CIR S.p.A. – Compagnie Industriali Riunite (in the following “CIR” or “the Company”), as the Data Controller, wishes to provide the following specific information about the management of the website www.cirgroup.com in relation to the handling of the personal data of users who consult the website. This is also information required in accordance with article 13 of EU Regulation 2016/679 (“GDPR” or “Regulation”).
- Directive 2002/58/CE – relative to the “handling of personal data and the protection of the private life in the electronic communications sector”;
- Legislative Decree 30 June 2003, no. 196 as modified by legislative decree 10 August 2018 no. 101;
- Regulation (EU) 2016/679 of the European Parliament and council of 27 April 2016 relative to the protection of individuals with regard to the handling of personal data, as well as the free circulation of such data and abrogates directive 95/46/ce (General Regulation for the Protection of Data).
The data controller is CIR S.p.A – Compagnie Industriali Riunite, Via Ciovassino no. 1, 20121. Milan.
PERSON RESPONSIBLE FOR THE PROTECTION OF DATA
The data controller, in accordance with the dispositions of article 37 of Regulation (EU) 2016/679, has nominated a Person Responsible for the Protection of Data (DPO) who can be reached by writing to the following address: firstname.lastname@example.org.
LOCATION OF DATA CONTROL
The control of data connected with the web services of this site takes place at the abovementioned headquarters of CIR and at the offices of third parties, given specific responsibility, that provide outsourced services.
TYPES OF DATA HANDLED
The computer systems and software procedures that support the functioning of this website acquire, in the course of normal operation, some personal data the transmission of which is inherent to the use of the Internet’s communications protocols.
The information in question, which is not collected to be associated with the interested parties identified but which, because of its nature, could through processing and association with data held by third parties permit the identification of users.
This category of data includes: IP addresses or the domain names of the computers utilized by users who connect to the site; addresses annotated in URI (Uniform Resource Identifier) of the requested resources; time of the request; methods used to submit the request to the server; size of the file obtained in response; number code indicating the state of the response from the server (successful, failed, etc.); and other parameters relative to the users’ operating system and computer environment.
These data are only used for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are immediately cancelled after processing.
Data furnished voluntarily by users
CIR collects personal data offered voluntarily by users through the http://www.cirgroup.com/ website in the following cases:
- Spontaneous messages sent by users including personal data for the request of information via the email addresses and telephone numbers indicated in the dedicated “contacts” section;
- Spontaneous messages sent by users containing personal data through the compilation of dedicated forms to facilitate the receipt of specific communications;
- Spontaneous messages sent by users including personal data through the compilation of dedicated forms and the sending of CVs, through the “Send your CV” page.
Specific information summaries will be progressively referred to or visualized on the pages of the website for particular on-request services.
PURPOSES AND LEGAL BASIS OF DATA HANDLING
Personal data will be handled for the following purposes:
- Purposes allowing navigation and consultation within the website.
The legal basis of the handling is the consent which is understood to be manifestly given through the consultation of the website (art. 6, first paragraph, let. a)).
- Purposes inherent to the provision of requested services (e.g. Answers to information requests, subscription to Mail Alerts and propositions of candidacy).
The legal basis of the handling is the consent which is understood to be manifestly given through the compilation of the form and the sending of one’s own data (art. 6, first paragraph, let. a)).
- Purposes of defense in instances of abuse in the use of the website and attempted fraud.
The legal basis for the handling is legitimate interest (art. 6, first paragraph, let. f)).
OPTIONAL NATURE OF DATA PROVISION
Apart from what has been stated regarding navigation data, the user is free to provide personal data. However, failure to provide them could make it impossible to satisfy requests.
METHOD OF HANDLING
Personal data are handled, also with the help of automated instruments, for the time strictly needed to achieve the purposes for which they were collected. Specific security measures are taken to prevent the loss of data, their illegal or incorrect use and unauthorized access. The Data Controller has adopted suitable security measures, inspired by the principle international standards, to reduce to a minimum any risks to the confidentiality, availability and integrity of the personal data collected and handled.
LINKS TO OTHER WEBSITES
This website may contain links or references for access to other websites. We inform you that the Data Controller does not control the cookies and other monitoring technologies of these websites to which the present policy does not apply. We suggest, therefore, to consult the individual privacy policies of these websites.
SHARING, COMMUNICATION AND DISSEMINATION OF DATA
The Data Controller is part of a group of companies. In carrying out the activities whose purposes are indicated above, your data could be communicated to other companies of the Group, which in turn will proceed to handle that personal data.
The data collected could be transferred or communicated to third party companies, specifically nominated Responsible for data handling, for activities strictly connected to the pursuit of the above mentioned purposes.
Outside of these cases, personal data shall not be communicated to third parties unless foreseen by contract or law, or except where specific consent has been requested of the interested party.
In this sense, personal data could be transmitted to third parties, but only and exclusively in cases in which:
- there is the explicit consent to share data with third parties;
- there is the need to share the information with third parties in order to supply the service requested by the interested party;
- it is necessary to comply with requests from Judicial Authorities and Public Safety Authorities.
No data deriving from the web service is disseminated.
A list of the subjects nominated Responsible for the handling of data is held at the headquarters of the companies of CIR.
RIGHTS OF INTERESTED PARTIES
The laws protecting personal data expressly foresee certain rights on the part of the subjects to whom the data refers (i.e. interested party). In particular, in accordance with articles 15 to 22 of the GDPR, each interested party has the right to obtain confirmation of the existence or not of data that regards them and, in the case of confirmation, to obtain access to the data, have it corrected or cancelled, limit its handling and portability, as well as opposing its handling. In order to exercize the aforementioned rights, the user can contact the Data Controller, sending a registered letter to the address indicated or by contacting the Manager Responsible for the Protection of Data by sending an email to the following address: email@example.com.
CHANGES TO EXISTING PRIVACY POLICIES
The Data Controller periodically checks its policies relating to privacy and safety and, if it is the case, revises it in relation to changes in the law, in the organization or determined by the evolution of technology. In the event that policies are changed, the new version will be published on this page of the website.
QUESTIONS, COMPLAINTS, SUGGESTIONS
RIGHT OF COMPLAINT
Interested parties who believe that the handling of personal data referring to them enacted through this site is in violation of that which is foreseen in the GDPR have the right to submit a complaint to the controlling authorities, in accordance with article 77 of the GDPR itself, or to make recourse to the relevant judicial offices (article 79 of the GDPR).