Privacy Information

Riva Acciaio S.p.A. with registered office in Milan, Viale Certosa 249, as Data Controller pursuant to EU Regulation 679/2016 applicable from 25 May 2018 - General Regulation on Data Protection (“GDPR”) and pursuant to Legislative Decree no. 196/2003 - Personal Data Protection Code (“Privacy Code”) as amended by Legislative Decree 101/18 (hereinafter the Privacy Code and GDPR are collectively referred to as “Applicable Law”) recognizes the importance of protecting Personal Data and considers their protection one of the main objectives of its activities.

Privacy Information - Web Users - (170 kB)
Privacy Information - Customers - (104,82 kB)
Privacy Information - Suppliers - (164,56 kB)
Privacy Information - Candidates - (117,02 kB)

In accordance with the Applicable Law, we provide you with the necessary information regarding the processing of the Personal Data you provide. This information is provided in accordance with art. 13 of the Applicable Law and Riva Acciaio S.p.A. invites you to read it carefully as it contains important information on the protection of Personal Data and on the security measures adopted to guarantee their confidentiality in full compliance with the Applicable Law.

Riva Acciaio S.p.A. informs that the processing of Personal Data will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and storage, adequacy, minimization of data, accuracy, integrity and confidentiality. Personal Data will therefore be processed in accordance with the legal provisions of the Applicable Law and the confidentiality obligations provided for therein.

In view of the above, we inform you in accordance with articles 6, 7, 9 and 13 of the GDPR:



As part of your navigation of our site, the Data Controller may process the following categories of data:

- Navigation data. The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of the Internet. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow the identification of users. This Personal Data will be processed in the manner and for the purposes described below.

- Cookies. Cookies are text files that are automatically generated in the user's computer after visiting certain pages of the site and through which identification data of the user can be collected. For more information, please refer to our Cookie Policy, which can be found on our website.

- Data provided voluntarily by the User. The explicit and voluntary provision of Personal Data by the User is necessary for access to certain services offered by the Data Controller through the website (e.g. registration form for access to the reserved area through personal account). The Personal Data processed are essentially identification data and will be processed in the manner described below.



The processing to which your Personal Data will be subjected has the following purposes:

fulfilling specific obligations or performing specific tasks provided for by national and Community legislation, laws and regulations;allowing the Data Controller to provide its services in accordance with the general principles of lawfulness, correctness, transparency, limitation of purposes and storage, adequacy, minimization of data, accuracy, integrity and confidentiality;allowing a correct use of the website and/or access to the reserved area, ensuring the proper functioning of the site itself. For the purposes related to the reserved area, specifically, please refer to the dedicated information;allowing the Data Controller to evaluate possible applications in the context of personnel selection and recruitment. For this purpose, please refer to the information provided in the "work with us" section of the site.

For the purpose related to point 1, the processing is necessary for compliance with a legal obligation (article 6 GDPR). For the purpose related to points 2 and 3, the processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (article 6 GDPR).

The provision of data is necessary to pursue the purposes indicated. Your refusal to provide such data could make it impossible for Riva Acciaio S.p.A. to evaluate the application submitted or respond to the requests of the Data Subject, guarantee the correct use of the website, as well as the services offered therein.



The processing may be carried out manually or with the aid of electronic or automated systems, will take place at the aforementioned headquarters of the Data Controller, at the operating offices or at third parties identified and will include, in compliance with the limits and conditions set forth in art. 5

Riva Acciaio S.p.A.

Sede legale e amministrativa: viale Certosa, 249 - 20151 Milano - Tel. +39.02.307001 - Fax: +39.02.38000346 / +39.02.38003147 / +39.02.38002974 - Capitale Sociale Euro 115.830.000,00 interamente versato - C.F., P.I. e numero iscrizione Registro Imprese Milano 08521290158 - Società con Unico Azionista -

and 25 of the GDPR, all the operations provided for in art. 4, paragraph 1, no. 2) of the GDPR (collection, registration, processing, etc..), necessary for the processing in question, including the communication to the parties referred to in the next point.



The Personal Data you provide may be shared, for the purposes specified above, with:

a) Service providers used by the Data Controller for the management of the information system and telecommunications networks, and to take care of the maintenance of IT systems (including e-mail) operating as authorised or responsible persons;

The subjects belonging to the above-mentioned categories act as Data Processors or operate in total autonomy as separate Data Controllers. The list of Data processors is constantly updated and available on request at the headquarters of the Data Controller.

b) persons authorised by Riva Acciaio S.p.A. to process Personal Data who are committed to confidentiality or have an adequate legal obligation of confidentiality; (e.g. employees and collaborators of Riva Acciaio S.p.A.);

We also inform you that the processing of Personal Data is carried out in a system of joint control between Riva Acciaio S.p.A. and Riva Forni Elettrici S.p.A. The parties have determined in a transparent way their respective responsibilities regarding the observance of the obligations deriving from the Regulation, through an internal agreement stipulated according to art. 26 of the GDPR. In particular, the parties agree that the respective areas of control concern the processing of data of employees in compliance with the purposes set out below, such as:

- Management of ICT systems;



The Data Controller does not directly carry out any data transfer outside the European Union. However, by using cloud services, chosen since it guarantees adequate and appropriate security measures to protect personal data, a transfer of data outside the EEA is possible due to technical and maintenance reasons, by means of the following guarantees, ensured by the supplier:

  1. Transfer of data to countries deemed to be adequate by the EU Commission.
  2. Subscription of Standard Contractual Clauses for the transfer of data outside the EU, as defined by the EU Commission, in order to guarantee a safe and legitimate transfer and subsequent processing of data outside the EU.



The processing of the Personal Data in question and their storage will have a duration coinciding with the time necessary for the exhaustion of the purposes indicated in this statement and in any case up to 12 (twelve) months from reception of the above-mentioned data.



Within the limits of Applicable Law, as a Data subject, you have the right to request from Riva Acciaio S.p.A. the access your Personal Data, the rectification or erasure thereof and to limit or object to the processing of your Personal Data at any time.

Requests must be sent via e-mail to the following address:

As a Data subject, you have the right to lodge a complaint with the competent supervisory authority (Personal Data Protection Authority), if you believe that the processing of your Personal Data is contrary to current legislation.



The Data Controller is the company Riva Acciaio S.p.A. with registered office in Milan Viale Certosa 249, tel. 02307001, e-mail address In turn, Riva Acciaio S.p.A. has appointed GetSolution di Paola Generali, with registered office in Via Ippolito Rosellini, 12 20124 Milan, tel. 0239661701 e-mail address, as Data Protection Officer (DPO), available for any information regarding the processing of Personal Data carried out by the Data Controller.