PURSUANT TO EU REGULATION 2016/679 – GDPR
In compliance with the legal obligations regarding the protection of personal data, we wish to inform you that this website www.tri-merglobal.com respects and safeguards the privacy of its visitors and users. Seeing that the Data Controller will come into possession of your personal data, as defined by the aforementioned Regulation, we would like to state the following:
IDENTIFYING DATA AND CONTACTS OF THE DATA CONTROLLER
The data controller is Tri-Mer Global Technologies, Via Milano 14/M 20064 Gorgonzola (Milan – Italy); Tel: +39 02 9515875, Email: firstname.lastname@example.org
CATEGORIES OF PERSONAL DATA AND PROCESSING PURPOSE
Your personal and browsing data will be subject to processing. During the visits of users, like every other website, we automatically collect some information such as the internet protocol (IP) address, type of browser, parameters of the device used to connect to the webpage, name of the internet service provider (ISP), date and time of the visit, referral and exit webpages and number of clicks. The data collected by our website are used exclusively for the purposes stated below and kept strictly for the time necessary to carry out those activities. The legal basis for the processing of that data is the need to make all the features of the company website accessible for the User during each visit. Conversely, the data voluntarily provided by the User, such as first name, surname, business name, tax code, VAT number, address, telephone/fax, email, bank and payment details are needed for the Data Controller to provide the service available and are processed in an accurate, lawful manner. These data are also collected and kept for the clear, lawful purposes listed below and accordingly processed.
The personal data collected are processed for the following purposes: to analyse the times the website has been visited, for statistical purposes; to collect data on the number of connections, in order to process all the requests from the user/visitor, and to make future commercial offers; to perform activities for the customer as provided by any pre-contractual or contractual agreements; for administrative, financial or accounting internal purposes related to the customer-supplier relationship. Data are also collected to fulfil the Controller’s obligations as provided by laws, regulations, community rules and by the Legal Authority, or to exercise its rights (such as the right of defence in court). Upon specific, clear consent by the User the data are collected and processed for marketing activities such as newsletters (through electronic mail, postal service, text message or phone call), updates on the Data Controller’s activities, advertising material or commercial communications concerning products or services that the User may consider of interest – these communications may be personalised following his/her consumer habits (profiling)-. The data are also collected and used to assess User satisfaction with reference to the quality of the service provided, and to ask him/her to take part in focus groups, and market surveys, and for staff selection and recruitment if job application is submitted by the User.
SECURITY MEASURES ANDPROCESSING METHODS
This website processes the User’s data in an accurate, lawful manner by adopting all the appropriate security measures in order to prevent unauthorised access, disclosure, modification, theft or destruction of said data. Personal data is processed using IT and/or telematic instruments following organisational arrangements and logics strictly related to the aforementioned purposes. In addition to the Data Controller, other entities involved in website organisation might have access to the processed data (these are the company’s administrative, commercial, marketing, legal representatives and system administrators) as well as third-party entities (such as suppliers of technical services, third party sales representatives, postal service, hosting providers, IT companies, communication agencies).
Personal data processing is carried out through collection, recording, organisation, retention, consultation, processing, modification, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of said data. The User’s personal data are collected by the Data Controller following the direct data submission by the User or by means of forms prepared for said purpose that may be inserted in contractual documents. The Data Controller shall record, keep and monitor the data collected both digitised and hardcopy so as to minimise any risks of destruction, loss, (even accidental), unauthorised access, illicit processing non-compliant with the aforementioned collection purposes. The Data shall be processed by employees or colleagues of the Data Controller properly trained to do so.
NATURE OF THE DATA
AND LEGAL BASIS FOR PROCESSING
Provision of personal data by the User is discretionary in nature. However, the User’s partial or total refusal to communicate his/her personal data may lead to the partial or total inability to establish or to continue any relationship with the User, provided that the data are necessary for said relationship. The provision of personal data by the User for marketing purpose is also discretionary in nature. Therefore, the User may decide not to communicate his/her personal data or to successively deny his/her consent to process the data provided. In that case the User will not receive any newsletter, commercial communication and advertising regarding the service and products offered by the Data Controller.
The legal basis legitimating data processing for administrative purposes with reference to precontractual and contractual agreements is compliance with a service-providing contract involving the User, or any precontractual activities requested by the User. For marketing, profiling as well as for job applications the User gives his/her consent freely.
PERSONAL DATA RECIPIENTS
AND DATA TRANSFER TO A THIRD COUNTRY
User data processing is carried out by personnel employed by the Data Controller (employees, colleagues, System Administrators), selected and authorised to process the data according to instructions given in compliance with the applicable regulation on privacy and data security. If necessary to carry out the aforementioned purposes, the User’s personal data might be processed by third-party entities such as professionals, companies, associations, or professional firms appointed by the Data Controller to perform administrative, accounting, financial, legal consultancy and assistance activities as well as staff selection and recruitment. Entities described by the applicable accounting and financial regulations as recipients of mandatory communications like banking institutions for collection and payments; professionals providing analysis and market research services; credit card and other electronic payment processing services, as well as sales representatives and postal carriers. This site might share part of the collected data with services located outside the European Union. Particularly Google, Facebook and Microsoft (LinkedIn) through social network plug-ins and the Google Analytics service Data transfer is authorised according to the Privacy Shield EU Directive 1250/2016, therefore no additional consent is required to ensure compliance from said companies.
PERSONAL DATA RETENTION TIME
User’s personal data shall be processed and kept by the Data Controller for all the time necessary to process the User’s requests, that is the duration of their contractual relationship as well as for the duration of the product warranty period; by the end of said period the data will be kept for the time envisaged for each category of data by the applicable accountancy, financial, civil and processual regulations. For marketing and profiling-only purpose the User’s personal data shall be processed and kept by the Data Controller for a period of time of respectively 24 and 12 months. For staff selection and recruitment-only purpose the User’s personal data shall be processed and kept by the Data Controller for a maximum period of 12 months from reception.
DATA SUBJECT RIGHTS AND PROCEDURES TO EXERCISE RIGHTS
As subject to the processing of his/her personal data the rights of the User are as follows:
- Right to access – Art. 15 GDPR: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data including a copy of said data.
- Right to rectification – Art. 16 GDPR: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her;
- Right to erasure (right to be forgotten) – Art. 17 GDPR: The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay;
- Right to restriction of processing – Art. 18 GDPR: The data subject shall have the right to obtain from the controller restriction of processing when the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; the data subject has objected to processing pursuant to Art. 21 GDPR, pending verification as to whether the legitimate grounds of the controller override those of the data subject.
- Right of data portability – Art. 20 GDPR: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is carried out by automated means;
- Right to object – Art. 21 GDPR: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on the performance of a task carried out in the public interest or in the exercise of official authority, including profiling. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Also where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Right to withdraw – Art. 7 GDPR: The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority – Art. 77 GDPR: the Data Subject has the right to lodge a complaint with the Italian Data Protection Authority located in Piazza di Montecitorio 121, 00186 Rome – Italy.
To exercise the rights listed in this policy and to receive any information regarding said rights, the Data Subject can contact the Data Controller in writing; the latter shall take on the request and provide all the information concerning the action undertaken with reference to said request, without undue delay or at the latest within a month of reception of the Data Subject’s request. Exercising the Data Subject’s rights is free of charge pursuant to Art. 12 GDPR. However, if requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or refuse to act on the request.