This communication is made available to you – in order to the article 13 of the European Regulation on the protection of personal data (“GDPR”) 679/2016, to the Italian Legislative Decree 30/06/2003 n. 196 (“Privacy Code”) and subsequent amendments and addition, – by Alto S.r.l. Aluminium Tooling (also called “The Company”) with address in Via Dott. Adolfo Terzi,16 Nuvolento (BS), as Data Controller of your personal data.
The DPO – Data Protection Officer is Assiteca Consulting s.r.l., in Lorenzo Lanzoni, email lorenzo.lanzoni@assiteca.it
The purpose of this information notice is to inform the user about the methods of processing personal data.
Type of data processed
The website offers informative and, sometimes, interactive content. During the navigation on the site of the Company will be able, therefore, to acquire information on the visitor, in the following ways:
Navigation data
The computer systems and software procedures, preceded to the operation of this website, acquire, during their normal operation, some personal data whose transmission is implicit in the use of the internet communication protocols. This category of data includes: the IP address, the type of browser used, the operating system, the name of domain and the addresses from which the access has been affected, information on pages visited by users inside the site, the access time, the permanence on the single page, the internal path analysis and other parameters relating to the operating system and to the computer environment of the customer.
Further categories of data
Are the personal data provided by the visitor through the site, for example:
- filling out a form through which to request information on the services offered and / or a contact request;
- writing to the e-mail addresses indicates on our site to request information;
- by accessing a reserved area and / or a service;
- writing to the e-mail addresses indicates to submit your curriculum vitae.
Purpose of the treatment
The data provided are processed for the following purposes:
- to provide informations and/or service required by the user, to manage the contracts improved by the user, to carry out administrative procedures, accounting, tax and legal fulfillments, as well as to escape the requests submitted by the user. The processing, set in to be for these purposes, are necessary for the fulfillment of contractual obligations and they do not require specific consent from the Data subject;
- to recognize the experience of use of our platforms, of the products and services that we offer and to ensure the proper functioning of the web pages and their contents. The processing, set in to be for these purposes, are based on a legitimate interest of the Data Controller;
- to send commercial communications related to promotions and/or offers, in the interest of the Data Controller; the processing, set in to be for these purposes, are carried out with the specific consent provided by the user;
- to perform statistical analysis on aggregate and anonymous data, to analyze the behavior of the User, to improve the products and services provided by the Owner and to meet the User's expectations.
Sharing and transfer of personal data
The data collected by the Company will be shared only for the purposes mentioned above; we will not share or transfer your personal data to third parties other than those indicated in this Privacy Policy.
During our activities and exclusively for the same purposes of those listed in this Privacy Policy, your personal data may be transferred to the following categories of recipients:
- Company staff;
- Service provider (etc. IT system providers, cloud service providers, database vendors and consultants);
- Public Administration for law purposes;
- Every public and/or private subject to whom it is necessary to communicate your personal data in relation to the purposes indicated above.
The updated list of Processors is available at controller’s legal address and it will be provided with a prior written application.
The Company could have to transfer your personal data to countries situated outside the European Union/European Economic Area (EEA), so called “third-country”. These transfers to third countries can include all the activities indicated above.
This Privacy policy is also applicable in the case of transfer of data in which the level of protection of the data is different in comparison of that of the European Union. Every transfer of personal data to third will be affected only after having you informed and, where in demand, after having received your consent. Every transfer of data toward different countries from those for which the European Commission has taken an adequacy decision is based on agreements that use standard contractual clauses adopted by the European Commission or other appropriate guarantees in the compliance with applicable laws.
Protection of personal data
The Data Controller have implemented appropriate technical and organizational measures to provide an appropriate level of security and privacy to personal data.
These measures concerning:
- The state of technology;
- The implementation costs;
- The nature of the data;
- The risk of treatment.
The aim is to protect them from accidental or unlawful destruction, accidental loss, unauthorized disclosure/access and other form of illegal processing.
Also, when the Data Controller manages your data:
- Collects and processes data that are adequate, relevant and not excessive, as required to meet the purposes specified above;
- Ensures that the data are accurate and updated.
Data Retention time
The Company will maintain your personal data for the time strictly necessary to achieve the purposes for which they were processed or, alternatively, for the time required by applicable law or regulatory requirements, except your right to object to data processing or the right to be forgotten.
When this period will expire, your personal data will be removed from active system of the Company
Your right
Your rights are:
- Right to rectification. You have the right to obtain from the Company the rectification of personal data concerning you. The Data Controller shall make reasonable efforts to ensure that the personal data it holds are accurate, complete current and relevant;
- Right to restriction to the processing. You can obtain a restriction to the processing your personal data, where:
- the accuracy of the personal data is contested by the data subject, during the period when the Company must verify the accuracy of the personal data;
- the processing is unlawful and you require the erasure of personal data or the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by you to establishment, exercise or defend of legal claims;
- you have objected to the processing, while the Company checks whether your legitimate reasons prevail over your own.
- Right to access. You have the right to obtain from the Data Controller information about your personal data, and also information on which categories of personal data the Company owns or controls, for what purpose they are used, where they have been collected and to whom they may have been communicated;
- Right to data portability. As a result of your application, the Company will transmit the data to another Controller on condition that the processing is based on your consent or is necessary for the execution of a contract.
- Right to erasure. Unless the processing of data is necessary for compliance with a legal obligation or to establishment, exercise or defend of legal claims, you have the right to obtain from the Data Controller the erasure of personal data if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you objected to the processing of your personal data;
- the personal data have been unlawfully processed.
- Right to object. You object at any time to the processing of your personal data, on the condition that the data processing is not based on your consent but on the legitimate interest of , the Company or third party. The Data Controller shall no longer process the personal data, unless the Controller demonstrates mandatory and legitimate reasons for the processing, an overriding interest in treatment, or the exercise or defend of legal claims. When you object to processing, specify if you’re going to erasure your personal data or limiting the processing.
- Right to lodge a complaint. You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place where the alleged infringement took place.
Changes to this Privacy Policy
Any future changes or additions to the processing of personal data as described in this privacy notice will be notified in advance through an individual notification, through the usual communication channels used by the Company (etc. e-mail or through the internet).
Privacy Policy updated in February 2022