INFORMATION CONCERNING THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTILCLE 13 AND SUBSEQUENT OF THE EUROPEAN REGULATION NO. 679/2016 (“GDPR”), TO THE PROVISIONS OF THE ITALIAN LEGISLATIVE DECREE 196/2003 (PERSONAL DATA PROTECTION CODE), AS AMENDED BY THE ITALIAN LEGISLATIVE DECREE 101/2018.
OMCD SpA, with registered office in Milan, Via Paruta no.56 Milan, Tax code and VAT number 00744600156, www.omcd.it/it, hereby represented by its pro-tempore Legal Representative, hereinafter referred to as “Controller” or “Data Controller”.
In addition, the following Companies are part of the OMCD Group:
- DIMOTEK EOOD (registerd office in Kosta Lulchev str 10-A-1-1, 1113 Sofia, Bulgaria, UIC/PI 105586461, www.omcd.it/dimotek)
- FILMS SPA (registered office in Via Megolo 43, 28877 Anzola d’Ossola (VB), Tax code/VAT number 00116980038, www.omcd.it/films)
- HARDITALIA SRL (registered office in Via Genova 7/9, 21040 Oggiona S. Stefano (VA), Tax code/VAT number 00216940122, www.omcd.it/harditalia)
- SCLEROS SPA (registered office in Via Fratelli Borghini 83, 28877 Anzola d’Ossola (VB), Tax code/VAT number 00124690033, www.omcd.it/scleros)
- UGP SRL (registered office in Via B. Cellini 24, Fraz. Caslino al Piano, 22071 Cadorago (CO), Tax code/VAT number 01863640130, www.omcd.it/ugp)
Pursuant to and for the purposes of Article 13 of the European Regulation no. 2016/679 issued by the European Parliament and the national legislation in force on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter also referred to as “Regulation” or “GDPR”), we inform you that the Personal Data you voluntary provide to the “Controller” will be processed in compliance with the current regulation on the protection of personal data and, in any case, with the principles of confidentiality, which inspire the Controller’s activity.
The Controller is the website manager. The information shall be deemed issued only for the contents related to the pages of this website and not in connection with other websites that the user may visit via any other link present on the pages of this website.
CATEGORY OF THE PROCESSED PERSONAL DATA
The Controller will process the following categories of personal data you voluntary provide when you confirm that you are of legal age:
– personal data: name and/or surname, Company name, email address, telephone number, geographical area, scope of application.
We inform you that data may be acquired by filling in the “Contacts form” in the section “Contacts” at the links https://www.omcd.it/it/contatti/, https://www.omcd.it/films/contatti/, https://www.omcd.it/celsia/contatti/, https://www.omcd.it/hi.lab/contatti/, https://www.omcd.it/harditalia/contatti/, https://www.omcd.it/diamil/contatti/, https://www.omcd.it/scleros/contatti/, https://www.omcd.it/ugp/contatti/, https://www.omcd.it/dimotek/contatti/ and https://www.omcd.it/hardymetalurgica/contatti/ also on subsequent contact occasions.
The “Contacts” form is only aimed at enabling the website users to contact, if required, the Controller in order to create a first contact. For the particular activity of the website, we do not provide or process “special” data, i.e. data, which may reveal racial and ethnic origin, religious or philosophical beliefs, trade union membership, and political opinions, as well as genetic and biomedical data, which are used to univocally identify a natural person, and data regarding the health or the sexual life or the sexual orientation of an natural person.
PURPOSE OF THE PROCESSING
Personal Data you voluntary provided to the Controller will be processed for the following purposes:
- Re-contacting you and/or replying to your request;
- Fulfilling pre-contract and/or contract obligations, or for other purposes linked to the fulfilment of further legal obligations.
The legal basis of the processing for purposes of this information note is the establishment of a relationship, or the execution of contract or pre-contract measures adopted upon your request. Therefore, refusing and/or failing to provide correct and/or complete information or your consent would cause the non-regular and timely execution of the relevant relationship, as well as the non-compliance with the obligations provided for by the current regulation.
In addition, we would like to inform you that during their normal operation, information systems managing the www.omcd.it/it website collect some personal data whose transmission is implicit in the use of the Internet communication protocols. This information is not collected to be matched to identified data subjects, but, due to its nature, it may allow to identify the users through processing and matching with data processed by third parties.
This data may be anonymously used for statistical purposes with regard to the usage of the website and/or to control its correct operation, and it is deleted immediately after the processing. Data may also be used to determine the liability in case of computer offences committed against the website. Except in the latter case, data related to web contacts is currently not retained longer than the period required to process the requests submitted by filling in the forms in the website itself.
DATA PROCESSING METHODS
The personal data of the data subject will be processed by means of electronic and manual tools in a legal way and by adopting proper security measures. All protection measures provided for by the regulation on the protection of the personal data and by the applicable law are implemented.
The processing is directly carried out by the Controller. However, data may be also processed by other external subjects on behalf of the Controller, which are appointed as Data Processors pursuant to Article 28 of the GDPR and to which proper operating instructions are given. The updated list of the subjects appointed as Data Processors according to Article 28 of GDPR is available at the Company and can be accessed by submitting a proper request as explained here below.
Personal data will not be disclosed, but it can be transmitted to other companies of the OMCD group in order to better meet the requests and needs of the user, and to the Public Authorities expressly requesting it to the Controller for administrative and statutory purposes according to what provided for by the current national and European regulations. Data will not be transferred to Third Parties even if it can be processed and stored also by using GDPR-compliant in-cloud services (if required, they may have their registered offices in another country). In these cases, your data may be protected even by means of pseudonymisation or encrypting techniques.
The Website can collect location data by masking the IP address (i.e. in anonymous form), and in any case it is not, or it will not be, possible to identify those who access the website. Geolocation data are not collected.
RIGHTS OF THE DATA SUBJECT
As Data Subject, the individual may exercise a series of rights and particularly:
- Right of access data (Article 15);
- Right of rectification (Article 16);
- Right of deletion (the so-called Right to be Forgotten, Article 17);
- Right to restrict processing (Article 18);
- Obligation to be notified in case of rectification or deletion of personal data or of restriction of the processing (Article 19)
- Right to data portability (Article 20);
- Right to object (Article 21).
- Automatic decision-making process related to the natural people, including profiling (Article 22).
Anyway, the data subject will always have the right to lodge a complaint to the competent supervisory authority (Italian Data Protection Authority) pursuant to Article 77 of the GDPR, if he/she believes that the processing of his/her data is against the law in force.
It is possible to exercise the above-mentioned rights by sending a request to the Controller by registered mail to: OMCD SpA, Via Paruta n.56 Milano or by PEC at firstname.lastname@example.org. When the data subject contacts us, he/she shall include his/her name, email address/mail address and or telephone number(s) to be sure that his/her request can be correctly managed.
Pursuant to the EU Regulation 2016/679 on the Protection of Personal data, such rights may be executed only by the data subject for security reasons. The Controller, also by means of authorized representatives, shall control his/her identity in order to avoid any undesirable communication of his/her confidential information to other people.
The exercise of your rights as data subject is free according to Article 12, GDPR. However, in case of manifestly unfounded and excessive requests, also due to their repetitiveness, the Controller may charge a reasonable fee for costs on the basis of the costs incurred to manage your request, or to deny the satisfaction of your request.
DATA RETENTION PERIOD
The processing will last for a proper period of time in accordance with the achievement of the purposes, unless you submit a deletion request that will be immediately executed.
The personal data you provided will be retained in archives in the hardware systems of the Controller and/or on external GDPR-compliant in-cloud platforms managed by Third parties.
It is absolutely forbidden to send or transmit illicit, threatening, defamatory, obscene, scandalous, exciting, pornographic or profane material or any other material that may be, or may promote, behaviours that may be considered criminal offences, or may result in civil liabilities, or may in other ways infringe any law. We will completely cooperate with any authority to enforce the law or any court order requiring or ordering to identify the person who sends such information or materials.