1. Data Controller
The Data Controller is STEELCO s.r.l. (Tax ID and VAT No. 03645260260), with registered office in San Vendemiano (Treviso), via Palù 72-74, which you can contact at the following email address: email@example.com concerning the processing of your personal data by Steelco s.r.l.
2. Type of Data Processed
a) Browsing data: during normal operation, the IT systems and software procedures permitting this website to work acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Website, the Uniform Resource Identifier (URI) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the digital code regarding the status of the answer given by the server (successful, error, etc.), and other parameters relating to the operating system and the user’s IT environment.
b) data provided voluntarily by the user through the contact or service application form in the website (e.g. newsletter);
c) cookies (please refer to the privacy notice in this website).
3. Purpose of processing and lawful basis
Your data will be collected for the following purposes:
i) to respond to any queries you may have made using the contact form or by e-mail in accordance with Article 6(1)(b) of the GDPR;
ii) to send you newsletters or commercial and marketing communications only with your express consent as required by Article 6(1)(a) of the GDPR;
iii) to fulfil a legal obligation under Article 6(1)(c) of the GDPR;
(iv) to pursue a legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the GDPR.
4. Optional data provision
Data provision is optional. However, failure to provide your data may preclude us from processing your query or providing the services you have requested.
5. Methods of data processing
Your personal data will be processed using suitable tools and procedures that guarantee security and confidentiality, both by using analogue/paper media and with the aid of IT and/or telematic media and tools.
6. Parties to whom your personal data may be disclosed
Your personal data will be processed exclusively by the Data Controller, the Data Processors designated by him/her and the persons in charge of processing specifically authorised to do so. The updated list of Data Processors can be requested from the Data Controller at any time.
7. Data storage period
Your personal data will be retained for the time strictly necessary to fulfil the purposes for which it was collected.
If data processing is subject to consent, please note that your consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out prior to such withdrawal.
Further information on the data storage period can be obtained from the following e-mail address:
8. Data transfer
Your data will not be disclosed or subjected to any fully automated decision making process, which may include profiling. Your data will be processed mainly within the European Union.
If the data controller transfers your personal data to countries outside the EU or in any case not belonging to the European Economic Area, the procedure will be as follows. In case of transfer of your data to the aforementioned third countries, the data controller will ensure an adequate level of protection pursuant to art.
45 of European Regulation 2016/679 and art.
29 Working Party (the Commission has the power to establish this adequacy through a specific decision; please refer to the list of decisions on the website of the Italian Data Protection Authority www.garanteprivacy.it).
In the absence of an adequacy decision pursuant to art. 45 of the European Regulation the data controller will provide adequate guarantees pursuant to art. 46 – 47 of European Regulation 2016/679.
Any information regarding the adequate guarantees will always be available at the headquarters of the Data Controller and can be requested by email to firstname.lastname@example.org.
Lastly, in the event that there is no adequacy decision pursuant to art. 45 of E.R. 2016/679 or adequate guarantees pursuant to art. 46 of the same Regulation, including binding corporate rules, the transfer of personal data to a country will be allowed only in the presence of exceptions in specific situations pursuant to art. 49 of E.R. 2016/679.
9. External site redirect
10. Rights of the data subject
With regard to your personal data processed in accordance with this policy, you are acknowledged at any time the right to:
- Access (art. 15 Reg. UE n. 2016/679): the data subject shall have the right to obtain from the controller access to his/her personal data.
- Rectification (art. 16 Reg. UE n. 2016/679): the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
- Erasure (art. 17 Reg. UE n. 2016/679): the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based, the data subject objects to the processing, and where there is no other legal ground for the processing; the personal data have been processed unlawfully.
- Restriction of processing (art. 18 Reg. UE n. 2016/679): ): the data subject shall have the right to obtain from the controller restriction of processing where on the following applies: the accuracy of the personal data is contested by the data subject; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
- Data portability (art. 20 Reg. UE n. 2016/679): the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
- Right to object (art. 21 Reg. UE n. 2016/679): the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.
- The data subject shall have the right to withdraw his or her consent at any time, if given for one or more specific purposes, at any time without prejudice to the lawfulness of the processing until the withdrawal of such consent.
- Right to lodge a complaint with a supervisory authority (art. 77 Reg. UE n. 2016/679).
The above rights may be exercised by contacting us by email at email@example.com or by registered letter with return receipt to: STEELCO s.r.l. con sede legale in San Vendemiano (TV), via Palù n. 72-74.