Privacy Policy

STEEL AR Srl with registered office in Via IV Novembre 20, in Casorate Sempione 21011 Varese, as the owner of the processing of personal data pursuant to Legislative Decree 196/2003 and subsequent amendments – Code for the Protection of Personal Data (“Codice Privacy”) – and EU Regulation 679/2016 applicable from May 25, 2018 – Regolamento Generale sulla Protezione dei Dati (“RGPD”) [General Data Protection Regulation ](hereinafter Codice Privacy and RGPD are collectively referred to as “Applicable Legislation”) recognizes the importance of the protection of personal data and considers their protection one of the main objectives of its activity. In compliance with the Applicable Legislation, we are providing the necessary information regarding the processing of the personal data provided. This information is provided pursuant to art. 13 of the Applicable Law and STEEL AR Srl invites you to read it carefully because it contains important information on the protection of personal data and on the security measures adopted to guarantee their confidentiality in full compliance with the Applicable Law. STEEL AR Srl informs that the treatment of personal data will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and conservation, minimization of data, accuracy, integrity and confidentiality. Personal data will therefore be processed in accordance with the legislative provisions of the Applicable Legislation and the confidentiality obligations therein provided. OWNER AND DATA PROTECTION OFFICER According to the Applicable Legislation, the data controller is STEEL AR Srl, with registered office in Via IV Novembre 20, Casorate Sempione 21011 Varese, Italy. STEEL AR Srl has not appointed a Data Protection Officer (DPO), as it is outside the conditions provided by the Applicable Legislation concerning the appointment of the DPO. For any information related to the personal data processing carried out by the Data Controller, including the request of the list of the persons in charge of processing data on behalf of the Data Controller itself, please contact the following email address: steelar@legalmail.it PERSONAL DATA BEING PROCESSED “Personal Data” means any information concerning an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his or her physical, physiological, psychic, economic, cultural or social identity. “Particular Data” means personal data revealing racial or ethnic origin, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data, data relating to a person’s health or sex life or sexual orientation. “Judicial data” means personal data relating to criminal convictions and offences or related security measures. “Processing” means any operation or set of operations, whether or not by automated means, applied to personal data or set of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction. PLACE OF DATA PROCESSING The data processing takes place at the aforementioned headquarters of the owner, at the operating offices and at third parties identified. TYPES OF DATA PROCESSED The processing of personal and identification data provided voluntarily by the interested party (by way of example but not limited to: name, surname, address, VAT number, tax code, landline or mobile phone number, e-mail address, bank details, etc.). PURPOSE, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE TREATMENT The personal data voluntarily provided will be processed by the owner for the following purposes:

1. Administrative-accounting. For the purposes of applying the provisions on the protection of personal data, the processing carried out for administrative-accounting purposes are those related to the performance of activities of an organisational, administrative, financial and accounting nature, regardless of the nature of the data processed. In particular, these purposes are pursued by internal organisational activities, those functional to the fulfilment of contractual and pre-contractual obligations, to the management of the employment relationship in all its phases, to the keeping of accounts and to the application of the rules on tax, trade union, social security and welfare, health, hygiene and safety at work.
2. Informative and promotional. The use of e-mail coordinates provided by the customer in the context of the sale of a product or service for the purpose of direct sales of their products or services, is allowed for the purpose of sending information and newsletters. The interested party, at the time of collection and at the time of sending each communication, is informed of the possibility to object at any time to the processing, easily and free of charge (art. 130 paragraph 4 of Legislative Decree no. 196/03). Mailing lists are not activated.
3. Security, in accordance with Legislative Decree 81/2008. With particular reference to the identification data freely given by the guest/visitor at our premises (name, surname, entity or company to which he belongs), the treatment has the exclusive purpose of ensuring compliance with the company security procedures formally applied, also in accordance with the regulations in force (e.g. annotation in the visitors’ register/database, assignment of temporary identification badges, application of the legal obligations concerning safety at work).

METHODS OF TREATMENT – DATA STORAGE The treatment will be carried out automatically and manually, with methods and tools to ensure maximum security and confidentiality, by persons appointed managers and processors under the applicable legislation. The data will be kept for a period not exceeding the purposes for which the data were collected and subsequently processed, and in any case for the duration of the existing contractual or commercial relationship. SCOPE OF COMMUNICATION AND DIFFUSION The data subject to processing will not be disseminated, unless explicitly authorized by the interested party issued after appropriate information. The data may instead be communicated to companies contractually bound to the Data Controller and, where necessary, also to subjects inside and outside the European Union, in accordance with and within the limits of art. 42, 43 and 44 of Legislative Decree no. 196/2003. The data may be communicated in this sense to third parties belonging to the following categories:

• subjects that provide services for the management of the information system used by the Data Controller and of the telecommunications networks, and that take care of the maintenance of the technological part (including e-mail and the newsletter service);
• subjects and entities that collaborate with the Data Controller to carry out training courses, such as, by way of example but not limited to: teachers, interprofessional joint funds;
• freelancers, studies or companies within the scope of assistance and consulting relationships;
• subjects that carry out control, review and certification of the activities carried out by the data controller;
• competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon their request.

The identification data processed in application of the company’s security procedures are not subject to communication, except in the case of express and specific requests made by the competent judicial and investigative authorities. The subjects belonging to the above categories act as Data Processors, or operate completely independently as separate Data Controllers. The list of those responsible is constantly updated and available on request at the headquarters of the data controller. Any further communication or dissemination will take place only with the express consent of the person concerned. In addition, during the ordinary course of processing activities, personal and identification data may be accessed and therefore come to the attention of those expressly designated by the writer as responsible and/or in charge of processing, authorized according to their respective profiles. RIGHT OF ACCESS TO PERSONAL DATA AND OTHER RIGHTS Finally, we inform you that at any time you can exercise your rights towards the owner of the treatment in accordance with the Applicable Law, then obtain confirmation of the existence or otherwise of such data, know the content and origin, verify its accuracy, request its integration, updating, or correction. If the conditions provided for by the Applicable Legislation are met, you have the right to request the cancellation, limitation of processing, portability, as well as to oppose, for legitimate reasons, their processing.

No personal user data is acquired by the site. We do not use cookies to transmit information of a personal nature, nor do we use persistent cookies of any kind, or systems for tracing users. The use of session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to transmitting session identifiers (consisting of random numbers generated by the server) necessary to enable a safe and efficient website. The session cookies used in this site avoid the use of other techniques potentially prejudicial to the privacy of the web surfing of the users and not allow the acquisition of personal identification data of user. What are cookies? Cookies are small text files sent by the site to the terminal of the interested party (usually the browser), where they are stored and then transmitted to the site the next time the same user visits. A cookie cannot retrieve any other data from the user’s hard disk or transmit computer viruses or acquire e-mail addresses. Each cookie is unique to the user’s web browser. Some of the functions of cookies may be delegated to other technologies. In this document the term ‘cookie’ refers both to cookies as such and to all similar technologies. We can have different types of ‘technical’ and ‘profiling’ cookies: Technical Cookies Technical cookies are those used for the sole purpose of “carrying out the transmission of a communication on an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service” (see art. 122, paragraph 1, of the Code). They are not used for further purposes and are normally installed directly by the owner or manager of the website. Mainly they allow the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); they are in fact necessary for the proper functioning of the site as well as those that allow the user to navigate according to a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided to the user. The installation of such cookies does not require the prior consent of users. Profiling cookies Profiling cookies are designed to create profiles of users and are used to send advertising messages in line with the preferences expressed by the user as part of web browsing. IIn the case of third-party cookies, the site has no direct control over individual cookies and cannot control them (it can neither install them directly nor delete them). However, you can manage these cookies through your browser settings (follow the instructions below), or the sites indicated in the “Cookie Management” section. For the use of profiling cookies, the consent of the interested party is required. According to the measure, the user can authorize or deny consent to the installation of cookies through the options provided in the “Cookie Management” section. Distinction between ‘first party’ and ‘third party’ cookies Cookies can be either first party or third party, where ‘first party’ means cookies that have the site as their domain and ‘third party’ means cookies that are related to external domains. Third party cookies are necessarily installed by an external party, always defined as a “third party”, not managed by the site. These parties may eventually install first party cookies as well, saving their own cookies on the site’s domain. Distinction between ‘temporary’ and ‘persistent’ cookies Cookies have a duration dictated by the expiration date (or by a specific action such as closing the browser) set at the time of installation. Temporary or session cookies: These are used to store temporary information, link to actions performed during a specific session and are removed from your computer when you close your browser. Persistent cookies: These are used to store information, such as your login name and password, so that you don’t have to re-type them each time you visit a particular site. They remain stored on your computer even after you close your browser. List of technical cookies on the site System/functional cookies The site uses cookies to provide the user with a better browsing experience; these cookies are essential for the correct use of the site. You can disable these cookies from your browser by following the instructions in the dedicated paragraph, but you will compromise your experience on the site and we cannot be held responsible for any malfunctions. Google Analytics (third party) These are tracking cookies for generating site usage statistics. Google Analytics uses cookies that do not store personal data and are stored on your computer to enable the website operator to analyse how users use the site. On this site, Google Analytics has been anonymized, deactivating the options that allow Google Analytics to track users demographically. To prevent the storage of these cookies the user can follow the procedure available at the following link https://support.google.com/analytics/answer/181881?hl=it Present cookies _gat, _ga, _gid Social Plugins and Widgets (third party Our web pages may contain plug-ins from popular social networks (e.g. Facebook, Twitter, Linkedin) operated by third parties. These plug-ins may, for example, correspond to the “Like” buttons of Facebook or “Retweet” buttons of Twitter. If you access one of our web pages that has such a plug-in, your browser connects directly to the third party’s servers and the plug-in is displayed on your screen through your browser connection. The plug-in may tell the third-party servers which pages you visited. If a social network user visits our web pages while logged into their account, these information may be associated with the account. Even if you use the plug-in’s features (for example, by clicking the “Like” button), that information will be associated with your account. For more information: Facebook https://it-it.facebook.com/policies/cookies/ CHow to disable/delete browser cookies IYou can disable cookies from your PC at any time by changing your Security settings, at http://www.youronlinechoices.eu or alternatively by disabling cookies via your browser settings: Chrome https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies Mozilla Firefox http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies Safari https://support.apple.com/it-it/HT201265 If you want to learn more about cookies in general visit www.allaboutcookies.org If you wish to receive further information on the policy of this site please contact us.