This privacy policy document describes the purposes and methods of processing the personal data of customers (hereinafter referred to as “data subjects”) of Eurometal srl (hereinafter referred to as “EUROMETAL”).
1) Data Controller
The Data Controller is Eurometal srl, Registered Office: Via Giovanni Falcone 11/13 – 24030 Almenno S. Bartolomeo (BG), Tel. 035/548177, VAT No.: 02388440162, Tax Code: 02388440162, e-mail: info@eurometal.srl – Certified Email (PEC): info@pec.eurometal.srl.
2) Data Protection Officer
Pursuant to Article 37 of Regulation (EU) 2016/679, EUROMETAL has decided not to appoint a Data Protection Officer (DPO) as it is not a public body and does not engage in large-scale regular and systematic monitoring of data, including the data referred to in Articles 9 and 10.
3) Purposes, Methods, and Place of Processing
The data processed by EUROMETAL relating to customers, regularly collected, will be processed:
a) For purposes related to the contract established between the parties;
b) For civil, tax, and accounting purposes;
c) To comply with obligations imposed by law, regulations, EU legislation, or orders from authorities (e.g., anti-money laundering laws).
Personal data is processed using automated and manual tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are implemented to prevent data loss, unlawful or incorrect use, and unauthorized access.
Processing related to the Services takes place at EUROMETAL’s premises and at the premises of the company’s electronic data processing service providers. It is carried out only by specifically appointed technical personnel or by individuals in charge of occasional maintenance operations.
4) Legal Basis
The legal basis for processing your data is the law for the purposes stated in points b) and c) and the contract for the purposes in point a). Additionally, the communication of data to public authorities is based on legal obligations.
5) Categories of Personal Data, Recipients, and Scope of Communication and Disclosure
EUROMETAL collects personal data necessary for the provision of services under the contract, including but not limited to: company name, telephone number, email address, tax code, VAT number, banking details, etc.
The data may be shared with:
These entities will process the data as independent data controllers.
6) Nature of Data Provision and Consequences of Refusal
Providing data for the purposes outlined in points 3 a), b), and c) is mandatory. Without such data, we will not be able to guarantee the services provided under the contract.
7) Data Transfer Abroad
As a rule, data will not be transferred abroad. However, in certain cases, cross-border data transfer may occur, qualifying as a transfer of data outside the EU. EUROMETAL primarily operates in Italy and conducts data processing activities within the country.
If data is transferred to non-EU countries, it will always be processed in accordance with the principles set out in Articles 45 and 46 of the GDPR, ensuring the existence of an adequacy decision by the European Commission or appropriate safeguards.
8) Retention Period
Data processed for the purposes stated in points a), b), and c) will be retained for the entire duration of the contractual relationship with our company and, after its termination, for the period necessary to protect the company’s rights and demonstrate compliance with its obligations.
9) Data Subjects’ Rights
As a data subject, you have the rights set out in Article 15 of the GDPR, including the right to:
I. Obtain confirmation of whether or not personal data concerning you exists, even if not yet recorded, and receive it in an intelligible format.
II. Obtain details on:
a) The source of personal data;
b) The purposes and methods of processing;
c) The logic applied in case of processing with electronic tools;
d) The identity of the data controller, processors, and designated representative under Article 3(1) of the GDPR;
e) The entities or categories of entities to whom personal data may be disclosed.
III. Obtain:
a) The updating, rectification, or integration of data;
b) The deletion, anonymization, or blocking of data processed unlawfully;
c) Confirmation that the operations mentioned in points a) and b) have been notified to those to whom the data was disclosed, except where this proves impossible or requires disproportionate effort.
IV. Object, in whole or in part:
a) To the processing of personal data concerning you for legitimate reasons, even if relevant to the purpose of collection;
b) To the processing of personal data for sending advertising materials, direct sales, market research, or commercial communication via automated means (email, call systems) or traditional means (telephone, postal mail).
V. The right to object, as outlined in point b), applies to both automated and traditional marketing methods. The data subject can choose to receive communications only through traditional methods, only through automated methods, or not at all.
Where applicable, you also have the rights under Articles 16-21 of the GDPR (Right to rectification, Right to erasure, Right to restriction of processing, Right to data portability, Right to object), as well as the right to lodge a complaint with the Data Protection Authority.
10) Exercising Your Rights
Requests should be addressed to the Data Controller without specific formalities by sending a communication to the email address info@eurometal.srl.
11) Right to Lodge a Complaint
The data subject has the right to lodge a complaint with the Data Protection Authority regarding any alleged violation of data protection laws. The Authority’s contact details are as follows:
Italian Data Protection Authority
Piazza di Montecitorio n. 121 – 00186 Rome, Italy
Fax: (+39) 06.69677.3785
Telephone: (+39) 06.696771
Email: garante@gpdp.it
Certified Email (PEC): protocollo@pec.gpdp.it
12) Data Sources
The data in question has been primarily obtained from the data subject. Some data, however, may be acquired from publicly accessible sources.
