PURSUANT TO ART. 13 OF EU REGULATION 2016/679 (GDPR) AND SUBSEQUENT AMENDMENTS
Dear Data Subject (User),
With this document, Generalmec S.r.l. provides you with information about the characteristics and methods of processing your personal data, pursuant to and in accordance with the legislative provisions of the GDPR and the Privacy Code still in force today.
Every processing activity carried out on your personal data will adhere to the principles of lawfulness, fairness, and transparency.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller (hereinafter also referred to as the “Controller” and/or “Company”) is Generalmec S.r.l., with registered office at 35020 – Brugine (PD), Via Dell’Industria 42, VAT No.: 02266830286, R.E.A. PD 218266, represented by its legal representatives pro tempore, available at the following contacts: e-mail info@generalmecsrl.it, PEC: generalmec@internetpec.it.
TYPES OF DATA SUBJECT TO PROCESSING
The Controller will process your personal identification and contact data (such as name, surname, email address, phone number) provided directly by you through the completion of the data collection form in the “Contact Us” section of the Controller’s website.
DEFINITION OF PROCESSING
Pursuant to Art. 4(2) of the GDPR, “Processing” is defined as “any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.”
PURPOSE AND LEGAL BASIS OF DATA PROCESSING
The Controller collects and processes your personal data for the following purposes:
Responding to your message or request for information. The legal basis for this purpose is the legitimate interest of the Controller under Article 6(1)(f) of the GDPR, which can be identified in the reasonable expectation that the user’s personal data will be processed by the Controller to respond to their contact request.
METHODS OF DATA PROCESSING
Processing will be carried out using electronic, IT, and manual tools.
Processing is carried out by the Controller and its collaborators and/or employees in their capacity as authorized processors, as well as by data processors specifically identified in writing, within their respective roles and in compliance with the instructions provided by the Controller, ensuring the use of appropriate security measures to safeguard the processed data and guaranteeing confidentiality.
In compliance with the Regulation, the processing carried out by the Controller will be based on the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.
Your data will always be processed with the utmost confidentiality, even when managed by third parties expressly appointed by the Controller.
Your data will not be subject to any automated decision-making or profiling.
RETENTION PERIOD – NATURE OF DATA PROVISION
For the purposes stated, the provision of your personal data is mandatory in order to formulate a response to your request. Refusal to provide such data will result in the inability of the Controller to respond to your message or process your request for information.
Your personal data will be retained for the time necessary to process the request for information.
Once this period has elapsed or the pending requests have been fulfilled, your data will be destroyed or anonymized. The Controller will irreversibly delete the data using secure deletion or destruction methods or store them in an anonymous format that does not allow identification, even indirectly, in compliance with technical deletion and backup procedures.
The obsolescence of stored data is periodically reviewed in relation to the purposes for which they were collected.
RECIPIENTS OF PERSONAL DATA
The personal data you provide may be disclosed to the Controller, authorized personnel, and/or data processors.
The communication of the Data Subject’s personal data primarily occurs with third parties and/or recipients whose activities are necessary for carrying out tasks related to the execution of the established contractual relationship and compliance with specific legal obligations. Possible categories of recipients who may become aware of your personal data during or after the execution of the contract include:
Entities processing data in fulfillment of specific legal obligations (e.g., national and government entities);
Software and hardware support companies;
Internal and/or external consultants providing functional services related to the purposes described above, designated in writing and given specific written instructions regarding data processing, including providers of management software, cloud services, and similar solutions;
Companies or professionals for judicial or extrajudicial protection of the Controller’s rights;
Public and private entities where communication is necessary for the correct and complete fulfillment of the above-mentioned purposes.
Such data may also be communicated to assistance, welfare, and/or insurance entities upon specific request by the data subject.
The updated list of Data Processors can always be requested from the Data Controller.
DATA DISCLOSURE
Unless specifically requested in writing by you or required by law, the personal data you provide will not be disclosed.
DATA TRANSFER ABROAD
The collected data will not be transferred to third countries or international organizations.
Some personal data of data subjects may be shared with recipients located outside the European Economic Area. Should this occur and necessitate the transfer of the provided data to servers located in non-EU countries, the Controller ensures that the transfer and processing will be carried out in compliance with applicable regulations. Transfers will be made through appropriate safeguards such as adequacy decisions, standard contractual clauses approved by the European Commission, or other legal instruments.
DATA SUBJECT RIGHTS
The legislation grants the Data Subject the right to exercise specific rights listed in Articles 15 to 22 of the GDPR, including the right to obtain confirmation from the Controller regarding the existence of their personal data (i.e., access), its provision in an intelligible format, as well as its rectification, deletion, restriction (in whole or in part), objection for legitimate reasons, and/or withdrawal of consent at any time (subject to the indicated consequences), request data portability for data based on specific consent, and request updates.
The Data Subject has the right to be informed about the source of the data, the purpose and methods of processing, the logic applied to processing, and the identification details of the Controller and the recipients of the data.
The Data Subject also has the right to request anonymization, restriction, or blocking of unlawfully processed data. Furthermore, complaints regarding unauthorized data processing may be filed with the Data Protection Authority through the methods published on its website (http://www.garanteprivacy.it/).
Requests to exercise these rights can be addressed to the Data Controller at the contacts provided above, without formalities, or alternatively, by using the form provided by the Data Protection Authority available at: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
RIGHT TO COMPLAIN
If you believe that the processing of your personal data violates the Regulation, you have the right to file a complaint with the Data Protection Authority (by e-mail at: garante@gpdp.it, or by mail to: Garante per la protezione dei dati personali, Piazza Venezia 11 Scala B, CAP 00187, Rome, Italy), as provided by Article 77 of the Regulation, or to take appropriate legal action as provided by Article 79 of the Regulation.
CHANGES TO THIS NOTICE
This notice may be subject to changes over time due to the entry into force of new regulations, updates and/or the provision of new services, or technological innovations.
Last updated: 27/02/2025