This text describes how the users’ personal data are handled and held within our web site. This privacy policy is based on the Italian law, in relation to the 13th article of the Legislative Decree 196/03 – Personal Data Protection Code, and on the European Regulation No. 679/2016 (hereinafter GDPR) it is aimed at users of the GI METAL’s web services provided by telematic access at the following address
The privacy policy only concerns the https://redbox.gimetal.it/ web site, it does not deal with other web sites consulted by users through its links.
PROCESSING PERSONAL DATA
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
DATA CONTROLLER
Data controller of every personal data, voluntarily conferred and managed due to website consultation, is GI METAL s.r.l.
ADDRESS: Via Croce Rossa 1/c, 51037 Montale (PT)
OFFICE: +39 0573 1943680
FAX.: +39 0573 557332
MAIL: inform@gimetal.it.
PROCESSING PURPOSES AND LEGAL BASES
The legal basis for the processing of personal data by Gi Metal s.r.l. are the data subject’s consent or the performance of a contract to which the data subject is party or the entering into a contract.
The personal data, collected through the registration and request form procedures for Gi Metal s.r.l. web services, can be processed only for the purposes connected to the service offered:
- To enable users to register to the website and to access all of the benefits reserved to registered users as well as for the administrative and legal fulfillment connected to it;
- In case of an online purchase:
- To consent the conclusion process of the purchase contract and the right and full performance of the operations related to it.
- To accomplish contractual, accounting and fiscal obligations related to it
- Subject to the user’s approval, the data supplied can be used by Gi Metal S.r.l. for promotional and marketing purposes, such as the forwarding of advertising, promotional and information material, discounts, as well as to send informations and commercial communications (newsletter), to conduct studies, research, market statistics.
- Subject to the user’s approval, the data supplied can be used by Gi Metal for ‘profiling’: it means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
CATEGORIES OF DATA PROCESSED
This website uses information systems and software procedures which normally collect personal data in order to allow internet communication protocols to work. These automatic data collection procedures collect data, not to refer them to identified interests. However, these data could allow users’ identification if combined with other data in possession of a third party. This is the case of the IP addresses or the domain names used by users who access the website, the URI addresses (Uniform Resource Identifier), the request time, the server request system, the answer size file, the numeric code of the server’s answer (error, ok, etc) and other parameters concerning the user’s operating system and informatics environment.
These data categories are used only to obtain anonymous information statistics about the website use and to control the website correct functioning; data are deleted immediately after being used.
Gi Metal s.r.l. collects common data.
OBLIGATORY OR VOLUNTARY NATURE OF PROVIDING THE REQUESTED DATA
Providing personal data is not compulsory, nevertheless the refusal of inserting personal data on the registration page, make it impossible to use the Service requested, offered by the website https://redbox.gimetal.it/
The provision of personal data is a requirement necessary to enter into contracts by the website https://redbox.gimetal.it/: in case of deny, also partial, it will be impossible the conclusion of that contracts.
The provision of personal data is compulsory (and for the processing is not necessary the consent of the data subject) when necessary in order to fulfill legal requirements including accounting and fiscal matters.
PROCESSING MODALITIES
Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Personal data shall be processed, using paper or via specific IT procedures, or anyway through available IT systems and servers, by the data controller and by the persons in charge of the processing, authorized by the data controller.
Personal and commercial data, concerning current contracts, will be kept for a maximum of 10 years.
Personal data processed via IT procedures will be deleted at the end of the contract, except for the relevant and non excessive data, voluntarily conferred by the same customer, necessary for next transactions.
ENTITIES OR CATEGORIES OF ENTITY TO WHOM OR WHICH THE PERSONAL DATA MAY BE COMMUNICATED
Personal data, collected to provide the service, can be communicated to societies, which conduct activities related to the efficiency of the service or which verify if the publication of advertisements is managed not to violate the patent rights, belonging to third parts.
DATA SUBJECT RIGHT
A data subject shall have the right to be informed of the nature of the personal data, and of the purposes and methods of the data processing. Also he shall have the right seth forth in the articles from 15 to 22 of the European Regulation No. 679/2016.
SITE NAVIGATION
Session cookie technology is used only to optimize the website utilization, to make the use of our website easier. Gi metal s.r.l. use anonymous information (e.g. data collected through the use of cookies) only for statistical purposes, by registering those data in special log files.
Our website could be linked to others which may contain tracking systems unknown to the website owner. We cannot guarantee that the linked websites make use of security systems able to protect data processed or to prevent damages (for example damages deriving from computer viruses).
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory Autority is the “Garante per la Protezione dei Dati Personali”. For more information click to www.garanteprivacy.it
TRANSFER OF DATA TO FOREIGN COUNTRIES
Transfer of data to foreign countries is not expected.