- Purpose of the processing and duration
- We inform you that the personal data provided by you in the activity we carry out may be processed for the following purposes: to finalize contracts, fulfill pre-contractual, contractual and tax obligations related to importing, exporting, purchasing, sales and distribution activities in general, with or without facilities, for steel wire ropes, slings and pennants of any kind and accessories for said industrial technical products and machines for the production and the termination of the same, by means of commercial, industrial and financial operations including real estates activities. Only after your request and specific and separate consent and until revocation, we can send you via e-mail communications on products and services offered by the Owner. Please note that if you are already a customer, we may send you commercial communications relating to services and products of the Owner similar to those you have already used, subject to your disagreement (Article 130 of the Privacy Code).
- The Owner does not carry out profiling activities.
- Your data will be processed for a period of time not exceeding the one necessary for the purposes for which they were collected or subsequently processed; the retention period will be determined by the duration of the contract and by the legal, regulatory, administrative, accounting and tax obligations.
- The processing of personal data means the collection, registration, organization, storage, processing, modification, selection, extraction, comparison, use, dissemination, cancellation, distribution, interconnection and any other activity useful for the performance of the Service, including the combination of two or more of these operations.
- The legal basis of the processing of personal data for the purposes referred to above is art. 6.1 lett. b) and c) of the GDPR, as the processing is necessary for the provision of services or for the response of requests by the interested party.
- Optional nature of providing data - refusal
The interested party is free to provide personal data. The conferring of personal data is necessary and mandatory for the purposes of carrying out the activities referred to in paragraph 1 and any refusal by the party concerned to provide personal data will make it impossible to perform the above mentioned activities.
- Data controller
The data controller is Sirtef srl, with registered office in Calvignasco (MI), Via Dei Lavoratori 1, PEC: firstname.lastname@example.org, C.F. and P. I.V.A: 05942780965 manager of the website www.sirtef.it. The processing of the data held by Sirtef srl takes place at the registered office of the owner, as well as at the local units of the same in Santa Maria La Longa (UD), via Gabriele d'Annunzio 9 and in Rome, via Libero Leonardi 4. The communication of data may take place, only for data related to legal persons, either in Europe or Extra-Europe, but only as necessary and exclusively for the purpose of delivering the ordered material directly to the person concerned. If you wish to receive further information on how the data holder processes your personal data, please write an email to the PEC email address email@example.com. To know your rights and to be always up-to-date on the legislation regarding the protection of persons with regard to the processing of personal data, we recommend you to visit the website of the Guarantor for the protection of personal data at http://www.garanteprivacy.it /.
- Categories of recipients of personal data
The data may be communicated to: authorized subjects pursuant to art. 29 GDPR; processors, employees, collaborators and suppliers of the Company; consultants and professionals (eg accountants and lawyers, etc.) professional associations, social security institutions, insurance, credit and financial institutions, police forces, judicial authorities, bailiffs, bodies, as well as the appointed data processors pursuant to art. 28 GDPR (including, for example, the person responsible for security measures. At the present, the Digital Spirit of Massimo Martucci, Sacchetti 6, Lacchiarella (MI), VAT number 08694250963, as Internet site manager, TEAMSYSTEM SpA (Software house), Via G. Bruno 18, Senigallia (AN), VAT: 01035310414, always within the limits of legislative, regulatory or contractual provisions. The data may be communicated to the System Administrator.
- Method of data retention
Sirtef Srl processes personal data using automated and non-automated tools. In particular, Sirtef srl, based on a specific contract, is an exclusive user of a web space on servers of the host provider, where the data are stored and archived, remaining accessible only to the same and solely for technical needs (such as, for example. , server maintenance) also to the host provider. The personal data provided by users who request dispatch of informative materials are used only to perform the service or the performance required and they are communicated to third parties only if this is necessary or required by law.
- Types of data processed
The computer systems and software procedures used to operate this website acquire, during their normal operations, some personal data whose transmission is implicit in the use of Internet communication protocols. This are information that are not collected to be associated with identified specific purposes.. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
- Rights of the interested party
The subjects, to whom the personal data (interested) refer, have the right, at any time, to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, to verify its accuracy or to request its integration or the updating or amendment (articles 15 to 23 and 34 EU REGULATION 678/2016, see ANNEX A below). Pursuant to the same articles, you also have the right to request cancellation (right to be forgotten), the right to data portability, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose any case, for legitimate reasons, to their treatment. Requests should be forwarded to the Data Controller by writing to the following email address: firstname.lastname@example.org. In brief, the interested party has the right to:
- obtain from the data controller confirmation that the processing of personal data concerning him or her is in progress and, in this case, obtain in an intelligible form the data held by the holder (right of access), as well as the following information:
- an indication of their origin, of the purposes and methods of the processing, as well as, in the event that the processing is carried out using electronic means, of the logic on which the treatment is based;
- the categories of personal data in question;
- the indication of the identification details of the holder, of any responsible;
- the recipients or categories of recipients as appointed representatives in the territory of the State, managers or agents to whom the personal data have been or will be communicated;
- if the data are not collected from the data subject, all information available on their origin;
- updating, rectification or, if interested, integration of data;
- the existence of the right of the interested party to ask the data controller to revoke the consent or rectification or deletion of personal data (so-called "right to be forgotten") even after the revocation of consent to the processing, or the limitation to process personal data concerning him;
- the attestation that the operations referred to in numbers 2) and 3) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated, except in the case in which this fulfillment is revealed impossible or involves a use of means manifestly disproportionate to the protected right. The rights referred to in nos. 1, 2, 3 and 4 can be exercised by submitting an informal request by e-mail to the email address email@example.com. This request can be renewed, except for the existence of justified reasons, with an interval of no less than ninety days;
- the right to oppose at any time, for reasons related to his particular situation, the processing of personal data concerning him;
- request and obtain the block or limitation of data processed in violation of the law and those whose retention is no longer necessary in relation to the purposes of the processing;
- the right to lodge a complaint with a supervisory authority;
- the right to data portability
- obtain from the data controller confirmation that the processing of personal data concerning him or her is in progress and, in this case, obtain in an intelligible form the data held by the holder (right of access), as well as the following information:
- Processing methods and data requirements
The personal data processed are:
- processed lawfully and fairly;
- collected and registered for specific, explicit and legitimate purposes, and used in other processing operations in terms compatible with these purposes;
- exact and, if necessary, updated;
- relevant and complete;
- stored in a form that allows the identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.
- Recalling links to third-party sites
Sirtef srl is not responsible for the content of third party sites to which refer links on the site www.sirtef.it. Therefore, the interested party is advised to read the sections of the Privacy Notice and Cookies Notice on these third-party sites.
- Security measures
The data will be processed using methods and instruments suitable to guarantee security (Article 24, 25 and 32 of the EU Reg. 679/2016) and will be carried out by electronic or automated means (network computers not accessible to the public) and by not automated means (paper archives), to which all appropriate technical and organizational measures will be applied to ensure a level of security appropriate to the risk, so as to ensure on a permanent basis their confidentiality, integrity, availability and resilience of the processing systems and services (by way of example but not exhaustive: controls both on the assignment of tasks to the persons in charge of data processing and on the classification of the data themselves). We adopt appropriate security measures in order to minimize the risk of destruction or loss - even accidental - of data, unauthorized access or processing that is not allowed or does not comply with the collection purposes indicated in our Privacy Section. However, the holder cannot guarantee to its users that the measures taken for the security and transmission of data online limit or exclude any risk of unauthorized access or loss of data by devices pertaining to the user: we recommend to make sure that your computer is equipped with appropriate software for the protection of data transmission in the network, both incoming and outgoing (as updated antivirus systems) and that your Internet service provider has taken appropriate measures for the security of data transmission in network (such as firewalls and antispam filters).
- Applicable law
- Changes and updates Privacy Notice
The Data Controller may modify or simply update, in whole or in part, the Privacy Notice, also in consideration of changes in the laws or regulations governing this matter and protect your rights. Changes and updates to the Privacy Section will be notified to users by publication on the home page as soon as they are adopted; they will be binding as soon as they are published on the website. We therefore ask you to regularly access this section to check the publication of the most recent and updated Privacy Section.
- Consent provided by the parent
Pursuant to Article 8 of the 2016/679 European Regulation, in cases where the person concerned is younger than sixteen (16), the consent of the parent is required for the processing of the personal data of the aforementioned minor
ANNEX A: RIGHTS OF THE PARTY CONCERNED EXTRACT REG. EU 679/2016
Article 15 Right of access of the Party concerned (C63, C64)
- The Party concerned has the right to get from the data controller any information about the existence of a data handling referred to himself and consequently to obtain the access to the personal data and to the following further information:
- the purposes of the processing;
- the categories of personal data involved in the process;
- the recipients or the categories of recipients to whom the personal data have been or will be communicated, in particular if the recipients belong to third countries or to international organizations;
- where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
- the existence of the right of the interested party to ask to the data controller for correcting or deleting the personal data and for limiting the handling of the personal data related to himself or even to refuse their handling.;
- the right to present a complaint to a supervisory authority;
- if the data are not collected directly from the interested party, all the information available on their origin;
- the existence of an automated decision-making process, including the profiling in accordance with Article 22 (1) and (4) and, at least in such specific cases, relevant information about how the automatic process is organized and the importance and the possible consequences related to this handling for the interested party.
- Whether the personal data are transferred to a third country or to an international organization, the interested party will have the right to be informed about the existence of the due guarantees according to Article 46 referred to the transfer.
- The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee contribution based on administrative costs. If the interested party submits the request by electronic means, and apart for different indications received by the interested party, the information are provided in a commonly used electronic format.
- The right to obtain a copy of the rights and freedoms of others
Article 16 Right of rectification (C65)
The interested party has the right to obtain from the data controller the correction of any inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
Article 17 Right to cancellation ("right to be forgotten") (C65, C66)
- The data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay if one of the following reasons exists:
- personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- the interested party revokes the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and whether there is no other legal basis for the processing ;
- the interested party opposes the processing pursuant to Article 21 (1) and there is no legitimate overriding reason to proceed with the processing, or he makes opposition to the processing pursuant to Article 21 (2);
- personal data have been processed unlawfully;
- personal data must be deleted to fulfill a legal obligation under European Union or one of the Member State law to which the interested party is subject;
- the personal data have been collected in relation to the information society service offer referred to Article 8 (1).
- The controller shall, if he / she has made personal data public and is obliged, pursuant to paragraph 1, to delete it, taking into account the available technology and implementation costs, shall take reasonable steps, including technical measures, to inform the data controllers who are processing personal data of the request of the person concerned to delete any link, copy or reproduction of his personal data.
- Paragraphs 1 and 2 shall not be applied to the extent that processing is necessary:
- for exercising the right to freedom of expression and information;
- for the fulfillment of a legal obligation requiring treatment under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority of which the data controller is invested;
- for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3);
- for archiving purposes in the public interest, for scientific or historical research or for statistical purposes
- for the assessment, exercise or defense of a right in court.
Article 18 Right of limitation of processing (C67)
- The data subject has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
- a) the interested party disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data;
- b) the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
- c) although the data controller no longer needs it for processing purposes, personal data are still necessary for the subject to verify, exercise or defend a right in court;
- d) the interested party has opposed the treatment pursuant to Article 21 (1), pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
- If the processing is restricted pursuant to paragraph 1, such personal data shall only be processed, except for storage, with the consent of the interested party or for the establishment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State.
- The interested party having obtained the processing restriction pursuant to paragraph 1 shall be informed by the controller before the limitation is revoked.
Article 19 Obligation to notify in case of rectification or cancellation of personal data or limitation of processing (C31)
The controller shall inform each of the recipients to whom the personal data have been transmitted of any correction or cancellation or limitation of the processing carried out pursuant to Article 16, Article 17 (1) and Article 18, unless this shows to be impossible or imply a disproportionate effort. The data controller informs the person involved about these recipients in case the interested party asks for it.
Article 20 Right to data portability (C68)
- The interested party shall have the right to receive personal data concerning him / her provided to a data controller in a structured, commonly used and readable form by automatic device and has the right to transmit such data to another data controller without impediments from the data controller to whom he has provided them if:
- the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract within the meaning of Article 6 (1) (b) ; and
- processing is carried out by automated means.
- In exercising its rights relating to the portability of data in accordance with paragraph 1, the data subject shall have the right to obtain direct transmission of personal data from one controller to another, if technically feasible.
- The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right is not applicable to the treatment necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority as the data controller is invested.
- The right referred to in paragraph 1 must not affect the rights and freedoms of others.
Article 21 Right to opposition (C69, C70)
- You have the right to object at any time, for reasons connected with your particular situation, to the processing of your personal data pursuant to Article 6, paragraph 1, letters e) of), including profiling on the basis of these provisions. The data controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or the defense of a right in court.
- If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him / her for such purposes, including profiling in so far as it is related to such marketing direct.
- If the data subject objects to processing for direct marketing purposes, personal data are no longer processed for these purposes.
- The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the interested party and shall be presented clearly and separately from any other information at the latest at the time of the first communication with the data subject.
- In the context of the use of information society services and without prejudice to Directive 2002/58 / EC, interested party may exercise their right to object by automated means using technical specifications.
- Where personal data are processed for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89 (1), the interested party shall have the right to object to the processing of personal data for reasons connected with his particular situation concerning him, unless the processing is necessary for the performance of a task in the public interest.
Article 22 Automated decision-making process concerning natural persons, including profiling (C71, C72)
- You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or which significantly affects your person.
- Paragraph 1 shall not apply where the decision:
- is necessary for the conclusion or execution of a contract between the interested party and a data controller;
- is authorized by the law of the Union or of the Member State to which the controller is subject, which also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the data subject;
- is based on the explicit consent of the interested party.
- In the cases referred to in paragraph 2 (a) and (c), the controller shall implement appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention from the holder treatment, to express their opinion and to challenge the decision.
- The decisions referred to in paragraph 2 shall not be based on the particular categories of personal data referred to in Article 9 (1), unless Article 9 (2) (a) and (g) applies no adequate measures are in place to protect the rights, freedoms and legitimate interests of the data subject.
Article 23 Limitations (C73)
- The law of the Union or of the Member State to which the controller or processor is subject may limit, by legislative measures, the scope of the obligations and rights referred to in Articles 12 to 22 and 34, as well as to the Article 5, so far as the provisions contained therein correspond to the rights and obligations set out in Articles 12 to 22, where such limitation respects the essence of fundamental rights and freedoms and is a necessary and proportionate measure in a society democratic to safeguard:
- national security;
- public security;
- the prevention, investigation, detection and prosecution of offenses or the execution of criminal sanctions, including the safeguard against and prevention of threats to public security;
- other important objectives of general public interest of the Union or of a Member State, in particular a significant economic or financial interest of the Union or of a Member State, including in monetary, budgetary and fiscal matters, public health and security matters social;
- safeguarding the independence of the judiciary and judicial proceedings;
- activities aimed at preventing, investigating, ascertaining and prosecuting violations of the deontology of regulated professions;
- a function of control, inspection or regulation connected, even occasionally, with the exercise of public authority in the cases referred to in points (a), (e) and (g);
- the protection of the data subject or of the rights and freedoms of others;
- the execution of civil actions.
- In particular, any legislative measure referred to in paragraph 1 contains specific provisions concerning at least, where appropriate:
- the purposes of the treatment or the treatment categories;
- the categories of personal data;
- the extent of the limitations introduced;
- guarantees to prevent abuses or illegal access or transfer;
- the precise indication of the data controller or categories of owners;
- the retention periods and applicable safeguards taking into account the nature, scope and purpose of the treatment or treatment categories;
- risks to the rights and freedoms of those involved; and
- the right of data subjects to be informed of the limitation, unless this could jeopardize its purpose
Article 34 Communication of a violation of personal data to the data subject (C68-C88)
- When the violation of personal data is likely to present a high risk for the rights and freedoms of natural persons, the data controller shall notify the interested party of the violation without undue delay.
- The communication to the data subject referred to in paragraph 1 of this Article shall describe in a simple and clear language the nature of the personal data breach and shall contain at least the information and measures referred to in Article 33 (3) (b) , c) and).
- The communication to the interested party referred to in paragraph 1 shall not be required if one of the following conditions is fulfilled:
- the data controller has implemented the appropriate technical and organizational protection measures and these measures have been applied to the personal data object of the violation, in particular those intended to make the personal data incomprehensible to anyone who is not authorized to access it, such as encryption;
- the data controller has subsequently taken measures to prevent the occurrence of a high risk for the rights and freedoms of the interested party referred to in paragraph 1;
- this communication would require disproportionate efforts. In this case, a public communication or a similar measure is taken, through which the interested parties are informed with similar effectiveness.
- In the event that the data controller has not yet communicated the violation of personal data to the interested party, the supervisory authority may request, after having assessed the probability that the violation of personal data presents a high risk, that it will provide or may decide that one of the conditions set out in paragraph 3 is fulfilled.
Last Update: 25/05/2018