Privacy Policy

NOTICE REGARDING THE PROCESSING OF PERSONAL DATA

pursuant to EU Regulation 679/2016 (GDPR)

DATA CONTROLLER

The Data Controller is Metalprogetti S.p.a., via Angelo Morettini 53, 06128 (PG)

Contact details: Tel. +39 0755000005 – Fax +39 0755000006

e-mail address: info@metalprogetti.it

 

NOTICE ON THE PROCESSING OF CLIENTS’ PERSONAL DATA

1 Data Controller and Data Protection Officer.

The Data Controller, in other words the party with responsibility for the purposes and methods used and the safety of personal data, is Metalprogetti S.p.A. with headquarters in Via Morettini Angelo, Perugia, Italy, VAT No. 02129340549, in the person of its legal representative Anna Maria Marani.

 

2 Purposes of processing and legal basis.

The personal data that you disclose to us and that which are collected during the provision of services requested by you shall be processed for the purposes and on the legal basis hereinafter indicated:

Purpose

 

(Why we process your data)

Legal basis

 

(The legal provision on the basis of which we process your data)

Consequences of refusing data processing

 

(What will happen if you refuse to disclose your personal data and/or refuse to authorise its processing)

In order to efficiently manage all contractual aspects of our relationship with you Article 6 (1) point (b) of the GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

 

Consent is not required. In the event that you do not consent to disclose your data, we cannot enter into a contract
Transfer of data to retailers – including overseas – for the conclusion and/or performance of a contract in your interests Article 49 (1) point (c) of the GDPR: the data transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person. Consent is not required. In the event that you do not consent to disclose your data, we cannot enter into a contract
To fulfil legal obligations in administrative, fiscal and tax-related matters Article 6 (1) point (c) of the GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject. Consent is not required. In the event that you do not consent to disclose your data, we cannot enter into a contract
To enforce or defend a legal right in judicial proceedings (breach of contract, legal notices, transactions, credit recovery, arbitration, legal disputes) Article 6 (1) point (f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Consent is not required. In the event that you do not consent to disclose your data, we cannot enter into a contract
To communicate information regarding other products/services sold/offered by Metalprogetti S.p.a.

 

Article 6 (1) point (f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Consent is not required. You may object to this processing purpose at any time by exercising the right to object provided for by Article 21 of the GDPR.

3 Recipients and categories of data processed.

The personal data disclosed by you or acquired during the contract shall be processed exclusively by employees authorised for that purpose or by data processors appointed to that task.

Apart from those parties provided for by law, your data may be communicated exclusively to those parties for whom you grant us your consent. The following are the specific data categories and recipients in question:

Purpose Data categories Recipients
Creation/Performance of the contract Identifying details, contract-related data Metalprogetti S.p.a. authorised retailers
Accountancy/tax compliance Identifying details, contract-related data Accountancy/tax agencies and professionals
Goods shipping Identifying details, contract-related data Shipping and delivery companies
Letters of credit and invoice collection Identifying details, contract-related data Credit institutions
Protection in the event of contract non-fulfilment Identifying details, contract-related data Agencies and professionals charged with credit recovery or involved in any disputes
Computer system maintenance Identifying details, contract-related data Computer system maintenance workers
Annual obligatory communication of the identifying details of anyone who has made purchases from Metalprogetti S.p.a. to the Revenue Agency Identifying details Revenue Agency

4 Transfer overseas

Your personal data may be transferred outside of the European Union only if the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person. The legal basis for this is Article 49 (1) point (c).

5 Period of data storage and determining criteria

Personal data which undergoes processing is held in documents which are stored in accordance with the processing purposes, as outlined below.

Document Storage duration
Contracts and orders 10 years from the termination of the contract
Invoices 10 years from the date of issue

6 Rights of the data subjects.

The Regulation recognises the following data subject rights, which you can exercise in respect of and against each of the controllers.

The full version of the following legal articles is provided in an attachment.

  • Right of access: Article 15 of the EU Regulation grants you the right to obtain from the controller confirmation as to whether or not data concerning you is being processed, and, where that is the case, access to the data.
  • Right of rectification: Article 16 of the EU Regulation grants you the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure: Article 17 of the EU Regulation grants you the right to obtain from the controller without undue delay the erasure of personal data concerning you, if .any of the grounds provided for in the legislation applies.
  • Right of restriction: Article 18 of the EU Regulation grants you the right to obtain from the controller restriction of processing where one of the grounds provided for in the legislation applies.
  • Right of object: Article 21 of the EU Regulation grants you the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
  • Right of data portability: Article 20 of the EU Regulation grants you the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, in accordance with the conditions set out in the legislation.
  • Right to withdraw consent: Article 7 of the EU Regulation grants you the right to withdraw your previously-granted consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: Article 77 of the EU Regulation grants you the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the Regulation.

7 Further information

Further information, our privacy policy and this notice are available on our website at the address www.metalprogetti.it

A full version of the above-cited legal articles is available at our privacy department, at the Metalprogetti spa headquarters.

The privacy department will be able to provide you with all of the explanations you may need regarding exercising your rights. Requests may be sent in writing, together with a valid identification document, to info@metalprogetti.it.

8 Get in touch

Protecting data concerning you and complying with the principles established in the regulation, with particular reference to the principle of transparency, are objectives of the highest priority for us. Therefore, we would be grateful for your help in bringing our attention to any misunderstanding in this document, or indeed in suggesting possible improvements, using the controller’s referral details as above.

OBJECTING TO DATA PROCESSING

Pursuant to and in accordance with Article 21 of the GDPR, you can exercise the right to object at any time by communicating it to the data controller, whitout this entailing any consequences for other processing purposes. In the absence of any objection, the data controller will process the personal data for the stated purposes on the basis of your legitimate interest.

 

 

NOTICE ON THE PROCESSING OF SUPPLIERS’ PERSONAL DATA

1 Data controller and data protection officer.

The Data controller, or the party with responsibility for the purposes and methods used and the safety of personal data, is Metalprogetti S.p.a. with headquarters in Via Morettini Angelo no. 53, 06128, Perugia, Italy, VAT No. 02129340549, in the person of its legal representative Anna Maria Marani.

2 Purposes of processing and legal basis.

The personal data that you disclose to us and that which is collected during the performance of services provided by you shall be processed for the purposes and on the legal basis hereinafter indicated:

Purposes

 

(Why we process your data)

Legal basis

 

(The legal provisions on the basis of which we process your data)

Consequences of refusing data processing 

 

(What will happen if you refuse to disclose your personal data and/or refuse to authorise its processing)

In order to efficiently manage all contractual aspects of our relationship with you Article 6 point (b) of the GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Consent is not required. In the event that you do not consent to disclose your data, we cannot enter into a contract
To fulfil legal obligations in administrative, fiscal and tax-related matters Article 6 point (c) of the GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject. Consent is not required. In the event that you do not consent to disclose your data, we cannot enter into a contract
To enforce or defend a legal right in judicial proceedings (breach of contract, legal notices, transactions, credit recovery, arbitration, legal disputes) Article 6 point (f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Consent is not required. In the event that you do not consent to disclose your data, we cannot enter into a contract

3 Recipients and categories of data processed.

The personal data disclosed by you or acquired during the contract shall be processed exclusively by employees authorised for that purpose or by data processors appointed to that task.

Apart from those parties provided for by law, your data may be communicated exclusively to those parties for whom you grant us your consent. The following are the specific data categories and recipients in question:

Purpose Data categories Recipients
Accountancy/tax compliance Identifying details, contract-related data Accountancy/tax agencies and professionals
Goods shipping Identifying details, contract-related data Shipping and delivery companies
Invoice collection Identifying details, contract-related data Credit institutions
Protection in the event of contract non-fulfilment Identifying details, contract-related data Agencies and professionals charged with credit recovery or involved in any disputes
Computer system maintenance Identifying details, contract-related data Computer system maintenance workers
Contract fulfilment Identifying details, contract-related data Other parent, subsidiary and associated companies

4 Transfer overseas

Your personal data will not be transferred outside of the European Union.

5 Period of data storage and determining criteria

Personal data which undergoes processing is held in documents which are stored in accordance with the processing purposes, as outlined below.

Document Storage duration
Contracts and orders 10 years from the termination of the contract
Invoices 10 years from the date of issue

 

6 Right of data subjects

The Regulation recognises the following data subject rights, which you can exercise with regard to and against all joint controllers.

The full version of the following legal articles is provided in an attachment.

  • Right of access: Article 15 of the EU Regulation grants you the right to obtain from the controller confirmation as to whether or not data concerning you is being processed, and, where that is the case, access to the data.
  • Right to rectification: Article 16 of the EU Regulation grants you the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure: Article 17 of the EU Regulation grants you the right to obtain from the controller without undue delay the erasure of personal data concerning you, if any of the grounds provided for in the legislation applies.
  • Right to restriction: Article 18 of the EU Regulation grants you the right to obtain from the controller restriction of processing where one of the grounds provided for in the legislation applies.
  • Right to object: Article 21 of the EU Regulation grants you the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
  • Right to data portability: Article 20 of the EU Regulation grants you the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, in accordance with the conditions set out in the legislation.
  • Right to withdraw consent: Article 7 of the EU Regulation grants you the right to withdraw your previously-granted consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: Article 77 of the EU Regulation grants you the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the Regulation.

7 Further information

Further information, our privacy policy and this notice are available on our website at the address www.metalprogetti.it.

A full version of the above-cited legal articles is available at our privacy department, at the Metalprogetti spa headquarters.

The privacy department will be able to provide you with all of the explanations you may need regarding exercising your rights. Requests may be sent in writing, together with a valid identification document, to info@metalprogetti.it

8 Get in touch

Protecting data concerning you and complying with the principles established in the regulation, with particular reference to the principle of transparency, are objectives of the highest priority for us. Therefore, we would be grateful for your help in bringing our attention to any misunderstanding in this document, or indeed in suggesting possible improvements, using the controller’s referral details as above.

 

 

PRIVACY POLICY

1 CONTROLLER

The party with responsibility for deciding the purposes and methods used in processing personal data is La Metalprogetti S.p.a. with headquarters in Via Morettini Angelo no. 53, 06128, Perugia, Italy.

VAT number 02129340549, REA No. PG-180787

The legal representative is Anna Maria Marani, born in Spello (PG) on 03/04/1944

2 DATA PROTECTION OFFICER

No Data Protection Officer has been appointed, as the controller is not among the subjects obliged to do so.

3 JOINT CONTROL – DISCLOSURE TO THIRD PARTIES

Where joint control exists, the controller ensures that the principles below are respected by means of a joint control agreement.

Where personal data processing activities are entrusted to third parties, the controller ensures that the principles below are respected by means of a service agreement.

4 ORGANISATION

The controller manages the resources and processing of personal data in a way that ensures respect for the requirements of the GDPR and national legislation in the field. Specifically:

  • within the company:
    1. organisation in terms of privacy reflects operational organisation – the duties are consistent with operational tasks and the powers and authority connected to them.
    2. The natural persons who are entrusted with important responsibilities and tasks (considering the quantity and categories of personal data and the risks to the rights and freedoms of natural persons) are chosen, identified and appointed on the basis of objective criteria which define the company’s requirements in terms of expertise, capability and experience. In the absence of specific qualifications, the requirements and weightings for assessment are pre-defined.
    3. The persons who process the data operate under the direct authority of the controller or an officer appointed by the controller. Employees are duly trained and instructed according to a continuous training programme which takes into account the different needs related to the different roles filled.
    4. The controller directs and supervises all those who process personal data on his/her behalf.
  • outside of the company:
    1. parties entrusted with personal data processing activities are chosen, identified and appointed on the basis of a transparent, prearranged process that guarantees objectivity in the selection; the supplier’s possession of the necessary capabilities and professionalism for the organisation; the supplier’s possession of sufficient guarantees to put in place adequate technical and organisational measures so as to ensure processing meets the requirements of the GDPR and guarantees the protection of the rights of the data subject.
    2. Relationships with third parties who process data on behalf of the controller are always formalised in writing. The contract in question meets the minimum requirements set out in Article 28 of the GDPR.
    3. The controller directs and supervises all those to whom they delegate processing activities.

5 STAKEHOLDERS

The controller processes the personal data of the following categories of natural persons:

  1. employees
  2. free-lance professionals
  3. users
  4. suppliers

Categories of indirectly impacted subjects:

  1. family members of employees or users
  2. employees’ creditors
  3. employees’ beneficiaries

Institutions/Bodies involved

  1. trade unions

Other

6 COMPANY PHILOSOPHY ON PROVACY

For Metalprogetti S.p.a., protecting personal data is not so much a mere legal obligation as it is a competitive asset, and an advantage. In line with the accountability principle imposed by the GDPR, Metalprogetti S.p.a. considers the compliance of its processing of personal data with the GDPR by taking an approach based on the risks and how they are handled. For Metalprogetti S.p.a., respect for the rights, freedoms and data of natural persons is an irrefutable ethical imperative, which drives all the activities it performs.

7 LAWFULNESS

Metalprogetti S.p.a. exclusively carries out personal data processing based on one of the legal grounds given in Article 5 of the GDPR (consent, performance of contractual obligations, vital interests of the data subject or of third parties, compliance with a legal obligation to which the controller is subject, public interest or the exercise of official authority, overriding legitimate interests of the controller or of third parties to whom the data have been communicated).

Metalprogetti Spa processes certain personal data (specifically, that which may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning the health, sex life or sexual orientation of a natural person) only in the case where one of the circumstances provided for in Article 9.2 of the GDPR applies.

Metalprogetti Spa processes personal data relating to criminal convictions and offences or related security measures only on one of the legal grounds given in Article 6(1) of the GDPR, and only under the control of official authority or when the processing is authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects.

8 FAIRNESS

Metalprogetti S.p.a. processes personal data exclusively for specified, explicit and legitimate purposes, without unfairness or deception towards data subjects, abiding strictly within the limits of the legal grounds which legitimise the processing.

9 TRANSPARENCY

Metalprogetti Spa shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.  Particularly, for every processing activity that Metalprogetti S.p.a. carries out, it notifies data subjects of the ways in which personal data concerning them is collected, used, consulted or otherwise processed and to what extent the personal data is or will be processed. Information and communications regarding the processing of such personal data must be in easily accessible form and comprehensible.

10 PURPOSE LIMITATION

Metalprogetti S.p.a. processes personal data for specified, explicit and legitimate purposes, and ensures that processing is not incompatible with these purposes.

11 DATA MINIMISATION

The personal data processed by Metalprogetti S.p.a. is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

12 ACCURACY

The personal data processed by Metalprogetti S.p.a. is accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.

13 STORAGE LIMITATION

Metalprogetti S.p.a. stores personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

14 INTEGRITY AND CONFIDENTIALITY

Metalprogetti S.p.a. processes personal data in a manner that ensures its appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

15 DATA PROTECTION BY DESIGN AND BY DEFAULT

Metalprogetti S.p.a. takes a methodological approach to all projects, in accordance with which the protection of personal data must be considered even during the planning stage. Therefore, for any project, whether structural or conceptual, the protection of personal data must be taken into consideration from the time of planning, and solutions for such protection must be put in place.

Metalprogetti S.p.a. implements appropriate technical and organisational measures for ensuring that, by default, only personal data which is necessary for each specific purpose of the processing is processed. In particular, the technical and organisational measures implemented aim to ensure that, by default, the personal data is processed in accordance with the specific purpose of the processing.

16 COMPLIANCE

Failure to abide by the principles contained in this document, or by any directives, instructions, requests or orders which may be issued by Metalprogetti S.p.a., with regard to the protection of personal data and compliance with current legislation, constitutes a serious breach.

17 REVISIONS

This document is approved by the Board of Directors and has been drafted by the controller, who is responsible for updating and disseminating it.

 

COOKIES POLICY

General information, deactivating and managing cookies

Cookies are data files sent from websites and stored by the internet browser on the user’s computer or other device (for example, tablets or smartphones). Technical cookies and third-party cookies may be installed by our website or by related subdomains.
In any case, users will be able to manage cookies – i.e. request their general deactivation or cancellation – by altering the settings of their internet browser. However, such deactivation may slow down or prevent access to certain parts of the website.

The settings to manage or deactivate cookies may vary depending on the internet browser being used. Therefore, for further information on how to carry out these actions, we advise the User to consult the manual for their device or the “Help” function of their internet browser.

The following links are provided for Users to learn how to manage or deactivate cookies for the most commonly used internet browsers:

  • Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
  •  Google Chrome: https://support.google.com/chrome/answer/95647
  •  Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
  •  Opera: http://help.opera.com/Windows/10.00/it/cookies.html
  •   Safari: https://support.apple.com/kb/PH19255

Technical cookies

Technical cookies are cookies necessary to send communications via electronic communications networks, i.e. cookies strictly necessary to allow suppliers to perform the service requested by the client. Their use allows our website to be utilised securely and efficiently.
Session cookies may be installed to allow access to and navigation within the restricted area of the portal as an authenticated user.

Technical cookies are essential to enable our website to operate correctly, and are utilised for the purpose of allowing users to navigate normally and avail themselves of the advanced facilities available on our website. The technical cookies used can be divided into session cookies, which are stored exclusively for the duration of the browsing session, until the browser is closed; and permanent cookies, which are stored in the memory of the user’s device until they expire or are deleted by the user him/herself. Our website uses the following technical cookies:

  • Technical navigation or session cookies, used to ensure the user can be authenticated and navigate normally;
  • Technical functional cookies, used to memorise the customised settings chosen by the user, such as, for example, language;
  • Technical analytics cookies, used to gather information on how users behave on our website, in order to assess and improve its performance.

Third-party cookies

Third-party cookies may be installed. These are analytics cookies and profiling cookies from Google Analytics, Youtube and Yandex Metrica. These cookies are sent by the websites belonging to said external third parties to our website.
Third-party analytics cookies are used to gather information about how the user behaves on the website. The information is gathered anonymously,for the purpose of monitoring website performance and improve its usability. Third-party profiling cookies are used to create a user profile for the purpose of displaying advertising messages which reflect the choices displayed by the individual user.
The use of these cookies is governed by the regulations established by the third parties themselves. Therefore, Users are advised to view the privacy notices and instructions for managing or disabling cookies published on the following web pages:

For Google Analytics cookies:
– privacy policy: https://www.google.com/intl/it/policies/privacy/
– instructions for managing or disabling cookies: https://support.google.com/accounts/answer/61416?hl=it

For Youtube cookies:
-privacy policy: https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines
– instructions for managing or disabling cookies: https://support.google.com/accounts/answer/61416?hl=it

For Yandex Metrica cookies:
– privacy policy: https://metrica.yandex.com/about/info/data-policy/
– instructions for managing or disabling cookies: https://yandex.com/legal/confidential/?lang=en

Profiling cookies 

The Controller may use so-called web analytics software to install profiling cookies which are used to prepare detailed analysis reports in real time related to the following information: visitors to a website, the search engines that led them there, key words used, the language used, the most-visited pages.

These cookies may also gather information and data regarding IP addresses, nationality, city, date/time, device, browser, operating system, screen resolution, the source navigated from, pages visited and number of pages, length of the visit, number of visits made.

These data may be used by the Controller in compliance with and within the limits prescribed by current legislation and the provisions of the Notice.