INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to art. 13 EU Regulation 2016/679 (GDPR)
– Updated on the 15th of February 2022 –
On this page we wish to illustrate to users who explore our website www.stm.group the purposes and methods of processing their personal data, the security measures we apply to protect them and the rights that can consequently be exercised, in line with the EU Regulation 2016/679 (GDPR). As a result of consulting the site, in fact, data relating to identified or identifiable natural persons may be collected and must be processed according to precise protection rules.
DATA PROCESSING HOLDER
The data controller is STM Industriale SpA, with registered office in IT-80122 Naples, via Francesco Caracciolo 11 and production plant in IT-85050 Tito Scalo (PZ) Zona Industriale snc, Phone +39 0971 485 073, e-mail: info@stm.group, pec: stmindustriale@legalmail.it, dedicated e-mail privacy@stm.group.
LEGAL BASIS AND PURPOSE OF THE TREATMENT
Personal data may be processed, without the user’s prior consent, for service purposes such as: the execution of pre-contractual obligations, the collection of anonymous statistical information on the use of the services, also to check their correct functioning; the fulfillment by the holder of obligations imposed by national and EU law, or by the competent authorities; the pursuit of a legitimate interest of the owner, in particular: management and maintenance of the website, to satisfy its correct operation; statistical activity using analytical cookies, to optimize and improve navigation on the website without identifying the user; prevention and prevention of unlawful acts, being able, in this regard, to be exercised by the owner a guaranteed right pursuant to art. 24 of the Constitution, as such prevailing over the interests of the individual concerned. On the other hand, the prior acquisition of the user’s consent is required when collecting personal data functional to sending and managing online applications for any job positions.
TYPES OF DATA PROCESSED AND PURPOSE OF THE TREATMENT
Navigation data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. While users are browsing, the following information may be collected and stored in the site’s server (hosting) log files: internet protocol address (IP); browser type; parameters of the device used to connect to the site; name of the internet service provider (ISP); visit date and time; web page of origin of the visitor (referral) and exit; possibly the number of clicks. These data are used for statistical and analysis purposes, in an exclusively aggregated form, for the use of web services and also for the purpose of checking the correct functioning of the services. They do not persist for more than seven days, except for any need to ascertain crimes by the judicial authority. The IP address is used exclusively for security purposes and is not crossed with any other data.
Data communicated by the user
The optional, explicit and voluntary sending of messages to the contact addresses of the owner, as well as the compilation and forwarding of forms on its site, involve the acquisition of the sender’s contact data, necessary to reply, as well as all the personal data included in communications.
Cookies and other tracking systems
No use is made of cookies for user profiling, except for the production of statistics with pseudonymised data on navigation on the site www.stm.group. Technical session cookies (non-persistent) are used, strictly limited to what is necessary for the safe and efficient navigation of the sites: technical cookies, used for the sole purpose of transmitting an electronic communication, to ensure the correct display of the site and navigation within it; some of them are deleted when the browser is closed (session cookies), others have a longer duration (those necessary to retain the user’s consent in relation to the use of the cookies themselves, which last for one year). Consent is not required for these cookies; analysis cookies, used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site. They are assimilated to technical cookies if the service is anonymized.
RECIPIENTS OF DATA AND SCOPE OF DATA COMMUNICATION
The data will be processed only by subjects previously authorized by the data controller. In particular they may be disclosed to the following categories of external subjects: professional and / or technical service providers, consultants and professionals, also in associated form, legitimate recipients in accordance with the law. The recipients of the data act as data controllers or processors in accordance with the provisions directly applicable to them. Any third party that in the context of this procedure is the recipient of your data may use them within the limits established by this Privacy Policy.
To receive the updated list of managers, as well as the list of recipients of your data, please contact us by sending an email to the following address: privacy@stm.group
The following subjects, designated by the owner pursuant to art. 28 of the Regulation as data processors:
- LinkedIn, a social network web service, for the collection and management of online applications;
- Professional Recruitment, business consulting company based in Milan, Largo Guido Donegani n. 2, for the human resources selection processes.
The personal data collected are also processed by the owner’s staff, which acts on the basis of specific instructions provided regarding the purposes and methods of the processing itself.
Methods of data processing and data retention
User data is processed with the help of electronic tools and security measures in compliance with the security requirements required by current regulations. They are kept for the time necessary to fulfill the purpose for which they are collected and, in any case, to the extent that this will be necessary to comply with the obligations imposed on the owner by laws or regulations, to protect the rights of the owner, prevent fraud or apply the corporate privacy policy. As for the protection of the rights of the owner in court, it is pointed out that the retention period of personal data is ten years from the acquisition of the data, corresponding to the ten-year limitation period referred to in art. 2946 of the Italian Civil Code.
TRANSFER OF DATA ABROAD
The user’s personal data are likely to be transferred outside Italy to third party recipients established within the perimeter of the European Union. This type of transfer is free because each country of the European Union has implemented the GDPR and is able to guarantee an adequate level of data protection. However, the data could also be transferred to third countries outside the European Union, which do not guarantee the same level of data protection. This transfer, however, will always take place in accordance with the provisions of the GDPR, i.e. through the collection of the user’s consent, when necessary, or through the adoption of any other measures necessary to ensure the security of the data being transferred.
RIGHTS OF THE INTERESTED PARTIES
The interested parties have the right to obtain from the data controller, in the cases provided for, access to their personal data and the correction or cancellation of the same or the limitation of the processing that concerns them or to oppose the processing (articles 15 et seq. of the Regulation). More specifically, the user can exercise the rights recognized by the GDPR at any time as follows: request for access to data: obtain from the data controller confirmation that data processing is in progress and, if necessary, gain access to it by becoming aware of some information (purpose of the processing, categories of personal data processed, recipients to which the data is communicated).
In this context, it will also be possible to obtain a free electronic copy of the data being processed, or, if necessary, a paper copy for which an expense contribution may be applied; data correction: obtain the correction of inaccurate data and / or the integration of incomplete data, by providing a supplementary declaration; deletion of data: obtain from the data controller the deletion of data without undue delay, if certain circumstances exist, including the withdrawal of consent or the loss of the need for their treatment with respect to the purposes for which they were collected; limitation to the processing of data: in certain circumstances, including the case of dispute of the inaccuracy of the data, request the limitation of the processing; data portability: receive in a structured format, commonly used and readable by an automatic device, the data provided to a data controller and transmit them to another data controller without impediments if the processing is based on consent and is carried out by automatic means; opposition to treatment: exercisable at any time for reasons connected to the public administration condition article of the user, affected by the treatment.
To exercise their rights, the interested party can contact the data controller at the following dedicated e-mail address: privacy@stm.group
COMPLAINTS
Interested parties who believe that the processing of their personal data through this site is in violation of the Regulations, have the right to lodge a complaint with the Guarantor, as required by art. 77 of the Regulation itself, or to take the appropriate judicial offices pursuant to art. 79.