Privacy Policy – GDPR
Policy for contact information and marketing activities
Who are we and what do we do with your personal data?
Officine Maccaferri S.p.A., with registered office in Via Albricci 9, Milan (hereinafter also referred to as the Data Controller), is concerned about the confidentiality of your personal data and guarantees it the necessary protection from any event that may put it at risk of violation. To this end, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of the rights that are recognized by applicable legislation. The Data Controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organizational changes that may affect the processing of your personal data.
The Data Controller has appointed a data protection officer (DPO) who you can contact if you have any questions about the policies and practices adopted.
Who is the data protection officer?
Colin Partners – Avv. Valentina Frediani – [email protected]
Who are the recipients?
- external data processors and any additional data controllers and/or joint controllers
- Maccaferri Group Companies, for administrative/fiscal purposes
- public authorities in fulfillment of regulatory obligations
- IT assistance service provider
- Company of the Maccaferri Group, if consent is given, for its own purposes related to marketing
How does the Data Controller collect and process your data?
The Data Controller collects and/or receives information about you, such as: IP address, personal identification data (such as name, surname, e-mail address, telephone, role, company), released by filling in the form or chatbox and while browsing the website. Your personal data will not be disseminated or disclosed to unspecified parties in any way.
They serve the Data Controller:
1. to respond to your request for information via the Contact form or the chatbox
Your personal data will be processed to follow up on the management of the site and your request to receive information through the “contact us” form or the chatbox on the Data Controller’s website. The communication of your personal data takes place mainly to third parties and/or recipients whose activity is necessary for the performance of the activities related to the aforementioned purposes, and also to meet certain legal obligations, such as:
- IT support companies and hosting companies;
- Companies that offer website management and maintenance services.
Any communication that does not meet these purposes will be subject to your prior consent.
2. for the activity of sending promotional communications
If you give your consent, the processing of your personal data takes place to offer you new services/products, and to send you advertising material and/or to carry out market research. The processing of your data (such as name, surname, email) may take place to:
The processing in question can be carried out if you give your consent for the use of the data also with reference to the communication methods, both traditional and automated, with which the processing takes place.
3. for communication to companies of the Maccaferri Group
In addition, always subject to consent, your data (name, surname, email) may be communicated to Group companies (including Associates), including those located outside the EU, for their own purposes, including those related to the promotion of their products/services.
Your personal data will not be disseminated or disclosed to unspecified parties in any way.
The Data Controller transfers your personal data to non-EU countries, to the Affiliates (here is the list of countries where they are located), based on any consent you may wish to provide. In this sense, we inform you that the transfer in question, not being subject to any specific guarantee provided for by the EU Regulation, may present some risks related to potential access to your data by security authorities and/or similar bodies without you being able to object to such access.
4. for IT security purposes
The Data Controller processes your personal data, including computer data (e.g. logical access) or traffic data collected or obtained in the case of services displayed on the website or on platforms referable to the Data Controller (e.g. for event registration), to the extent strictly necessary and proportionate to ensure the security and ability of a network or servers connected to it to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and on the basis of a legitimate interest of the Data Controller.
To this end, the Data Controller provides procedures for the management of personal data breaches incompliance with the legal obligations to which it is required/are required.
| Personal Data will be treated: | The treatment takes place on the basis of: | Personal data concerning you are: |
|---|---|---|
| For execution and management of the request to participate in the event/conference, including archiving and storage and also communication to recipients and/or third parties depending on the contractual relationship and the resulting obligations | Activities planned for participation in the event and the consequent fulfillment of activities arising from the request for participation | • name surname • physical and telematic address • landline and / or mobile phone number • relating to commercial and / or professional activity |
| For the fulfillment of IT security obligations | Legitimate interest of the data controller or third parties and recipients | Logical access |
| For sending promotional communications of the Controller’s services/activities | Your consent | • name surname • physical and telematic address • landline and / or mobile phone number • relating to commercial and / or professional activity |
| For the communication of personal data to subsidiaries of the Maccaferri Group for their own purposes also related to marketing (also outside the EU) | Your consent | • name surname • physical and telematic address • landline and / or mobile phone number • relating to commercial and / or professional activity |
Information – Marketing Activities<br>
What happens if you don’t provide your data?
The personal data concerning and identifying you are necessary for the purpose of fulfilling the request you submit through the “contacts” section or the chatbox. If not provided, the Data Controller cannot fulfill your requests.
What happens if you do not give your consent to the processing of personal data for the purpose of sending promotional communications relating to the activities/services of the Data Controller and for communication to the companies of the Group?
The processing of your personal data will not take place for these purposes; this will not affect the processing of your data for the main purpose, nor the one for which you have already given your consent, if required. If you have given consent and subsequently need to withdraw it or object to the processing, your data will no longer be processed for this purpose, without this resulting in negative consequences or effects for you.
How and for how long is your data stored?
The processing of data concerning you takes place through electronic means and tools made available to subjects acting under the authority of the Data Controller and authorized and trained for the purpose.
Where
The data are stored in paper, computer and telematic archives located within the European Economic Area, and adequate security measures are ensured. This is without prejudice to any transfers that you have authorised with your consent (see point 4 above)
How long
Personal data are stored, if necessary, in electronic archives protected by effective and adequate security measures to counter the risks of violation considered by the Data Controller for the time necessary to comply with the requests for information and the sending of communications of this exclusive nature that the Data Controller makes following your request and in any case for a period not exceeding a maximum of 24 months, except in cases where events occur that involve the intervention of the competent Authorities, also in collaboration with third parties/recipients who are responsible for the IT security of the Data Controller’s data, to carry out any investigations into the causes that led to the event.
Personal data processed for marketing purposes (direct, research and market surveys) will be stored for 24 months in compliance with the ruling on the point of the national data protection authority as far as it still produces effects, unless you revoke the consent you have given and/or unless you object to the processing.
However, this is without prejudice to your right to object at any time to processing based on legitimate interest for reasons related to your particular situation.
Once all the purposes that legitimize the storage of your personal data have been exhausted, the Data Controller will take care to delete them or make them anonymous.
What are your rights?
Compatibly with the time limits established for the processing of personal data concerning you, the rights you are granted allow you to always have control of your data. Your rights are those of:
- access;
- rectification;
- cancellation;
- restriction of processing;
- objection to processing;
- portability.
Your rights are guaranteed to you without any special charges and formalities for requesting their exercise, which is essentially intended free of charge.
You are entitled:
- to obtain a copy, including in electronic format, of the data to which you have requested access. Should you request further copies, the Data Controller may charge you a reasonable fee;
- to obtain the erasure of the same or the limitation of processing or even the updating and rectification of your personal data and that your request is also complied with by third parties/recipients in the event that they receive your data, unless legitimate reasons prevail that are superior to those that led to your request (e.g. environmental investigations and containment of the risk caused by the emergency managed through them by the Data Controller);
- to obtain any useful communication regarding the activities carried out following the exercise of your rights without delay and in any case, within one month of your request, unless extended, justified, up to two months which must be duly communicated to you.
- For any further information and in any case to send your request, you must contact the Data Controller at the address [email protected]
Your rights are guaranteed to you without any special charges and formalities for requesting their exercise, which is essentially intended free of charge.
Who can you complain to?
Without prejudice to any other administrative or judicial action, you may lodge a complaint with the competent supervisory authority or the one that carries out its tasks and exercises its powers in Italy where you have your habitual residence or work or, if different, in the Member State where the violation of Regulation (EU) 2016/679 took place.