The policy applies only to the above-mentioned website and not to other websites that may be consulted by the user through specific links.
In addition to the above-identified Data Controller, partner websites that may, from time to time, be involved in data processing activities can act autonomously as data controllers.
How the data are gathered
Metal Work Deutschland GmbH gathers user data when you:
- create an account,
- use services via IT tools
- make a purchase on our website,
- view advertisements on our website,
- subscribe to a newsletter,
- contact Metal Work Deutschland GmbH customer service,
- share or participate on our channels, social media and other community websites,
- apply for a job.
Subject matter of the processing
1) Browsing data
IT systems and software procedures used to operate this website capture personal data during normal operation, the transmission of which is implicit in the use of internet communication protocols.
This is information which could, by its very nature, through association and processing with data held by third parties, make it possible to identify users/visitors (e.g. IP address, domain names of computers used by visitors/users connecting to the site etc.).
This data is only used for statistical information and to check the site is operating correctly.
Web contact data is not however kept for more than seven days, subject to investigations into computer-related crime resulting in damage to the site.
No information resulting from the web service will be communicated or disclosed.
2) Data provided voluntarily by users/visitors
Users/visitors connecting to the site to send personal data to access services, such as:
- Contacts (such as name and e-mail address),
- Age, User name and password,
- Profile data (such as a profile picture),
- Data provided during support by our customer service (such as chat logs and customer service tickets).
- Additional data provided by the user (e.g., data used to identify a lost account) to access services, send requests by e-mail or to send their CV, should be aware that this will involve the Data Controller acquiring the sender's address and/or other personal data, which will be processed for the sole purpose of responding to the request or providing the service.
Personal data provided by users/visitors will only be communicated to third parties if such communication is required to fulfil requests they submit, or to comply with legislation (e.g., invoicing).
3) Data gathered directly from you when using the Services
- IP address and device identifier (such as device ID, advertisement ID, MAC address, IMEI).
- Device-related data (such as device name and operating system, browser information, including browser type and preferred language).
4) Data obtained from our partners
- Data we receive when you connect to a third-party social network (such as Facebook, LinkedIn, Instagram).
- Data we receive from billing partners (if you make a purchase on the site).
- Data gathered for advertising and analysis purposes, in order to improve the quality of the services we offer
Data processing methods
Data is processed using automated tools (e.g., electronic media and procedures) and manually (e.g., paper copies) for the time strictly necessary for the purpose for which the data is gathered, and in accordance with data processing legislation.
Specific security measures are observed to prevent the loss, incorrect or illegal use of data or unauthorised access, such that access is only permitted to authorised parties or data processors appointed in accordance with current legislation. A list of Data Processors appointed in accordance with article 28 of EU Regulation 679/2016 is available at the headquarters of the Data Controller or by submitting a remote request to the above addresses.
Purposes of data processing
In addition to those indicated in the individual disclosures that appear before filling in the forms in the various sections of the site, the purposes of the data processing carried out by the Data Controller are as follows:
- to gather, store and process data to manage and fulfil contractual or pre-contractual obligations connected with the performance of the relationship established or being established and the provision of the service offered on the site;
- to use your personal data (in particular the e-mail address) for purposes relating to the performance of our activity, such as offering personalised content such as newsletter services or sending direct marketing communications;
- to process the personal data provided and the data captured when browsing the site, to deliver a service consistent with the information sent during use of the service;
- to gather, store and process data to carry out statistical analysis in an anonymous and/or aggregate form;
- to comply with all regulatory and legal requirements and response to any request from the data protection authorities or any other competent authority;
- to manage and cancel subscriptions to our newsletter.
Legal basis for processing
The legal basis for customer data being processed by the Data Controller via the site indicated above consists, as regards the information referred to in point a) and f) above, of a request in contract or pre-contractual understandings established with the interested parties, while as regards points b), c) and d), the legal basis is to be found in the legitimate interest of the Data Controller in the free economic initiative referred to art. 41 of the Italian Constitution, and as regards point e) the legal basis is to be found in a legal obligation. With regard to further and future purposes that may require consent, such consent shall be requested on a specific form and shall also be considered a valid legal basis.
In addition to the Data Controller, in some cases certain categories of data processors and authorised parties involved in the operation of the corporate organisation could have access to the data (administration, commercial, marketing and legal personnel and system administrators). Furthermore, the Data Controller may use external parties (suppliers of third-party technical services, transport providers, hosting providers, cloud services, IT companies, communication agencies) who will be appointed as external data processors. An up-to-date list of data processors can be requested at any time from the Data Controller, via the address indicated above.
Transfer of data to countries outside the EU
The Data Controller does not transfer the data of Customers/Users/navigators of the side to other countries outside the European Union.
Data processed by the Data Controller will not be disclosed.
Data processing location
Data connected with the web services of this site are processed in Italy and hence, in accordance with EU Regulation 2016/679 are to be considered eligible as falling within the EU.
Data are only processed by technical personnel appointed by the Data Controller.
Data storage location and timescales
Data is processed for the time required to provide the service requested by users, then destroyed using secure methods, such as shredding paper documents and wiping electronic copies.
Optional or compulsory data
Apart from the information stated regarding browsing data captured automatically, users/visitors can choose whether or not to provide their personal data. Failing to provide the data may prevent requests from being fulfilled. Optionally, expressly and voluntarily choosing to send an e-mail to addresses on this site will result in the user's address being captured, for the purpose of fulfilling requests for services, products and/or information, in addition to any other personal data entered on forms.
Rights of Data Subjects
In accordance with the GDPR, data subjects have the right to obtain information on its existence at any time, in addition to the content and origin, check its accuracy or ask for it to be supplemented, updated or amended.
Requests should be sent to: Metal Work Deutschland GmbH at the addresses indicated above.
With regard to processing the aforementioned data, customers have the right to obtain the following from the Data Controller:
- confirmation of the existence of their personal data, its communication in an intelligible format, understanding of its origin, and the logic at the basis of its processing;
- deletion of their personal data within a reasonable timescale, its transformation to make it anonymous, or block data processed in breach of legislation,
- to have it updated, supplemented or amended;
- a statement that the operations referred to in 2) and 3) above were made known to parties to whom the data was communicated, except where this is impossible or involves disproportionate methods;
- Customers also have the right to have their personal data amended or deleted, or its processing restricted;
- Customers have the right to withdraw consent to processing which is optional and is not related to executing the contract agreed with the Data Controller;
- Users also have the right to object to their data being processed, even if it is relevant for the purpose it was collected, request data portability, exercise their right to be forgotten, and contact the ordinary judicial authority or the Supervisory Authority for the protection of personal data to report any alleged breach. Für Deutschland ist dies der Bundesbeauftragte für Datenschutz und Informationsfreiheit - in Verbindung zu setzen, und zwar per E-Mail unter firstname.lastname@example.org, per Fax unter der Nummer +49 (0) 228-997799-5550 oder per Post an Husarenstr. 30 - 53117 Bonn, Deutschland (www.bfdi.bund.de);
Für Österreich ist dies die Österreichische Datenschutzbehörde, E-Mail email@example.com, Telefon +43 1 52 152-0 oder per Post Wickenburggasse 8 - 1080 Wien, Österreich.
Automated decision-making processes
Automated decision-making processes are not implemented on aggregate data collected, other than to improve site management.
This Site and the Data Controller Services are not intended for children under the age of 18, and the Data Controller does not knowingly collect personal information from children. In the event that information about minors is unintentionally recorded, the Data Controller will delete it in a timely manner upon the users' request.
Applications for employment
The Services may have links to external sites, outside our control. These Privacy Policies only cover the way in which Metal Work Deutschland GmbH processes personal and non-personal data gathered through the Services. By accessing any external site, you agree to the privacy policies of that site. The external sites may have different policies regarding the gathering, use and disclosure of personal data, over which Metal Work Deutschland GmbH has no control and is not responsible for the privacy practices of such third parties.
Therefore, it is advisable to consult the privacy policies of all third-party services.
Concesio (BS), April 2019