Riva Acciaio S.p.A. with registered office in Milan, Viale Certosa 249, as Data Controller pursuant to EU Regulation 679/2016 applicable from 25 May 2018 - General Regulation on Data Protection (“GDPR”) and pursuant to Legislative Decree no. 196/2003 - Personal Data Protection Code (“Privacy Code”) as amended by Legislative Decree 101/18 (hereinafter the Privacy Code and GDPR are collectively referred to as “Applicable Law”) recognizes the importance of protecting Personal Data and considers their protection one of the main objectives of its activities.
In accordance with the Applicable Law, we provide you with the necessary information regarding the processing of the Personal Data you provide. This information is provided in accordance with art. 13 of the Applicable Law and Riva Acciaio S.p.A. invites you to read it carefully as it contains important information on the protection of Personal Data and on the security measures adopted to guarantee their confidentiality in full compliance with the Applicable Law.
Riva Acciaio S.p.A. informs that the processing of Personal Data will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and storage, adequacy, minimization of data, accuracy, integrity and confidentiality. Personal Data will therefore be processed in accordance with the legal provisions of the Applicable Law and the confidentiality obligations provided for therein.
In view of the above, we inform you in accordance with articles 6, 7, 9 and 13 of the GDPR:
1. PERSONAL DATA SUBJECT TO PROCESSING:
As part of your navigation of our site, the Data Controller may process the following categories of data:
- Navigation data. The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of the Internet. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow the identification of users. This Personal Data will be processed in the manner and for the purposes described below.
- Data provided voluntarily by the User. The explicit and voluntary provision of Personal Data by the User is necessary for access to certain services offered by the Data Controller through the website (e.g. registration form for access to the reserved area through personal account). The Personal Data processed are essentially identification data and will be processed in the manner described below.
2. PURPOSE, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
The processing to which your Personal Data will be subjected has the following purposes:
- allowing the Data Controller to provide its services in accordance with the general principles of lawfulness, correctness, transparency, limitation of purposes and storage, adequacy, minimization of data, accuracy, integrity and confidentiality;
- allowing a correct use of the website and access to the reserved area, ensuring the proper functioning of the site itself;
- fulfilling specific obligations or performing specific tasks provided for by national and Community legislation, laws and regulations;
- allowing the Data Controller to evaluate possible applications in the context of personnel selection and recruitment. For this purpose, please refer to the information provided in the “work with us” section of the site.
The legal basis for the processing, where the Personal Data are provided by the same person concerned is the consent, expressed by the application of a flag to the request to read this information and give consent.
The provision of data is necessary to pursue the purposes indicated. Your refusal to provide such data could make it impossible for Riva Acciaio S.p.A. to evaluate the application submitted or respond to the requests of the Data Subject, guarantee the correct use of the website, as well as the services offered therein.
3. TREATMENT METHODS
The processing may be carried out manually or with the aid of electronic or automated systems, will take place at the aforementioned headquarters of the Data Controller, at the operating offices or at third parties identified and will include, in compliance with the limits and conditions set forth in art. 5 and 25 of the GDPR, all the operations provided for in art. 4, paragraph 1, no. 2) of the GDPR (collection, registration, processing, etc..), necessary for the processing in question, including the communication to the parties referred to in the next point.
4. SCOPE OF COMMUNICATION AND DISSEMINATION AND TARGET AUDIENCES
The Personal Data you provide may be shared, for the purposes specified above, with:
a) Service providers used by the Data Controller for the management of the information system and telecommunications networks, and to take care of the maintenance of IT systems (including e-mail) operating as authorised or responsible persons;
The subjects belonging to the above-mentioned categories act as Data Processors or operate in total autonomy as separate Data Controllers. The list of Data processors is constantly updated and available on request at the headquarters of the Data Controller.
b) persons authorised by Riva Acciaio S.p.A. to process Personal Data who are committed to confidentiality or have an adequate legal obligation of confidentiality; (e.g. employees and collaborators of Riva Acciaio S.p.A.);
We also inform you that the processing of Personal Data is carried out in a system of joint control between Riva Acciaio S.p.A. and Riva Forni Elettrici S.p.A. The parties have determined in a transparent way their respective responsibilities regarding the observance of the obligations deriving from the Regulation, through an internal agreement stipulated according to art. 26 of the GDPR. In particular, the parties agree that the respective areas of control concern the processing of data of employees in compliance with the purposes set out below, such as:
- Management of ICT systems;
5. DATA TRANSFER ABROAD
Due to the configuration of the IT infrastructure your data may be communicated to companies contractually linked to Riva Acciaio S.p.A. with registered offices in third countries outside the EU, in accordance with and within the limits provided for by the Applicable Law. In particular, your Personal Data may be transferred to Switzerland, a country in respect of which the EU Commission has taken a decision of adequacy pursuant to art. 45 of the GDPR.
6. DATA RETENTION
The processing of the Personal Data in question and their storage will have a duration coinciding with the time necessary for the exhaustion of the purposes indicated in this statement and in any case up to 12 (twelve) months from reception of the above-mentioned data.
7. RIGHTS OF SUBJECT DATA
Within the limits of Applicable Law, as a Data subject, you have the right to request from Riva Acciaio S.p.A. the access your Personal Data, the rectification or erasure thereof and to limit or object to the processing of your Personal Data at any time.
Requests must be sent via e-mail to the following address: firstname.lastname@example.org
As a Data subject, you have the right to lodge a complaint with the competent supervisory authority (Personal Data Protection Authority), if you believe that the processing of your Personal Data is contrary to current legislation.
8. DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is the company Riva Acciaio S.p.A. with registered office in Milan Viale Certosa 249, tel. 02307001, e-mail address email@example.com. In turn, Riva Acciaio S.p.A. has appointed GetSolution di Paola Generali, with registered office in Via Ippolito Rosellini, 12 20124 Milan, tel. 0239661701 e-mail address firstname.lastname@example.org, as Data Protection Officer (DPO), available for any information regarding the processing of Personal Data carried out by the Data Controller.