IT / EN

Privacy

POLICY - CUSTOMERS AND SUPPLIERS

Privacy notice pursuant to art. 13 and 14 of European Regulation 2016/679 (hereinafter "GDPR")


Dear Sir/Madam,

 

since to implement the requested contractual or pre-contractual measures or to implement a legal obligation, or to process some personal data that you have voluntarily given us for commercial, administrative and marketing purposes, we will process some of your personal data, in compliance with provisions of art. 13 and art. 14 of the GDPR, we wish to provide you with the information due to the interested parties in relation to the processing of your personal data that we will perform.

 

  1. Identity and contact details of the Data Controller

 

The data controller is O.M.E. Metallurgica Erbese S.r.l. (tax code and VAT number 00200910131), in the person of the legal representative pro tempore, with registered office in Milan, Corso Venezia, n. 36 (hereinafter the "Company" or the "Data Controller"); tel. +39 031641606 – mail: privacy@ome.it.

 

For any comments or questions about this privacy notice and to speak with the person authorized to manage requests relating to data processing, you may write to the following mail address privacy@ome.it or call the following telephone number: +39 031641606.

 

The list of data processors and any authorized persons is kept at the headquarters of the Data Controller and made available upon request of the interested party.

 

  1. Type of Personal Data processed and sources of Personal Data

 

The data being processed are common personal data, not belonging to the categories of personal data listed in art. 9 of the GDPR, such as personal identification data (name and surname) and contact data (residence or domicile address, e-mail address, telephone number), any bank and payment references, role and/or company classification, tax data (hereinafter the "Personal Data") collected in the management of relations with customers and/or suppliers for the purposes indicated here below.

 

Personal Data are collected by the Data Controller:

 

  • when concluding contracts or requesting pre-contractual measures;
  • during events or fairs;
  • through online channels such as, but not limited to, websites;
  • from business partners, or internet portals of third-party companies;
  • on the occasion of any other type of commercial contact that has occurred.

 

  1. Purposes of processing and legal bases

 

Commercial Purposes

 

The Personal Data collected will be processed by the Data Controller for the performance of the activities of the Data Controller, for the purposes and by virtue of the legal bases indicated below.

 

Personal Data will be processed primarily for purposes related to the fulfillment of the obligations inherent to the commercial and/or contractual relationships of which your employer or your contractor, or you personally are party of, or to execute requested pre-contractual measures or to fulfill a legal obligation (hereinafter "Commercial Purposes"). In particular, Personal Data for Commercial Purposes will be processed in paper or computerized form:

 

  • to conclude and execute contracts concerning the products and services of the Data Controller, including the execution of all activities related or ancillary to the execution of contracts, including also, but not limited to, the execution of sales and after-sales services, the management of returns and guarantees;
  • to conclude and execute contracts in which the Data Controller is a party, including the execution of all related or ancillary activities such as, but not limited to, the management of orders, shipments, deliveries and all related administrative activities;
  • to follow up on pre-contractual measures in general, such as, but not limited to, sending quotes, commercial information on products, contract proposals;
  • to follow up on any request relating to products or services purchased by customers or suppliers of the Data Controller or to follow up on any request relating to the supply of products and services;
  • for the management of receipts and payments;
  • to fulfill the legal obligations established by law, by the GDPR, by national or European Community regulations or by an order of an authority, to which the Data Controller is subject, such as, for example, civil, fiscal, accounting laws or regulations, national and international provisions;
  • to fulfill the management of administrative, tax and accounting obligations;
  • to provide news and information related to the activity carried out by the Data Controller;
  • to manage and execute the necessary customs procedures in case of import/export activities, including storage at its customs warehouses and assistance in inspection by the competent authorities;
  • to perform transport, logistics and management services for goods shipments;
  • to possibly keep the entrusted goods in detention-storage;
  • to perform all the necessary procedures for the correct and complete management of the shipment and / or goods in transit;
  • to provide any third parties with the necessary information for the exclusive purpose of the accomplishment of the contractually agreed obligations;
  • to possibly exercise the rights of the Data Controller, such as, for example, the right to exercise a right at court.

 

Legal bases for the use of Personal Data for Commercial Purposes and legitimate interests pursued: Personal Data for Commercial Purposes will be processed legitimately, without your express consent, jointly pursuant to art. 6. lett. b), lett. c) and lett. f) of the GDPR, therefore, to fulfill commercial obligations (Article 6, paragraph 1, letter b) GDPR) or legal obligations (Article 6, paragraph 1, letter c) GDPR) and on the basis of our legitimate interest (Article 6, paragraph 1, letter f) GDPR) given by the need to be able to carry out correct business relations with customers and suppliers, and with the individuals who work for them.

 

Marketing purposes

 

The Personal Data collected during any type of commercial contact or during registration thereof on the website (if the online registration service is active), may possibly be processed, subject to your consent, for marketing purposes (hereinafter "Marketing Purposes"), in paper and computerized or automated form, for the following purposes:

 

  • for sending, by e-mail, mail, text messages, fax, telephone contacts, advertising material, communications for commercial and marketing, promotional or advertising purposes relating to the products and services of the Data Controller;
  • to carry out direct sales or placement of the products and services of the Data Controller;
  • to send, via e-mail, mail, sms, fax, telephone contacts, newsletters, invitations to events, meetings or fairs organized by the Data Controller or to which it participates;
  • to carry out marketing researches;
  • for sending invitations to participate to webinars and online events in general aimed at presenting the products of the Data Controller, also through the use of third-party platforms.

 

Legal bases for the use of Personal Data for Marketing Purposes and legitimate interests pursued: Personal Data for Marketing Purposes will be processed, pursuant to art. 6. lett. a) and art. 7 of the GDPR, therefore on the basis of your consent, or, if the conditions are met, in the absence of consent, pursuant to art. 6. lett. f) of the GDPR, therefore on the basis of a legitimate interest of the Data Controller to promote the sale of its products or services to subjects with whom the Data Controller has had a previous commercial relationship, and, therefore, there is a relevant and appropriate relationship. In the event that the processing is carried out without your consent, on the basis of legitimate interest, the direct marketing activity in order to send commercial communications will be limited to services and products of the Data Controller similar or similar to those previously sold to you, or to the subject for whom you work, and will be carried out in ways that do not affect your rights and fundamental freedoms.

 

  1. Recipients of Personal Data

 

Personal Data processed for Commercial Purposes may be communicated to the following categories of recipients:

 

  • to public entities or entities performing public utility services, who can access Personal Data by virtue of legal provisions or provisions of the GDPR, within the limits established by these regulations (for example: judicial authorities, offices of the Tax Administration or similar third parties);
  • other subjects to whom the communication is necessary in relation to the execution of contracts of which the Data Controller is a party, such as, by way of example, credit institutions, shippers, carriers and any other third party that may be involved in the execution of contracts in which, in addition to the Data Controller, is involved the interested party or the entity for which the interested party works for;
  • manufacturers, distributors, suppliers of the Data Controller, within the limits necessary to carry out the activities covered by the contractual relationships and/or requests of the interested party.

 

Personal Data processed for Commercial Purposes may also be made accessible to subjects who have assumed the quality of data processors or anyway in charge of data processing such as:

 

  • agents, distributors or third-party professionals who collaborate in various capacities with the Data Controller;
  • employees or collaborators of the Data Controller;
  • external subjects that carry out consultancy activities in the administrative, accounting, legal, tax or commercial field or in any case connected to the activity of the Data Controller;
  • website provider, cloud provider, IT service suppliers.

 

Personal Data processed for Marketing Purposes may be made accessible to subjects who have assumed the quality of data processors or anyway in charge of data processing such as:

 

  • employees or collaborators of the Data Controller;
  • subjects appointed by the Company to carry out commercial promotion activities on behalf of the Data Controller;
  • subjects appointed by the Company to support participation in webinars or online events through online platforms.

 

The Personal Data provided for Commercial Purposes and for Marketing Purposes will not be spread.

 

In the case of asset deals or corporate transactions (for example mergers or acquisitions) Personal Data will probably be transferred and may be shared with legal successors, to the extent permitted by law and by the GDPR, by virtue of a legitimate interest of the Data Controller.

 

  1. Transfer of Personal Data to third countries or international organizations

 

Personal Data will not be transferred outside the territory of the European Union. Personal Data will be stored on company servers located in the territory of the European Union.

 

  1. Personal Data retention period

 

Personal Data collected for Commercial Purposes will be processed and stored:

 

  • for the entire duration of the contractual relationship between you and the Data Controller, or between the Data Controller and the person on whose behalf you work or otherwise collaborate in various capacities;
  • for the subsequent period, until the expiry of the legal limitation periods, for actions in contractual and non-contractual matters, during which it is necessary to retain information that also includes your Personal Data in order to be able to prove the exact fulfillment by the Data Controller of the contracts of which it is a part.

 

Personal Data collected for Marketing Purposes, by virtue of consent, taking into account the purposes of the processing and the peculiarities of the sector in which the Data Controller operates, will be processed and stored for a period of 24 months, unless your consent to the data processing for Marketing Purposes is renewed. Personal Data for Marketing Purposes processed by virtue of the legitimate interest of the Data Controller may be processed for a period of 24 months from the date of the last purchase and will subsequently be stored for the Commercial Purposes.

 

  1. Methods of processing Personal Data

 

The processing of Personal Data will be carried out in paper form, or via computer or telematic tools and devices in compliance with the provisions aimed to guarantee security and confidentiality, as well as the accuracy, the updating and the consistency of Personal Data with respect to the stated purposes.

 

The processing of Personal Data will consist in the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication to the subjects indicated above, limitation, cancellation, destruction.

 

  1. Nature of data provision

 

The provision of Personal Data for Commercial Purposes is optional, however, failure to provide Personal Data may make it impossible to stipulate and execute commercial and/or contractual relationships between the interested party and the Data Controller.

 

The provision of Personal Data for Marketing Purposes is always optional. Failure to provide it will have the sole consequence that you cannot be contacted to be informed about commercial initiatives or products and services marketed by the Data Controller, unless you have previously requested it, or unless the marketing activity may be carried out on the basis of a legitimate interest pursuant to art. 6 lett. f) of the GDPR. You may refuse consent to the use of Personal Data for Marketing Purposes even if you had to provide Personal Data for Commercial Purposes. The consent for Marketing Purposes may also always be revoked, at any time, by simply sending a communication to the following e-mail address privacy@ome.it or contact details.

 

  1. Minor

 

The products of the Data Controller are not intended for children under the age of 18 and the Data Controller therefore does not intentionally collect Personal Data or, in general, personal information relating to minors. In the event that information on minors is unintentionally recorded, the Data Controller will delete them in a timely manner, at the request of users.

 

  1. Rights of the interested party

 

In accordance with the provisions of Chapter III, Section I, of the GDPR, you are entitled to exercise the rights indicated therein and in particular:

 

  • Right of access - Obtain confirmation as to whether or not Personal Data concerning you are being processed and, in such case, receive information relating, in particular, to: purposes of processing, categories of Personal Data processed and retention period, recipients to whom these may be communicated (Article 15, GDPR);
  • Right of rectification - Obtain, without undue delay, the rectification of inaccurate Personal Data concerning you and the integration of incomplete Personal Data (Article 16, GDPR);
  • Right to erasure - Obtain, without undue delay, the cancellation of Personal Data concerning you, in the cases provided for by the GDPR (Article 17, GDPR);
  • Right of limitation - Obtain from our Company the limitation of processing, in the cases provided for by the GDPR (Article 18, GDPR);
  • Right to portability - Receive in a structured format, commonly used and readable by an automatic device, the Personal Data concerning you provided to our Company, as well as obtain that thereof are transmitted to another holder without hindrance, in the cases provided for by the GDPR (Article 20, GDPR).

 

You may exercise these rights by simply sending a request to our Company to that effect:

  • by e-mail to the following e-mail address: privacy@ome.it.
  • by ordinary mail to the following address: Via Milano, 15 – 22036 Erba (CO) or to the addresses indicated in the contact details.

It should be noted that any corrections or cancellations or limitations of the processing carried out at your request, unless this proves impossible or involves a disproportionate effort, will be communicated by the Company to each of the recipients to whom the Personal Data have been transmitted. The Company will notify you of such recipients if you so request.

 

If you believe that the processing that concerns you violates the GDPR or Legislative Decree 196/2003, you may lodge an appeal or complaint with the competent supervisory authority for the protection of personal data in the EU member state in which you habitually reside or work or in that of violation of the GDPR (art. 77 GDPR). In particular, with reference to Italy, the appeal may be proposed to the Guarantor for the protection of Personal Data, Piazza Venezia 11 - 00186 Rome; E-mail: garante@gpdp.it.

 

  1. Right to object and revoke

 

If the conditions referred to in art. 21 of the GDPR are met, you will have the right to object to the processing of Personal Data concerning you, unless there are legitimate reasons for our Company to continue processing.

 

You can exercise this right by simply sending a request to that effect to the same addresses indicated above for the exercise of the other rights of the interested party.

If you have given consent for the processing of Personal Data for the purposes for which it is so requested, you will in any case remain free to revoke it at any time by sending an informal notice to that effect to the e-mail address privacy@ome.it or to the additional contact details. Following receipt of this request, Personal Data will no longer be processed for the purposes for which consent is required.

  1. Automated processes and profiling

The Data Controller will not carry out any profiling activity with your Personal Data, nor will it take decisions based on automated processes.

  1. Further information

Further information regarding the processing and communication of Personal Data provided directly or otherwise acquired may be requested from the Data Controller at the contact details. This information does not exclude that other information is also given orally to the interested parties at the time of collection of Personal Data.

Personal Data are processed lawfully and correctly, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of Personal Data. The Data Controller, in particular, has implemented appropriate measures to protect Personal Data from accidental loss, unlawful access, unauthorized use, modification and disclosure.

 

If Personal Data are collected from third parties, the information is provided to the interested party within a reasonable time, and in any case within one month. In the event that the Personal Data are intended for communication with the interested party, the information is provided at the latest at the time of the first communication with the interested party, and in the event that communication to another recipient is provided no later than the first communication.

 

In the unlikely event that the Data Controller considers that the security of the Personal Data collected in possession or under its control, has been or may have been compromised, the Data Controller will inform you of the incident in the manner prescribed by current law, using the methods prescribed by it.

 

19/04/2024

 

O.M.E. Metallurgica Erbese S.r.l.