The data in this website concerning the company Urmet S.p.A. (hereinafter referred to as “Data Controller” or “Joint Data Controller”) and the persons who work with it, can be freely used by all those interested in the products sold by the company itself or by other companies belonging to the Urmet Group,
Data may not be used by potential suppliers or other subjects to send advertising or direct sales material, or to carry out market research or for commercial communications.
Below are our privacy policies pursuant to article 13 GDPR 679/16.
Website privacy policy
This website belongs to the company Urmet S.p.A., which processes the data collected through the website as Data Controller.
The Data Controller guarantees the security, confidentiality and protection of the data obtained or that it will obtain at any stage during the processing of data, in compliance with the provisions of GDPR 679/16 and respecting business secrecy.
This website contains links or references to other third-party websites over which the Data Controller has no control. Such links are provided for user convenience and the Data Controller disclaims any and all liability in connection with such third-party websites and makes no representations as to the accuracy or exhaustiveness of the information contained therein.
This privacy policy is for persons who access and view the Urmet S.p.A. website, pursuant to art. 13 GDPR 679/16 – “European General Data Protection Regulation”.
This cookie policy therefore describes the ways that Urmet S.p.A. uses cookies and similar technologies to collect and store information when the user visits the website or receives emails from the company.
Method of processing
During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of internet communication protocols.
It is information that by its very nature can allow users to be identified through processing and association with data held by third parties.
Policy on cookies, pixel tags and JavaScript tags
The website uses session and permanent cookies, technical, analytical and profiling cookies as well as pixel tags and/or JavaScript tags to collect and store certain information about the user. A cookie is a small data file that the website sends and saves on the hard disk of the user’s computer and/or device (both hereinafter referred to as “computer”). Subsequently, when the user accesses the website again, the cookies saved on the computer will send information back to the server that originally sent them. For example, session cookies are used to browse the website without having to enter login information again and are then deleted from the user’s computer once the browser is closed. Permanent or persistent cookies remain on the user’s computer after the browser is closed, but can be deleted at any time using the browser settings. Cookies can also be broken down into “first-party cookies” and “third-party cookies”. First-party cookies are set directly by Urmet S.p.A. on the user’s computer, with the sole purpose of recognising it on subsequent visits.
Third-party cookies are sent by an independent service provider acting on behalf of the company and may be used by that third-party service provider to recognise you when you visit the company’s website or third-party sites. While the company may grant third-party service providers access to the website to send these cookies to users’ computers in accordance with applicable laws, as outlined in this cookie policy the company does not control the information collected by cookies nor does it retain access to such data, which are immediately communicated to third parties who collect them.
This information is controlled entirely by the third-party service provider in accordance with its respective privacy policy. Pixel tags can also be used in emails that Urmet S.p.A. sends to the user. To learn more about cookies, visit:
www.allaboutcookies.org o www.youronlinechoices.eu.
By using the company’s website, the user consents to the use and communication of cookies and pixel tags/JavaScript tags not associated with transactions as described in this policy, unless this consent is withdrawn and their use is prevented by modifying the technical settings of the computer as described below:
How to disable or delete cookies
To prevent the browser from accepting cookies, to be informed every time a cookie is stored on the computer or to delete the cookies already present, make the appropriate changes using the settings of the Internet browser, generally accessible from the “Help” or “Internet Options” section. Refer to the links below:
If cookies are disabled or deleted through the Internet browser settings, some features or functionality of this website may not be accessible. Furthermore, the user may be asked to re-enter his/her login information, and the general use of the website may be limited. If all cookies are deleted from the browser or another browser or computer is used, it will be necessary to repeat the procedure to withdraw consent for the use of cookies.
Purpose of cookies, pixel tags and JavaScript tags
This website uses the following cookies for the following purposes:
Urmet S.p.A. uses session cookies to store the selected products in the shopping cart and to allow the registered user who has logged into the site to remain connected. Session cookies store the relevant information together with the user’s IP address and the cookie identification code. These session cookies are cookies associated with the transactions necessary for the use of the website, and their use does not require the user’s consent.
· Urmet S.p.A. can also use a permanent cookie to store the user’s login data, which will make it so that he/she does not have to re-enter them every time he/she visits the website. This function can only be activated if the user ticks the box below the login window noting the presence of this function.
· Urmet S.p.A. can also set a permanent cookie the first time the user visits the website in order to recognise him/her as a visitor and to determine if he/she has visited the online store intended for consumers or the one for corporate customers. This cookie is updated with a date and time stamp every time the user returns to the website and stores information about the products displayed in order to show the user customised products on the website home page based on the preferences previously shown. If the user is a registered customer, Urmet can insert a permanent cookie that keeps track of the time and date of the visits, whether the user is registered as a corporate customer or a consumer. This cookie can be associated with the user transaction data to show the user customised products on the website home page based on the preferences previously shown.
Social media tools
The Urmet S.p.A. website offers access to social media tools provided by social network platforms like Facebook, Google, LinkedIn and Twitter. The users that decide to use these tools by activating a social media tool can share certain personal data with their friends and social network platforms. Sharing activities are subject to the privacy policies of each social network. Specifically, social network tools are also offered to allow Facebook to share information and activities of friends with its registered users while browsing our website.
For example, social plug-ins allow Facebook to show the “likes” of the user and his/her friends on the pages of our products. When the user is connected to Facebook while browsing the website, Urmet S.p.A. has no control over the information collected from these social media tools nor does it have access to such data. This information is controlled entirely by the social network in accordance with its respective privacy policy. For more information, visit the websites of the respective social networks.
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10154 Turin, Italy, in the person of its legal representative pro tempore.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it
Purposes of the processing
To offer a quality service, the website requests some information from the browser. This includes browsing preferences, logins and pages that are frequently displayed. This information helps to better understand the needs of users in order to offer an ever better service.
Legal basis for the processing
The use of technical cookies involves processing carried out in the legitimate interest of the Data Controller. The use of the remaining cookies is subject to the consent of the data subject.
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Data Controller has entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfil the purposes specified. In this specific case, browsing data are kept for six months.
Refusal to provide data
The data subject can refuse to give the Data Controller his/her browsing data.
To do this, cookies must be disabled by following the instructions provided by the browser being used.
Disabling cookies may make browsing and use of the website’s features worse.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address above or by email, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authority of his/her country of residence.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural persons.
Privacy policy for the sales network, resellers, installers and technical partners
The companies URMET S.p.A., Urmet TLC S.p.A., Simon Urmet S.r.l., Urmet ATE S.r.l., Aprimatic S.r.l. and GLT S.r.l. are part of a group of companies belonging to the same shareholding structure and offering complementary and often integrated products and services.
Within this group of companies, URMET S.p.A. provides various services to the other companies in the areas of HR, ICT, marketing and sales.
In particular, since the aforementioned companies work with the same network of dealers and installers of door phone products, video door phones, video recording, alarm systems, building automation and automation, as well as the same technical partners, i.e. parties that promote, advise, recommend, install, perform maintenance, repair, replacement of our products, they operate as Joint Data Controllers for the processing carried out to pursue the following commercial and technical purposes:
- Provision of support services to dealers and installers
- Management of the commercial relationship with dealers and installers
- Sending of useful information and technical and regulatory updates
- Offer of professional updating and support initiatives
- Reminding or notification of deadlines and obligations
- Invitation to seminars, meetings, conferences
- Sending of catalogues and other product presentation materials
- Sending of technical and informative materials and updates
- Admission to technical and added-value services
- Information on technical refresher courses and professional training initiatives
- Admission to seminars, courses, professional training sessions
- Offer of new products and services
- Preparation of documentation for participation in tenders etc.
- Performance of aggregate surveys
Therefore, if you are a dealer or installer and you contact any of the Joint Data Controllers mentioned above, some personal data may be requested. For this reason we provide you with the following information:
Identity of the Joint Data Controllers
The Joint Controllers of the personal data of the data subjects are:
Urmet S.p.A., in the person of its legal representative pro tempore, based in Via Bologna 188/C – Turin, Italy;
Urmet TLC S.p.A., in the person of its legal representative pro tempore, based in Via Bologna 188/C – Turin, Italy;
Simon Urmet S.r.l., in the person of its legal representative pro tempore, based in Via Bologna 188/C – Turin, Italy;
Urmet ATE S.r.l., in the person of its legal representative pro tempore, based in Via Pola 30, 36040 Torri di Quartesolo – Vicenza, Italy;
Aprimatic S.r.l., in the person of its legal representative pro tempore, based in Via Emilia 147, 40064 Ozzano dell’Emilia, Italy;
GLT S.r.l., in the person of its legal representative pro tempore, based in Via Bologna 152, 10154 Turin, Italy.
Contact details of the DPO – Data Protection Officer
The Joint Data Controller Urmet S.p.A. appointed the Data Protection Officer, which can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Source of the data and types of data collected
a) The Joint Data Controllers collect personal data provided on a voluntary basis by the user when registering on the website of any of the Joint Data Controllers or when making a transaction via the website, in addition to other personal data associated with the processing of orders. These personal data include: Title, full name, company name, VAT number (if applicable), email address, username and password, shipping and billing addresses (including postal code, city and country), telephone and fax numbers, type and quantity of products ordered, order date, order fulfilment status, date and time of delivery, order value, currency, payment information, return requests or offers to the user and the following information provided on a voluntary basis by the user: how he/she learned about the website, company information, number of employees and, for company customers, the company’s founding date (hereinafter “transaction data”).
b) The Joint Data Controllers also collect data on the use of the website by the user, like IP address, the products viewed, and if the user arrived at the website via a referral page or a link in a promotional email or advertising on another website that redirects to a website of a Joint Data Controller. The Joint Data Controllers can also collect information on the referring page and on promotional emails or targeted advertisements together with the user’s IP address to analyse the effectiveness of marketing operations (hereinafter “usage data”).
Purposes of the processing
Personal data are processed by the Joint Data Controllers as follows:
1) Transaction data will be used to process orders, manage payments, communicate with the user about the order, manage product returns, customer service requests and collect the products. They will also be used to acquire pre-contractual data and information; exchange information for the fulfilment of the contractual relationship, including pre and post contractual activities; make requests or respond to requests received; manage accounting and tax obligations.
2) Transaction data will also be used to send the data subject personalised messages or invitations to review the products; data on use, in the case of registered customers, will be used together with transaction data (with the exception of payment information) to show customised products on the website based on the interests expressed by the user.
3) If the user requests the sending of marketing communications and the newsletter, his/her transaction data and data on the use of the website will be analysed by the Joint Data Controllers to send personalised commercial communications based on the preferences expressed.
4) Finally, data will be used to manage and control risks to prevent possible fraud, insolvency or default; prevent and manage possible litigation; take legal action as needed.
Legal basis for the processing
The legal basis for the processing is as follows:
– For the processing specified in point 1), the processing is necessary for the fulfilment of a contract the data subject is a party to or for the adoption of pre-contractual measures implemented at his/her request.
– For the processing specified in point 2), the data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes.
– For the processing specified in point 3), fulfilment of pre-contractual measures implemented at the request of the data subject and the legitimate interest of the data controller (the maximisation of the effectiveness of communications).
– For the processing specified in point 4), the processing is necessary for the pursuit of the legitimate interest of the data controller (protection and prevention of fraud and insolvency).
Data recipients
The personal data processed by the Joint Data Controllers are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Joint Data Controllers or parties authorised to process the data under the authority of the data controller. In this regard, Urmet S.p.A. appointed third-party service providers for the operation of the website, like hosting service providers, marketing and website service providers, IT maintenance providers, shipping and VAT verification services, as well as service providers that allow the integration of other functions into the website that the user can use at his/her discretion, like chat tools or the product review function. These service providers, designated as Data Processors, are provided with only the personal data they need to provide the corresponding services and are not allowed to use or disclose the personal data of the data subjects for other purposes without the prior authorisation of the data subject.
If the data subject asks to receive marketing communications and the newsletter of one of the Joint Data Controllers, his/her name, email address and other data on transactions and use will be shared so that his/her interests can be analysed and commercial communications personalised according to the preferences expressed.
The data on the user’s transactions are shared to manage the pick-up of products and so that the Joint Data Controllers can contact the user in this case.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Joint Data Controllers. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Joint Data Controllers.
External parties operating under the authority of the Joint Data Controllers have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Joint Data Controllers have entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances do the Joint Data Controllers transfer your personal data to third countries or to international organisations.
However, they reserve the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Joint Data Controllers retain and process your personal data for the time necessary to fulfil the purposes specified. Subsequently, personal data will be stored and no longer processed for the time established by the current provisions on civil and fiscal matters.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, you can exercise your rights by writing to the Joint Data Controller Urmet S.p.A. at the address above or by email to the address dpo@urmet.it, specifying the subject of the request, the right that you intend to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given.
However, some of the processing activities referred to in this privacy policy (points 1) and 4)) are lawful and permissible, even without consent, as they are necessary for the fulfilment of a contract the data subject is a party to, or for the fulfilment of his/her requests or to pursue the legitimate interests of the data controller.
Withdrawal of consent, where applicable, may restrict or compromise the means of interaction and communication of the customer or user with one or more Joint Data Controllers.
Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authority of his/her country of residence.
Refusal to provide data
Data subjects cannot refuse to give the Joint Data Controllers the personal data necessary to comply with the legal provisions regulating commercial transactions and taxation.
The provision of further personal data may be necessary to improve the quality and efficiency of the transaction.
Consequently, the refusal to provide the data required by law will prevent the fulfilment of orders. The additional data specified in point a) of the paragraph “Source of the data and types of data collected” are provided on a voluntary basis. However, if the data subject decides not to provide the requested data, one or more Joint Data Controllers may not be able to provide the services, allow the transaction to be completed via the website or process the order.
The data specified in point b) are provided voluntarily by the data subject, and should he/she decide not to provide such data the supply of the products and services will not be compromised.
Automated decision-making processes
Under no circumstances do the Joint Data Controllers carry out processing consisting of automated decision-making processes on your data.
Privacy policy for those who fill out the online forms
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10154 Turin, Italy, in the person of its legal representative pro tempore.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Source of the data and types of data collected
The personal data processed are those provided by filling out the form, possibly supplemented with data derived from public lists or already known, in any case ensuring consistency of the processing.
Purposes of the processing
Personal data are processed to manage requests made by completing online forms. Furthermore, the data – including email addresses – will be included in the archives and used (also considering the Decision of the Italian Data Protection Authority, as published in Italy´s Official Journal of 1 July 2008, no. 188/C, draft 6, points a, b, c for the sending – also via email – of technical, promotional and commercial communications concerning products and services similar to those for which the requests were made.
Legal basis for the processing
The legal basis for the processing is constituted by the fulfilment of a contract the data subject is a party to or the fulfilment of his/her requests.
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Data Controller has entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfil the purposes specified. In this specific case, the data entered in the online forms are kept for two years.
Refusal to provide data
The data subject can refuse to give the Data Controller his/her data.
However, failure to provide such data could compromise or make it impossible to reply to or fulfil requests.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address above or by email, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given.
However, the processing referred to in this privacy policy is lawful and permissible, even without consent, as it is necessary for the fulfilment of a contract the data subject is a party to, or for the fulfilment of his/her requests.
Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authority of his/her country of residence.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural persons.
Privacy policy for recipients of the printed catalogue
This privacy policy is for persons who receive the printed catalogue pursuant to art. 13 GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10152 Turin, Italy, in the person of its legal representative pro tempore.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Data source
The personal data of the recipients of the printed catalogue are found in the archives of the Data Controller due to:
· Previous purchases,
· Voluntary registration on the website,
· Submitted requests,
·
Collected from third parties, like managers of public lists or providers of addresses, including specifically the Yellow Pages and other directories
Purposes of the processing
The personal data of the catalogue recipients are processed to:
· Send the catalogue (considered to be a pre-contractual activity),
· Acquire, manage and fulfil orders, as well as to comply with administrative, legal and tax obligations,
· Carry out post-contractual activities, like Customer Service.
Legal basis for the processing
The legal basis is the need to follow up on pre-contractual, contractual and post-contractual obligations.
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Data Controller has entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfil the purposes specified. In this specific case, data are kept for two years.
Refusal to provide data
The data subject can refuse to give the Data Controller his/her data.
However, failure to provide such data could compromise or make it impossible to reply to or fulfil requests.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address above or by email, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given.
However, the processing referred to in this privacy policy is lawful and permissible, even without consent, as it is necessary for the fulfilment of a contract the data subject is a party to.
Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authority of his/her country of residence.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural persons.
Privacy policy for newsletter subscribers
This privacy policy is for those who subscribe to the newsletter pursuant to art. 13 GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10154 Turin, Italy, in the person of its legal representative pro tempore.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Data source
The personal data processed are those entered in the subscription form.
Purposes of the processing
The personal data of the subscribers are processed to:
· Send the newsletter by email,
· Conduct surveys and assess satisfaction,
Legal basis for the processing
The legal basis is the consent of the data subject expressed by an unequivocal positive action, i.e. spontaneous and free subscription. The subscription is also confirmed through a double opt-in procedure.
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Data Controller has entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfil the purposes specified. In this case, the data are kept until the data subjects remove themselves from the mailing list or while the email addresses remain active.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given.
The withdrawal of consent, which can be carried out through the link provided at the foot of the newsletter, results in the suspension of the sending of the newsletter.
Refusal to provide data
The provision of personal data is optional, and failure to provide them can, at most, result in the impossibility of receiving the newsletter.
Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authority of his/her country of residence.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural persons.
Privacy policy for those who call the Contact Centre
This privacy policy is for those persons who call the Contact Centre pursuant to art. 13 GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10154 Turin, Italy, in the person of its legal representative pro tempore.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Data source
Personal data are voluntarily provided by the data subject during the call.
Purposes of the processing
Personal data are processed to respond to requests made by users by telephone in order to obtain maintenance and assistance on plants, systems and connections; installation and programming, delivery of products and equipment; reporting of faults; requests for information of various kinds. In order to improve the quality of the main Customer Service processes and to better focus staff training, at the end of the phone call the customer will be asked to participate, freely and in an anonymous way, in a survey which will express a judgement on the Telephone Assistance Service and on the quality of the telephone assistance received.
Legal basis for the processing
Fulfilment of a contract the data subject is a party to or adoption of pre-contractual measures implemented at his/her request (response to requests made by telephone).
Legitimate interest of the Data Controller (survey).
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Data Controller has entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfil the purposes specified. In this specific case, data are kept for two years.
Refusal to provide data
The data subject can refuse to give the Data Controller his/her data.
However, failure to provide such data could compromise or make it impossible to reply to or fulfil requests.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address above or by email, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given. However, it should be noted that the processing described in this privacy policy is lawful and permissible even without consent. In any case, consent can be denied by ending the phone call.
Refusal to provide data
The data subject can refuse to provide his/her personal data as it is optional to do so. However, such refusal to provide data could prevent the requests received from being processed.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural persons.
Privacy policy for job applicants and those who voluntarily submit their CVs
This privacy policy applies to applicants submitting their CVs voluntarily or in response to recruiting activities, pursuant to art. 13 of GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller for data processing indicated below is Urmet S.p.A. based at Via Bologna 188/C, 10154 Turin, Italy, in the person of its pro tempore legal representative.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be contacted at the headquarters of the Data Controller or by email at dpo@urmet.it.
Category of data and source and processed data
The Data Controller will process the following categories of personal data, including but not limited to: name, surname, date of birth, residence, email address and telephone contacts, educational qualification, work experience and any other data you have provided in your curriculum vitae and/or during job interviews.
If the CV you sent contains data not relevant to the purpose of assessing your application, the Data Controller will refrain from using such information.
The personal data processed are those provided:
- When sending your curriculum vitae via email or through the proper section of Data Controller website https://www.urmet.com/en-us/work-with-us;
- During job interviews
- During direct contacts at trade shows, exhibitions, etc.
- Provided by third parties;
Social networks (e.g. Facebook: https://www.facebook.com/elkronofficial, LinkedIn: https://www.linkedin.com/company/elkron/, etc.) used by the Data Controller to post job vacancies.
Purposes of the processing
The personal data referred to applicants submitting CVs voluntarily or in response to recruiting activities are processed for purposes related to assessment and selection for a job with the Data Controller or companies related to the Data Controller; or to possibly propose future other job offers with the Data Controller or companies related to the Data Controller consistent with the professional profile of the data subject.
Legal basis for the processing
The legal basis is:
- The implementation of pre-contractual measures taken in response to your request;
- The consent given through the free decision to send your CV;
- The fulfilment of regulatory obligations under the law or at the request of a public authority;
- The pursuit of legitimate interest to prevent or stop fraudulent activities or abuses detrimental to the website and to exercise the rights of the Data Controller, for example the right of defence before the court.
Data retention
The data mentioned above will be retained on paper files and IT databases (servers and/or cloud) for a period not exceeding thirty months from receipt of your CV through the website or via email, or from your last interaction with the website (access, update of data, or upload of your CV), unless you explicitly agree to a further period of retention of your data which you may express before the expiry of the above-mentioned period.
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to the company departments interested in the applicant which work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller. Data may also be disclosed to companies related to the Data Controller, which process the personal data of the data subject for the same purposes and in the same manners as mentioned in this privacy policy.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject may exercise his/her rights by writing to the Data Controller at the headquarters address above or by email at dpo@urmet.it, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 of GDPR 2016/ 679.
Further information on the rights of the data subject is provided at the end of this privacy policy.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given.
However, the processing referred to in this privacy policy is lawful and permissible, even without consent, as it is for the purpose of implementing pre-contractual measures (the assessment of the application and the selection of candidates) carried out at the implicit request of the data subject.
Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authority of his/her country of residence.
Refusal to provide data
The data subject can refuse to give the Data Controller his/her personal data.
In fact, the provision of data is optional, but any refusal to provide them in whole or in part may make it impossible for us to assess the application.
Automated decision-making processes
The Data Controller does not perform automated decision-making processes on the data of applicants submitting their CVs voluntarily or in response to recruiting activities.
Privacy policy for people who work for customers or suppliers
The management of the contractual relationship with customers and suppliers necessarily entails the processing of personal data (identifying information, telephone numbers, email addresses) of the people contacted.
This privacy policy is therefore provided pursuant to art. 13 GDPR 679/16 – “European General Data Protection Regulation” for natural persons who work for customers and suppliers.
Given the difficulty in delivering it directly to the data subjects, the privacy policy is made available to customers and suppliers with the request that they notify the data subjects.
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10154 Turin, Italy, in the person of its legal representative pro tempore.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Data source
The personal data processed are those provided by the data subject during:
Visits or phone calls;
Direct contacts at trade shows, exhibitions, etc.;
The proposal of offers;
Communications and transactions subsequent to the order
Purposes of the processing
Personal data of contact persons are processed to:
· Send communications of various kinds and with different methods (telephone, mobile phone, text message, email, fax, post)
· Make requests or fulfil requests and offers received
· Exchange information aimed at the fulfilment of the contractual relationship, including pre- and post-contractual activities
Legal basis for the processing
The legal basis is the need to follow up on pre-contractual, contractual and post-contractual obligations.
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Data Controller has entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfil the purposes specified. In this case, contact details are kept for two years following their termination.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address above or by email, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given.
However, the processing referred to in this privacy policy is lawful and permissible, even without consent, as it is necessary for the fulfilment of a contract the data subject is a party to (for the supply of goods and services).
Refusal to provide data
The data subject can refuse to give the Data Controller his/her personal data.
However, the provision of personal data is necessary for a correct and efficient management of the contractual relationship. Therefore, any refusal to provide the data may wholly or partially compromise the contractual relationship.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural persons.
Privacy policy for visitors
This privacy policy is provided to guests and in general to all persons temporarily present at the Urmet S.p.A. headquarters, pursuant to art. 13 GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10154 Turin, Italy, in the person of its legal representative pro tempore.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Data source
The personal data processed are provided by the data subject during:
· Visits to or work in the headquarters
· Interviews or work sessions at the headquarters
· Delivery or collection of goods, parcels, correspondence
Purposes of the processing
The personal data referred to above are processed for the following purposes:
· Controlling access to the building
· Detection of people on the premises
· Identification of those present for the management of emergency situations
Legal basis for the processing
The personal data of the visitors are lawfully processed for:
· The fulfilment of a legal obligation (emergency management)
· The legitimate interest of the Data Controller (control of access to and detection of people on the premises)
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Data Controller has entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address above or by email, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Data retention
The data recorded will be deleted after one year from access.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given. However, it should be noted that the processing described in this privacy policy is lawful and permissible even without consent.
Refusal to provide data
The data subject can refuse to provide his/her personal data to the Data Controller as it is optional to do so. However, such refusal makes it impossible to access the building.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural persons.
Privacy policy for directors, statutory auditors and members of the Supervisory Body
This privacy policy is for the members of the Board of Directors, the Statutory Auditors and the members of the Supervisory Body pursuant to art. 13 GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10154 Turin, Italy, in the person of its legal representative pro tempore.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Data source
Personal data are voluntarily provided by the data subject upon acceptance of the appointment.
Purposes of the processing
Personal data are processed to call the meetings of the Corporate Bodies and the Supervisory Body, to pay fees and compensation and to comply with legal obligations in the areas of taxation and social security, to complete reports and reimburse expenses, to draw up documents, reports and other formal instruments.
Legal basis for the processing
The processing is carried out by law and for the fulfilment of a contract the data subject is a party to or adoption of pre-contractual measures implemented at his/her request.
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Data Controller has entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfil the purposes specified. In this specific case, the data entered in the online forms are kept for two years.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address above or by email, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR. Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 6 of GDPR 679/16, at any time the data subject can withdraw any consent given. However, it should be noted that the processing described in this privacy policy is lawful and permissible even without consent, so the withdrawal of consent would not have any effect on the processing.
Refusal to provide data
The provision of some data (general information, tax data) is mandatory to take office and for administrative and tax purposes. Some additional data (telephone number, email address, etc.) are essential for the management of organisational aspects. For this reason, the partial or incomplete provision of information could compromise the effective management of the relationship.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural persons.
Privacy policy for recipients of email messages
The contents of emails are to be considered confidential. Therefore the information therein or any attachments are reserved exclusively for the recipients. Persons or parties other than the recipients themselves, also pursuant to art. 616 of the Italian criminal code, are not authorised to read, copy, modify, forward the message to third parties. Those who receive our communication by mistake may not use it or bring it to the attention of anyone, but must delete it from the mailbox and notify the sender. The sender’s authenticity and the contents are not guaranteed, except for digitally signed documents. Furthermore, pursuant to art. 13 GDPR 679/16, we inform you that our archives include email addresses of individuals, companies, organisations to which previous communications have been sent by email or by other means of communication or that have voluntarily and directly provided their email addresses. These addresses are used by us in compliance with the willingness of data subjects to receive emails from our company. We also inform you that all the mailboxes of the domain “…..@urmet.it” are company mailboxes and, as such, are used for work-related communications. Therefore, for operational needs any message, whether outgoing or incoming, could be read by parties other than the sender and/or the recipient.
Any data subjects who would like their email addresses to be removed from our archive, or to exercise the rights referred to in articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16 can write to the Data Controller in the person of the CEO, managing director and legal representative pro tempore of the company Urmet S.p.A. based in Via Bologna 188/C – 10152 Turin, Italy.
Privacy policy for cloud service users
Urmet S.p.A. produces, distributes and manages its own and third-party apps on its cloud platforms. Therefore, Urmet S.p.A. may process data of cloud service users both in its capacity as Data Controller (its own cloud services) and as Data Processor designated by third-party Data Controllers that provide cloud services. In both cases, the cloud service is provided by Urmet S.p.A. Therefore, this privacy policy is provided both pursuant to articles 12, 13 and 14 GDPR 679/16 – European General Data Protection Regulation – and as a courtesy to all users of the apps distributed by clients but managed and maintained by Urmet S.p.A. as Data Processor.
Identity of the Data Controller
The Data Controller (or the Data Processor) of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10152 Turin, Italy, in the person of its legal representative pro tempore.
The Data Controller guarantees the security, confidentiality and protection of the personal data obtained at any stage during the processing of data.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Data source
The personal data processed are data consciously and freely provided by users when they register for cloud services (name, user ID and password, email, mobile phone number, physical address, etc.), as well as data generated by the use of cloud services (geolocation data, conversations, promotions, user/device matches, video shooting, etc.).
Purposes of the processing
The personal data of the users are processed to:
1) allow registration and subsequent use of cloud services,
2) geolocate the users in order to provide the service requested,
3) provide services and chats,
4) manage user/device matches,
5) record images and videos,
6) improve the service use experience,
7) allow technical service,
8) allow the users to take advantage of promotions,
9) generate aggregated statistical data concerning the device use preferences of the users;
10) manage and maintain cloud platforms;
11) optimise data processing and access resources.
Legal basis for the processing
The legal basis is the consent of the data subject, expressed by ticking the check box for the indivisible set of purposes listed in points 1, 3, 4, 5 above. The consent for geolocation referred to in point 2 is expressed separately according to the specific modes of the device used by the user to access the service. A further consent is requested and expressed by ticking the check box for the purposes referred to in point 8.
The legal basis for the processing referred to in point 9 is the legitimate interests of the Data Controller.
Fulfilment of a contract concluded between the Data Controller and the Data Processor of which the data subject is a party, for the processing referred to in points 10 and 11.
Data recipients
The processed personal data are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for Urmet S.p.A., to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of Urmet S.p.A. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of Urmet S.p.A. have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
Some data relating to the preferred promotions, i.e. the consumption habits of users, are automatically generated and proposed anonymously and in aggregated form to business partners.
Data transfer
Urmet S.p.A. does not transfer personal data to third countries or to international organisations. It also reserves the right to use non-EU cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
Urmet S.p.A. retains and processes personal data for the time necessary to fulfil the purposes specified. In this case, the data provided during registration are kept for 2 years following the user deletion. Geolocation data are deleted every time the cloud services are closed.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject may exercise his/her rights by writing to Urmet S.p.A. at the address above or by email, specifying the subject of his/her request, the right that he/she intends to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.
Urmet S.p.A. underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given. Refusal of geolocation consent limits the functions offered by cloud services. Withdrawal of the other consents results in the immediate termination of the withdrawn processing.
Refusal to provide data
The data subject can refuse to give Urmet S.p.A. his/her personal data.
The provision of the personal data requested during registration is indispensable to access and use cloud services. Therefore, the refusal to provide data will not allow using the cloud services and the registration process will be interrupted.
Automated decision-making processes
With regard to the processing specified below, under no circumstances Urmet S.p.A. performs processing consisting of automated decision-making processes involving data of natural person users.
Privacy policy for app users
This privacy policy is for all those who use the apps distributed directly or through web sites and third-party platforms, pursuant to articles 12, 13 and 14 GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller of the processing referred to below is Urmet S.p.A. based at Via Bologna 188/C, 10152 Turin, Italy, in the person of its legal representative pro tempore.
The Data Controller guarantees the security, confidentiality and protection of the personal data obtained at any stage during the processing of data.
Identity of the Data Protection Officer
The Data Controller appointed the Data Protection Officer, who can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Data source
The personal data processed are data consciously and freely provided by users when they register to the app (name, user ID and password, email, mobile phone number, physical address, etc.), as well as data generated by the use of the app (geolocation data, conversations, promotions, user/device matches, video shooting, etc.).
Purposes of the processing
The personal data of the users are processed to:
1) allow registration and subsequent use of the app,
2) geolocate the users in order to provide the service requested,
3) provide services and chats,
4) manage user/device matches,
5) record images and videos,
6) manage and maintain cloud platforms,
7) optimise data processing and access resources,
8) improve the use experience of App and services,
9) allow technical service,
10) allow the users to take advantage of promotions,
11) generate aggregated statistical data concerning the device use preferences of the users.
Legal basis for the processing
The legal basis is the consent of the data subject, expressed by ticking the check box for the indivisible set of purposes listed in points 1, 3, 4, 5 above. The consent for geolocation referred to in point 2 is expressed separately according to the specific modes of the mobile device used by the user. A further consent is requested and expressed by ticking the check box for the purposes referred to in point 8.
The legal basis for the processing referred to in point 9 is the legitimate interests of the Data Controller
Data recipients
The personal data processed by the Data Controller are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Data Controller, to third parties who collaborate with it as Data Processors or who are authorised to process the data under the authority of the data controller.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Data Controller. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
External parties operating under the authority of the Data Controller have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
Some data relating to the preferred promotions, i.e. the consumption habits of users, are automatically generated and proposed anonymously and in aggregated form to business partners.
Data transfer
The Data Controller does not transfer personal data to third countries or to international organisations. It also reserves the right to use non-EU cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfil the purposes specified. In this case, the data provided during registration are kept for 2 years following the user deletion. Geolocation data are deleted every time the app is closed.
Rights of the Data Subject
With reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose an automated decision-making process of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address above or by email, specifying the subject of his/her request, the right being exercised and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given. Refusal of geolocation consent limits the functions offered by the app. Withdrawal of the other consents results in the immediate termination of the withdrawn processing.
Refusal to provide data
The data subject can refuse to give the Data Controller his/her personal data.
The provision of the personal data requested during registration is indispensable to access and use the app. Therefore, the refusal to provide data will not allow using the app and the registration process will be interrupted.
Automated decision-making processes
With regard to the processing specified below, under no circumstances does the Data Controller perform processing consisting of automated decision-making processes involving data of natural person users.
List of Data Subject’s rights
In accordance with GDPR 679/16, the data subjects may exercise specific rights by contacting the Data Controller, including: the right to request access to their personal data, the right to request the correction of personal data, the right to request the deletion of personal data, the right to request the restriction of the processing of personal data, the right to request data portability, the right to lodge a complaint with the competent data protection supervisory authority.
For more information on the processing of personal data or to exercise the rights noted above, data subjects can write to the address dpo@urmet.it.
Right of access: each data subject has the right to obtain confirmation of the existence or otherwise of personal data concerning him/her, and, in this case, to request access to such data. Access to the information includes, among other things, the purposes of the processing, the categories of personal data concerned, the recipients or the categories of recipients to whom the personal data have been or will be disclosed.
The data subject also has the right to obtain a copy of the personal data subjected to processing. For further copies requested, the Data Controller may charge a reasonable cost based on administrative expenses.
Right to rectification: each data subject has the right to obtain the correction of inaccurate personal data concerning him/her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (“right to be forgotten”): under certain circumstances, each data subject has the right to the erasure of personal data concerning him/her.
Right to restriction of processing: under certain circumstances, each data subject has the right to the restriction of the processing of personal data. In this case, the relevant data will be marked and may only be processed by the Data Controller for certain purposes.
Right to data portability: under certain circumstances, each data subject has the right to receive personal data concerning him/her in a commonly used and readable format and also has the right to transmit them to another entity without hindrance.