Microingranaggi Srl has, for many years, considered the protection of the personal data of its customers and suppliers to be of fundamental importance, ensuring that the processing of personal data, however performed, using both automated and manual systems, takes place in full compliance with the protections and rights recognised by Regulation (EU) 2016/679 (henceforth also the “GDPR”), concerning the protection of natural persons, with regard to the processing of personal data, as well as the free circulation of such data and the additional applicable rules on the subject of personal data protection.

The term `personal data’ is defined by art. 4 point 1) of the GDPR and means “any information relating to an identified or identifiable natural person (`data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (henceforth also the Personal Data”).

Your personal data consists of:
Name and surname;
Postal address;
Fixed and mobile telephone numbers;
Employment situation (for instance: employer etc.);
email address.

The GDPR foresees that, before commencing the processing of Personal Data (as defined in art. 4 point 2) (i.e. any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction) (henceforth also the “Processing”, the person to whom such Personal Data belongs (henceforth also the “Data Subjects”) are duly informed on the purpose for which the latter are required and the manner in which they will be used.

The purpose of this document is therefore to provide you, in a simple and intuitive manner, with all the useful and necessary information so that we can collect your Personal Data in an informed and competent manner and, where necessary, request and obtain clarifications and/or rectifications of the latter.

1. Who collects your Personal Data
The company processing your Personal Data for the purposes indicated in clauses 2 and 3 below and, therefore, taking on the role of Data Controller is MicroingranaggiS.r.l., with registered office in Via del Commercio, 29 – 20090 Buccinasco (henceforth also the “Data Controller”).

2. For which main purposes your Personal Data will be processed
The Data Controller needs to collect your Personal Data for the following purposes:
a) Respond to requests for information relating to the activity and/or products of the Data Controller submitted by the Data Subject;
b) to provide telephone-based customer care and consulting services;
c) the execution of the obligations arising from signed contracts;
d) contacts to provide clarifications on the purposes indicated in points a), b) and c) above;
e) to fulfil legal obligations imposed by civil, fiscal, accounting and regulatory requirements and EC regulations.
f) to provide any services presented on the website https://www.microingranaggi.it(the Website).
Collection of your Personal Data for the aforementioned purposes is mandatory in order to perform the services indicated above. If you refuse to allow such collection, it will be impossible to respond to your queries or prepare a quotation; your refusal shall not, however, impact the fulfilment of all legal obligations of a tax and administrative nature.

3. Additional purposes
Pursuant to your free and unequivocal consent granted under art. 6 par. 1 point a) of the GDPR, the Data Controller is entitled to use your Personal Data for the following additional purposes:
g) to verify the level of customer satisfaction in relation to the service provided, also for the management of ISO 9001/2015 quality policies;
h) to send newsletters with the purpose of keeping you updated on the latest news and activities of the Data Controller.
The Processing of your Personal Data for the purposes referred to in points g) and h) is optional and can not be performed without your consent, which must necessarily comply with the conditions set forth in art. 7 of the GDPR, which determine the lawfulness of the Processing of your Personal Data.
The contact details for the activities indicated in points g) and h) may be either automated (email) or traditional (telephone calls by an operator, posting of information). In any case, and as better illustrated in clause no. 7, you are entitled, at any moment in time, to fully or partially revoke your consent, for example by consenting to traditional methods of contact only.

4. Who your Personal Data shall be communicated to
Your Personal Data may be communicated to specific subjects as Recipients of such Personal Data. In this regard, please note that art. 4 point 9) of the GDPR provides the definition of the recipient of Personal Data as a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not; (henceforth also the “Recipients”).
In view of the above, and in order to correctly perform all the Processing activities necessary to pursue the purposes set forth in this Information Notice, the following Recipients may be designated to process your Personal Data:
individuals, employees and/or collaborators of the Data Controller, who have been assigned specific and/or more Processing activities of your Personal Data: these individuals have been given specific instructions on the security and correct use of Personal Data (hereinafter also the “Authorised Persons”);
where required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities.

5. For how long will your Personal Data be processed
Your Personal Data shall be processed by the Data Controller for a period which does not exceed that necessary to achieve the purposes for which they were collected and subsequently processed.
In any case you are entitled, at any moment in time, to inform us, using one of the methods provided in this Information Notice, of your desire to revoke your consent to the processing for one or all the purposes previously requested. Withdrawal of your consent shall, in fact, impose the Data Controller to cease all Processing of your Personal Data for such purposes.

6. Is it possible to withdraw consent and how to proceed
As foreseen by the GDPR, if you have consented to the Processing of your Personal Data for one or more purposes as previously requested, you are entitled, at any time, to withdraw such consent, totally and/or partially without prejudice to the lawfulness of the Processing based on the consent granted before such revocation.
The methods of revoking consent are very simple and user-friendly, simply contact the Data Controller using the contact options indicated in clause no. 7 of this Information Notice.

7. What are your rights
In accordance with art. 15 of the GDPR, you can access your Personal Data, request rectification and updating, if incomplete or erroneous, request erasure if the collection was effected in violation of any applicable laws or regulations, and object to the Processing for legitimate and specific reasons. In particular, please find below all the rights you are entitled to exercise, at any moment in time, with regard to the Data Controller:

Right of access:
you are entitled, under art. 15, par. 1 of the GDPR to obtain from the Data Controller confirmation as to whether or not your Personal Data data are being processed, and, where that is the case, to obtain access to such Personal Data and the following information:

(a) the purposes of the Processing;
(b) the categories of Personal Data concerned;
(c) the Recipients or categories of Recipients to whom the personal data have been or will be disclosed, in particular Recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right of the Data Subject to request from the Data Controller rectification or erasure of Personal Data or restriction of Processing of Personal Data concerning you or to object to such Processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the Personal Data are not collected from the Data Subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in art. 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such Processing for the Data Subject. All this information can be found in this Information Notice that will always be available in the Privacy section of the Website.

Right to rectification:
under art. 16 of the GDPR, you have the right to obtain rectification of any inaccurate details pertaining to your Personal Data. Taking into account the purposes of the Processing, you shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

Right to erasure:
under art. 17 of the GDPR, you have the right to obtain the erasure of your Personal Data without undue delay and the Data Controller will be obliged to erase your Personal Data for any of the following reasons:
(a) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) you have withdrawn your consent on which the Processing of your Personal Data is based and in case there is no other legal basis for the Processing to continue;
(c) you have objected to such Processing, under art. 21 par. 1 or 2 of the GDPR and there is no prevailing legitimate reason to continue the Processing of your Personal Data;
(d) your Personal Data have been unlawfully processed;
(e) when it is strictly necessary to erase your Personal Data to comply with any binding EU or internal legal or regulatory obligation. In certain circumstances, pursuant to art. 17, par. 3 of the GDPR, the Data Controller is entitled to not erase your Personal Data if their Processing is necessary, for example, to exercise the right to freedom of expression and information, the fulfilment of a legal obligation, for reasons of public interest, for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, for the establishment, exercise or defence of a right in court.

Right to restriction of processing:
under art. 18 of the GDPR, you have the right to obtain restriction of Processing, in any of the cases below:
(a) you have contested the accuracy of your Personal Data (the restriction shall remain for a period enabling the Data Controller to verify the accuracy of the Personal Data);
(b) the Processing is unlawful but you objected to the erasure of the your Personal Data, opting for the restriction of their use instead;
(c) the Data Controller no longer needs the Personal Data for the purposes of the Processing, but they are required for the establishment, exercise or defence of legal claims;
(d) you have objected to the Processing pursuant to art. 21 par. 1 of the GDPR pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject. Where Processing has been restricted, your Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We shall inform you, in any case, before any restrictions are revoked.

Right to data portability:
under art. 20 par. 1 of the GDPR you have the right to request and receive all your Personal Data processed by the Data Controller in a structured format, commonly used and readable by automatic devices, or request the transmission to another data controller without hindrance. In this case, it will be your responsibility to provide us with all the exact details of the new data controller to whom you wish to transfer your Personal Data along with due written authorisation.

Right to object:
under art. 21 par. 2 of the GDPR, and as reiterated in Recital 70, you shall have the right to object at any time to the Processing of your Personal Data if the same are processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

Right to lodge a complaint with a supervisory authority:
without prejudice to your right to appeal in any other administrative or jurisdictional office, if you believe that the Processing of your Personal Data carried out by the Data Controller is done so in violation of the GDPR and/or applicable laws, you can lodge a complaint with the Data Protection Supervisor at the Italian Supervisory Authority.

To exercise all your rights as identified above, simply contact the Data Controller using any of the following options:
by registered letter to Microingranaggi S.r.l., con sede in Via del Commercio, 29 – 20090 Buccinasco;
by fax to +39 02 48403899;
by email addressed to: info@microingranaggi.it.

8. Where your Personal Data will be processed
Your Personal Data shall be processed by the Data Controller within the territory of the European Union.
In the event that, for technical and/or operational reasons, it is necessary to make use of subjects located outside the European Union, we hereby inform you that these subjects will be appointed as Data Processors pursuant to and for the purposes of art. 28 of the GDPR and the transfer of your Personal Data to these subjects, limited to the performance of specific Processing activities, will be regulated in accordance with the provisions of Chapter V of the GDPR and, in particular, all necessary precautions will be taken to ensure utmost protection of your Personal Data basing this transfer:

a) on adequacy decisions of the third country recipients expressed by the European Commission;
b) on appropriate guarantees expressed by the third party recipient pursuant to art. 46 of the GDPR.