Guidelines on the processing of personal data (Art. 13 Legislative Decree 30.6.2003, no. 196 and Art. 13 EU Regulation 679/2016 on the processing of personal data)
This page describes the website's management methods, with particular reference to the handling of the personal data of users visiting it. These guidelines are given, pursuant to Art. 13 of Legislative Decree no. 196/2003 (HEREINAFTER THE PRIVACY CODE) and Art. 13 of EU Regulation 679/2016 on the processing of personal data (HEREINAFTER THE EU REGULATION) - to those who interact with the web services of GI.METAL s.r.l., accessible electronically from the address:
corresponding to the homepage of the Gi.Metal s.r.l. official company website.
The guidelines apply only to the website www.gimetal.it and not to other websites accessed via links.
PERSONAL DATA PROCESSING
Personal data processing means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a database, such as the collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
DATA CONTROLLER
The ownership of the data, conferred voluntarily, and processed following consultation of the site, is attributed to GI.METAL s.r.l.
• ADDRESS: Via Croce Rossa 1/c, 51037 Montale (PT)
• TEL. OFFICE: +39 0573 1943680
• FAX.: +39 0573 557332
• EMAIL: inform@gimetal.it.
DATA PROCESSOR
The data processor is Mr Marco D'Annibale
ADDRESS: Via Croce Rossa 1/c, 51037 Montale (PT)
TEL. OFFICE: +39 0573 1943680
FAX: +39 0573 557332
EMAIL: marcod@gimetal.it.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
The processing of personal data by Gi.Metal finds its legal basis in the provision of consent by the data subject.
The data conferred by the user through the website will be processed for the following purposes:
1. to allow the registration to the website and to access services reserved for registered users as well as for administrative and legal obligations related to the same;
2.in the case of an on-line purchase:
2.1 to allow the conclusion of the purchase contract and the proper execution of the operations connected to the same;
2.2 for the fulfilment of tax obligations;
3. prior to the consent of the user, for sending offers, discounts, allowances from Gi.Metal s.r.l., as well as for sending commercial or informative communications ("newsletters"), to carry out market research also aimed at assessing the degree of user satisfaction (customer satisfaction) and for the reporting of all initiatives concerning products and/or services with Gi.Metal and/or third-party brands, including products offered for sale on the www.gimetal.it website and in the participating outlets, by means of automated systems such as email or SMS ("Marketing"); check box
4. prior to the consent of the user, for the analysis of his choices of consumption and purchasing habits (so-called "Profiling"), by Gi.Metal s.r.l. through the detection of the type and frequency of purchases made on-line and, if indicated, the areas of interest optionally requested and selected by the user in the registration form, in order to send information and/or advertising material of specific interest to the user in the manner described in the paragraph ("Profiling"). check box
PROCESSING METHODS
The processing of personal data will be based on the principles of correctness, lawfulness, transparency and the protection of confidentiality.
The processing of personal data will be mostly carried out with the help of electronic or automated means, in the manner and with the appropriate tools to ensure the safety and confidentiality of the data, in accordance with the provisions of the Privacy Code and the EU Regulation. In particular, all technical, computer, procedural, logistical and organizational security measures will be taken, in order to guarantee the minimum level of data protection provided by the law, allowing access only to the people in charge of processing appointed by each of the Data Controllers or the Managers designated by the Data Controllers.
The data will furthermore be managed and protected in environments where access is under constant control.
RECIPIENTS
The personal data conferred by the user, for the purposes described may be brought to the attention of or communicated to the following subjects:
• to the employees and/or collaborators of Gi.Metal s.r.l.;
• to companies, consultants or professionals responsible for the installation, maintenance, updating and, in general, management of the hardware and software of Gi.Metal s.r.l.;
• to companies appointed by Gi.Metal s.r.l. to send on-line communications;
• to all those public and/or private parties, natural and/or legal persons (legal advice, administrative and tax offices), if such communication is necessary or appropriate for the proper fulfilment of contractual obligations assumed in connection with the services provided through the website, as well as the obligations under the law;
• to shippers and to the subjects responsible for the delivery and/or withdrawal of the products purchased;
• to all those parties (including public authorities) with access to the data under legislative or administrative provisions.
OPTIONAL NATURE OF DATA PROVISION
The provision of personal data by users is absolutely optional, however, any refusal to insert them on the page dedicated to the registration for the purposes of providing the service makes it impossible to use the Service offered by the www.gimetal.it website.
The communication of the data is a necessary requirement for the conclusion of e-commerce contracts through the website www.gimetal.it: in case of refusal, the conclusion of the same will not be possible.
RETENTION PERIOD OF THE DATA
Personal data will be kept for a period of 10 years.
RIGHTS OF THE DATA SUBJECT
The data subject has the right
a) To obtain access to their personal data;
b) To request the rectification by the data controller of any inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
c) To obtain the erasure of personal data concerning him/her without undue delay and the data controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject withdraws his/her consent to which the processing is based according to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a) of the EU Regulation no. 2016/679, and where there is no other legal ground for the processing;
• the data subject objects to the processing pursuant to Article 21, paragraph 1, and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21, paragraph 2 of the EU Regulation no. 2016/679;
• the personal data have been unlawfully processed;
• the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;
• the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of the EU Regulation no. 2016/679.
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that the data subject has requested the erasure by such data controllers of any links to, copies or replication of, those personal data.
• The foregoing shall not apply to the extent that processing is necessary:
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
• for reasons of public interest in the area of public health in accordance with Article 9, paragraph 2, letters h) and i), and Article 9, paragraph 3 of EU Regulation no. 2016/679;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, paragraph 1, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
• or for the establishment, exercise or defence of legal claims
d) to obtain from the data controller the limitation of processing when one of the following applies
• the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use to be limited;
• the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to the processing pursuant to Article 21, paragraph 1, pending the verification whether the legitimate grounds of the data controller override those of the data subject.
Where processing has been restricted in accordance with the foregoing, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing shall be informed by the data controller before the restriction of processing is lifted.
e) to oppose the processing of his/her personal data.
f) to the portability of the data. The data subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where:
• the processing is based on consent pursuant to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), or on a contract pursuant to Article 6, paragraph 1, letter b) of the EU Regulation and
• the processing is carried out by automated means.
In exercising his/her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one data controller to another, where technically feasible.
The exercise of the right to data portability is without prejudice to Article 17 of the EU Regulation 2016/679. That right shall not apply to the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
The right described shall not adversely affect the rights and freedoms of others.
g) to withdraw the consent. The data subject shall have the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw as to give consent
h) to propose a complaint to the supervisory authority (Privacy Guarantor)
BROWSING THE WEBSITE
The use of session cookies is strictly functional to optimize the website use and therefore to ensure the best navigation within the website. Access by companies is monitored only for statistical purposes by Andrea Tasso born on 21/04/1978, in Pinerolo (TO) resident in Florence, ZIP CODE 50143, Province of Florence, via Pio Fedi 81, VAT no. 02742410836 Tax ID Code TSSNDR78D21G674W and Gi.Metal s.r.l., by registration in specific log files.
Other sites on which this website may "link" may contain tracking systems to which this website owner is alienated. We do not guarantee that such external websites are equipped with appropriate security systems to protect the data processed and to prevent damages e.g. computer viruses.
TRANSFER OF DATA ABROAD
The server is a virtual server provided by Linode LLC
Address 329 E. Jimmie Leeds Road, Suite A Galloway, NJ, 08205
Located at 5N5yoyzSuhtA&utm_campaign=yelp_api&utm_medium=api_v2_business&utm_source=dWJMtmYxpd5N5yoyzSuhtA"Telecity Powergate address Volt Avenue, London NW10, UK
WEBSITE SECURITY MEASURES
Specific website security measures have been adopted to ensure safe access and to protect the information contained therein from accidental loss or destruction risks. The anti virus software used in the management of the website is updated on a daily basis. Furthermore, Gi.Metal s.r.l., while guaranteeing the adoption of special anti virus systems, reminds you that, in addition to being a legal requirement, it is appropriate for the user to equip their workstation with a virus prevention and scanning system.
PARTICULAR TYPES OF DATA PROCESSED
Web browsing data
During their normal operation, computer systems and software procedures used to operate this website acquire some personal data the transmission of which is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified users but, by its nature, it could lead to the identification of users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by the users to connect to the website, URI (Uniform Resource Identifier) addresses, requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response to it, the numerical code indicating the status of the response from the server (successful, error etc.) and other parameters pertaining to the operating system and IT environment of the user.
This data is used only to obtain anonymous statistical information about website usage and to check its correct functioning; it is deleted immediately after processing.
Data provided voluntarily by the user
The optional, express and voluntary sending of e-mails to the addresses indicated on this website entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the messages.
Specific summary information will be progressively shown or displayed on the web pages dedicated to particular on-demand services.
NEWSLETTER
Description of the Newsletter service
The Newsletter service is offered by GI.METAL s.r.l. to keep customers updated on new products, events, services and offers in progress.
The data collected in the manner described below are used by the website in order to periodically send the subscribers updates and news.
The subscription to the newsletter is not compulsory: you can reject it simply by removing the check from the relevant field.
The subscriber can, delete his address from the database at any time, clicking on the link in each email sent.