pursuant to art. 13 of EU Regulation no. 679/2016
In observance of the provisions of art. 13 of EU Regulation no. 2016/679 concerning the protection of physical persons with regard to the Processing of Personal Data and the free circulation of said data (hereinafter GDPR), the company STM S.P.A., in its capacity as Data Controller, would like to inform you that the data you provide will be processed in the ways and for the purposes indicated below.
1) The DATA CONTROLLER is the company S.T.M. S.P.A., with registered office in Via Remo Manganelli no. 16, Polesine Zibello (Parma) – Postcode 43016, Frazione Pieveottoville Zibello, enrolled on the Register of Companies of PARMA under no. PR – 138255;
VAT registration number: 00559720347; Telephone: +39-052499377;
The Website www.stmcompany.eu corresponds to the home page of the official website.
An updated list of Data Processors is available at the company headquarters.
2) PLACE OF DATA PROCESSING
The processing activities regarding the web services of this website are carried out by Register S.p.A..
3) PURPOSES OF THE PROCESSING AND LEGAL BASIS
Your data will be processed in compliance with the conditions of lawfulness as set forth in art 6 of GDPR, for the following purposes:
1) to carry out activities preliminary and consequential to the execution of commercial contracts, i.e. to comply with all contractual and pre-contractual obligations;
2) to comply with the obligations to which the Data Controller is subject and which are provided for by the laws in force (for example: obligations of a statutory nature, obligations of an accounting or fiscal nature, such as bookkeeping, invoicing and the sending of data to the State financial administration);
3) to carry out the following activities, which are not personalised, and without creating or using profiles, regarding goods and services connected with the business of the Data Controller:
– direct marketing activities;
– promotional, publicity and advertising activities through the sending of illustrative and informative material of a commercial nature;
4) to carry out customer satisfaction surveys, without creating or using profiles.
5) for consulting, processing and consequently responding to your request for information.
For the purposes indicated at points 1 and 2, personal data are lawfully processed, because the conditions set forth in article 6, paragraph 1, letters b) and c) apply (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract and processing is necessary for compliance with a legal obligation”), while for the purposes indicated at points 3, 4 and 5, data are lawfully processed because the conditions set forth in article 6, paragraph 1, letter f) apply (processing is necessary for the purposes of the legitimate interests pursued by the Controller“).
4) MANDATORY OR OPTIONAL PROVISION OF DATA
It is necessary to provide data for pursuing the contractual purposes set forth at point 3), and refusal on the part of data subjects to do so will make it impossible for said purposes to be pursued. Users are free to provide the personal data shown on the information request form addressed to the company, for the purpose of receiving information material or other communications. Failure to provide such information may lead to the impossibility to meet any requests.
5) PROCESSING METHODS
Your personal data will be processed in a lawful, correct and transparent manner, mainly using electronic or IT tools, and they will be stored both in the electronic data bank of the Data Controller and in paper files. The appropriate technical and organisational measures will be implemented to guarantee an adequate level of protection from risk pursuant to art. 32 of GDPR, as well as appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject.
6) SUBJECTS TO WHOM PERSONAL DATA MAY BE COMMUNICATED
The personal data acquired by the Data Controller may be communicated, for the purposes indicated in point 3), to the following subjects:
Third parties and others entrusted by the Data Controller with carrying out the contractual obligations and safeguarding of rights indicated at point 3) (for example: suppliers, employees, collaborators, consultants, professionals, etc.) and/or system administrators;
Third parties entrusted by the Data Controller with carrying out specific data processing tasks and specific activities regarding the carrying out of different, but related obligations;
Credit institutes and other financial operators, for credit recovery, management of information systems and the storage and hosting of IT data archives of the Company, limited to data accessible to anyone, to typographical and delivery agencies;
State Financial Administration and other Entities, for compliance with legal obligations of the Data Controller;
All other subjects to whom it is necessary to communicate the data for proper compliance with legal obligations of the Data Controller.
Personal data will not be disseminated.
7) TRANSFER OF DATA ABROAD
For the purposes described above, and in observance of EU Regulation no. 2016/679, your personal data may be transferred to connection and hosting service providers located abroad, within or outside the European Union.
8) DATA STORAGE PERIODS AND CRITERIA
The personal data collected are stored only for the time necessary to achieve the purposes indicated at point 3). Access to your information is limited to those who need to use it for pertinent purposes. Personal data that are no longer necessary, or for which there is no longer a legal reason for storing them, are definitively deleted.
Personal data will be stored in the ways mentioned above for:
The entire duration of the contract and, after the termination of the contractual relationship, for a standard period of 10 years, without prejudice to different storage terms that may be provided for by law.
In the case of litigation, for the duration of the same and until the expiry of the terms of enforceability of the actions of safeguarding and appeal.
9) RIGHTS OF THE DATA SUBJECTS
As the Data Subject, you may, at any time, exercise the rights provided for in arts. 15 – 22 of GDPR, by contacting the Data Controller.
Specifically, you may exercise the right:
to ask for confirmation of the existence of your personal data;
to obtain indications regarding the purposes of processing, recipients or categories of recipients to whom personal data have been or will be communicated and, when possible, the storage period;
to obtain the rectification or erasure of data;
to obtain the restriction of the processing;
to obtain data portability, i.e. to obtain them from the Data Controller in a structured, commonly used, machine-readable format, and to transmit them to another controller without impediment;
to object to processing at any time, also in the case of processing for direct marketing purposes;
to object to automated decision-making processes regarding physical persons, including profiling;
to lodge an official complaint with the competent Supervisory Authority, the Italian Personal Data Protection Authority, following the procedures and indications published on the official website of the Authority: www.garanteprivacy.it.
If processing is based on consent, the Data Controller will inform data subjects that they have the right to withdraw said consent at any time, without prejudice to the lawfulness of any processing based on their consent before it was withdrawn.
10) HOW TO EXERCISE RIGHTS
Data Subjects may exercise their rights by sending a written request to the postal address of the company’s registered office, or to the e-mail address: firstname.lastname@example.org.
11) TYPES OF DATA PROCESSED
During normal operation, the computer systems and software procedures for the operation of this website acquire some personal data which are implicitly transmitted in the use of Internet communication protocols. This information is not gathered in order to be associated to the identified Data Subjects, but which by its very nature could, if processed and associated to data held by third parties, lead to the identification of the users. This category of data includes the IP addresses or names of computer domains used by the users when connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in reply, the numerical code indicating the state of the reply given by the server (OK, error, etc.) and other parameters concerning the operating system and computer environment of the user. These data are used only for anonymous statistical information concerning the use of the website and to check the correct operation, and are erased immediately after processing. Data may be used to ascertain responsibility in the case of hypothetical data processing crimes to the detriment of the website: apart from this case, the web contact data are currently not kept for more than seven days.
12) DATA VOLUNTARILY PROVIDED BY THE USER THROUGH THE CONTACT
The data entered in the various contact forms are not stored on the database of the website.
The voluntary, explicit and optional sending by the user of e-mails to the addresses indicated in this website implies the subsequent acquisition of the sender’s address, required to reply to any requests, and any other personal data entered in the e-mail.
The right to stop receiving information e-mails remains valid, and may be requested at any time.
compliance with the provision of the Data Protection Authority (hereinafter the
“Authority”) of 8 May 2014 on the identification of “Simplified arrangements to
provide information and obtain consent regarding cookies” (hereinafter the
“Cookie provision”), the Data Controller would like to provide you with the
What are Cookies?
A Cookie is a small amount of data, often containing an anonymous univocal ID code, which are sent to the browser by a web server and are then stored on the hard disk of the User’s computer. The Cookie is then re-read and recognised only by the website that sent it or by other websites connected to the first website, at each subsequent connection. Remember that the browser is the software that makes it possible to browse the web by viewing and transferring information onto the hard disk of the User’s computer. If the browser is set to accept Cookies, any website may send Cookies to the browser, but in order to safeguard privacy, it can identify only those sent by the website, and not those sent to the browser by other websites. In any case, Cookies cannot cause damage to the User’s computer.
How Cookies are used on this website
Cookies are not used to transmit personal information, nor are persistent cookies of any type used, i.e. systems for tracking users.
The use of session Cookies (which are not stored persistently on the User’s computer, and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (made up of random numbers generated by the server) necessary to allow for the safe, efficient browsing of the website. The session cookies used on this website avoid the use of other IT technologies that may be damaging for the confidentiality of the users’ web browsing, and do not permit the acquisition of personal data that could identify the user.
The website uses session cookies, technical cookies and third-party cookies.
Personal data collected: cookies and usage data.
Other types of Cookies or third-party instruments that could use them
Some of the services listed below may not require the consent of the User or may be managed directly by the Data Controller – depending on what has been described – without the aid of third parties.
If the instruments indicated below include services managed by third parties – in addition to those specified and even without the Data Controller’s knowledge – they may carry out User tracking activities. For detailed information on this, the privacy policies of the services listed should be consulted.
Personal data collected: cookies and usage data.
Personal data collected: cookies and usage data.
can I control the installation of Cookies?
In addition to the indications provided in this document, Users may manage their Cookie preferences directly from their browser, for example by preventing third parties from installing them. Browser preferences can also be used to delete cookies previously installed, including the Cookie on which consent for the installation of Cookies by this website may have been saved. It is important to note that the functioning of this website may be affected if all Cookies are disabled. Users can find information on how to manage Cookies in their browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Explorer.
For services provided by third parties, Users may exercise their right to oppose tracking by reading the third party’s data protection policy, using the opt-out link if explicitly provided, or by contacting the third party directly.
Without prejudice to the above, the Data Controller would like to inform Users that they can use “Your Online Choices”. This service allows you to manage the tracking preferences of most advertising tools. The Data Controller therefore advises Users to use this resource in addition to the information provided in this document.