERIOD|
|Browsing on this website: the data collected during the navigation will be processed to obtain anonymous statistical information on the use of the site and to check its correct functioning.||Legitimate interest |
Valued on the basis of reasonable expectations given by the data subject who surfs the current website.
|Only for the related session, after which the data are deleted.|
|Possible request for contact or request information by filling out a dedicated form||Controller’s legitimate interest: reply to users’ requests||For a maximum time of 1 year|
|Staff recruitment and evaluation of CVs provided through the “work with us” area||Contract | pre-contractual measures||For a maximum time of 1 year|
|Organizational, administrative, financial and accounting activities and clients / users management||Performance of a contract and
compliance with a legal obligation
|10 years or different legal obligation|
NATURE OF DATA PROVISION AND REFUSAL
Except for what specified for navigation data which are necessary in order to allow navigation of the website, data subjects are free to provide their personal data and their failure to provide data may result in the impossibility of obtaining the information or services requested and provided by this website.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The personal data provided will be communicated to employees or collaborators acting under the authority of the Data Controller (Article 29 of EU Reg. 2016/679), for the purposes listed above and also to companies belonging to the Group.
In order to comply with existing contracts or related purposes, your data will be processed by companies that are contractually linked to the Data Controller and in particular to: – parties that provide services for the management of the information system and telecommunications networks used by the Data Controller (including e-mail, web platform); – studies or companies in the field of assistance and consulting; – competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request.
The subjects belonging to the aforementioned categories act as Data Processors, or operate in total autonomy as separate Data Controllers. The list of Data Processors is constantly updated and available by writing to firstname.lastname@example.org, or at the registered office of the Data Controller.
DATA TRANSFER TO A THIRD COUNTRY AND/OR TO INTERNATIONAL ORGANISATIONS
Personal data will be processed by the Data Controller within the European Union territory.
If, for technical and / or operational reasons, it is necessary to make use of subjects located outside the European Union, or if it is necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the area of the European Union, the treatment will be regulated in compliance with the provisions of Chapter V of the Regulation and authorized based on specific decisions of the European Union. All the necessary precautions will therefore be taken in order to guarantee the most complete protection of personal data by basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees expressed by the third party subject pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules, the so-called Corporate binding rules.
DATA SUBJECT’S RIGHTS
You can assert your rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of the Regulation (EU) 2016/679, by sending an e-mail to the address email@example.com
You have the right, at any time, to ask the Data Controller for access to your personal data, rectification, cancellation of the same, limitation of processing. Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, eg profiling).
In the foreseen cases, you have the right to the portability of your data and in this case the Data Controller will provide you with a personal data concerning you in a structured format, commonly used and readable, by automatic device.
Without prejudice to any other administrative and judicial appeal, if you believe that the processing of data concerning you violates the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679, you have the right to complain to the Guarantor for the protection of personal data.
The data controller reserves the right to modify, update, add or remove parts of this privacy statement at its discretion and at any time. In order to facilitate this verification, the information will contain the indication of the update date.
Updating date: 5th January 2021