Privacy

PRIVACY POLICY PURSUANT TO EU REGULATION 2016/679 (“GDPR”)

This policy provides you with indications relevant to the processing of information, as specified below, that you provide or that are, in any case, available to us and that will be processed by the us and/or by parties identified for the purposes indicated here below.

The Policy, in particular, is prepared pursuant to EU Regulation 679/2016 (“GDPR”) and subsequent national adaptation regulations

1. The Data Controller

The Data Controller, pursuant to arts. 4 and 24 of EU Reg. 2016/679, is the company Galvamet S.r.l. Unipersonale, Via Dell’Industria, 10, 35014 Fontaniva (PD), Italy, Italian Tax Code, VAT number and Registration with the Registry of Companies of Padua No. 0354299028, Phone no. 049-5942144, E-mail: info@galvamet.it, duly represented by the acting legal representative.

2. Data Protection Officer (DPO)

The Data Controller does not carry out activities that envisage the appointment of a Data Protection Officer.

3. Purposes and legal grounds for processing

The personal data provided, will be processed in compliance with the conditions of lawfulness pursuant to art. 6 f) (legitimate interest) EU Reg. 2016/679, as follows:

Purposes

Data collection, by filling in forms, for sending newsletters or promotional communications in general via e-mail.

Legal basis for processing

Your consent.

4. Recipients and categories of recipients

Personal data provided will be communicated to recipients that process the data as Data Processors (art. 38 of EU Reg. 2016/679) and/or as individuals that act under the authority of the Data Controller and Data Processor (art. 29 of EU Reg. 2016/679), for the purposes mentioned at point 3. Precisely, the data will be communicated to:

• parties that provide services for the management of the IT system and communication networks including e-mail, newsletters and management of Internet websites;
• firms or Companies in the context of assistance and consultancy activities;
• competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.

Parties belonging to the above-mentioned categories carry out the function of Data Processors, or operate in a completely independent manner as Data Controllers.

The list of Data Processors is constantly updated and available by writing to the e-mail address indicated in point 1) of this policy.

5. Transfer of data abroad

The personal data will not be transferred outside of the European Union.

6. Data storage period

The data will be kept for a period of 2 years from collection, without prejudice to the possibility for the data subject to modify and/or revoke their consent at any time.

7. Processing methods

Personal Data will be processed using manual, computerized or telematic tools, suitable for guaranteeing security and confidentiality, and will be carried out by personnel duly trained in compliance with the Applicable Law. There is no automated decision process.

8. Your rights

We inform you that you can exercise the rights that you are entitled to by the Applicable Law, among which, by way of example, the right:

• to access your Personal Data and know the origin, purposes and scope of the processing, the data of the parties to which they are communicated, the storage period of the data or useful criteria to determine the same (art. 15); 
• to request the rectification (art. 16);
• the cancellation (“right to be forgotten”), if no longer necessary, incomplete, erroneous or collected in breach of the law (art. 17); 
• to request that the processing is limited to a part of the information that concerns you (art. 18);
• to the extent that it is technically possible, to receive in a structured format or to transmit to you or to third parties indicated by you the information concerning you (so-called “data portability”) or the data that you have voluntarily provided (art. 20); 
• to object to the processing based on legitimate interest (art. 21);
• as well as to revoke your consent at any time, should the same constitute the basis of the processing (the revocation of the consent, however, does not affect the lawfulness of the processing based on the consent provided prior to the revocation).

The aforementioned rights may be exercised by means of a written request addressed to the Data Controller at the contacts indicated in point 1) of this policy.

The Data Controller shall so proceed, without delay, and, in any case, no later than one month from receiving the request.

Please be reminded that should you not be satisfied with the response to your requests, you can file a complaint with the Data Protection Authority using the methods envisaged by the Applicable Law. 

Review May 2018

Fine modulo