INFORMATION CONCERNING THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTILCLE 13 AND SUBSEQUENT OF THE EUROPEAN REGULATION NO. 679/2016 (“GDPR”), TO THE PROVISIONS OF THE ITALIAN LEGISLATIVE DECREE 196/2003 (PERSONAL DATA PROTECTION CODE), AS AMENDED BY THE ITALIAN LEGISLATIVE DECREE 101/2018.

PURPOSE

The collection, storage, and usage of personal data provided through this website is regulated by this Privacy Policy. Therefore, please carefully read this Policy before entering any personal information into this website.

CONSENT

The access and usage of this website imply the approval of this Privacy Policy and any time information or personal data are provided, you give your consent to collect, use and disclose them according to what specified therein.

DATA CONTROLLER

OMCD SpA, with registered office in Milan, Via Paruta no.56 Milan, Tax code and VAT number 00744600156, www.omcd.it/it, hereby represented by its pro-tempore Legal Representative, hereinafter referred to as “Controller” or “Data Controller”.
In addition, the following Companies are part of the OMCD Group and co-controllers of the data:

  • FILMS SPA (registered office in Via Megolo 43, 28877 Anzola d’Ossola (VB), Tax code/VAT number 00116980038, www.omcd.it/films).
  • HARDITALIA SRL (registered office in Via Genova 7/9, 21040 Oggiona S. Stefano (VA), Tax code/VAT number 00216940122, www.omcd.it/harditalia).
  • SCLEROS SPA (registered office in Via Fratelli Borghini 83, 28877 Anzola d’Ossola (VB), Tax code/VAT number 00124690033, www.omcd.it/scleros).

Pursuant to and for the purposes of articles 13 and 14 of the European Regulation no. 2016/679 issued by the European Parliament and the national legislation in force on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter also referred to as “Regulation” or “GDPR”), we inform you that the Personal Data you voluntary provide to the Controller/Co-controller will be processed in compliance with the current regulation on the protection of personal data and, in any case, with the principles of confidentiality, which inspire the Controller and Co-controller’s activity.
The Controller is the website manager. The information shall be deemed issued only for the contents related to the pages of this website and not in connection with other websites that the user may visit via any other link present on the pages of this website.

CATEGORY OF THE PROCESSED PERSONAL DATA

The Controller/Co-controller will process the following categories of personal data you voluntary provide when you confirm that you are of legal age:

  • Personal data: name and/or surname, Company name, email address, telephone number, geographical area, scope of application, etc.
  • Economic and financial data, such as bank references, tax code and VAT number, Univocal code, etc.
  • Any other data that is required for the continuation of the contractual relationship.

We inform you that data may be acquired by filling in the “Contacts form” in the section “Contacts” at the links

https://www.omcd.it/it/contatti/,
https://www.omcd.it/films/contatti/,
https://www.omcd.it/celsia/contatti/,
https://www.omcd.it/hi.lab/contatti/,
https://www.omcd.it/harditalia/contatti/,
https://www.omcd.it/diamil/contatti/,
https://www.omcd.it/scleros/contatti/,
https://www.omcd.it/ugp/contatti/
also on subsequent contact occasions.

The “Contacts” form is only aimed at enabling the website users to contact, if required, the Controller/Co-controller in order to create a first contact. For the particular activity of the website, we do not provide or process “special” data, i.e. data, which may reveal racial and ethnic origin, religious or philosophical beliefs, trade union membership, and political opinions, as well as genetic and biomedical data, which are used to univocally identify a natural person, and data regarding the health or the sexual life or the sexual orientation of an natural person.

We also inform you that the data you provide will not be used for profiling activities, such as analysis of your preferences, behaviors and/or habits, geographical presence or other information with the purpose of being able to send you communications targeted to you.

PURPOSE OF THE PROCESSING

Personal Data you voluntary provided to the Controller/Co-controller will be processed for the following purposes:

  • Fulfilment of contractual and/or pre-contractual obligations, including administrative and accounting purposes related to the activities carried out by the Controller/Co-controller.
  • Purposes related to the fulfillment of further legal obligations.
  • Exercise of the rights of the Controller/Co-controller, such as the right to defense in court.
  • Sharing of information for the proper management of relations between Controller/Co-controller.
  • Compilation and use of data lists to complete execution of business practices arising from the specific Controller/ Co-controller activity.
  • Sending informative newsletters.
  • Recontacting and/or providing feedback to requests received through the Web site.

The legal basis of the processing for purposes of this information note is the establishment of a relationship, or the execution of contract or pre-contract measures adopted upon your request. Therefore, refusing and/or failing to provide correct and/or complete information or your consent would cause the non-regular and timely execution of the relevant relationship, as well as the non-compliance with the obligations provided for by the current regulation.

In addition, we would like to inform you that during their normal operation, information systems managing the www.omcd.it/it website collect some personal data whose transmission is implicit in the use of the Internet communication protocols. This information is not collected to be matched to identified data subjects, but, due to its nature, it may allow to identify the users through processing and matching with data processed by third parties.

This data may be anonymously used for statistical purposes with regard to the usage of the website and/or to control its correct operation, and it is deleted immediately after the processing. Data may also be used to determine the liability in case of computer offences committed against the website. Except in the latter case, data related to web contacts is currently not retained longer than the period required to process the requests submitted by filling in the forms in the website itself.

DATA PROCESSING METHODS

The personal data of the data subject will be processed by means of electronic and manual tools in a legal way and by adopting proper security measures. All protection measures provided for by the regulation on the protection of the personal data and by the applicable law are implemented.

The processing is carried out directly by the Controller/Co-controller and/or its authorized and duly trained appointees (e.g., employees, administrators, collaborators, etc.), due to their duties and responsibilities.

Data may also be processed, on behalf of the Data Controller/Co-controller, by external subjects on behalf of the Controller, which are appointed as Data Processors pursuant to Article 28 of the GDPR and to which proper operating instructions are given. The updated list of the subjects appointed as Data Processors according to Article 28 of GDPR is available at the Company and can be accessed by submitting a proper request as explained here below.

Personal data will not be subject to disclosure or dissemination, but it can be transmitted to other companies of the OMCD group in order to better meet the requests and needs of the user, and to the Public Authorities expressly requesting it to the Controller/Co-controller for administrative and statutory purposes according to what provided for by the current national and European regulations. Data will not be transferred to Third Parties even if it can be processed and stored also by using GDPR-compliant in-cloud services (if required, they may have their registered offices in another country). In these cases, your data may be protected even by means of pseudonymisation or encrypting techniques.

The Website can collect location data by masking the IP address (i.e. in anonymous form), and in any case it is not, or it will not be, possible to identify those who access the website. Geolocation data are not collected.

RIGHTS OF THE DATA SUBJECT

As Data Subject, the individual may exercise a series of rights and particularly:

  • Right of access data (Article 15).
  • Right of rectification (Article 16).
  • Right of deletion (the so-called Right to be Forgotten, Article 17).
  • Right to restrict processing (Article 18).
  • Obligation to be notified in case of rectification or deletion of personal data or of restriction of the processing (Article 19).
  • Right to data portability (Article 20).
  • Right to object (Article 21).
  • Automatic decision-making process related to the natural people, including profiling (Article 22).

Anyway, the data subject will always have the right to lodge a complaint to the competent supervisory authority (Italian Data Protection Authority) pursuant to Article 77 of the GDPR, if he/she believes that the processing of his/her data is against the law in force.

It is possible to exercise the above-mentioned rights by sending a request to the Controller by registered mail to: OMCD SpA, Via Megolo 43(28877) Anzola d’Ossola (VB) or by PEC at gdpr@pec.omcd.it. When the data subject contacts us, he/she shall include his/her name, email address/mail address and or telephone number(s) to be sure that his/her request can be correctly managed.

Pursuant to the EU Regulation 2016/679 on the Protection of Personal data, such rights may be executed only by the data subject for security reasons. The Controller/Co-controller, also by means of authorized representatives, shall control his/her identity in order to avoid any undesirable communication of his/her confidential information to other people.

The exercise of your rights as data subject is free according to Article 12, GDPR. However, in case of manifestly unfounded and excessive requests, also due to their repetitiveness, the Controller/Co-controller may charge a reasonable fee for costs on the basis of the costs incurred to manage your request, or to deny the satisfaction of your request.

AUTOMATED DECISION MAKING PROCESS AND PROFILING

The processing of your data does not take place:
– With the aid of automated decision-making processes.
– With the use of profiling techniques.

DATA RETENTION PERIOD

The processing will last for a proper period of time in accordance with the achievement of the purposes, unless you submit a deletion request that will be immediately executed.

The personal data you provided will be retained in archives in the hardware systems of the Controller/Co-controller and/or on external GDPR-compliant in-cloud platforms managed by Third parties, and/or in physical archives (manual data).

PROHIBITIONS

It is absolutely forbidden to send or transmit illicit, threatening, defamatory, obscene, scandalous, exciting, pornographic or profane material or any other material that may be, or may promote, behaviours that may be considered criminal offences, or may result in civil liabilities, or may in other ways infringe any law. We will completely cooperate with any authority to enforce the law or any court order requiring or ordering to identify the person who sends such information or materials.

AMENDMENTS

We reserve the right to amend or enhance this Policy at any time as a response to any legal, operational, regulatory or technological changes. Please periodically check any issue of new revision especially before providing any recognisable personal information. In case you decide not to accept the changes made to this Privacy Policy, you should not keep using our website.