Personal Data Processing Notice
Articles 12 et seq. of EU Regulation 2016/679 (GDPR)
Subject: Personal data processing notice according to Articles 12 et seq. of EU Regulation 2016/679
Introduction - EU Regulation 2016/679 (“General Data Protection Regulation”), hereinafter GDPR) safeguards natural persons with reference to processing of their personal information. According to that law, processing of personal details referring to a subject, specifically defined as the “data subject”, is based on the principles of correctness, lawfulness and transparency and protection of the subject’s privacy and rights.
We are providing this notice to inform you that, in compliance with the above rules and in relation to the contract or relationship you have with us, our organisation has some of your personal data obtained orally, directly or through third parties who carry out tasks regarding you or who obtain information and share it with us to satisfy your request.
Since these data are to be considered “personal data”, according to the GDPR they must therefore benefit from the safeguards put in place by the aforesaid provisions. According to the above legislation, you are a data subject who benefits from rights that protect your personal data. In accordance with Articles 12 et seq. of the GDPR, as the Data Controller, our organisation will process the personal data provided by you in compliance with the law, with utmost care by implementing effective procedures and processes for safeguarding the processing of your personal details. To this end, by using tangible procedures for safeguarding the data collected, the writer is committed to protecting the information disclosed so as to avoid unauthorised access and dissemination, keeping them accurate and ensuring that they are used appropriately.
Based on this introduction, the following information is supplied:
Personal data collected - As the Data Controller, the writer uses your personal data for carrying out its business at best.
You may be asked to provide the following data, even partially:
- personal data, tax ID, VAT Reg. No., business name, registered office, residence, domicile and contact details;
- data related to contractual relationship describing the type of contract, information related to its execution necessary for fulfilment of the same contract;
- accounting data related to economic relations, sums due and payments, their periodic trend, a summary of the accounting status of the relationship;
- data for better defining the relationship with our organisation, making our collaboration more effective and our operations more efficient;
- data related to: Your employees and/or collaborators, information about the service performed or your business.
Data retention period - The data collected will be kept for the whole term of the contract or collaboration with our organisation and for 10 years from the termination date of the contract. If during the term of the contract data not related to administrative or accounting obligations are processed, these data will be kept for the time required for achieving the purposes for which they were collected and then erased. You will be informed with notices about the retention period of those data when they are collected.
Obligatory or optional nature of providing data and the consequences of your refusal – Essential data for furthering the contractual relationship must be given to the writer, as well as necessary details for obligations provided by laws, regulation, EU provisions, and the provisions of the authorities authorised by the law or by supervisory and control bodies.
Non-essential data for furthering the contractual relationship must be qualified and considered supplementary information and supplying those, if asked, is optional. However, refusing to supply these details will make the way our organisation handles relations with third parties less efficient.
In the event “sensitive data or data whose processing involves specific risks” are essential for executing the contract or fulfilment of certain services or legal obligations, supplying those data is obligatory, and since their processing is only permitted with the consent of the data subject (pursuant to Arts. 9 and 10 of the GDPR), you should also give your consent for their processing.
Processing methods – In accordance with and due to the effects of Articles 12 et seq. of the GDPR, we wish to inform you that the personal data supplied by you will be recorded, processed and kept in our hard copy and electronic files in compliance with adequate technical and organisational measures referred to in Art. 32 of the GDPR. Processing of your personal Information can consist of any task or series of tasks including the ones specified in Art. 4, paragraph 1, point 2 of the GDPR.
Personal data will be processed by using suitable instruments and procedures for ensuring security and confidentiality and may be carried out directly and/or through delegated third parties, manually by using hard copies, and by using IT means or electronic instruments. For the purposes of handling our relations correctly and fulfilling legal obligations, your data may be entered in internal records of the Data Controller and if necessary in records and registers obligatory by law.
Tasks entrusted to organisations abroad - While going about his business, the Data Controller can occasionally ask service providers to perform certain services on his behalf, such as processing or other services, for example; performances necessary for execution of required tasks or services; dispatches and deliveries; accounting records; administrative tasks. If the service provider delegated by the Data Controller for carrying out certain tasks is a company that carries out payment, collection, treasury, banking or financial intermediation services, the following services could be provided: mass processing related to payments, bills, cheques and other securities; transmission, envelop stuffing, transport and sorting of communications; filing of records, survey of financial risks; fraud prevention controls; credit collection. The aforesaid service providers will only be provided necessary information for performing the services requested, they are forced to comply with privacy laws and are forbidden to use the data supplied for any other purpose than the one agreed upon. Service providers not delegated by us as processors shall be appointed Processors in accordance with Art. 28 of the GDPR and will process data only as strictly necessary for supplying the service requested and only for the same purpose and will also guarantee that their delegates have signed a confidentiality agreement. For matters not specified herein, these subjects shall provide a specific notice on personal data they process.
Transfer of personal data abroad - The data provided by you will only be processed in Italy. If during the term of the contract your data are processed in a country not belonging to the EU, the rights given to you by EU legislation will be guaranteed and you will be notified immediately.
Purpose of processing your personal data – The main purpose of processing your personal data the writer intends to achieve is to allow for the administrative relations specified in the introduction to be established and/or continue properly.
In particular, the purposes of the processing are as follows:
- Administrative and accounting
- Tax compliance requirements or fulfilment of accounting obligations;
- Customer management such as customer administration; administration of contracts, orders, dispatches and invoices; reliability and solvency checks;
- Handling disputes such as defaults on contracts; reminders; transactions; credit collections; arbitrations; judicial disputes;
- Internal checking services on security, productivity, quality of services, integrity of assets;
- Looking after commercial and marketing activities such as market analysis and surveys;
- Promotional activities;
- Survey of customer satisfaction level;
Personal data will be processed for fulfilling legal obligations and for administrative, insurance and tax obligations provided by applicable legislation and for achieving accounting and commercial purposes, or to be able to regularly fulfil contractual and legal obligations deriving from legal relations with the data subject. Data supplied can be used for contacting the data subject during market researches regarding the products or services or the range of supplies or commercial campaigns. The data subject is free to choose not to give his or her consent for these purposes and specify the methods with which he or she wishes to be contacted or receive commercial notices.
Persons who may know your data - The following categories of subjects appointed as processors or delegates by the writer may learn your data:
- Employees or collaborators in general working in
- Protocol and internal secretariat offices;
- Employees in charge of accounting and billing;
- Workers looking after production and commercialisation of products and services;
- Workers in the marketing department;
- Consultants appointed to provide our organisation with advice, assistance and services;
- Members of supervisory bodies;
- Our agents, representatives and distributors;
Personal information may be known by subjects with agreements with the writer, specified in the paragraph entitled “Processing methods”. To such subjects the writer may delegate fulfilment of certain obligations or performance of certain acts required for execution of the on-going relationship with the data subject.
Disclosure and dissemination - Your data may be disclosed, meaning making one or more subjects aware of it, by the writer outside of the company for implementing all necessary legal and/or contractual obligations. In particular, your data may be disclosed to:
- Public entities, public officers, supervisory authority based on legal and/or contractual obligations;
- bank and/or credit institutes for looking after payments stemming from the contract;
Your data may be disclosed by the writer:
- to subjects who may access your data by virtue of provisions of law, EU regulations and legislation, within the limits provided by such rules;
- the subjects who need to access your data for purposes related to the on-going relationship between us, as strictly necessary for carrying out related tasks, such as credit institutes and couriers;
- our consultants and/or professionals, as strictly necessary for carrying out their assignment at our or their organisation, subject to being appointed by us as processors obliging them to keep your data confidential and secure.
At any rate, your data will only be disclosed to service providers for carrying out acts regarding fulfilment of relations which may take place with the Data Subjects the data refer to.
Dissemination - The writer will not disseminate your data indiscriminately. In other words, your data will not be made known to a wide range of subjects, even by making them available or for viewing.
Trust and confidentiality - The writer values the trust demonstrated by data subjects who gave their consent to the processing of their personal Information, and consequently undertakes not to sell or rent personal data to others.
Rights referred to in Articles 15 et seq. of GDPR - According to Art. 15 of the GDPR, you have the right to obtain confirmation as to the existence of your personal data even if they have not yet been recorded. Exercise of these rights is subject to verifying the identity of the data subject by submission of ID, which will not be kept by the writer, but looked at for verifying justification for the request.
You have the right to access your personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data processed;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in other countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) where the personal data are not collected from the data subject, any available information as to their source;
f) the existence of an automated decision-making process, including profiling, referred to in Article 22, paragraphs 1 and 4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
When personal data are transferred to another country or to an international organisation, you have the right to be informed about appropriate safeguards pursuant to Art. 46 of the GDPR. You have the right to ask the data controller for rectification or erasure of your personal data or restriction of processing of personal data and to object completely or partially to such processing.
In order to exercise these rights, you may contact our Personal data controller by sending a letter to Sesa SpA, Via Mantova, 12 - Olgiate Olona (VA). The Data Controller will answer you within 30 days from receipt of your formal request.
You should remember that in case there has been a breach of your personal data, you may lodge a complaint with the concerned authority: The Italian Data Protection Supervisor.
Identification of the Data Controller and the Representative in the State or Data Processor, if any.
Data Controller - Data Controller: Carlo Umberto Santori. Tel.: 031 631388; Fax: 0331 677313; certified email: firstname.lastname@example.org
Processors - Playing the role of processors are external companies with which a contract has been signed and which need to receive your personal data for fulfilment of such agreements.
To know the names of Processors, when appointed, and to know the names of the persons appointed for performing such function in future, every data subject may send a letter of request to the Data Controller at the address provided above.
It should be clarified that the Processors specified above do not respond to requests for exercising the rights of data subjects referred to in Articles 15 et seq. of the GDPR. As the Data Controller, this task is only looked after by the writer.
Processing not requiring the consent of the data subject - It is clarified that although the writer does not have your consent, he has the right to process your personal data when necessary for:
- fulfilment of an obligation imposed by law, regulations or community provisions;
- fulfilling obligations deriving from a contract you are a party to or for fulfilling certain requests you made prior to conclusion of the contract.
Your consent is not required when processing:
1) regards data obtained from public registers, lists, deeds and documents anyone can know, notwithstanding the limits and procedures established by laws, regulations and EU regulations for knowing and publicising data or data related to carrying on an economic activity, processed in compliance with business and industrial secrecy regulations in force;
2) is necessary for saving a life or for the safety of a third party. In such case, the data controller is required to inform the data subject about processing of personal details by sending a notice, even after processing, without delay. In such cases, consent is given after the notice has been provided.
3) excluding dissemination, is necessary for conducting investigations for defending one’s rights, referred to in Law No. 397 of 7 December 2000, or for asserting or defending a right in court, provided that the data are processed only for such purposes for the time strictly necessary for achieving the purpose, in compliance with business and industrial secrecy regulations in force;
4) excluding dissemination, is necessary in the cases found by the Italian Data Protection Supervisor, based on principles of law, for the purposes of the legitimate interests pursued by the data controller or by a third-party recipient of the data, even in reference to the activities of banking groups and subsidiaries or associated companies, when the fundamental rights and freedoms, dignity or lawful Interest of the data subject prevail.
The Personal Data Controller
Legal Representative Carlo Umberto Santori
WHY THIS NOTICE
This page describes how to manage the site in relation to the processing of personal data of it's users.
This notice is given pursuant to art. 13 of law. N. 196/2003 – Code regarding personal data protection to those who interact with web services of Sesa Spa for the protection of personal data accessible by computer at the address:
the home page of the official site.
The information applies only to the website of Sesa Spa and not to other Web sites accessible via links.
This statement is prompted by Recommendation no. 2/2001 by the European authorities for the protection of personal data gathered by the Group established. 29 of Directive n. 95/46/EC, adopted on 17 May 2001 to establish minimum requirements for collecting personal data online, and, in particular, the manner, timing and nature of the information that data controllers must supply to users when they log on, regardless of the purpose of the link.
The recommendation and a brief description of its purpose can be found on other pages of this site.
THE 'OWNER' OF TREATMENT
Following consultation of this site may be processed data on persons identified or identifiable.
The 'owner' of their treatment is Sesa Spa, which is based in via Mantova 12, 21057 Olgiate Olona (Italy).
TYPES OF DATA PROCESSED
Computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
This information is not collected to be associated with specific individuals, but by their very nature could, through processing and associations with data held by third parties, to identify users.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.
These data are used only to obtain anonymous statistics on site usage and to control its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site except in this case, the current data on web contacts do not persist for more than seven days.
Data provided voluntarily by users
The optional, explicit and voluntary e-mail addresses listed on this website entails the subsequent acquisition of the sender, necessary to respond to requests, and any other data included in the message.
Specific summary information will be progressively reported or displayed on web pages dedicated to particular services on request.
What are cookies and why we use them
By browsing the site you can receive directly from the same cookie or sent from different sites or web server (the 'Third Party'), by means of elements (such as, for example, images, maps, sounds, links) on the site you are visiting.
For more information on how to disable cookies from your browser, please refer to the information areas for this purpose prepared.
Types of existing cookies
Cookies can stand out in party cookies and third-party cookies and, further, in technical cookies and cookie profiling.
Cookies technicians, so you do not need any consent, abide by the functionality of the site and in turn can distinguish between:
Cookie navigation / session. It is fundamental cookie to navigate the site using all of its features, such as the maintenance of the session and the access to restricted areas. They are strictly necessary, because without them it would not be possible to provide the services requested. These cookies do not collect information to be used for commercial purposes.
Cookie-type analytics. They collect information, in aggregate, the number of users and the ways in which they visit the site (pages visited, number of visits, time spent on the website, etc.) To optimize the management of the site. These cookies do not collect information that can identify the user in any way.
Cookie functionality. Collect information in order to allow the user browsing function of a set of selected criteria (for example, the language, the products selected for purchase) to improve the service rendered to the same. The information gathered from this type of cookie are acquired anonymously.
Cookies profiling, the use of which involves the provision of consent to receive cookies and the subsequent use for our part, are used to collect browsing data relevant to the user with the preferences shown by the same part of surfing the net.
Once you consented, our site being tracked by a cookie technician to avoid repeat the same information in subsequent sessions of access to the site.
Cookies used in this site
Cookie of the owner
The cookies used are technical.
Third Party Cookies
The site contains technical third-party cookies by Google Analytics, this is a web analytics service provided by Google Inc. ('Google'). These allow you to record and view information on the Web site. These cookies allow us to obtain detailed technical information such as:
» The path of the user's navigation
» The number of pages visited,
» The time between a click and another
» The login to the private
» The display of certain resources
These cookies keep track of navigation paths allowing us to analyze the user experience and improve usability. What is analyzed is the data related to the user, but the latter is never identified.
On this site Goole Analytics has been extended with the code 'gat.anonymizelp ();' This integration of Google Analytics makes anonymous user's IP address. The anonymisation shortening work within the confines of the EU Member States or other countries participating in the agreement on the European Economic Area, the IP address of the Users. Only in exceptional cases, the IP address will be sent to Google's servers and statements within the United States. You can selectively disable the action of installing Google Analytics on your browser component of the opt-out provided by Google. To disable the collection of data from Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout?hl=it
Social plugins are represented by those buttons on the site showing the icons of social networks (like Facebook and Twitter) and allow users to log on with a 'click' on the selected social site. The social plugins on the pages to allow social networks selected to collect data on the card. These buttons are then installed third-party cookies. With these social plugins we are not yet exchanged any information navigation or user data acquired.
Apart from that specified navigation data, the user is free to provide personal data contained in the application forms to Sesa Spa or indicated in contacts with the office to request any informative material or other communications.
Their absence can make it impossible to fulfill the request.
It must be remembered that in some cases (not in the ordinary management of this site) the Authority may request information under Article 157 of Legislative Decree no. N. 196/2003, for the purpose of monitoring the processing of personal data. In these cases reply is obligatory under penalty of a fine.
METHOD OF TREATMENT
Personal data are processed by automated tools for the time necessary to achieve the purposes for which they were collected.
Specific security measures are taken to prevent data loss, illicit or incorrect use and unauthorized access.
Those whose personal data refer have the right at any time to obtain confirmation as to whether such data and to know the content and origin, verify its accuracy or request its integration or update, or correction (art. 7 of Legislative Decree no. n. 196/2003).
Pursuant to this Article shall have the right to request cancellation, transformation into anonymous form or blocking of data processed unlawfully, and to oppose in any case, for legitimate reasons, their treatment.
Requests should be sent to Sesa Spa, via Mantova 12, 21057 Olgiate Olona (Italy)