Privacy Policy URMET TLC

LEGAL NOTES AND PRIVACY POLICY
The data published on this site, relating to the company Urmet Telecomunicazioni SpA (hereinafter referred to as “Controller” or “Joint Controller”) and the persons who work with it, may be freely used by all those who are interested in the products sold by our company or by the other companies belonging to the Urmet Group.
They may not be used by potential suppliers or other parties for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
Below are our privacy policies provided pursuant to Article 13 of GDPR 679/16.

Privacy policy addressed to website visitors

This website belongs to the company Urmet Telecomunicazioni SpA, which processes the data collected through the site in its capacity as Controller.

The Controller guarantees the security, confidentiality and protection of the data in its possession, and data which will come into its possession, at any stage of data processing, in compliance with the rules laid down by GDPR 679/16 and in accordance with business secrecy.
Our Internet site contains links or references to other third-party Internet sites over which the Controller has no control. These links are provided for the convenience of users of our site and the Controller assumes no liability in relation to such sites, nor does it make any representations as to the accuracy or completeness of the information contained thereon.

This privacy policy is addressed to persons visiting and consulting the site of Urmet Telecomunicazioni SpA, pursuant to Article 13 of GDPR 679/16—“General Data Protection Regulation”.
This cookie policy therefore describes how Urmet Telecomunicazioni SpA uses cookies and similar technologies to collect and store information when you visit our website or receive e-mails from us.

Processing methods
During normal operation, computer systems and software procedures responsible for keeping this site working collect some personal information whose transmission is implicit in use of Internet communication protocols.
Owing to their nature, this information can allow for identifying users when processed and associated with data kept by others.

Cookie policy, pixel tags and JavaScript tags
Our website uses cookies for technical purposes, session, persistent, analytical and profiling cookies, in addition to pixel tags and/or JavaScript tags, to collect and store certain information about you. A cookie is a small text file that a website sends and saves on the hard disk of your computer and/or device (hereinafter both referred to as “computer”); later, when you visit the website again, the cookies saved on your computer will send information to the party that sent them.
Session cookies are used, for instance, so you can browse the website without having to enter your login data again and are deleted from your computer once your browser is closed. Persistent cookies remain on your computer after the browser is closed, but can be deleted at any time by using the browser settings. Cookies are either “first-party cookies” or “third-party cookies”. First-party cookies are set directly by Urmet Telecomunicazioni SpA on your computer, for the sole purpose of recognising it the next time you come back to our site.
Third-party cookies are sent by an independent service provider acting on behalf of the company and may be used by that third-party service provider to recognise you when you visit our company’s website or third-party sites. Although we may grant third-party service providers access to our website to send these cookies to your computer in accordance with applicable laws, as outlined in this Cookie Policy, we do not have control over the information collected by the cookies nor do we retain access to such data, which are immediately disclosed to the third party that collects them.
This information is entirely controlled by the third-party service provider in accordance with its respective privacy policy. Pixel tags may also be used in e-mails that Urmet Telecomunicazioni SpA sends to you. To learn more about cookies, visit:
www.allaboutcookies.org or www.youronlinechoices.eu.
By using our Company’s website, you consent to the use and dissemination of cookies and non-transaction related pixel/JavaScript tags as described in this policy unless you withdraw such consent or prevent their use by changing the technical settings on your computer as described below:
How to disable or delete cookies
If you want to prevent your browser from accepting cookies, or wish to be informed each time a cookie is saved on your computer or wish to delete cookies already saved, you can make the appropriate changes by using your Internet browser settings, you can normally access from the “Help” or “Internet Options” sections. Please refer to the links below:
> Internet Explorer
> FireFox
> Chrome
> Safari
If you disable or delete cookies through your Internet browser settings, certain functions or features of our website may not be available to you; in addition, you may be required to re-enter your login information, and use of our website may be restricted. If you delete all cookies from your browser or use a different browser or computer, you will have to complete the procedure again to withdraw your consent to the use of cookies.

Purpose of the use of cookies, pixel tags and JavaScript tags
This website uses the following cookies for the purposes listed below:
Urmet Telecomunicazioni SpA uses session cookies to save the products in your shopping cart and to allow the registered user who has logged in to the site to remain logged in. Session cookies store relevant information together with your IP address and cookie ID. These session cookies are transaction-related cookies that are necessary for the use of the website and whose use does not require your consent.

Urmet Telecomunicazioni SpAmay also use a persistent cookie to save your access data, so you do not have to re-enter them every time you visit our website. This feature can only be activated if you tick the box below the access window informing you of the availability of this feature.
Urmet Telecomunicazioni SpAmay also set a persistent cookie the first time you visit our website in order to recognise you as a visitor and determine whether you have visited the online shop for consumers or the one for business customers. This cookie is updated with a date stamp and time stamp every time you return to our website, and saves information about the products you view in order to show you personalised products on the home page of the website based on preferences revealed previously. If you are a registered customer, ABCD can place a persistent cookie that keeps track of the time and date of visits whether you are registered as a corporate or consumer customer; this cookie can be matched to your transaction data to show you personalised products on our home page based on your preferences revealed previously.

Social media tools
The website of Urmet Telecomunicazioni SpA offers access to social media tools provided by social networking and content-sharing platforms such as Facebook, Google, LinkedIn and Twitter.
Specifically, the Urmet Telecomunicazioni SpA website offers access to LinkedIn and UtilitiesPress. Users who decide to use these tools by activating a social media tool may share certain personal data with their friends and these social networking and content-sharing platforms. Sharing activities are subject to the privacy policies of each social network. For instance, in the case of Facebook, you may be offered tools from that social network that allow you to share information and activities of your friends with its logged in account holders while browsing our website. For example, social plug-ins allow Facebook to show your Post Likes and those of your friends on our product pages if you are logged into Facebook while browsing our site.
However, Urmet Telecomunicazioni SpA has no control over the information collected by these social media tools nor does it have access to such data. This information is entirely controlled by the social network in accordance with its respective privacy policy. For more information, please visit the websites of the respective social networks.

Identity of the Controller
The Controller of the processing operations indicated below is the company Urmet Telecomunicazioni SpA, with registered office at Via Bologna 188/C, 10,154 Turin, in the person of its legal representative in office.

Purpose of processing
In order to offer a quality service, our site requires certain information from your browser. These are browsing preferences, logins and pages that are viewed frequently. This information helps to better understand your needs, in order to offer a better service.

Legal basis for processing
The use of cookies for technical purposes is processing carried out in the legitimate interest of the Controller; the use of the remaining cookies is carried out with the consent of the data subject.

Data recipients
Your personal data processed by the Controller are not disseminated, i.e., they are not made known to unspecified persons, in any possible form, including by making them available or simply consulting them. On the other hand, they may be disclosed to workers employed by the Controller, to external parties working with the Controller who are designated as Processors or authorised to process data because they are working under the authority of the Controller.
They may also be disclosed, to the extent strictly necessary, to entities which, in order to satisfy your requests, must supply goods or perform services on behalf of the Controller. Lastly, they may be disclosed to the entities entitled to access them by virtue of provisions of the law, regulations, EU rules.
In particular, on the basis of their roles and duties, workers have been authorised to process your personal data, within the limits of their competences and in accordance with the instructions given to them by the Controller.
External parties operating under the authority of the Controller have also been appropriately authorised on the basis of the type of service provided, the processing carried out, and the nature of the data processed.
External parties to whom the Controller has entrusted the processing of personal data have been designated as Processors.

Transfer of data
Under no circumstances does the Controller transfer personal data to third countries or to international organisations.
However, it reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR 679/16.

Storage of data
The Controller stores and processes personal data for the time necessary to fulfil the stated purposes. In this case, browsing data are stored for six months.

Refusal to provide data
The data subject may refuse to provide the Controller with his browsing data.
To do so, you must disable cookies by following the instructions provided by your browser.
Disabling cookies can make browsing and using the site’s features worse.

Rights of the data subject
With reference to Articles 15—right of access, 16—right to rectification, 17—right to erasure, 18—right to restriction of processing, 20—right to portability, 21—right to object, 22—right to object to automated decision-making process of GDPR 679/16, the data subject may exercise his/her rights by writing to the Controller at the above address, or by email, specifying the subject of his/her request, the right he/she wishes to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Controller reminds you in particular that any data subject may exercise the right to object in the form and manner provided for in Article 21 of the GDPR.
Further information on the rights of the data subject can be found at the end of this section.

Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authorities of the country where he or she lives.

Automated decision-making processes
With regard to the processing operations set out below, in no case does the Controller carry out processing operations consisting of automated decision-making processes on the data of natural persons.

Privacy Policy for visitors

This Privacy Policy is provided, pursuant to Article 13 of the GDPR 2016/679—“General Data Protection Regulation”, to those who enter the premises of the company Urmet TLC SpA

Controller

The Controller is the company Urmet TLC SpA (hereinafter “the Company”), with registered office at Via Bologna 188/C, 10,154 Turin, in the person of its legal representative in office.

The Controller can be contacted by data subjects at the above address or alternatively at info@urmet.it

Source of the data

The personal data processed are provided by the data subject on the occasion of:

on-site visits or interventions;
on-site interviews or work sessions
delivery or collection of goods, parcels and correspondence;

Purpose of processing

The personal data referred to above are processed for the following purposes:

control access to the premises,
record the time spent on the premises,
identification of those present for the management of emergency situations.

Legal basis for processing

The personal data of visitors are lawfully processed for:

fulfilment of a legal obligation (emergency management);
legitimate interest of the Controller (access control and recording of time spent on the premises).

Nature of provision of data

The data subject may refuse to provide the Controller with his personal data, as the provision of such data is optional. However, your refusal to provide it means that you will not be able to enter the premises.

Storage period of data

Recorded data will be erased one year after entering the premises.

Data recipients

Your data may be processed by employees and collaborators of the Company on the basis of the roles and tasks performed and for the pursuit of the purposes indicated above. These persons have been authorised to process your data and have received adequate instructions for doing so. Your data may also be disclosed to parties to whom the Controller has entrusted the processing of personal data (Processors), as well as to entities entitled to access them by virtue of provisions of law, regulations or EU legislation.

Your personal data processed by the Controller are not disseminated, i.e., they are not made known to unspecified persons, in any possible form, including by making them available or simply consulting them.

Transfer of data

Under no circumstances does the Company intend to transfer personal data to third countries or to international organisations. However, it reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR 2016/679. In the case of non-EU transfers, the Controller will make the necessary documentation concerning the guarantees adopted available to the data subject.

Rights of the data subject

The data subject may exercise his or her rights under GDPR 679/2016 at any time, in particular:

The right of access (Art. 15);
the right of rectification (Art. 16);
the right to erasure (Art. 17);
the right to restriction of processing (Art. 18);
the right to portability (Art. 20);
the right to object (Art. 21);
the right to object to automated decision-making (Art. 22).

The data subject may exercise his or her rights by writing to the Controller at the above address, or by email, specifying the subject of the request, the right he or she wishes to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.

The Controller reminds you in particular that any data subject may exercise the right to object in the form and manner provided for in Article 21 of the GDPR.

Lodging a complaint

The data subject has the right to lodge a complaint with the supervisory authorities of the country where he or she lives.

Automated decision-making processes

The Controller does not process personal data by means of automated decision-making processes.

Privacy Policy for members of the Board of Directors, Statutory Auditors and members of the Supervisory Board, if any
This privacy policy is addressed to members of the Board of Directors, Statutory Auditors and members of the Supervisory Board, pursuant to Article 13 GDPR 679/16—“General Data Protection Regulation”.

Source of the data
Personal data are provided voluntarily by the Data Subject upon acceptance of the appointment.

Purposes of the processing
Personal data are processed to convene the Corporate Bodies and the Supervisory Board, to pay fees and remuneration and to fulfil legal obligations in the field of taxation and social security, to make reports and reimburse expenses, to draw up documents, reports and other formal acts.

Legal basis for processing
Processing is carried out for fulfilling a legal obligation and for the performance of a contract to which the data subject is party or for the execution of pre-contractual measures taken at the data subject’s request.

Storage of data
The Controller stores and processes personal data for the time necessary to fulfil the stated purposes.

Withdrawal of consent
With reference to Article 6 of GDPR 679/16, the data subject may withdraw consent at any time. It should be noted, however, that the processing covered by this privacy policy is lawful and permitted even in the absence of consent, so that withdrawal of consent will have no effect on processing.

Refusal to provide data
The provision of certain data (personal details, tax data) is required for recruitment, administrative and tax purposes. Some additional data (telephone number, e-mail address, etc.) are indispensable for the management of organisational aspects. For this reason, providing only partial or incomplete data could jeopardise the efficacious management of the relationship.

Privacy Policy addressed to recipients of e-mail messages
The content of e-mails is to be treated as confidential. Therefore, the information contained therein or in any annexes thereof is reserved exclusively to the addressees. Pursuant to Article 616 of the Criminal Code, persons or entities other than the addressees themselves are not authorised to read, copy, edit, or disseminate the message to third parties. Should you receive any communication from us by mistake, do not use the information or bring it to anyone’s attention, but delete it from your mailbox and notify the sender.
Except for digitally signed documents, the authenticity of the sender and the contents are not guaranteed.
Furthermore, in accordance with Article 13 of the GDPR 679/16, we inform you that our archives comprise e-mail addresses of individuals, companies, entities with whom previous communications have taken place by e-mail, or by other means of communication, or who have voluntarily provided their e-mail address during direct contacts. These addresses are used by us in accordance with the willingness of the data subjects to receive communications by e-mail from our company. Please also note that all mailboxes belonging to the @urmet.it domain are company mailboxes and, as such, are used for business communications. Therefore, for operational reasons, any message, whether outgoing or incoming, could be read by persons other than the sender and/or addressee.
Should data subjects wish to have their e-mail address removed from our archives, or to exercise their rights under Articles 15—right of access, 16—right to rectification, 17—right to erasure, 18—right to restriction of processing, 20—right to portability, 21—right to object, 22 right to object to automated decision-making process of the GDPR 679/16, they can write to the Controller identified as the chairman, managing director and legal representative in office of the company Urmet Telecomunicazioni SpA, with registered office in Via Bologna 188/C, 10,152 Turin

Listing of the Data Subject’s Rights
Pursuant to GDPR 679/16, the Data Subject may exercise specific rights by contacting the Controller, including: the right to request access to their personal data; the right to request rectification of their personal data; the right to request erasure of their personal data; the right to request restriction of the processing of their personal data; the right to request data portability; the right to lodge a complaint with the competent supervisory authorities.
We would like to remind you that if you wish to obtain further information on the processing of your personal data, or to exercise the rights indicated above, you may write to info@urmet.it
Right of access: every data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exists and, if so, to request access to those data. Access information includes, among other things, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom your personal data have been or will be disclosed.
The data subject also has the right to obtain a copy of his personal data undergoing processing. For additional copies requested, the Controller may charge a reasonable administration fee.
Right of rectification: every data subject has the right to have inaccurate personal data concerning him or her rectified. Depending on the purpose of the processing, each data subject has the right to complete incomplete personal data, including by submitting a supplementary declaration.
Right to erasure (“right to be forgotten”): under certain circumstances, every data subject has the right to obtain the erasure of personal data concerning him or her.
Right to restriction of processing: under certain circumstances, every data subject has the right to obtain the restriction of the processing of personal data concerning him or her. In this case, the respective data will be marked and may only be processed by the Controller for certain purposes.
Right to data portability: under certain circumstances, every data subject has the right to receive personal data concerning him or her in a commonly used and readable format, and also the right to transmit them to another entity without hindrance.

Privacy Policy addressed to users of the Chain 2 System
Urmet TLC SpA operates a user device and wishes to activate the communication service via the Chain 2 system between said device and the second generation electronic meter installed on the end user’s premises. In order to be able to carry out the installation, Urmet TLC SpA is obliged to obtain the consent of the end user who is the registered user of the POD to be enabled for the above-mentioned communication, including consent to the processing of the relevant personal data. This privacy policy is therefore addressed to the aforementioned end users pursuant to Articles 12, 13 and 14 of GDPR 679/2016.

Identity of the Controller
The Controller (or the Processor) of the processing operations indicated below is the company Urmet TLC SpA, with registered office at Via Bologna 188/C, 10,152 Turin, in the person of its legal representative in office.
The Controller guarantees the security, confidentiality and protection of the personal data in its possession at any stage of data processing.

Source of the data
The personal data processed are:

First name and surname, address and tax ID of the POD registered user,
POD matched to the registered user,
Consumption measured every 15 minutes.

Purposes of processing
Your personal data are processed for:
1) enabling communication between meter and device via Chain 2,
2) recording consumption,
3) communicating consumption to the user, seller and energy distributor.

Legal basis for processing
The legal basis for the inseparable whole of the three processing operations listed above is the consent of the Data Subject, expressed by signing a paper form.

Data recipients
Your processed personal data are not disseminated, i.e., they are not made known to unspecified persons, in any possible form, including by making them available or simply consulting them. On the other hand, they may be disclosed to employees of Urmet TLC SpA and to external subjects that collaborate with it, and in particular to the energy distribution company, owner of the POD, and to the company that sells energy to the POD registered user.
They may also be disclosed, to the extent strictly necessary, to entities which, in order to satisfy your requests, must supply goods or perform services on behalf of Urmet TLC SpA. Lastly, they may be disclosed to the entities entitled to access them by virtue of provisions of the law, regulations, EU rules.
In particular, on the basis of their roles and duties, workers have been authorised to process your personal data, within the limits of their competences and in accordance with the instructions given to them by the Controller.
External parties operating under the authority of Urmet TLC SpA have also been appropriately authorised on the basis of the type of service provided, the processing carried out, and the nature of the data processed.

Transfer of data
Under no circumstances does Urmet TLC SpA transfer personal data to third countries or to international organisations. Further, it reserves the option to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR 679/16.

Storage of data
Urmet TLC SpA processes personal data for the time necessary to pursue the purposes indicated, i.e., to record consumption and transmit it to the persons indicated. It therefore stores end-user data until the device is no longer used.

Rights of the data subject
With reference to Articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to portability, 21 – right to object, 22 – right to object to automated decision-making process of GDPR 679/16, the data subject may exercise his/her rights by writing to Urmet TLC SpA at the above address, or by email at the address info@urmet.it, specifying the subject of his/her request, the right he/she wishes to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.
Urmet TLC SpA reminds you in particular that any data subject may exercise the right to object in the form and manner provided for in Article 21 of the GDPR.
Further information on the rights of the data subject can be found at the end of this section.

Withdrawal of consent
With reference to Article 7 of GDPR 679/16, the data subject may withdraw consent at any time. Withdrawal of consent determines the immediate termination of the processing operations for which consent was withdrawn.

Refusal to provide data
The data subject may refuse to provide Urmet TLC SpA with his personal data.
The provision of the personal data requested at the time of installation is indispensable for access to the service. Therefore, any refusal to provide them will not allow for use of the Chain 2 System and the registration process will be interrupted.

Automated decision-making processes
With regard to the processing operations set out below, in no case does Urmet TLC SpA carry out processing operations consisting of automated decision-making processes on the data of natural persons.

Privacy policy addressed to job applicants

This Privacy Policy is provided, pursuant to Article 13 of the GDPR 2016/679 – “General Data Protection Regulation”, to those who submit a job application to the company Urmet TLC SpA.

Controller

The Controller is the company Urmet TLC SpA (hereinafter “the Company”), with registered office at Via Bologna 188/C, 10,154 Turin, in the person of its legal representative in office.

The Controller can be contacted by data subjects at the above address or alternatively at info@urmet.it

Type of data processed

The data processed by the Controller are:

– personal details (first name and surname);

– contact details (telephone, email);

– curricular data (language skills) and vocational training;

– additional data found on the resume that may be provided as an attachment to the application, including those belonging to special categories under Article 9 GDPR (e.g., belonging to protected categories).

Source of the data

The personal data processed are provided by the data subject on the occasion of:

sending your resume spontaneously or following a search;
personnel evaluation and selection interviews;
pre-employment interviews and agreements;

Purpose of processing

the Company processes the personal data of the data subjects for purposes related to the evaluation and selection of workers.

Legal basis for processing

The legal basis is the response to a pre-contractual request by the data subject (Art. 6, letter b) of the GDPR).

The processing of any data belonging to special categories pursuant to Art. 9 GDPR is permitted even without consent, insofar as it is necessary to fulfil contractual obligations and to fulfil the obligations of the Controller in the field of labour law, safety and social protection, occupational medicine, assessment of capacity for work (Art. 9, para. 2 letters b) and h) of the GDPR 2016/679).

Nature of provision of data

The provision of personal data by the Data Subject is optional. However, certain data are indispensable for assessing and selecting job applicants.

Therefore, any refusal to provide them in whole or in part may make it impossible to proceed with the assessment of your application.

Storage period of data

The company stores and processes personal data for as long as is necessary to pursue the above-mentioned purposes. In this case, resumes are stored for ten years if they are deemed to be of interest, otherwise they are immediately deleted.

Moreover, in the event of a positive assessment of the application and subsequent recruitment, the data provided during the selection process may be processed for the entire duration of the employment relationship and stored until required for administrative purposes.

Data recipients

Transfer of data

Rights of the data subject

The data subject may exercise his or her rights under GDPR 679/2016 at any time, in particular:

The right of access (Art. 15);
the right of rectification (Art. 16);
the right to erasure (Art. 17);
the right to restriction of processing (Art. 18);
the right to portability (Art. 20);
the right to object (Art. 21);
the right to object to automated decision-making (Art. 22).

The Controller reminds you in particular that any data subject may exercise the right to object in the form and manner provided for in Article 21 of the GDPR.

Lodging a complaint

The data subject has the right to lodge a complaint with the supervisory authorities of the country where he or she lives.

Automated decision-making processes

The Controller does not process personal data by means of automated decision-making processes.

Privacy policy addressed to corporate customers and contact persons at customers

This privacy policy is addressed, pursuant to Article 13 GDPR 2016/679 – “General Data Protection Regulation”, to customer companies (sole proprietorships, professionals and legal representatives of companies) and contact persons at the customers of Urmet TLC SpA.

Controller

The Controller is the company Urmet TLC SpA (hereinafter “the Company”), with registered office at Via Bologna 188/C, 10,154 Turin, in the person of its legal representative in office.

The Controller can be contacted by data subjects at the above address or alternatively at info@urmet.it

Type and source of the data

Clients:

Personal details and identification data;
Contact details (e-mail, telephone, etc.)
billing data;

Contact persons at customers:

– any personal details (first name, surname);

– contact details (telephone, email, etc.);

– any access credentials to the systems provided;

Data may be provided on the occasion of:

meetings and phone calls;
requests for information;
requests to join one or more services;
requests for quotations;
acceptance of offers and issuing of orders,
transmissions and subsequent transactions.
other direct contacts;

Purposes and legal basis for processing

The personal data of customers are processed for the following purposes:

perform all tasks related and instrumental to the management of the contractual relationship, e.g.:

– process requests for information on services;

– prepare offers and quotations;

– prepare and send documents;

– exchange various kinds of information by various means of communication (telephone, mobile phone, text message, e-mail, fax, postal service, etc.);

legal basis: performance of a contract to which the data subject is party or the execution of pre-contractual measures taken at the data subject’s request.

carry out any debt collection tasks;

legal basis: pursuit of a legitimate interest of the Controller, i.e., debt collection;

prevent and manage possible litigation;

legal basis: pursuit of a legitimate interest of the Controller (protection of interests in judicial and out-of-court proceedings);

fulfil administrative, accounting, statutory and tax obligations;

legal basis: fulfilment of a legal obligation to which the Data Controller is subject.

The data of contact persons at customers are processed for:

1) providing pre-contractual data and information (e.g., sending offers, quotes, preparing documents, forwarding and exchanging communications relating to the management of the contractual relationship, etc.);

legal basis: performance of a contract to which the data subject is party by virtue of the employment relationship with the customer.

2) activate any access credentials to the systems provided;

legal basis: performance of a contract to which the data subject is party by virtue of the employment relationship with the customer.

Nature of provision of data and consequences of refusal to provide data

Clients:

The provision of personal data is necessary for statutory, accounting and tax purposes.

The provision of further personal data, while optional, is, however, necessary for the proper and efficient handling of the contractual relationship. Therefore, any refusal to provide them could compromise, in whole or in part, the proper management of the contractual relationship with the Company. Provision of data for the purpose indicated in point 4 is required, as they are necessary for the fulfilment of legal obligations.

Contact persons at customers:

The provision of personal data is optional, but may be indispensable for the proper and efficient performance of the contractual relationship. Therefore, failure to provide them could jeopardise the management of the relationship itself.

Storage period of data

The Company processes personal data for the time necessary to pursue the above-mentioned purposes.

Specifically:

Clients:

data are stored for ten years after termination of the contractual relationship unless longer storage periods are required due to litigation.

Contact persons at customers:

contact data are stored until the relationship between the contact persons of the customer and our company is terminated.

Data recipients

workers employed by the Controller who, on the basis of their roles and duties, have been authorised to process your personal data, within the limits of their competences and in accordance with the instructions given to them by Controllers.
external subjects which, in order to satisfy your requests, must supply goods or perform services on behalf of the Controller. External parties to whom the Controller has entrusted the processing of personal data have been designated as Processors.
external entities which, on the basis of the type of service provided, the processing carried out, and the nature of the data processed, have been authorised to process the data because they operate under the authority of the Controller.

Lastly, they may be disclosed to the entities entitled to access them by virtue of provisions of the law, regulations, EU rules.

Transfer of data

In the case of non-EU transfers, the Controller will make the necessary documentation concerning the guarantees adopted available to the data subject.

Rights of the data subject

The data subject may at any time exercise his or her rights under GDPR 2016/679 with reference to the processing of his or her data, in particular:

The right of access (Art. 15);
the right of rectification (Art. 16);
the right to erasure (Art. 17);
the right to restriction of processing (Art. 18);
the right to portability (Art. 20);
the right to object (Art. 21);
the right to object to automated decision-making (Art. 22).

The data subject may exercise his or her rights by writing to the Controller at the above address, or by email at the above email address, specifying the subject of the request, the right he or she wishes to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.

The Controller reminds you in particular that any data subject may exercise the right to object in the form and manner provided for in Article 21 of the GDPR.

Lodging a complaint

The data subject has the right to lodge a complaint with the supervisory authorities of the country where he or she lives.

Automated decision-making processes

The Controller does not process personal data by means of automated decision-making processes.

Privacy policy addressed to recipients of e-mail messages

The content of e-mails is to be treated as confidential. Therefore, the information contained therein or in any annexes thereof is reserved exclusively to the addressees. Pursuant to Article 616 of the Criminal Code, persons or entities other than the addressees themselves are not authorised to read, copy, edit, or disseminate the message to third parties. Should you receive any communication from us by mistake, do not use the information or bring it to anyone’s attention, but delete it from your mailbox and notify the sender. Except for digitally signed documents, the authenticity of the sender and the contents are not guaranteed.

Furthermore, pursuant to Article 13 of the GDPR 679/16, we inform you that our archives comprise e-mail addresses of individuals, companies, entities with whom previous communications have taken place by e-mail, or by other means of communication, or who have voluntarily provided their e-mail address during direct contacts. These addresses are used by us in accordance with the willingness of the data subjects to receive communications by e-mail from our company. Please also note that all mailboxes belonging to the @urmet.it domain are company mailboxes and, as such, are used for business communications. Therefore, for operational reasons, any message, whether outgoing or incoming, could be read by persons other than the sender and/or addressee.

Should data subjects wish to have their e-mail address removed from our archives, or to exercise their rights under Articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to portability, 21 – right to object, 22 right to object to automated decision-making process of the GDPR 679/16, they can write to the Controller identified as the legal representative in office of the company Urmet TLC SpA (hereinafter ‘the Company’), with registered office at Via Bologna 188/C, 10154 Turin.

Privacy policy addressed to suppliers and contact persons at suppliers

This privacy policy is addressed, pursuant to Article 13 GDPR 2016/679 – “General Data Protection Regulation”, to suppliers (sole proprietorships, professionals and collaborators) and contact persons at the customers of Urmet TLC SpA.

Controller

The Controller is the company Urmet TLC SpA (hereinafter ‘the Company’), with registered office at Via Bologna 188/C, 10154 Turin, in the person of its legal representative in office.

The Controller can be contacted by data subjects at the above address or alternatively at info@urmet.it

Type and source of the data

Suppliers:

– personal details (first name, surname, VAT number, address, etc.);

– contact details (telephone, email, etc.);

– any other data related to the establishment and/or execution of the contract.

Contact persons at suppliers:

– any personal details (first name, surname);

– contact details (telephone, email, etc.);

Such data may be provided by the same on the occasion of:

– preparing business proposals and quotations;

– visits or phone calls;

– direct contacts;

Purposes and legal basis for processing

The data of suppliers are processed for:

1) acquiring pre-contractual data and information (e.g., evaluation offers, quotes, preparing documents, forwarding and exchanging communications relating to the management of the supply relationship, etc.);

2) managing the contractual relationship for the purchase of goods or services (e.g., managing payments, the company’s financial flows, organisational management, etc.);

3) managing the accounting and tax obligations arising from the supply relationship;

4) preventing and managing possible litigation in and out of court;

The data of contact persons of suppliers are processed for:

2) managing the contractual relationship for the purchase of goods or services (e.g., managing payments, the Company’s financial flows, receipt of products, etc.) and exchanging various kinds of information by various means of communication (telephone, text message, e-mail) aimed at the use of services.

Legal basis for processing

The legal basis for processing consists of:

– the need to fulfil pre-contractual, contractual and post-contractual obligations (Art. 6, letter b) GDPR) for the purposes indicated in points 1 and 2.

– the fulfilment of a legal obligation (Art. 6, letter c) GDPR) for the purpose indicated in point 3;

– The legitimate interest of the Controller (exercising or defending one’s own right in out-of-court and judicial proceedings) (Art. 6, letter f) GDPR) for the purpose indicated in point 4.

Nature of provision of data and consequences of refusal to provide data

Suppliers:

The provision of personal data is necessary for statutory, accounting and tax purposes.

Contact persons at suppliers:

Storage period of data

The Controller stores and processes personal data for the time necessary to fulfil the stated purposes. Specifically:

Suppliers:

suppliers’ data are stored until the administrative statute of limitations expires and until the statute of limitations expires with regard to any litigation.

Contact persons at suppliers:

contact data are stored until the relationship between the contact persons of the suppliers and our company is terminated.

Data recipients

workers employed by the Controller who, on the basis of their roles and duties, have been authorised to process your personal data, within the limits of their competences and in accordance with the instructions given to them by Controllers.
external subjects which, in order to satisfy your requests, must supply goods or perform services on behalf of the Controller. External parties to whom the Controller has entrusted the processing of personal data have been designated as Processors.
external entities which, on the basis of the type of service provided, the processing carried out, and the nature of the data processed, have been authorised to process the data because they operate under the authority of the Controller.

Lastly, they may be disclosed to the entities entitled to access them by virtue of provisions of the law, regulations, EU rules.

Transfer of data

In the case of non-EU transfers, the Controller will make the necessary documentation concerning the guarantees adopted available to the data subject.

Rights of the data subject

The data subject may at any time exercise his or her rights under GDPR 2016/679 with reference to the processing of his or her data, in particular:

The right of access (Art. 15);
the right of rectification (Art. 16);
the right to erasure (Art. 17);
the right to restriction of processing (Art. 18);
the right to portability (Art. 20);
the right to object (Art. 21);
the right to object to automated decision-making (Art. 22).

The Controller reminds you in particular that any data subject may exercise the right to object in the form and manner provided for in Article 21 of the GDPR.

Lodging a complaint

The data subject has the right to lodge a complaint with the supervisory authorities of the country where he or she lives.

Automated decision-making processes

The Controller does not process personal data by means of automated decision-making processes.