Version: 3 - Policy date: 21/06/2021
INFORMATION ON THE PROCESSING OF PERSONAL DATA of users interacting with the website of Morandi S.p.A.
Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation") and to Legislative Decree no. 196/2003 (hereinafter referred to collectively as the "Applicable Legislation"), this document describes the general procedures for the processing of personal data of users and/or of any personal data of third parties provided by users (collectively "Personal Data") who interact with the Morandi S.p.A. website, accessible by electronic means at the following address: https://www.morandispa.it
This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on the site and/or refer to resources outside the above-mentioned domain.
Personal Data shall be processed in compliance with the principles of lawfulness, correctness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. Specific security measures are observed to prevent the loss of personal data, their unlawful or incorrect use and unauthorised access.
The data controller is MORANDI S.P.A. with registered office in 25020 Flero (BS) Via Don Milani no. 3. Contact details: firstname.lastname@example.org; email@example.com; tel. +3903022640551; fax +390302640041.
DATA PROTECTION OFFICER
The data subject may lodge complaints and/or exercise his/her rights (as explained in greater detail below in the paragraph "Rights of the interested party") by contacting the Data Protection Officer Avv. Alessandro Donati at firstname.lastname@example.org or email@example.com or by phone +3903047502.
CATEGORIES OF PERSONAL DATA PROCESSED, PURPOSES AND BASES OF PROCESSING
During their regular functioning, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified subjects, but by its very nature could, through processing and association with other data held by third parties, allow users to be identified.
This category of data includes IP addresses or the domain names of the computers used by users visiting the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
These data, necessary for the use of web services, are also processed for the following reasons:
- obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
- check the correct functioning of the services offered.
Cookies and other tracking systems
Data provided voluntarily by the user
Apart from what is specified above for browsing data, the user is free to provide Personal Data.
The elective, explicit and voluntary submission of messages to the contact addresses, as well as the filling in and forwarding of the forms on the website, will lead to the acquisition of the Personal Data necessary to answer and fulfil the requests made and to the processing of the personal data for these purposes. The email addresses collected for the aforementioned purposes during the supply of a product or a service will also be used for soft spam activities (legal basis of the processing:
legitimate interest of the Data Controller) by sending exclusively by email promotional and/or informative material. In particular, using the service "calculate the weight of steel pipes", in addition to the processing described above, the Data Controller's product catalogue will be sent by email.
Personal Data will be processed by computer and/or on paper and will be kept for the time necessary to fulfil the purposes for which they were collected and, in any case, until consent is revoked (they will be deleted within 30 days from the date of receipt by the Data Controller of the revocation of consent).
RECIPIENTS OF DATA
The Personal Data collected will be processed by authorised individuals and, in particular, by the internal staff and/or collaborators of the Data Controller, duly trained and authorised for processing according to the specific instructions given by the Data Controller in compliance with the current legislation and with regard to the purposes and methods of processing.
In addition, Personal Data will be communicated to the entities the Data Controller relies on for the fulfilment of activities necessary for the achievement of the above-mentioned purposes, including for example:
- data processors and any sub-processors in accordance with the provisions of Article 28 of Regulation No. 679/2016;
- companies and/or third parties who carry out technical coordination, assistance and maintenance activities for the Data Controller;
- in general, companies and/or third parties (including professionals) who provide assistance to the Data Controller.
In any case, Personal Data shall not be disseminated.
RIGHTS OF THE DATA SUBJECT
The data subject has the following rights:
- to access, i.e., to obtain confirmation as to whether or not his/her personal data are being processed and, if so, to obtain access to such data, including a copy thereof;
- to rectification, i.e., to obtain without undue delay the rectification of inaccurate personal data concerning him/her and/or the integration of incomplete personal data;
- to erasure (right to be forgotten) i.e., to obtain without undue delay the erasure of his/her personal data;
- to the limit processing, i.e., to obtain the limitation of processing in the cases referred to in Article 18 of the Regulation;
- to data portability, i.e., the right to receive from the Controller, in a structured, commonly used and machine-readable format, his/her personal data and the right to have them transmitted to another Controller without hindrance, where the processing is based on consent and is carried out by automated means, as well as to have data transmitted directly to another Controller where this is technically feasible;
- to object, i.e., the right to object at any time on grounds relating to his or her particular situation, to the processing of his/her personal data based on the lawfulness of the legitimate interest or an activity carried out in the public interest or in the exercise of official authority, including profiling, unless the Controller has a legitimate reason to continue the processing which overrides the interests, rights and freedoms of the Data Subject or for the ascertainment, exercise or defence of legal claims. Furthermore, the right to object at any time to the processing if personal data are processed for direct marketing purposes, including profiling, insofar as it is related to such direct marketing;
- to withdraw consent, at any time. Withdrawal of consent shall not affect the lawfulness of the processing based on the consent prior to withdrawal;
- to complain i.e., to lodge a complaint with the Italian Data Protection Authority, Piazza di Montecitorio 121, 00186, Rome (RM).
Policy update: June 2021 (rev.3)