The company is committed to protecting the privacy of users and is responsible for the security of customer data. We will be clear and transparent about what information we collect and what we do with that information.
This policy states the following:
- which of your personal data are collected and processed in connection with your relationship with us as a customer;
- the possibility for the controller to collect personal data also through telematic platforms or by means of apps or websites;
- what we do with the data;
- to whom we disclose data;
- to whom we disclose data;
- how we process personal data.
All data are collected and processed in accordance with the applicable laws and EU Regulation 679/2016.
The company METAL SERVICES MATERIALS TESTING SRL with registered office in Ronchi dei Legionari via J.Srebernic 10/12 identified by the VAT and/or C.F. number 00547070318 in the person of its legal representative pro tempore.
The company is registered in the company register under REA number GO-62029.
WHAT PERSONAL DATA WE COLLECT
Personal data means all information relating to you that enables us to identify you, such as your name, contact details, the reference number of the service requested, payment details and further information on your access to our site.
We may collect personal data about you when you send us a request, access the website or take part in a survey or competition, or when you contact us or use services rendered by the data controller, as well as when you visit areas that are relevant to and subject to surveillance by the data controller.
Specifically, we may collect the following categories of information:
- name, residential address, e-mail address, telephone number, identity card, credit or debit card details or other payment details;
- information including nationality, date of birth, gender, religious and sexual orientation, including through video or photo reproduction;
- medical and/or special dietary conditions;
- information on purchases made from us or our partners;
- information on accessing and using our website and facebook page;
- communications exchanged with us or addressed to us by means of letters, e-mails, equivalent services and telephone calls, as well as data acquired by means of Wi-Fi or bluetooth GPS devices where activated.
Details of physical or mental health, alleged commission of crimes or criminal convictions, or sexual and religious orientation will only be processed if the user gives express consent or where such processing is necessary and the data subject has made them public.
WHAT WE USE PERSONAL DATA FOR, WHY AND FOR HOW LONG
User data may be used for the following purposes:
- provide the requested products and services as well as security services. We use the information provided by the user to perform the services requested including any changes;
- contact the user in case of confirmation, modification and/or cancellation of the service. There is also the possibility of sending communications to the user with a marketing character;
- verification of any payment methods communicated for accounting or billing purposes as well as for the purpose of detecting and/or preventing fraudulent activities;
- for the purposes of controls, such as customs, we could provide useful information to the agencies responsible for those controls;
- We may also provide user data to government and state authorities responsible for the protection of public safety, both administrative and health, all in accordance with legal requirements;
- communication with customer service: we use your data to manage our relationship as our customer and to improve our services;
Marketing: from time to time there may be a need to contact the customer/user with reference to promotions or for statistical evaluations through communications that may be made by telephone and telematic means. However, you will have the option of accepting or not accepting to receive such communications. The opportunity to indicate that you no longer wish to receive our marketing material is given in each communication.
We will only process your personal data if we have a legal basis for doing so, i.e. there is a valid business relationship. The legal basis will depend on the reasons for which your personal data was collected and used.
In most cases we will have to process your personal data on the basis of the existing contract, but we may also process your personal data for the following reasons:
- comply with a legal obligation;
- the data subject has consented to the use of his or her personal data and thus authorised its use;
- for health reasons;
- is justified by a legitimate interest of the holder.
Only persons 16 years of age or older may provide consent. For minors under 16 years of age, consent must be provided by the persons exercising parental responsibility or their guardians or administrators.
We will not retain data for longer than is necessary to fulfil the purpose for which it was collected and processed. To determine the appropriate retention period, we take into consideration the amount, nature and sensitivity of the personal data, the purposes for which we process them and whether we can achieve those purposes by other means.
We must also take into account the periods for which we may need to keep personal data in order to fulfil our tax and legal obligations, as well as the possibility of examining complaints, requests and defending our rights in the event of damages.
As soon as we no longer need the data subject’s personal data, it will be securely deleted and destroyed. We will also consider whether and how we can reduce the time of use or whether we can anonymise it by means of pseudonymisation so that it can no longer be associated with or identify the data subject, in which case the information can be used without prior notice.
SECURITY OF PERSONAL DATA
We follow strict security procedures in the storage and disclosure of personal data, to protect them against accidental loss, destruction or damage. The data you provide us with are protected with various cryptographic systems in addition to the most efficient antivirus tools.
It is required, however, that all parties to whom data is disclosed adopt technical and operational security tools to protect personal data that are in line with domestic and EU data protection legislation.
INTERNATIONAL DATA TRANSFER
The company is active in Italy but operates, by telematic and direct means, with the other countries of the European Union. In any case, the processing of personal data is guaranteed in accordance with current national laws and European Regulation 679/2016.
SHARING OF PERSONAL DATA
The data subject’s personal data may be shared with other companies affiliated to and participating with the owner.
We may also share personal data with the following parties:
- governmental and state law enforcement authorities;
- trusted service providers that we use to run our business;
- legal, tax and other professionals in order to protect our legal rights in connection with the contract with the data subject;
- our auxiliary partners offering products and services for the better management of business and non-business services. Acquired data may be shared among them. We are not responsible for third parties’ use of your personal data, and you are invited to consult their privacy policies in this regard;
- social media: you may access social media services through our website or app. We may also use social media plug-ins and as a result data will be shared with the social media service and possibly shared with the social profile; in this case you should refer to the policy of these service providers.
DATA PROTECTION OFFICER
The person responsible for the processing of the data of the data subject is the company/person who proceeds, on the basis of the purposes indicated by the Data Controller, to the acquisition and processing of personal data, also by computer.
DATA PROTECTION RIGHTS
Under certain circumstances, one has the right by law to:
- ask whether we hold any personal information about you and, if so, what that information is and why we process/use it;
- requesting access to your personal information (commonly known as a ‘data access request’). This allows you to receive a copy of the personal information we hold about you and to check that it is being processed correctly;
- request correction of the personal information we hold about you. This allows the user to correct any incomplete or inaccurate information;
- request deletion of your personal information. This allows you to ask us to delete or remove personal information where there is no valid reason to continue processing it. You also have the right to ask us to delete or remove your personal information if you have exercised your right to object to processing;
- object to the processing of one’s own personal data where a legitimate interest or the interest of a third party is invoked and there are elements relating to a specific personal situation that prompt one to object to the processing;
- you also have the right to object to processing where your personal information is used for direct marketing purposes;
- oppose automated decision-making, including profiling, which shall not be subject to any automated decision-making by us through the use of your personal information or profiling;
- request the restriction of the processing of your personal information. This allows you to ask us to suspend the processing of your personal information, for instance if you wish to check its accuracy or the reasons for it;
- request the transfer of your personal information in electronic form to you or another party -commonly known as the right to data portability-. This allows you to take your data in our possession in an electronically usable format and transfer it to another party in an electronically usable format;
- Withdrawal of consent: in the limited circumstances where you may have provided consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we receive notice of revocation of consent, we will no longer process your information for the originally agreed purpose and purposes, except on another legitimate basis;
- the user has the right to lodge a complaint with the Supervisory Authority or other administrative or judicial recourse whenever he/she considers that the processing concerning him/her violates the European Privacy Regulation. The complaint to the Supervisory Authority must be lodged in the State where the data subject habitually resides, works or where the alleged infringement has occurred.
If you wish to exercise any of these rights, please contact our Manager by mail at firstname.lastname@example.org.
You will not incur any charge for access to your personal information, however if your request for access is clearly unfounded or excessive we may charge you a reasonable fee. Alternatively, we may refuse to comply with the request in such circumstances. The request must be complied with within 30 days unless extended by a further two months as necessary.
We may need to request specific information from you to help us confirm your identity and to ensure your right to access your information or to exercise any of the other specific rights set out above. This is another appropriate security measure to ensure that personal information is not disclosed to persons who do not have the right to receive it.