This document concerns the personal data privacy policies of Made in Steel s.r.l. which, through Morandi Group s.r.l., manages the website www.madeinsteel.it and describes how we process the personal data of users and visitors to the site.
The user, by accessing the site and navigating its pages, declares that the user accepts that it is subject to the prevailing Italian regulations.
For the purposes of the data protection legislation (including the General Data Protection Regulation EU 2016/679, hereinafter GDPR) and for the applicable Italian legislation (D. Lgs 196/03 as amended by D. Lgs 101/2018), the controller of your personal data is Made in Steel s.r.l. – Sole Proprietorship under the management and coordination of Siderweb spa; tax and VAT no.: 03608030171, with registered offices in Flero (BS), Via Don Milani 5, who may be contacted at: T +39 030 2548 520; F +39 030 2549 833; e-mail: firstname.lastname@example.org. The Controller has appointed its own DPO, namely Avv. Alessandro Donati, who may be contacted via e-mail at email@example.com or by certified e-mail at firstname.lastname@example.org or by telephone on +39 030 47502.
It is customary to update the website continually as the legislation changes and we may therefore modify this document and the privacy statement. To keep up-to-date, we invite you to regularly visit this page, where we will publish any amendments.
Under the terms of Article 12 GDPR the controller hereby provides the data subject with the information referred to in Article 13 GDPR and the communications referred to in Articles 15 to 22 and 34 GDPR relating to the processing of their data. This information is to be understood as general, provided to anyone who interacts electronically with the website at www.madeinsteel.it.
In certain situations (e.g. application for admission as exhibitor/visitor/journalist to the exhibition) the controller may publish specific statements in order to obtain consent to data processing.
These statements describe how we collect, use and process your personal data, and in so doing fulfil our legal obligations to you. Your privacy is important to us and we work hard to protect it and your data protection rights.
The statement does not apply to other websites which you may visit via our links, for which the controller has no responsibility.
The controller hereby informs the data subject that the personal data provided when contacting the controller, and which does not fall into one of the special categories of personal data described in Article 9 GDPR, regarding either the data subject themselves (including firms operating as individual businesses, small entrepreneurs or freelance professionals) their employees, agents, representatives or contractors (the “data”), will be processed in accordance with the provisions of the GDPR. The processing is performed on the basis of the conditions of lawfulness set forth in Article 6 GDPR, for the purposes inherent in establishing a relationship with the controller, whose legal basis under Article 13 point c) GDPR lies in the reason for contacting the controller. Processing of the data provided to the controller shall include: management, organization, use, conservation, database creation, processing across EU and non-EU territory (countries falling into the cases governed by Articles 45 and 46 GDPR), statistical analysis.
We collect a small number of pieces of data from visitors to our website which we use to improve the user experience and manage the services we provide. Among these pieces of data is information regarding how our website is used, how frequently it is accessed and which sections are most popular.
The controller communicates to the partners with which it develops certain initiatives only the data necessary (in accordance with the principles of data protection by default under article 25 GDPR) for their execution and implementation. These entities, who are authorized as external processors under the terms of Article 28 GDPR, include: Siderweb s.p.a., Fiera Milano s.p.a., Morandi Group s.r.l., ICE, Authorities and Institutions. Some data provided for the various purposes is shared with the controller’s partners in full compliance with the privacy regulations. Remember however that data processing by partners is always and only performed in the interest of the user and never for the purposes of aggressive marketing or without the option of refusing the proposed initiative, even at a later stage. Data processing also comprises the destruction and amendment of the data when requested by the data subject, consultation, communication of future initiatives via soft spam and lightweight marketing, statistical analysis, distribution of advertising and the promotion of conventions and meetings, and deletion. Note also that the processing of data linked to web services offered by this website physically hosted by Amazon Web Services is carried out at the controller’s premises and only by employees, contractors or authorized third parties even in the case of occasional maintenance.
Data processing is performed either on paper or using electronic tools by specially authorized data processing personnel. The provision of data is voluntary, except that gathered automatically by the system. It shall be understood that by continuing to navigate without deactivating cookies (see cookies policy) consent is understood as given under the terms of Article 4 (11). The controller performs no data processing on the basis of automated decision-making processes. Your data will be stored for 5 years or in any case for as long as is necessary to fulfil the purposes of its collection.
The controller also hereby states that it guarantees the rights to rectification under Article 16 GDPR, the right to be forgotten under Article 17 GDPR, the right to the restriction of processing under Article 18 GDPR and the right of access to the personal data provided and the consequent information listed under Article 15 GDPR.
The data subject also has the right to:
1) ask the controller for access to their personal data, modify or delete it, restrict its processing or refuse processing;
2) portability of data under Article 20 GDPR;
3) where processing is carried out under the terms of Article 6 (1) point a), or Article 9 (2), point a), revoke their consent at any time without compromising the lawfulness of data processing consented to prior to revocation;
4) lodge a complaint with the supervisory authorities;
To exercise the above rights or receive further information on the processing of the data provided, it is sufficient to send an e-mail to the DPO at the following e-mail address: email@example.com or via certified e-mail to firstname.lastname@example.org putting in the subject line “exercise of rights under GDPR” including your data and specifying the right/s that you wish to exercise. After processing the communication received the Controller will give its feedback within the terms laid down in Article 12 paragraph 3 GDPR.
We are only entitled to refuse your request for one of the following reasons:
- in exercising the right to freedom of expression and freedom of information;
- to comply with a legal obligation or perform a task of public interest or carry out an official order;
- for reasons of public health in the public interest;
- for the purposes of archiving, research or statistics, or to exercise or defend a legal entitlement.
We shall take all reasonable measures to satisfy a valid request for the deletion of data.
Moreover, please be informed that, in the event that a tangible and effective prejudice results from the exercise of the rights listed and granted by artt. 15 to 22 GDPR to particular data subject categories and/or activities as listed by art. 2 undecies D.Lgs. 193/03 as amended by D.Lgs. 101/2018 , those rights cannot be exercised through a claim to the Controller or a complaint under art. 77 GDPR; this is without prejudice to what stated by paragraphs 2 and 3 of the aforementioned article.
The controller shall communicate whether it intends to further process your personal data for any purpose other than that for which it was collected; before carrying out such processing it will inform you and provide any additional relevant information, requesting your consent. You are also informed that the controller issues specific statements to gather data in certain contexts. Please see the relevant statement (e.g. application to take part in a trade fair etc.). Please note that when visitors send e-mail to the addresses given on this site, for any of the various purposes, the controller acquires the sender’s address and any other personal data contained in the message which may be processed subsequently in the way, and for the purposes, described in the statement above. Sending such e-mail shall imply having read and accepted the privacy statement.
Communications relating to the controller’s activities and news on the Made in Steel exhibition are reserved for specific categories of registered users. To run and deliver this service, the controller uses the services and tools provided by the website PhPlist. For more information on the processing of personal data by PhPlist, you are advised to read carefully the content found at: www.phplist.com/privacy. Failure to provide personal data shall have no consequences for the user apart from the inability to enjoy the service requested if essential data is withheld. You may revoke your consent to receiving such communications by choosing unsubscribe at the foot of the page of each communication.
The computing systems and software procedures which run this website gather, in the normal course of their operation, certain personal data the transmission of which is implicit in the use of Internet communication protocols. Such data is only used to gather anonymous statistical information on website use and ensure that the website is working correctly and is deleted immediately after processing. The data might be used to establish legal responsibility in alleged cases of computer crime at the site’s expense.
Cookies are small text files sent by a website to the user’s hard drive that unequivocally identify the user’s browser. The cookies do not harm the computer and do not contain viruses. Cookies are used to streamline the analysis of web traffic or report when a specific site is visited and enable web applications to send information to individual users.
The cookies on our site do not collect data about users or track them, can be disabled at any time and are not used to transmit personal data.
The cookies on our website are used for the purposes of anonymous statistical analysis and to improve the user experience. If cookies are to be used for other purposes, their use will be explained explicitly.
The information and materials published on the website are produced and provided free of charge. However Made in Steel does not accept any responsibility for possible errors or inaccuracies. We reserve the right to modify, add, remove some or all content and to suspend, interrupt or limit access to the website or the content at any time and without prior notice at our own unchallengeable discretion.
The website and all or part of its content, the documents, databases and consultation systems are the exclusive property of Made in Steel and represent corporate assets protected by copyright legislation.
It therefore follows that anyone browsing the website may not use, reproduce, modify, translate, distribute or republish any part of the content of the site if not for strictly personal purposes.
The Made in Steel trademark, documentation, images, fonts, graphics, software and any other trademarks or distinguishing marks present on the website are the property of Made in Steel or are licensed by it and may not therefore be used by the navigator without written authorization.
The controller runs regular checks that these privacy rules are respected, and replaces them from time to time with new ones. Any questions or doubts about the privacy rules may be addressed to the controller at any time to: email@example.com.
We shall explore any problem highlighted by users in a formal written complaint to this address. We undertake to collaborate fully with the competent authorities to settle any disputes regarding the transfer of personal data which are not resolved directly by the controller and the interested party.