PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA
pursuant to art. 13 of EU Regulation no.
679/2016
In observance of the provisions of art. 13 of EU Regulation no. 2016/679 concerning the protection of physical persons with regard to the Processing of Personal Data and the free circulation of said data (hereinafter GDPR), the company STM S.P.A., in its capacity as Data Controller, would like to inform you that the data you provide will be processed in the ways and for the purposes indicated below.
1) The DATA CONTROLLER is the company S.T.M. S.P.A., with registered office in Via Remo Manganelli no. 16, Polesine Zibello (Parma) – Postcode 43016, Frazione Pieveottoville Zibello, enrolled on the Register of Companies of PARMA under no. PR – 138255;
VAT registration number: 00559720347; Telephone: +39-052499377;
E-mail: privacy@stmcompany.eu
The Website www.stmcompany.eu corresponds to the home page of the official website.
This Privacy Policy is issued only for the website www.stmcompany.eu and not for any other websites the user may consult via any links. The Privacy Policy is also inspired by Recommendation No 2/2001 which the European Personal Data Protection Authorities, joined in the Group established by Art. 29 of Directive No 95/46/EC, adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data on-line, and, in particular, the methods, times and nature of the information Data Controllers have to provide to users visiting web pages, whatever the purpose of their visit.
An updated list of Data Processors is available at the company headquarters.
2) PLACE OF DATA PROCESSING
The processing activities regarding the web services of this website are
carried out by Register S.p.A..
3) PURPOSES OF THE PROCESSING AND LEGAL BASIS
Your data will be processed in compliance with
the conditions of lawfulness as set forth in art 6 of GDPR, for the following
purposes:
1) to carry out activities preliminary and consequential to the execution of commercial contracts, i.e. to comply with all contractual and pre-contractual obligations;
2) to comply with the obligations to which the Data Controller is subject and which are provided for by the laws in force (for example: obligations of a statutory nature, obligations of an accounting or fiscal nature, such as bookkeeping, invoicing and the sending of data to the State financial administration);
3) to carry out the following activities, which are not personalised, and without creating or using profiles, regarding goods and services connected with the business of the Data Controller:
– direct marketing activities;
– promotional, publicity and advertising activities through the sending of illustrative and informative material of a commercial nature;
4) to carry out customer satisfaction surveys, without creating or using profiles.
5) for consulting, processing and consequently responding to your request for information.
For the purposes indicated at points 1 and 2, personal data are lawfully processed, because the conditions set forth in article 6, paragraph 1, letters b) and c) apply (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract and processing is necessary for compliance with a legal obligation”), while for the purposes indicated at points 3, 4 and 5, data are lawfully processed because the conditions set forth in article 6, paragraph 1, letter f) apply (processing is necessary for the purposes of the legitimate interests pursued by the Controller“).
4) MANDATORY OR OPTIONAL PROVISION OF DATA
It is necessary to provide data for pursuing
the contractual purposes set forth at point 3), and refusal on the part of data
subjects to do so will make it impossible for said purposes to be pursued.
Users are free to provide the personal data shown on the information request
form addressed to the company, for the purpose of receiving information
material or other communications. Failure to provide such information may lead
to the impossibility to meet any requests.
5) PROCESSING METHODS
Your personal data will be processed in a
lawful, correct and transparent manner, mainly using electronic or IT tools,
and they will be stored both in the electronic data bank of the Data Controller
and in paper files. The appropriate technical and organisational measures will
be implemented to guarantee an adequate level of protection from risk pursuant
to art. 32 of GDPR, as well as appropriate measures to safeguard the rights,
freedoms and legitimate interests of the data subject.
6) SUBJECTS TO WHOM PERSONAL DATA MAY BE COMMUNICATED
The personal data acquired by the Data Controller may be communicated, for the
purposes indicated in point 3), to the following subjects:
Third parties and others entrusted by the Data Controller with carrying out the contractual obligations and safeguarding of rights indicated at point 3) (for example: suppliers, employees, collaborators, consultants, professionals, etc.) and/or system administrators;
Third parties entrusted by the Data Controller with carrying out specific data processing tasks and specific activities regarding the carrying out of different, but related obligations;
Credit institutes and other financial operators, for credit recovery, management of information systems and the storage and hosting of IT data archives of the Company, limited to data accessible to anyone, to typographical and delivery agencies;
State Financial Administration and other Entities, for compliance with legal obligations of the Data Controller;
All other subjects to whom it is necessary to communicate the data for proper compliance with legal obligations of the Data Controller.
Personal data will not be disseminated.
7) TRANSFER OF DATA ABROAD
For the purposes described above, and in
observance of EU Regulation no. 2016/679, your personal data may be transferred
to connection and hosting service providers located abroad, within or outside
the European Union.
8) DATA STORAGE PERIODS AND CRITERIA
The personal data collected are stored only
for the time necessary to achieve the purposes indicated at point 3). Access to
your information is limited to those who need to use it for pertinent purposes.
Personal data that are no longer necessary, or for which there is no longer a
legal reason for storing them, are definitively deleted.
Personal data will be stored in the ways mentioned above for:
The entire duration of the contract and, after the termination of the contractual relationship, for a standard period of 10 years, without prejudice to different storage terms that may be provided for by law.
In the case of litigation, for the duration of the same and until the expiry of the terms of enforceability of the actions of safeguarding and appeal.
9) RIGHTS OF THE DATA SUBJECTS
As the Data Subject, you may, at any time,
exercise the rights provided for in arts. 15 – 22 of GDPR, by contacting the
Data Controller.
Specifically, you may exercise the right:
to ask for confirmation of the existence of your personal data;
to obtain indications regarding the purposes of processing, recipients or
categories of recipients to whom personal data have been or will be
communicated and, when possible, the storage period;
to obtain the rectification or erasure of data;
to obtain the restriction of the processing;
to obtain data portability, i.e. to obtain them from the Data Controller in a
structured, commonly used, machine-readable format, and to transmit them to
another controller without impediment;
to object to processing at any time, also in the case of processing for direct
marketing purposes;
to object to automated decision-making processes regarding physical persons,
including profiling;
to lodge an official complaint with the competent Supervisory Authority, the
Italian Personal Data Protection Authority, following the procedures and
indications published on the official website of the Authority:
www.garanteprivacy.it.
If processing is based on consent, the Data Controller will inform data
subjects that they have the right to withdraw said consent at any time, without
prejudice to the lawfulness of any processing based on their consent before it
was withdrawn.
10) HOW TO EXERCISE RIGHTS
Data Subjects may exercise their rights by
sending a written request to the postal address of the company’s registered
office, or to the e-mail address: privacy@stmcompany.eu.
11) TYPES OF DATA PROCESSED
Navigation data
During normal operation, the computer systems and software procedures for the
operation of this website acquire some personal data which are implicitly
transmitted in the use of Internet communication protocols. This information is
not gathered in order to be associated to the identified Data Subjects, but
which by its very nature could, if processed and associated to data held by
third parties, lead to the identification of the users. This category of data
includes the IP addresses or names of computer domains used by the users when
connecting to the website, URI (Uniform Resource Identifier) addresses of
requested resources, the time of the request, the method used in submitting the
request to the server, the size of the file obtained in reply, the numerical
code indicating the state of the reply given by the server (OK, error, etc.)
and other parameters concerning the operating system and computer environment
of the user. These data are used only for anonymous statistical information
concerning the use of the website and to check the correct operation, and are
erased immediately after processing. Data may be used to ascertain
responsibility in the case of hypothetical data processing crimes to the
detriment of the website: apart from this case, the web contact data are
currently not kept for more than seven days.
12) DATA VOLUNTARILY PROVIDED BY THE USER THROUGH THE CONTACT
FORM
The data entered in the various contact forms are not stored on the database of
the website.
The voluntary, explicit and optional sending by the user of e-mails to the
addresses indicated in this website implies the subsequent acquisition of the
sender’s address, required to reply to any requests, and any other personal
data entered in the e-mail.
The right to stop receiving information e-mails remains valid, and may be
requested at any time.
13) USE OF COOKIES
In
compliance with the provision of the Data Protection Authority (hereinafter the
“Authority”) of 8 May 2014 on the identification of “Simplified arrangements to
provide information and obtain consent regarding cookies” (hereinafter the
“Cookie provision”), the Data Controller would like to provide you with the
following information.
What are Cookies?
A Cookie is a small amount of data, often containing an anonymous univocal ID
code, which are sent to the browser by a web server and are then stored on the
hard disk of the User’s computer. The Cookie is then re-read and recognised
only by the website that sent it or by other websites connected to the first
website, at each subsequent connection. Remember that the browser is the software
that makes it possible to browse the web by viewing and transferring
information onto the hard disk of the User’s computer. If the browser is set to
accept Cookies, any website may send Cookies to the browser, but in order to
safeguard privacy, it can identify only those sent by the website, and not
those sent to the browser by other websites. In any case, Cookies cannot cause
damage to the User’s computer.
How Cookies are used on this website
Cookies are not used to transmit personal information, nor are persistent
cookies of any type used, i.e. systems for tracking users.
The use of session Cookies (which are not stored persistently on the User’s
computer, and are deleted when the browser is closed) is strictly limited to
the transmission of session identifiers (made up of random numbers generated by
the server) necessary to allow for the safe, efficient browsing of the website.
The session cookies used on this website avoid the use of other IT technologies
that may be damaging for the confidentiality of the users’ web browsing, and do
not permit the acquisition of personal data that could identify the user.
The website uses session cookies, technical cookies and third-party cookies.
Google
Analytics cookies
This website uses Google Analytics, a web analysis service provided by Google
Inc.. Google Analytics uses Cookies, which are deposited on your computer to
analyse how the website is used. The information generated by the Cookie on the
use of the website (including your IP address) is transmitted to Google and
deposited on its servers.
Google uses this information for the purpose of tracing and examining the use
of the website and to compile reports on website activities. Google may also
transfer this information to third parties whenever this is required by law or
when said third parties handle the aforementioned information on Google’s
behalf. Google will not associate your IP address to any other data in its
possession. You may refuse the use of Cookies by selecting the appropriate
setting on your browser.
Personal data collected: cookies and usage data.
Place of processing: USA – Privacy Policy – Opt Out
Other types of Cookies or third-party instruments that could use them
Some of the services listed below may not require the consent of the User or
may be managed directly by the Data Controller – depending on what has been
described – without the aid of third parties.
If the instruments indicated below include services managed by third parties –
in addition to those specified and even without the Data Controller’s knowledge
– they may carry out User tracking activities. For detailed information on
this, the privacy policies of the services listed should be consulted.
Personal data collected: cookies and usage data.
Place of processing: USA – Privacy Policy
Google
Maps is a map viewing service managed by Google Inc., which allows this
application to integrate such content into its pages.
Personal data collected: cookies and usage data.
Place of processing: USA – Privacy Policy
How
can I control the installation of Cookies?
In addition to the indications provided in this document, Users may manage
their Cookie preferences directly from their browser, for example by preventing
third parties from installing them. Browser preferences can also be used to delete
cookies previously installed, including the Cookie on which consent for the
installation of Cookies by this website may have been saved. It is important to
note that the functioning of this website may be affected if all Cookies are
disabled. Users can find information on how to manage Cookies in their browser
at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and
Microsoft Windows Explorer.
For services provided by third parties, Users may exercise their right to
oppose tracking by reading the third party’s data protection policy, using the
opt-out link if explicitly provided, or by contacting the third party directly.
Without prejudice to the above, the Data Controller would like to inform Users
that they can use “Your Online Choices”. This service allows you to manage the
tracking preferences of most advertising tools. The Data Controller therefore
advises Users to use this resource in addition to the information provided in
this document.