1.2 Legal basis of the processing
This site processes data mainly on the basis of user consent. The granting of consent takes place through the banner placed at the bottom of the page, or through the use or consultation of the site, as a conclusive behavior. By using or consulting the site, visitors and users approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service. Further consents relating to the specific purpose of the service are collected through the communication or service request forms.
The provision of data and therefore the consent to the collection and processing of data is optional, the User can deny consent, and can revoke a consent already provided at any time (via the banner at the bottom of the page or the browser settings for cookies, or the Contact link). However, denying consent may make it impossible to provide some services and the browsing experience on the site would be compromised.
The data for the security of the site and for the prevention of abuse and SPAM, as well as the data for the analysis of the site traffic (statistics) in aggregate form, are processed on the basis of the legitimate interest of the Data Controller in protecting the site and of the users themselves. In such cases, the user always has the right to object to the processing of data (User rights).
The data provided for professional consultancy or assignments are processed on the basis of the fulfillment of a contract and the fulfillment of a legal obligation. In such cases, specific information is provided.
2. What personal data we process
2.1 Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site, except for this possibility, the data collected through the site are kept for 12 months.
2.2 Data provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this Site and the compilation of the "formats" (masks) entails the subsequent acquisition of the e-mail address, necessary to respond to requests, and any other personal data spontaneously communicated to the Data Controller.
Unless you communicate further personal data for the management of your request, for the purposes indicated in this Notice, the Data Controller processes the following personal data:
For the management of your request, including the management of your candidacy, the Data Controller may also process particular categories of personal data, such as data suitable for revealing membership of trade unions (taking up positions, request for deductions for union association shares), adherence to political parties, religious convictions (if you were to request to adhere to certain religious holidays), as well as the state of health if you spontaneously communicate them to the Data Controller. For the processing of these categories of personal data, the Data Controller requires an explicit consent to the processing.
Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
3. What are the purposes of the processing
The purposes for which the data of the interested parties can be processed are attributable to the commercial information activity expressly requested by users interested in the services offered by the Company through the contact form published on this site.
No marketing and / or profiling activities are carried out through this site.
In general, data processing takes place for the purposes indicated from time to time, subject to your consent. Your personal data are processed:
The processing of the data collected by the site, in addition to the purposes connected, instrumental and necessary for the provision of the service, is aimed at the following purposes:
– Statistics (analysis)
Collection of data and information in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site. None of this information is related to the natural person-User of the site, and does not allow identification in any way. Consent is not required.
Collection of data and information in order to protect the security of the site (spam filters, firewalls, virus detection) and of the Users and to prevent or unmask fraud or abuse to the detriment of the website. The data are recorded automatically and may possibly also include personal data (IP address) that could be used, in accordance with the laws in force on the subject, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities. or constituting a crime. These data are never used for the identification or profiling of the User and are periodically deleted. Consent is not required.
- Ancillary activities
Communicate the data to third parties who perform functions necessary or instrumental to the operation of the service (e.g. comment box), and to allow third parties to carry out technical, logistical and other activities on our behalf. Suppliers have access only to personal data that are necessary to carry out their duties, and undertake not to use the data for other purposes, and are required to process personal data in accordance with current regulations.
- Consultancy and professional assignments
In case of spontaneous sending of data in order to ask for professional advice or for a professional assignment, the data will be used for the sole purpose of evaluating the assignment and for the eventual fulfillment of the same. In such cases, specific information will be provided.
- Sending the Curriculum Vitae
Through the "Work with us" section of the Site or by email, you can provide your personal data and your CV to the Data Controller to apply for open positions or for any future positions. Your personal data is only processed for the management of your application and related activities. The condition of lawfulness for the processing of your personal data to manage your application is the need to complete your request, in compliance with Article 6, paragraph 1, letter b), GDPR. Consequently, it is not necessary to acquire your prior consent to the processing.
For the evaluation of your application, the Data Controller may also process particular categories of personal data you have entered in your CV (for example, your state of health, your philosophical or religious beliefs). For the processing of these particular categories of personal data, the Data Controller needs your explicit consent.
- Requests made through the Site
Your personal data may be processed by the Data Controller to satisfy your requests made by writing to one of the e-mail addresses available on the Site or by filling in the forms on the Site. Failure to provide the requested data will result in the Data Controller being unable to complete the Your request. The condition of lawfulness of the processing is the need to execute your request, in compliance with Article 6, paragraph 1, letter b), GDPR. Therefore, it is not necessary to acquire your prior consent to the processing.
For the management of your request, the Data Controller may also process particular categories of personal data transmitted by you to the Data Controller. For the processing of these particular categories of personal data, the Data Controller requires your explicit consent on the "Contacts" page.
- Commercial communications and newsletters
If you want to be updated on the latest news of the products and services offered by the Data Controller, it is possible to join our marketing initiatives by allowing the Data Controller to send you the newsletter and further commercial communications concerning the products and services. The condition of lawfulness for sending commercial communications and the newsletter is your express consent, which the Data Controller requests from you on all pages of the website where it is possible to subscribe to this service, in compliance with Article 6, paragraph 1, letter a (GDPR).
Your personal data will be processed until you decide to withdraw your consent or oppose the processing.
Right to oppose direct marketing activities We inform you that, at any time, you have the right to oppose direct marketing activities, by contacting the Data Controller at one of the contacts indicated in point 1 of this Notice or by clicking on the appropriate link in any communication sent by the Data Controller.
4. Site Management
Your personal data described in the previous points 2.1 - 2.3 will also be processed by the Data Controller to manage the Site, complete anonymous statistical analyzes on the use of the site to check its correct functioning and / or to ascertain responsibility in case of hypothetical computer crimes against the Site. In any case, these data are processed anonymously and are deleted immediately after processing.
The condition of lawfulness of the processing is the legitimate interest of the Data Controller to ensure the correct use of the Site and to prevent any possible IT crime, in compliance with Article 6, paragraph 1, letter f), GDPR. Therefore, it will not be necessary to acquire your consent. Your personal data will be made anonymous immediately and in any case deleted at the end of your browsing session. However, if information crimes are ascertained, your personal data will be kept for the time necessary to manage the dispute.
5. Data recipients
The data provided by the interested party via the contact card will not be transferred to third party companies for commercial or other purposes. Instead, they will be sent to those responsible in the commercial and administrative sphere of the Company to carry out the actions indicated in paragraph 3 (purpose).
Transfer of collected data to third parties
The data collected by the site is generally not provided to third parties, except in specific cases: legitimate request by the judicial authority and only in the cases provided for by law; if it is necessary for the provision of a specific service requested by the User; for carrying out security checks or site optimization.
Transfer of data to non-EU countries
This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular decision 1250/2016 (Privacy Shield - information page of the Italian Guarantor), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
6. Processing methods
Your data may be processed electronically. The data of which Greymer SRL is the owner, are only those necessary for the processing of data connected to the website services, the owner uses servers located within the European territory. We inform you that the data will be collected, processed and stored in full compliance with the provisions on security measures, as well as in compliance with the measures deemed appropriate pursuant to the new EU Regulation 2016/679. The data will also be processed in full compliance with the self-regulation rules on the processing of personal data contained in the deontological codes of the sector in force.
We treat visitor / user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. We are committed to protecting the security of your personal data while it is being sent, using Secure Sockets Layer (SSL) software, which encrypts information in transit. The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, categories of employees involved in the organization of the site or external parties (such as third party technical service providers, hosting providers) may have access to the data.
7. Duration of treatment
The data will be processed for the time strictly necessary to achieve the purposes for which they were collected. They will also remain available to the owner, manager and appointees for any storage required by law (Article 22, paragraph 5, of the Code), only for the necessary duration or, until the different date of the request for cancellation by the user. same. The maximum duration is in any case the one established by law for contractual liability, i.e. 10 years.
8. User rights
In relation to the treatments described in this Notice, you may exercise the rights provided for by the articles of the GDPR (from 15 to 21) in particular:
The interested party also has the right to lodge a complaint with the Guarantor for the protection of personal data (www.garanteprivacy.it).
The exercise of the rights is not subject to any formal constraint and is free pursuant to Article 12 of the GDPR .. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge a reasonable fee contribution. , in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request. To exercise your rights, you must complete the data subject's rights exercise form on the Guarantor's website or download it by clicking the following link, click here to download the form, and send it to Greymer SRL, using one of the following methods:
Recommended A.R. addressed to the Greymer SRL Office, Via Bellaria Nuova, 373, 47030 San Mauro Pascoli FC;
PEC: (certified mail): email@example.com;
Any corrections or cancellations or limitations of processing carried out at your request, unless this proves impossible or involves a disproportionate effort, will be communicated by the Company to each of the recipients to whom the personal data have been transmitted.