In compliance with Art. 13 of REG. 2016/679UE (hereafter, GDPR-General Data Protection Regulation),
1. Data Controller
The Data Controller of the personal data processing is SILMAX SPA (hereafter, SILMAX), with registered office in Via Fucine 9, 10074 Lanzo Torinese (TURIN), Italy.
2. Origin of Personal Data. Purposes. Legal Basis and Processing Methods.
2.2 The processing of the above data is carried out for the purpose of meeting the received requests and, in any case, of supplying the services described under par. 2.1. The legal basis of the data processing related to the above purposes is set forth in Art. 6, par. 1, let. b) of the GDPR, as the processing of such data is essential to allow the functional relationship between the parties. If SILMAX already has a commercial relationship with the customer, the transmission of “newsletters” or further commercial information by e-mail will be carried out on the basis of legitimate interests pursuant to Art. 6, par. 1, let. f) of the GDPR.
2.4 Data processing is carried out lawfully and fairly, by adopting specific logical and automated measures that ensure an appropriate security and confidentiality of the personal data. Data may be processed with paper or automated means by subjects expressly in charge of the processing.
3. Nature of Data Collection.
4. Disclosure of Personal Data
The personal data of the data subject shall remain confidential and shall never be published or disclosed (with the only exception of data that may be required to be disclosed by law) or transferred to third parties, but they may be disclosed to public authorities by law, as well as to consultants, suppliers and sub-suppliers of SILMAX.
5. Retention of Personal Data
5.1 The personal data processed in compliance with Art. 2.1 will be retained in Italy for 10 (ten) years from the termination of the commercial relationship between the parties. If the personal data are exclusively referred to the “Contact us” and “Newsletter” functions, they will be retained for 1 (one) year from the contract or from the data subject’s cancellation from the “Newsletter” Service.
6. Data Subjects’ Rights
In any moment Data Subjects may exercise their rights set forth in Chapter 3 of the GDPR and in the further enforceable regulation, and in particular:
• obtain confirmation whether their personal data are existing (and being processed);
• be informed about the source of the personal data, the processing purposes and methods, the logics applied in case of processing by automated means, the identifying details of the Data Controller and of the recipients to whom the data may be disclosed;
• request the correction, rectification, erasure and transformation into anonymous form or blocking of their personal data;
• be informed about the identifying details of the Data Controller and of the Data Processor, as well as of the recipients or categories of recipients who may learn about the personal data or to whom these data may be disclosed;
• be informed about the duration of storage of their personal data or, if not possible, about the criteria for determining that duration;
• obtain access to their personal data, as well as their correction, rectification, integration and erasure without undue delay, as well as a restriction to their processing, transformation into anonymous form or blocking of their personal data processed in breach of the law, with a declaration about these operations to inform all recipients to whom the personal data have been disclosed,, unless this proves impossible or involves a manifestly disproportionate effort, compared with the right that is to be protected.
• complain to the Data Protection Authority about the processing of Personal Data.
The above rights may be exercised by sending an informal request by registered letter or by e-mail to email@example.com.
7. Detailed information on the processing of Personal Data