Privacy Policy
Information on the processing of personal data in compliance with art. 13 of EU Regulation 679/2016 and Legis. Decree 196/2003 and subsequent amendments and additions.
Dear User,
The Data Controller hereby informs you, in accordance with art. 13 of EU Regulation no. 2016/679, that the personal data you provided will be the object of processing in the forms and within the limits provided by the regulations set out in EU Regulation no. 2016/679 (hereinafter called the “GDPR”) the object of which is the protection of individuals with regard to the processing of personal data and the free circulation of such data.
The present information will allow you to know how the Data Controller intends to manage your personal data, both that collected directed following regular registration by the User (name, surname, address, postal address, e-mail address etc.), and that collected indirectly.
The Data Controller considers the protection of the personal data of its customers and users and/or potential customers and users to be of fundamental importance and guarantees that the processing of the personal data, in whatever way carried out, whether automatically or manually, always occurs respecting the protections and rights recognized by the GDPR.
The GDPR foresees that, before proceeding to the processing of the Personal Data, the person to whom such Personal Data belongs needs to be duly informed on the reasons why such data are required and the manner in which they will be used.
The processing of your personal data will be based on the principles of correctness, lawfulness, transparency, purpose and retention limitation, minimization and exactness, integrity and confidentiality, as well as the principle of accountability as per art. 5 of the GDPR.
We also wish to inform you that:
A) The Data Controller of your personal data is
Acciaieria Arvedi S.p.A
Registered Office
Viale Enrico Forlanini, 23
20134 Milano
Italy
which avails itself of the website www.arvedi.it as well as the Customer Portal https://customer-acciaieria.arvedi.com. For all the questions relative to the Processing of their personal Data and/or should a User wish to exercise their rights as provided by the present Information, direct communication should be made to the e-mail address info@arvedi.it
B) The personal data object of the processing may consist in an identifier such as name, surname, business/company name, identification number, data relative to location, or an online identifier such as an e-mail address:
Browsing data – the IT systems and software procedures used for the functioning of the website and/or Customer Portal acquire, in the course of their functioning, some personal data the transmission of which is implicit in the use of internet communication protocols. It is information that is not collected for association with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow the users to be identified. The following fall within this category: IP addresses, the type of browser used, the operating system, the dominion name and internet website addresses from which access or exit was made, the information on the pages visited by the user within the website and/or Customer Portal, the time of access, the length of stay on the single page, clickstream analysis and other parameters relative to the operating system and the user’s IT environment. This technical/IT type of data is collected and used exclusively in an aggregate and non-identifying manner and could be used to ascertain responsibility in the case of possible IT offences harming the website and/or Customer Portal or third parties.
Data provided voluntarily by the Interested Party - The present Privacy Policy is understood as made for the processing of the data voluntarily provided through the website and/or Customer Portal. As regards this, we invite you to NOT insert in the forms therein any information that may fall within the particular categories of personal information as per art. 9 of the GDPR (for example, data referring to your state of health).
Third-party data provided voluntarily by the Interested Party – In using particular services processing may occur by third parties of personal data communicated by you to the Data Controller. As regards this hypothesis, you become the autonomous data controller, assuming all legal obligations and liabilities.
Cookies The information on the cookies served by the site and/or Customer Portal is available at the following link: https://www.arvedi.it/pagine/cookie-policy/
(PERSONAL DATA OBJECT OF PROCESSING)
C) The personal data collected by the Data Controller through the use of the website and/or Customer Portal will be treated for the purposes of fulfilling legal obligations, responding to requests or executive functions, protecting its rights and interests (or those of Users or third parties), identifying any malicious or fraudulent activity as specified here below:
a. Purposes linked to managing contractual/commercial relations, such as satisfying specific User requests prior to concluding the contract, concluding the contract, subsequent amendments, execution of the contract, the delivery and/or management of the related services, the management of claims and the response to requests.
b. Purposes of an administrative and accounting nature, such as invoicing, the management of payments, delays in payments and/or non-payments.
c. Registration on the website. Should the User so request, his/her personal data shall be treated for the attribution of identification codes necessary for allowing registration on the website and/or Customer Portal and for using the services reserved to registered users.
d. Statistics. See the afore-mentioned cookie policy.
(PURPOSES OF THE PROCESSING).
D) The Data Controller treats the Personal Data regarding the User should one of the following conditions exist:
· the User has given consent for one or more specific purposes;
· the processing is necessary for the execution of a contract with the User and/or the execution of precontractual measures;
· the processing is necessary to fulfil a legal obligation to which the Data Controller is subject;
· the processing is necessary for the execution of a task of public interest or for the exercise of public powers which the Data Controller holds;
· the processing is necessary to pursue the legitimate interest of the Data Controller or third parties.
(LEGAL BASIS OF THE PROCESSING).
E) The Data Controller adopts appropriate security measures aimed at preventing non authorised access, disclosure, amendment or destruction of the Personal Data. Processing is effected using IT and/or telematic tools organised and with logic closely linked to the purposes indicated. Besides the Data Controller, other subjects involved in the organisation of the website and/or Customer Portal (administrative, sales, marketing, legal, system administration personnel) or external subjects (such as suppliers of third party services, mail carriers, hosting provider, IT companies, communication agencies) may also have access to the Data and be appointed, if necessary, Processing Managers by the Data Controller. (METHODS OF PROCESSING).
F) The Personal Data is treated at the premises of the Data Controller and at any other place where the parties involved in the processing are located. The User’s Personal Data may be transferred to a country other than the one which the User is in. The User has the right to obtain the information on the legal basis of the transfer of Data outside the European Union or to an international public body or one composed of two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Personal Data, in accordance with the GDPR (TRANSFER OF DATA ABROAD).
H) In order to ensure full respect of the principles of necessity and proportionality of processing, the Data Controller has identified different conservation times of the Personal Data in relation to the single aims pursued. The Personal Data will be processed for the time strictly necessary to achieve the aim, hence for the minimum period of time necessary, as indicated in Recital 39 of the GDPR, excepting a further period of conservation which may be set by legal requirements, as also provided in Recital 65 of the GDPR. In all other cases the Data Controller may process the Personal Data until the person concerned communicates, in one of the ways foreseen by the present Privacy Policy, their decision to withhold consent to one or all the aims for which it was requested. The withholding of consent shall in effect oblige the Data Controller to cease Processing activities on the Personal Data for these aims (DATA CONSERVATION).
I) As provided by article 15 of the GDPR, the User may access their Personal Data or ask the Data Controller for it by e-mail of by post, request rectification and updating of the same if incomplete or erroneous, request its cancellation if its collection occurred in violation of a law or regulation, or oppose its Processing for legitimate and specific reasons.
In particular, the interested party may at any time exercise their right as regards the Data Controller: to ask the Data Controller for access to the personal data an rectification or cancellation of the same; to limit the processing of the date to the aims strictly necessary; to oppose processing; to obtain direct transmission of the personal data from one Data Controller to another should it be technically feasible; to lodge a complaint to a supervisory authority. The afore-mentioned rights may be exercised via written communication to be sent to the contact details of the Data Controller (RIGHTS OF THE INTERESTED PARTY).
L) As provided by the GDPR, should the User consent to the Processing of their Personal Data for one or more aims for which it has been requested, the same may, at any time, totally and/or partially withdraw it without prejudice to the legitimacy of the Processing based on the consent given prior to its withdrawal. In order to exercise the right of withdrawal of consent, the interested party may contact the Data Controller in the manner indicated above in point A) (WITHDRAWAL OF CONSENT).