This Privacy Statement describes our handling of Personal Information in connection with your use of our websites, mobile apps and the services we provide. By using our websites and services, you hereby consent to these terms.
“Personal Information” refers to information that identifies you as an individual. This Privacy Statement describes how we collect, use, share, and protect, your Personal Information, and choices you have regarding your Personal Information treatment. We encourage you to read this Privacy Statement, drawn in compliance with art. 13 GDPR 2016/679 and with Recommendation n°2/2001 issued by European Autorities on May 17th 2001: personal data protection of users connecting to www.rmg.it. Is described, with a focus on minimum requirements related to nature of collected data, ways and timing of data collection during web connection, referring to Measures issued by Italian DPA on May 8th 2018.
The Controller of your data is:
R.M.G. RAFFINERIA METALLI GUIZZI S.P.A.
A list of External and internal Responsible of data processing is available on request.
GENERAL PRINCIPLES OF PERSONAL DATA PROCESSING
Your personal data will be collected, stored, treated and sent complying with Controller’s criteria, law’s and regulations in force.
Data treatment is based on following principles:
Lawfulness, fairness and transparency: Tell the subject what data processing will be done. What is processed must match up with how it has been described. Processing must meet the tests described in GDPR [article 5, clause 1(a)].
Purpose limitations: Personal data can only be obtained for “specified, explicit and legitimate purposes”[article 5, clause 1(b)]. Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.
Data minimization: Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” [article 5, clause 1(c)]. In other words, no more than the minimum amount of data should be kept for specific processing.
Accuracy: Data must be “accurate and where necessary kept up to date” [article 5, clause 1(d)]. Baselining ensures good protection and protection against identity theft. Data holders should build rectification processes into data management / archiving activities for subject data.
Integrity and confidentiality: Requires processors to handle data “in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage” [article 5, clause 1(f)].
Storage limitations: Regulator expects personal data is “kept in a form which permits identification of data subjects for no longer than necessary” [article 5, clause 1(e)]. In summary, data no longer required should be removed
TYPE (NATURE) OF DATA COLLECTED
When you access to our web site, different information may be collected.
Any information concerning natural persons that are or can be identified also by way of other items of information – e.g., via a number or an ID code. For instance, personal data is one´s first or last name, address, Tax ID as well as a picture, the recording of one´s voice or one´s fingerprint, or medical, accounting or financial information relating to that person.
The Controller will not treat nor process sensitive data, as described by art. 9 GDPR 679/2016, such as a personal data requiring special precautions on account of its nature. A sensitive data is any data that can disclose a person´s racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, health, sex life or crime sentences (art. 10 GDPR 679/2016).
Unless specifically requested, we kindly ask to users not to submit us, nor to broadcast personal sensitive data, on or through our web site. If we ever will ask such data from users, we will firstly obtain their explicit consent.
WEB SITE SURFING AND ACCESS REGISTRATION – COOKIE AND LOG FILES
Our web site also uses log files in order to count visitors and evaluate technical skills of web site itself. We use all these information to know how many visitors we have on our site, to better organize our pages, to easy surfing on our web site and make its pages more useful.
We collect information on web site traffic, but not on single visitors. Therefore, we won’t be able to collect or store any information directly related to you. We use Google Analytics, is a freemium web analytics service offered by Google that tracks and reports website traffic: through cookies, information about your use of our web site are generated (included your IP address) sent and stored into Google Server in US. Google will use these information in order to analyze how you use the web site, draw reports on web site activities and provided these to web site operator, to provide more services related to web site activity and internet use. Whenever mandatory by law, or foreseen by contracts, Google may communicate these information to third parties. Google will not match your IP address to any other of your data already acquired by Google. You can deny your consent to cookies by selecting the appropriate setting on your browser, but this might prevent you from using all of our web site functions. By using our web site, you give your consent to Google for your data treatment, according to what described above.
DATA PROCESSING PURPOSES
We collect, store and process your personal data in order to provide you services through our website, in compliance with law prescriptions.
Data will be collected exclusively for the following purposes:
-For an effective management of our web site an services offered therein
-In order to provide services offered and handle daily company needs
-To allow users registration and access to defined web site areas
-Contact users (e.g. Via e-mail) following web enquiries
-To comply with law
A part from what described above, referring to web surfing data, you are free to provide your personal data possibly required to fill different forms (related to enquiries on products information or their availability). Please keep in mind that lack of data conferral will make impossible to answer to your enquiries.
PROCESSING PROCEDURES AND DATA SAFETY
Your personal data will be collected and processed, electronically or through papers, exclusively for the purposes described herein, and record retention will last no longer than required or, up to when the Controller will receive your request of cancellation for treatment related to optional consent.
Your personal data will be stored in our server or in servers belonging to our entrusted provider’s (acting as Esternal Responsible) within EU (France) or in EU Countries were contract clauses for a safe data transferal are in force.
Your personal data are processed according to confidentiality principles listed in the measures issued by the Italian DPA. Collected data are processed by authorized personnel. All the personnel accessing to data has been previously authorized through official designation, as foreseen by law. Collected data could be periodically updated with information provided later.
We use controls, technical and managerial measures in order to protect user’s personal data from unauthorized access, loss or abuses. Unfortunately, data on the Internet can’t be 100% safe. Thus, even if we protect all the personal information, we can’t be sure or warranty that these information will be completely protected by hackers or other criminal acts, or in case of fail/damages to software, hardware and web. The Controller will inform users whenever acknowledges security violation (data breach), related to users personal data under his control. If the users is willing to communicate us his/her personal e-mail address, he/she gives express consent to receive electronical warnings in case of security violation.
When you register on our web site, you choose an Id and a password, which will allow you to access the website. In creating your password, we suggest you to pay attention to some simple rules, in order to make it harder to hacker: a safe password should be made at least of 8 figures, mixed letters and numbers, better if capital and lower case, inclusive of special key (like #, ^,! etc.). Moreover, we recommend to change your password on regular base, without communicating it to others. You are responsible for each single act mad through your account, if you should loose your password you might loose control on your personal information, and binding actions might be take place for and on behalf of you. Therefore, if for any reason your password might be compromised, change it immediately.
PERSONAL DATA COMMUNICATION
Without prejudice to mandatory communication, your data might be communicated to:
Third Parties which we rely on for services provision and related activities, designated by the Controller.
Delegates in charge for technical maintenance (included web maintenance), designated by the Controller.
Anyhow, just strictly needed data, related to tasks they are in charge for, will be communicated to the abovementioned.
Personal data will not be broadcasted.
The Controller cooperate with Law Enforcement and Authorities to make users respect rules, other users and third parties rights, included intellectual property rights. Therefore your personal data might be communicated to Authorities whenever needed in case of defense, prevention, verification or repression of crimes in compliance with related laws and regulations.
Authorities will have the rights to ask and obtain your personal information also in relation to verification or investigation on swindle, web fraud, rights or intellectual property violation, hacking or other illicit actions which might involve us or our users in legal issues entailing civil or criminal responsibility.
RIGHT AND RIGHTS EXERCISE
Complying with law in force, at any time you might:
Be informed regarding your data presence
Know origin, content, goals and process pattern.
Logic underlying electronic treatment
Details of Controller, Processor, Parties whom your data have been communicated to
Moreover you have the right of:
Update, integrate, correct your data and rights of portability
Cancellation, anonymization, block of your data processed against law
Opposition to data processing, for legitimate reason, pertinent to processing
Opposition to data processing for marketing
According to GDPR 2016/679, you have the rights to complain to Authority.
In order to exercise your right you can contact:
R.M.G. RAFFINERIA METALLI GUIZZI S.P.A.
Via San Lorenzo, 52/54
25069 Villa Carcina (BS) – Fraz. Cogozzo
T. +39 030 8900427
F. + 39 030 8900556
In case the user will ask to access to his/her personal information or cancel them from our system and registers, we will to any possible extent, within timing foreseen.
We inform our users that, due to technical limits and to the back up system, their information might be retained in our system for a certain length of time following cancellation.
All rights are due to the Controller for refuse personal data access or cancellation request, if access or cancellation are not foreseen by law. In order to safeguard from illicit requests, all rights are due for collecting sufficient information aimed to verify the identity of the applicant, before correcting or granting access.
Minor using web site
Our web site is not addressed to minors (younger than 18 y.o.) We do not intentionally collect nor ask information related to minors.
Your data will be stored in database on our server or on our entrusted provider’s server, in Italy, or in EU Countries or in Switzerland, where clauses for a safe transfer of data are in force.
All rights are due to the Controller for changing web site and Policy at any time.
User must always refer to on line policy. Changes will be in force from the moment they will be published on the web site. If the user will keep using the web site after any change, this will be considered as an acceptance of such changes.