A.L.M.A.G. Spa - PRIVACY POLICY

Circular letter on privacy, pursuant to Art. 13 of the EU Privacy Regulation 679/2016 (“GDPR”)

1. Aims and data processing principles. In compliance with the obligations referred to in Art. 13 of the GDPR, this page describes the procedures the web site uses to process the personal data of the users who surf and interact with the web services that can be accessed through electronic means at the address: www. almag.it. This circular regards only the site, www.almag.it.
We would like to inform you that ALMAG SPA will use your personal data (e.g. log) to handle access to the site and the services it offers, manage the technical procedures, carry out all the activities necessary or useful for the constant improvement of the service rendered, and ascertain the liabilities in case of offences to the detriment of the Site and/or unlawful acts performed through the Site. Further specific objectives relating to the single processing may be identified in detail through integrative circular letters, within the scope of the various services offered in the portal.
Consultation of the Site may entail the processing of data relating to identified or identifiable persons. The personal data supplied by the users that consult the Site are processed by the recipient of the communication, to follow up the requests received.
Web browsing data
Upon entering this web site (also mobile through smartphones or tablets) or using our services, the IT systems and software procedures set up for operating the site, acquire in the course of their daily activity, some information about you, called “personal data,” the transmission of which is implied in the use of the Internet communication protocols.
These include the hardware model, operating system and version, information on the mobile network and the country from which it is accessed, time of the request, method used in submitting the request to the server, time of access, dimension of the files obtained in response, numerical code indicating the status of the answer given by the server (success, error, etc.), details regarding the route taken within the web pages with particular reference to the pages visited and other parameters relating to the operating system and the IT environment of the user (browser used, version, geographic position, the last page visited before accessing the services of the Site), and unequivocal device identifiers (e.g. the IP address or the domain names of the computers used by the user, the Uniform Resource Identifier, and the MAC - Media Access Control address).
We are talking about information that is not gathered to be directly associated to identified subjects, but which by their very nature could, in theory, through elaborations and associations with data held by third parties (in particular, third-party providers of internet connectivity services), identify the users.
We shall however use these data only to achieve statistical information in aggregate and anonymous form on the use of the site, to better understand the browsing habits of the users in order to give them better surfing experience and make the technical functions of the site work, control and optimise the functions, improve the quality of the services the site offers, and also guarantee the maintenance of the relevant database and IT infrastructure support.
Such data, after the said elaboration in anonymous form, are cancelled within 12 months from the date of collection.
The browsing data may be likewise used to ascertain responsibility in case of offences that damage the Site or are carried out through the Site (attempts of malware, spamming, illicit access to IT systems, etc.) and in such cases the retention shall last for the time necessary for the protection of the rights of ALMAG and/or of third parties.
Data submitted by the user
This regards:
- the information sent by the user in an optional and voluntary manner through the filling out and sending of on-line registration forms and/or data gathering or on corporate blogs, published on the web site (e.g. email address, e-mail subject, name or corporate business, name and surname, etc.;
- the personal data submitted by the users to make use of the services available on the Site or to participate in initiatives promoted through the Site;
- the personal data furnished by the users sending requests for clarifications, and sending of news and/or information material;
- the personal data furnished by the users that send us their candidature proposals (“curriculum vitae,” etc.).
Through the web forms available on the sites we never request “particular” personal data (that is, personal data that can reveal the racial and ethnic origin, religious or philosophical convictions or of other genre, political opinions, membership in political parties, trade unions, associations or organisations of the religious, political or union types, as well as personal data that can reveal the health condition and sexual orientation) or “judicial” (data on matters of criminal records, or referring to the status of accused or suspect, etc.).
Data collected on third party sites
This site does not collect personal data on third-party sites.
The processing will be performed with or without the use of auxiliary electronic instruments, pursuant to principles of correctness, lawfulness, and transparency, so as to protect at all times, the privacy and rights of the data subject, in conformity to the provisions of Art. 5 of the GDPR.
2. The processing objectives are that of fulfilling the requests of the user regarding the dispatch of information material (bulletins, newsletters, mailing lists, answers to questions, notices, acts and measures, other documentation, etc.), that is, to perform the service or task requested by the user. In such cases, consent to the processing is optional and the lack of consent may therefore simply imply the user’s impossibility to obtain what was requested from the Site Owner or the service or tasks requested.
Only after the specific consent of the user/client (we refer to a specific on-line data collection form found on the web site, e.g. on the “Contacts” menu), will the data gathered be furthermore used by ALMAG SPA for promotional, direct marketing purposes (sending of commercial material and execution of market surveys, through every means of communication (post, e-mail, telephone, SMS, social network, etc.). Such consent is always optional and the lack of consent shall thus not determine the user’s impossibility to make use of the services requested, but simply the impossibility of ALMAG to use the data for the aforesaid particular purposes.
3. Lawful basis for data processing. ALMAG may lawfully process the data for the following reasons:
- In the case of primary objectives (point 2 first paragraph), the processing is necessary according to the cases, to carry out the pre-contractual measures adopted upon request of the data subject, in the execution of a contract in which the data subject is a party, or to fulfil a legal obligation to which ALMAG is bound and/or based on lawful interest:
a) of ALMAG (prevailing over the interests or rights and fundamental freedoms of the data subject) to process the data in order to handle in an effective and efficient way, its relationships with its own users, clients and/or suppliers and to organise the relevant production, and organisational and management processes (including the relationships with its own sub-suppliers so as to achieve such objective);
b) of third parties, to receive personal data from the Controller and process them i) to verify the correct fulfilment of lawful and contractual obligations towards the data subject or third parties (for e.g. verification by the Public Authorities of compliance with tax dues, or by the auditing board or auditors regarding compliance to legal obligations, etc.) or ii) to enable the management of activities connected to the Controller’s request for support in handling activities for the data subjects.
- In the case of secondary objectives (direct marketing) the processing is based on the lawful interest of ALMAG in promoting its own products and/or services towards its clientele through off-line and on-line procedures (e.g. sending of CDs, soft spam or commercial communications through public telephone numbers), and subordinately, upon your consent to the processing for given objectives, not subsequently revoked.
4. Data processors. The data gathered is processed by the managers and staff appointed by those who need to know the data in order to carry out their own activities (e.g. business office, marketing office, administration, call centres, technicians assigned to maintenance of the company’s IT system, etc.).
The data may furthermore, in compliance with provisions in force, be communicated to our chain of agents, factoring companies, debt collection companies, credit insurance companies, commercial information companies, and distribution companies in order to carry out the activities within their own competence (e.g. management of orders, drawing up of contracts, post-sales assistance), transportation companies, credit institutes for the management of cash-ins and payments, and third parties assigned to the execution of related activities instrumental to this processing (debt collection companies, credit insurance companies, lawyers and legal offices, accounting officers, accounting experts, auditors and auditing companies, members of supervisory bodies pursuant to L. Decree 231/2001, auditors or third parties assigned to carry out the maintenance of IT systems services and/or electronic archives connected to the site). Only in the case of processing operated for the purposes of direct marketing can the data be disclosed also to advertising agencies, web marketing companies, consultants and professionals that have been entrusted with functional activities and the pursuance of such objectives. The data is also communicated to Authorities and public administrations in complying to law obligations. Said third parties shall process the data as external managers or autonomous controllers.
The data will not be subjected to disclosure.
5. The data processing logics and organisational forms will be strictly correlated to the aforesaid respective objectives. The processing will be carried out in electronic, telematics and/or paper mode. During the processing the data is unauthorised or prohibited processing like that for the IT-processed personal data which can be consulted only when one has access to the various processing or data insertion programmes, through the insertion of obligatory personal passwords used only by personnel authorized by ALMAG, who however, have to abide by pre-set use limitations.
6. Upon termination of existing contract relationships, the personal data shall be processed also to a) fulfil all the legal contract obligations and tasks connected to or arising from the termination of the contract relationship, and shall be kept not beyond the time needed to fulfil the said obligations, tasks or purposes, and to prove the fulfilment of the same to the supervisory authorities (as a rule 10 years from the termination of contract), after which the data will be destroyed.
The retention period of the data collected through cookies is illustrated in the following "Cookie Policy."
7. Cookie Policy
Based on the provision dated 8 May 2014, on 2 June 1915 the Data Protection Authority incorporated the 2009/136/EC directive which imposes on web page administrators the obligation to publish a circular relating to the cookie policy of the site the visitors are surfing.
This Policy may be updated any time for amendments of the norms in force or for any changes in the configuration and type of cookies used. Thus we suggest that you periodically read this cookie policy so as to be aware of all its subsequent updates.
The Site could contain links to other Web sites that avail of their own privacy circular letters, that may differ from those adopted from the SEO (Search Engine Optimisation) positioning of the Site and which are thus not responsible for these sites.
What are cookies and how they are used
Cookies are small pieces of data (text files) regarding the activities of the user on the web site, that are memorised during the first visit to the Web site, on the device (computer, smartphone or tablet) of the user surfing the internet, to be then retransmitted to the same sites in the probable subsequent surfing sessions, thus allowing our site to automatically recognise the user (or other users that use the same device) after the first visit and improve his/her surfing experience.
The functions are totally dependent on the surfing browser the user uses and may be activated or not by the user himself.
In order to always guarantee the best surfing possible, our site offers the best performance with the activation of cookies. By default, almost all the web browsers automatically accept cookies.
The cookies may be:
- “first party” cookies when handled directly by the web site manager
- “third party” cookies when these are pre-set and handled from a domain other than the one a user is visiting. Third-party cookies fall under the direct and exclusive responsibility of the same site manager, and in relation to their installation, the first-party site manager merely acts as the technical intermediary.
The cookies we use and their purpose
The Site www.almag.it uses or may use, also in a combined manner, the following categories of cookies:
- Permanent or "persistent": these cookies stay in the browser even after one has left the Web site or after closing the browser: in particular they are stored up to the set expiry date or until they are manually deleted by the user. The persistent cookies satisfy main functions to the interest of the surfer (for e.g. memorisation of the password), however, in some cases they may be used also for promotional objectives.
- Session cookies (or temporary): have a limited duration and are deleted with the closure of the browser to end the web site browsing session. As a rule they allow the user to access personalised services and fully exploit the site’s functions, avoiding recourse to other IT techniques that potentially make the privacy of the users’ surfing less secure.
- Technical-functional cookies, for example the transmission of session identification data needed to allow safe and efficient exploration of the site. These cookies avoid recourse to other IT techniques that may make the privacy of the users’ surfing less secure.
- As to the use of technical cookies, the law requires only the issuance of the information circular to the data subject, like this circular, that is, even without setting up specific banners on the Site.
For nontechnical cookies, on the contrary, the norm in force subordinates their installation to the prior consent in the simplified forms provided by Provision 8.5.2014 of the Data Protection Authority, that is, through the publication of a specific short banner visible to the user/visitor the moment he/she “lands” for the first time on the site and which allows to generate further action on the Site (particularly based on “scroll” downs, that is, continuing the internal surfing of the same Web page) with which the users/visitors may implicitly communicate their consent, or as an alternative, access an analytical information cookie (that is, this circular, within the environment where they can express consent or dissent). Such consent or dissent may be expressed by the user, not necessarily with regard to the single cookies installed but also in relation to the broader categories of cookies, or to specific producers and/or intermediaries with which the Site has established commercial agreements.
- Analytical cookies (so-called "analytics"): these may be temporary or permanent, and allow to gather and analyse in aggregate and/or disaggregated manner, statistical information related to access (e.g. geographic zones of the user’s origin, access devices used, age, etc.) and generally to the movements of the users on the site and therefore improve the surfing experience and the contents furnished. These analytical cookies can be assimilated with the technical cookies only in cases where they have been installed directly by the first-party site without, however, the intervention of third parties). For example, the site makes use of log files (that is, registering the chronology of the operations as they are carried out) and record files (that include IP addresses, type of browser, Internet Service Provider (ISP), date, time, entrance and exit page and number of clicks). All these serve to analyse the trends and administer the site. The information collected in this way have no personal importance given that the data are gathered and analysed in anonymous form. Instead, in cases where the analytical cookies are installed and/or used by third parties (other than the owner of the first party site), the same cannot be assimilated to the technical cookies and are subject to a different juridical process.
- Profiling (or advertising) cookies (always of the permanent type) are used to gather information whether or not of the aggregate type, and assess the use of the web site and the activities performed by the visitor (decision to view specific pages, specific products and/or services, etc.); they are also used by the owner for the formulation of commercial advertisement of targeted products and/or services and are thus based on the user’s previous activities (in place of the generalized offers addressing everybody indistinctly).
List of cookies present on the web site
On this basis, from time to time this site makes use of the following:

XName of cookie: PHPSESSSID
session/permanent: session
Function (technical, analytical, advertising): technical
Duration (if permanent and if not eliminated by the user: -

The Site also uses the cookies of Google Analytics (cookies of Google Inc., which is an American company, third party). Let us specify that with the functions of Google Analytics, we do not gather any strictly personal information, but statistical aggregated data on the age, gender, and preferences of our visitors (in order to better assess the use of the web site and the activities performed by the visitor and orient at best the services we offer). These cookies are stored on the server which can be located in the United States or in other countries. Google reserves the right to transfer the information gathered with its cookies to third parties wherever required by law or whenever the third party processes information on its own behalf.
The "Analytics" function is however configured by ALMAG SPA by default, such as to mask in an important way, portions of the IP addresses of the user/visitor, and therefore the data relating to the IP address collected are already anonymised at the source and the analytical cookies do not allow to trace, even indirectly - and particularly through further processing - the identity of the user/visitor. For this reason the company ALMAG SPA pursuant to law, is not bound to the obligations and fulfilments provided by the norm on cookies e.g. notification of the processing of the cookies to the privacy protection Authority).

Likewise, Google in turn ensures from now on, that it does not associate the IP address of the user to any other data held by Google to obtain a more detailed profile of the user. Further information on privacy and their usage can be acquired directly on the sites of the respective third-party managers.
How to use and deactivate cookies
It is your right to accept or refuse the cookies.
To set up predefined settings, the browsers generally accept the use of the cookies, whether they come from our site or those of third parties. To allow the site to work correctly, we advise you to exploit the functions and use them in their entirety, and to accept the use of cookies.
The user however, can change the pre-set configuration any time (by default). To manage the function modes of the cookies, as well as the options to limit or block them, the user just has to change the settings of his /her internet browser through the relevant tool bar. One can choose between the unconditional acceptance of all cookies (particularly when surfing in any form on our site after the initial appearance on the screen of a small banner which informs you of the presence of cookies in our web site, and implicitly giving your consent to the use of the cookies), the indistinct refusal of all the cookies in a definitive way, or the viewing of a popup window (Notification) every time a cookie is proposed, in order to assess whether to accept or refuse through your explicit action. Hereunder are the links for the configuration of the more popular browsers that describe the cookie management methods:
- Chrome: https://support.google.com/accounts/answer/61416?hl=it
- Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Internet Explorer: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookies
- Opera: http://help.opera.com/Windows/10.00/it/cookies.html
- Safari: https://support.apple.com/it-it/HT201265
To change the settings of the cookies in browsers other than those listed, you should consult the help documentation given by the producer of the specific browser.
The users may moreover deactivate in a selective way, the action of Google Analytics by downloading and installing on their own browsers, the additional opt-out option furnished on purpose by Google for its own browser, at the following link:
http://tools.google.com/dlpage/gaoptout
Remember that you have to reset the preferences on the cookies for every computer and every browser used to surf the internet.
For further information regarding Google Analytics, see the Privacy Policy in the following link:
http://www.google.com/intl/it_ALL/analytics/learn/privacy.html
To eliminate the cookies from the internet browser in one’s own smartphone/tablet, you kindly consult the device’s use manual.
For more information on cookies and privacy, kindly consult the specific document laid out by the Data Protection Authority at the following link:
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2142939
8. The Data Controller is:

Definition: Institutional Site
Data Controller: ALMAG SPA, Via Vittorio Emanuele II n. 39 – Roncadelle (BS), email: privacy@almag.it in the person of Mr. Giorgio Parmiani, main privacy delegate):

ALMAG has also appointed various processing managers. Such managers may be internal or external Corporate staff. The internal managers belong to the standardised corporate function departments that have to process the data for the objectives indicated in this circular, such as the administration office, the HR office, IT maintenance, marketing office, etc. The external managers are all those categories of external subjects to which the Company has to communicate the data for the aforesaid objectives (when such external subjects do not assume the direct position of independent controllers due to the field of managerial independence in relation to the processing they have been entrusted with). A complete and updated list of the managers can be consulted at the Company’s offices upon written request.
9. Data subject’s rights
As to the processing of personal data, you may exercise the following rights, by contacting our Company at the said e-mail address, without any particular formalities.
1) Request confirmation from our Company as to whether any processing of your personal data is underway, and if so, obtain access to the personal data and the following information:
a) Processing objectives;
b) the categories of personal data in question;
c) the addressees of the categories of addressees to which the personal data have been or will be disclosed, in particular of third-party countries or international organisations;
d) when possible, the foreseen personal data retention period, or if not possible, the standards used to determine this period;
e) the exercise of the right of the data subjects to request from our Company the rectification or erasure of the personal data or the limitation of the processing of their personal data or to oppose their processing;
f) the right to lodge complaints with a supervisory authority, should the data and all the information available on their origin cannot be gathered by the data subject;
g) the existence of an automated decisional processing, including the profiling and, at least in such cases, important information on the logic used, as well as the importance and consequences foreseen for such processing for data subject.
2) Should the personal data be transferred to a third party country or an international organisation, the data subject is entitled to be informed of the existence of adequate guarantees relating to the transfer (NB: as explained in this circular, our Company currently does not transfer the data subject’s data abroad);
3) request and obtain, without unjustified delay, the rectification of the inexact data, taking into account the objectives of the processing, integration of incomplete personal data, and also the furnishing of an integrative statement;
4) request the erasure of the data if
a) the personal data is no longer necessary with respect to the aims for which they were gathered or processed;
b) the data subject revokes the consent on which the processing is based and there is no other legal basis for the processing;
c) the data subject opposes the processing, if there is no prevalent legal basis to proceed with the processing, or if he/she opposes the processing performed for direct marketing purposes (including the profiling in view of direct marketing);
d) the personal data has been unlawfully processed;
e) the personal data has to be erased to fulfil a lawful obligation provided by Union rights or of the Member State to which our Company is subjected;
f) the personal data has been collected in relation to the offer of services of the IT company from the database of our Company;
5) request the limitation of processing regarding your data, on the occurrence of one of the following situations:
a) the data subject contests the exactness of the personal data; in such case the limitation of the processing (that is, its suspension) may come about for the period needed by our Company for the verification of the exactness of such personal data;
b) the processing is unlawful (for example because the data subject has not been given the lawful circular beforehand) and the data subject opposes the cancellation of the personal data (that is, prefers that we retain the data in our paper and/or IT archives) and instead requests, as aforesaid, the limitation of usage;
c) since our Company no longer needs the data for processing purposes, the data subject needs the personal data for the control and exercise of defence of a right in court;
d) the data subject has opposed the processing performed for direct marketing purposes, while awaiting verification regarding the possible prevalence of lawful reasons of our Company with respect to those invoked by the data subject;
6) obtain from our Company, upon request, the communication of the third-party recipients to whom the personal data was transmitted;
7) revoke the consent to processing any time, where this was previously given for one or more specific aims of the personal data, it being understood that this shall not jeopardise the lawfulness of the processing based on the consent given before the revocation.
8) receive in a commonly used, structured format, that can be read by an automated device, the personal data regarding the data subject, and which he/she gave to our Company, and if technically feasible, allow the transmission of such data directly to another Processing Controller without impediments on our part, should the following condition occur (cumulative):
a) the processing is based on the consent of the data subject for one or more objectives, or on a contract of which the data subject is a party and the execution of which requires the processing; and
b) the processing is performed with automated means (software) (overall portability rights);
The exercise of such portability right does not undermine the right to the aforesaid rights to erasure;
9) to not be subjected to a decision based only on the automated processing, including profiling, which produces juridical effects that do not regard the subject or that likewise greatly affects his/her person. NB: Our Company does not operate automated decision of the aforesaid type.
10) lodge a complaint to the competent Supervisory Authority pursuant to the GDPR (that of your area of residence or domicile).
Amendments to the policy
This privacy policy, from the date of publication, replaces any other previous version of the same. Except for what has been otherwise specified, this privacy policy shall continue to apply to the personal data gathered up to then. NOME reserves the faculty to amend this privacy policy any time, and shall notify the users on this page. Kindly consult this page frequently, taking as reference the date of the last amendment indicated at the bottom. In case future amendments are not accepted, the data subject must stop using the web site or the functions the privacy modifications refer to, and in the absence of such restraints the changes will be considered as accepted (without prejudice to those that modify the conditions for the acquisition of the consent, when this is obligatory for the processing).
Roncadelle (BS), 15 September 2018