Privacy Notice to Users

Emmeti S.p.A with registered office in Via Brigata Osoppo 166 – 33074 Fontanafredda fr. Vigonovo (PN), VAT no. 04988370963 (hereinafter, the “Controller”), owner of the http://www.emmeti.com website (hereinafter referred to as the “Site”), as the controller of the processing of personal data of users who browse and who are registered on the Site (hereinafter, the “Users”) provides the following privacy policy pursuant to art. 13 of Legislative Decree 196/2003 (hereinafter, the “Privacy Code”) and pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereafter, “Policy”; the Policy and Privacy Code are together defined as “Applicable Regulations”).

This Site and any services offered through the Site are reserved for individuals who are eighteen years of age or older. The Data Controller therefore does not collect personal data relating to persons under the age of 18. Upon request by Users, the Data Controller will promptly delete all personal data unintentionally collected and related to persons under 18 years of age.

The Controller pays the utmost attention to the right to privacy and protection of personal data of its Users. For any information related to this privacy statement, Users may contact the Data Controller at any time, using the following methods:
– By sending a registered letter with return receipt to the controller’s registered office
– By sending an e-mail to the privacy@emmeti.com web address;

1) Purpose of the processing

The user’s personal data will be processed lawfully by the Data Controller pursuant to art. 6 of the Regulations for the following processing purposes:
a. Browsing the site, in relation to the possibility of detecting the User’s data needed at a technical level (such as i.e. the IP address) while browsing the site.
b. Sending informative newsletters, upon your specific request.
c. Replies to your requests for information, sent to us via the appropriate contact form.
d. Registration to the site’s reserved area, through which you can access technical and commercial documents, Operative support, Declarations and certificates, Specifications, Access to the program for quotes, Catalogues and price lists.
e. Legal obligations, or rather to fulfil obligations as required by law, by an authority, by a regulation or by European legislation.
f. Receipt of CVs used for the selection of personnel, via the appropriate entry form. Specific information will be conveyed on the relative page.

2) Legal basis of the processing

The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide it will make it impossible for the User to browse the site, register to the Site and take advantage of the services offered by the Owner on the Site.

With reference to the purposes set out in points 1/a, 1/c, 1/d, 1/f, the legal basis of the processing is in fact the execution of the services provided through the Site and requested by you (pursuant to article 6, paragraph 1, letter b of the 2016/679 Privacy Policy); with reference to the optional purposes referred to in paragraph 1/b of the previous paragraph, the legal basis of the processing is based on your freely expressed consent (pursuant to Article 6, paragraph 1, letter a of the 2016/679 Privacy Policy); with reference to the purposes set out in point 1/e of the previous paragraph, the legal basis of the processing is to fulfil a legal obligation to which the data controller is subject to (pursuant to article 6, paragraph 1, letter c of the Privacy Policy 2016/679).

3) Processing methods and data retention times

The Data Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes and, in any case, in order to guarantee the security and confidentiality of the data.

The personal data of the Users of the Site will be kept for the time strictly necessary to carry out the purposes described in paragraph 1 above, or, however, as is necessary for the protection, in civil law, of the interests of both the Users and the Data Controller. In relation to the purpose referred to in paragraph 1.b, the data will be kept until you refuse to receive the newsletter, through the appropriate link found in the newsletter or through the methods of exercising the rights referred to in paragraph 5.

4) Scope of communication and circulation of data

The User’s personal data may be disclosed to the Controller’s employees and/or collaborators in charge of managing the Site. The subjects, who are formally appointed by the Data Controller as “processors”, will process the User’s data exclusively for the purposes indicated in this notice and in compliance with the provisions set forth in the Applicable Regulations.

The User’s personal data might also be disclosed to third parties who may process personal data on behalf of the Data Controller as “External Processors”, such as, for example, IT and logistic service providers functional to the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data controllers appointed by the Data Controller, by putting forth a request to the Data Controller as indicated in point 5.

5) Rights of the interested party

Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controller in the following manner:
– By sending a registered letter with return receipt to the registered office of the controller
– By sending an email to privacy@emmeti.com;
Pursuant to Applicable Regulations, the Data Controller informs Users that they have the right to obtain indication
(i) of the origin of the personal data;
(ii) the processing purposes and methods;
(iii) the logic applied in the event processing is carried out with the aid of electronic instruments;
(iv) of the identification details of the controller and processers;
(v) of the subjects or categories of subjects to whom the personal data may be passed on to or those who may come into contact with it such as managers or agents
Furthermore, Users have the right to obtain:
a) access, updating, rectification or, if interested, the integration of data;
b) the deletion, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed;
c) the certification that the procedures referred to in letters a) and b) have been brought to the attention, with regard to their content as well, of those to whom the data has been communicated or circulated, except in the case where such fulfilment proves to impossible or involves the use of means that are clearly disproportionate to the protected right.
Furthermore, Users have:
a) the right to withdraw consent at any time, if the processing is based on their consent;
b) the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by an automatic device), the right to limit the processing of personal data and the right to deletion (“right to be forgotten”);
c) the right to oppo:
i. in whole or in part, for legitimate reasons, the processing of personal data concerning them, even if pertinent to the purpose of the collection;
ii. in whole or in part, the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications;
iii. if personal data is processed for direct marketing purposes, at any time; the processing of their data for this purpose, including profiling in so far as it is related to such direct marketing.
d) qa) Should Users feel the processing that concerns them violates the Regulations, they have the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, where they work or where the alleged violation has occurred). The Italian Supervisory Authority is the Guarantor for the protection of personal data, based in Piazza di Monte Citorio n. 121, 00186 – Roma (http://www.garanteprivacy.it/).



Notice to clients and suppliers

Pursuant to EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data
Data processing relating to legal entities does not fall within the scope of the personal data protection regulations established by the Regulations. For the sake of clarity and transparency towards its Customers and Suppliers, Emmeti S.p.A. makes this information available to legal entities as well, describing the methods and purposes of all the processing that the Company carries out or has the right to carry out on personal data.

Premise

Pursuant to art. 13 of EU 2016/679 Regulation, Emmeti S.p.A. (hereinafter “the Company”), with registered office in Via Brigata Osoppo, 166 – 33074 Vigonovo di Fontanafredda, which can be contacted to exercise your rights permitted by current legislation at the office address or by email – privacy@emmeti.com, the Controller of the personal data processing that has already been communicated or that will be communicated in the future and where the personal data is or will be collected, wishes to inform you that the data concerning you may be processed, in compliance with the aforementioned legislation, by the Company in relation to the contractual relationships with you presently or in the future.

1) Source of personal data

Personal data provided, or that will be obtained in relation to contractual relationships, is collected directly from the interested party. All personal data collected is processed in compliance with current legislation and, in any case, with the utmost confidentiality.

2) Nature of the collection

In order to stipulate and execute the contractual relationship, the collection of personal data is also mandatory when having to comply with legal and tax obligations; the refusal to provide such personal data will make it impossible to establish a relationship with the Company. The relative processing does not require the consent of the interested party.

3) Purpose and legal basis for the processing

The collection or processing of personal data has the exclusive purpose of providing adequate compliance with the obligations related to carrying out the Company’s economic activity and in particular for:
a) executing pre-contractual activities and obtaining preliminary information for the purpose of signing the contract;
b) managing the contractual relationship and all the administrative, operational, management and accounting activities related to the contract (order management, invoicing, checks on the reliability of suppliers, assistance and after-sales support);
c) managing litigations, breaches of contract, warnings, transactions, arbitrations, judicial disputes;
d) fulfilling the obligations established by laws, regulations, community regulations and provisions issued by authorities.
The processing is carried out by virtue of the fulfilment of the contractual/pre-contractual and legal obligations relating to the relationship established with the Company.

4) Nature of the conferment and consequences of any refusal

Providing personal data to the Company is mandatory, yet only for personal data for which there is a legal or contractual obligation to that effect, or for the personal data necessary to obtain pre-contractual information as requested by the interested party. In the event of any refusal to provide such “mandatory” personal data, the contract may not be fully exercised. Any refusal to provide personal data for which there is no obligation to provide, but strictly functional to the execution of contractual relationships, will not, in principle, have any consequences in relation to ongoing relationship, except for the possible inability to follow up on transactions related to such personal data or the impossibility of establishing new relationships. Any refusal to provide personal data related to carrying out other activities, not strictly functional to the execution of the contractual relationships, can only prevent the conduct of such additional activities without further consequences.

5) Processing methods

The processing of personal data will be carried out in a lawful and correct manner and, in any case, in compliance with the aforementioned law, by means of instruments which guarantee security and confidentiality, and may also be carried out through IT tools to store, manage and transmit the data. The processing will be carried out, mainly, by the internal organization of the company under the direction and control of the corporate functions in charge and for the purposes indicated above, as well as by Group companies or third parties, as identified in point 7 below. The retention of personal data will take place in a form that allows the identification of the data subject for a period of time that doesn’t exceed the time required for the purposes it is collected and processed.

6) Duration of processing

The personal data, subject of the processing, will be retained for the time strictly necessary with regard to the contractual relationship, as well as, subsequently, for the fulfilment of all the legal obligations connected, or deriving from, the contract stipulated with the Company.

7) Recipients of personal data

Without prejudice to communications carried out in compliance with a legal obligation, regulations, intra-group or community legislation, communication, by simply consulting or making available personal data concerning you, may intervene in relation to the following subjects:
a) institutions, supervisory bodies, authorities or public institutions;
b) Companies belonging to the RETTIG Group, controlling, controlled or associated to our Company, located in Italy or abroad;
c) natural or legal persons providing specific services: data processing, logistics and postal services, customer satisfaction surveys, legal, administrative, tax and/or accounting consultancy, organization of exhibitions and communication events;
d) commercial intermediaries, banks and credit institutions, financial intermediation companies, natural or legal persons responsible for credit recovery, credit information companies, auditing and/or certification of financial statements and quality systems, independent collaborators of the Company, agents and reporters, insurers and brokers;
e) natural and/or legal persons who request references/data for the purpose of participating in public tenders, or rather in the context of executing supply contracts to their customers by Emmeti S.p.A.
The subjects referred to in points a), d), e) operate as independent Data Controllers.
The list of such third parties will be constantly updated and accessible to you upon request to the Company. Through links with them, via computerized, electronic or correspondence means, personal data may be made available abroad, even with countries outside EU, assuming there is relative authorization, or on the basis of standard contractual clauses.  Personal data will not be disclosed in any case

8) Rights of the interested party

You have the right to access personal data under Art. 15 of the 2016/679 EU regulation and the rights provided for by articles 16, 17, 18, 21 of EU Regulation 2016/679 regarding rectification, deletion, limitation of processing and the right to object, in the manner established by art. 12 of the 2016/679 EU Regulation.

9) Right to lodge a complaint, pursuant to art. 77 of the EU Regulations, to the Guarantor Authority

Should our company not provide you with a response within the time provided for by law or the reply to exercise your rights not be appropriate, you can lodge a complaint with the Guarantor for the protection of personal data at the following address: Guarantor for the protection of personal data Piazza di Monte Citorio n. 121 – 00186 Roma www.gpdp.itwww.garanteprivacy.it E-mail: Fax: (+39) 06.69677.3785 Telephone exchange: (+39) 06.69677.1

Scroll Up