STEEL AR Srl with registered office in Via IV Novembre 20, in Casorate Sempione 21011 Varese, as the owner of the processing of personal data pursuant to Legislative Decree 196/2003 and subsequent amendments – Code for the Protection of Personal Data (“Codice Privacy”) – and EU Regulation 679/2016 applicable from May 25, 2018 – Regolamento Generale sulla Protezione dei Dati (“RGPD”) [General Data Protection Regulation ](hereinafter Codice Privacy and RGPD are collectively referred to as “Applicable Legislation”) recognizes the importance of the protection of personal data and considers their protection one of the main objectives of its activity. In compliance with the Applicable Legislation, we are providing the necessary information regarding the processing of the personal data provided. This information is provided pursuant to art. 13 of the Applicable Law and STEEL AR Srl invites you to read it carefully because it contains important information on the protection of personal data and on the security measures adopted to guarantee their confidentiality in full compliance with the Applicable Law. STEEL AR Srl informs that the treatment of personal data will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and conservation, minimization of data, accuracy, integrity and confidentiality. Personal data will therefore be processed in accordance with the legislative provisions of the Applicable Legislation and the confidentiality obligations therein provided. OWNER AND DATA PROTECTION OFFICER According to the Applicable Legislation, the data controller is STEEL AR Srl, with registered office in Via IV Novembre 20, Casorate Sempione 21011 Varese, Italy. STEEL AR Srl has not appointed a Data Protection Officer (DPO), as it is outside the conditions provided by the Applicable Legislation concerning the appointment of the DPO. For any information related to the personal data processing carried out by the Data Controller, including the request of the list of the persons in charge of processing data on behalf of the Data Controller itself, please contact the following email address: email@example.com PERSONAL DATA BEING PROCESSED “Personal Data” means any information concerning an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his or her physical, physiological, psychic, economic, cultural or social identity. “Particular Data” means personal data revealing racial or ethnic origin, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data, data relating to a person’s health or sex life or sexual orientation. “Judicial data” means personal data relating to criminal convictions and offences or related security measures. “Processing” means any operation or set of operations, whether or not by automated means, applied to personal data or set of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction. PLACE OF DATA PROCESSING The data processing takes place at the aforementioned headquarters of the owner, at the operating offices and at third parties identified. TYPES OF DATA PROCESSED The processing of personal and identification data provided voluntarily by the interested party (by way of example but not limited to: name, surname, address, VAT number, tax code, landline or mobile phone number, e-mail address, bank details, etc.). PURPOSE, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE TREATMENT The personal data voluntarily provided will be processed by the owner for the following purposes:
- Administrative-accounting. For the purposes of applying the provisions on the protection of personal data, the processing carried out for administrative-accounting purposes are those related to the performance of activities of an organisational, administrative, financial and accounting nature, regardless of the nature of the data processed. In particular, these purposes are pursued by internal organisational activities, those functional to the fulfilment of contractual and pre-contractual obligations, to the management of the employment relationship in all its phases, to the keeping of accounts and to the application of the rules on tax, trade union, social security and welfare, health, hygiene and safety at work.
- Informative and promotional. The use of e-mail coordinates provided by the customer in the context of the sale of a product or service for the purpose of direct sales of their products or services, is allowed for the purpose of sending information and newsletters. The interested party, at the time of collection and at the time of sending each communication, is informed of the possibility to object at any time to the processing, easily and free of charge (art. 130 paragraph 4 of Legislative Decree no. 196/03). Mailing lists are not activated.
- Security, in accordance with Legislative Decree 81/2008. With particular reference to the identification data freely given by the guest/visitor at our premises (name, surname, entity or company to which he belongs), the treatment has the exclusive purpose of ensuring compliance with the company security procedures formally applied, also in accordance with the regulations in force (e.g. annotation in the visitors’ register/database, assignment of temporary identification badges, application of the legal obligations concerning safety at work).
- subjects that provide services for the management of the information system used by the Data Controller and of the telecommunications networks, and that take care of the maintenance of the technological part (including e-mail and the newsletter service);
- subjects and entities that collaborate with the Data Controller to carry out training courses, such as, by way of example but not limited to: teachers, interprofessional joint funds;
- freelancers, studies or companies within the scope of assistance and consulting relationships;
- subjects that carry out control, review and certification of the activities carried out by the data controller;
- competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon their request.