This privacy notice is provided to users who access and use this website of Guerrini Valerio Torneria Automatica S.r.l., pursuant to and in accordance with Legislative Decree no. 196/2003 “Personal Data Protection Code”, as amended, and Articles 13–14 of EU Regulation 2016/679 “General Data Protection Regulation” (GDPR), in order to inform them of the essential elements of the processing operations carried out.

1. Data Controller

The Data Controller is Guerrini Valerio Torneria Automatica S.r.l., with registered office in Antegnate (BG), Via Milano 3/5, represented by its legal representative pro tempore.

2. Data Processors and Persons Authorised to Process Data

The updated list of data processors and persons authorised to process personal data is kept at the registered office of the Data Controller.

3. Summary Description of Data Processing

For the purposes outlined in this notice, the Data Controller will process the personal data you voluntarily provide in communications (such as identification and contact details), as well as data automatically collected during browsing.

a) Browsing Data

The IT systems and software procedures used to operate this website may, during their normal operation, acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified individuals, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or the type of device used by users connecting to the site, device settings and characteristics, related system activities, Uniform Resource Identifier (URI) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful outcome, error, etc.), and other parameters relating to the user’s operating system and IT environment.

Such data are used to ensure correct browsing, to gather information necessary to verify the proper functioning of the website, to enable the correct delivery of the various features requested, and to ascertain potential liability in case of hypothetical cybercrimes against the website or third parties.

Regarding personal data collected through cookies, please refer to our Cookie Policy, available on the website.

b) Personal Data You Provide

We collect personal data voluntarily provided by you, such as identification and contact details (e.g. name, surname, e-mail address, city, occupation/position, telephone number), in order to respond to your requests for information sent via e-mail or other communication channels (e.g. social networks).

4. Purposes and Lawfulness of Processing

Personal data will be processed by the Data Controller to enable navigation on the website and verify its proper operation, to manage and respond to your information requests or communications, and to protect our rights in judicial and extrajudicial contexts.

Depending on the purpose pursued, the lawful bases for processing are the performance of a contract or pre-contractual measures taken at your request, and the Data Controller’s legitimate interest.

i. To allow website navigation and ensure its proper functioning. Lawful basis: performance of a contract or pre-contractual measures.

The provision of data for this purpose is necessary to allow you to browse the website and ensure its correct functioning.

ii. To manage and respond to your information requests sent via the e-mail address indicated on the website or other communication channels. Lawful basis: performance of a contract or pre-contractual measures.

Providing your data for this purpose is optional but necessary to process your request. Failure to provide such data may make it impossible to manage your enquiry.

iii. To manage spontaneous job applications sent to the e-mail address indicated on the website or via other communication channels. Lawful basis: performance of pre-contractual measures.

Providing your data for this purpose is optional but necessary to process your application. Failure to provide such data may make it impossible to proceed with your application.

iv. To exercise or defend legal claims, whether in court or out of court. Lawful basis: the Data Controller’s legitimate interest in exercising or defending its rights, which has been assessed as not overriding your rights and freedoms.

5. Processing Methods and Data Retention Period

Your data will be processed using IT and telematic tools, protected through adequate technical and organisational security measures to ensure confidentiality, integrity, and availability.
We retain personal data only for as long as necessary to achieve the purposes for which they were collected or for any other legitimate related purpose. If data are processed for two different purposes, they will be kept until the purpose with the longer retention period ceases. Data that are no longer required or for which there is no longer a legal basis for retention will be irreversibly anonymised (and may thus be retained) or deleted.

Browsing data are deleted at the end of your browsing session, unless retention is required for the purpose of establishing liability in case of hypothetical cybercrimes.

Personal data processed to manage and respond to information requests or other communications will be retained for the time necessary to handle your request and subsequently deleted.

If processing is necessary for legal defence purposes, data will be retained for the period in which claims may be pursued under the law.

6. Recipients and Disclosure of Personal Data

Personal data may be made available or disclosed to individuals appointed and/or authorised (including external processors), within the limits of their respective responsibilities and functions, to fulfil the purposes mentioned above or to comply with legal obligations.

By way of example, personal data may be made available or disclosed to:

• employees of the Data Controller, duly appointed as persons authorised to process personal data, or collaborators and/or consultants of the Data Controller, duly appointed as data processors;
• companies, consultants or professionals possibly appointed for the installation, maintenance, updating and, in general, management of the Data Controller’s hardware and software or used by the Data Controller for the provision of its products and/or services, also, where appropriate, appointed as system administrators;
• companies, consultants or professionals assisting the Data Controller in fulfilling specific legal obligations.

In this regard, the Data Controller specifies that the persons authorised to whom the Users’ personal data are made known will process them pursuant to a specific appointment or assignment, in accordance with Article 29 of the Regulation, and that third parties to whom the personal data are made available will process them as external data processors on behalf of the Data Controller, based on specific agreements of appointment, in accordance with Article 28 of the Regulation.

Personal data will not be disseminated, disclosed, or made available to entities other than those specified in this notice or provided for by applicable law.

The User’s personal data will not be transferred outside the European Economic Area; however, should such transfer become necessary, the Data Controller specifies that processing will take place according to one of the methods permitted by data protection law, such as the adoption of Standard Contractual Clauses approved by the European Commission, the selection of entities adhering to international programmes for the free movement of data or operating in countries deemed safe by the European Commission, etc.
Further information may be obtained, upon request, from the Data Controller using the contact details provided above.

7. Data Transfer

The Data Controller stores and processes the personal data indicated within the European Union.
The Data Controller does not transfer personal data outside the European Union or the European Economic Area; however, if, due to possible requirements related to the location of service providers, it becomes necessary to transfer data outside the European Union or the European Economic Area to countries for which the European Commission has not issued an adequacy decision, the Data Controller undertakes to ensure adequate levels of protection and safeguards, including contractual measures in compliance with applicable regulations, such as the conclusion of Standard Contractual Clauses referred to in Article 46, paragraph 2, letter (c) of the GDPR, possibly integrated with supplementary technical, legal, and organisational measures necessary to ensure that the level of personal data protection is equivalent to that of the European Union.

For any further information regarding the transfer of your personal data, you may send an e-mail to: gdpr@guerrinivalerio.it

8. Rights of the Data Subject

At any time, the Data Subject may exercise his or her rights pursuant to Legislative Decree No. 196/2003, as amended, and Articles 15–22 of EU Regulation 2016/679 by contacting the Data Controller by sending an e-mail to: gdpr@guerrinivalerio.it
By way of example, you have the right, at any time, to request, where applicable, to:

1. Access your personal data to confirm whether or not data concerning you are being processed (Art. 15 of EU Regulation 2016/679);
2. Verify and rectify your personal data (Art. 16 of EU Regulation 2016/679);
3. Obtain the erasure of your data (“Right to be Forgotten”) (Art. 17 of EU Regulation 2016/679); 
4. Obtain restriction of processing (Art. 18 GDPR);
5. Obtain data portability;
6. Object to data processing;
7. Lodge a complaint;
8. Object to automated decision-making, where applicable;
9. Withdraw consent at any time. The Data Subject may withdraw consent to the processing of data at any time. However, withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

There is no automated decision-making process.
The Data Subject may in any case contact the Italian Data Protection Authority (“Garante per la Protezione dei Dati Personali”), whose contact details are available on the website www.garanteprivacy.it, following the procedures indicated therein.

Modification of this Privacy Notice
The Data Controller reserves the right to modify, update, add, or remove parts of this privacy notice at its discretion and at any time, providing appropriate notice thereof.

The Data Controller
Guerrini Valerio Torneria Automatica S.r.l.