Privacy Policy for data collected through the website https://gemgroup.it/en/.

1. – GENERAL INFORMATION
   1. This notice is drawn up pursuant to Art. 13 and 14 of EU Regulation No. 2016/679, (hereinafter also just ‘GDPR’) concerning the processing of personal data of users interacting with https://gemgroup.it/en/.
   2. This information applies only to the domain https://gemgroup.it/en/ and not to other websites that may be consulted by users via links contained therein.
   3. All data are processed lawfully, correctly and transparently, in accordance with the requirements of Articles 5 and 11 of the GDPR;
   4. Specific security measures are taken to prevent loss of data, unlawful or incorrect use and unauthorised access, pursuant to Art. 32 of the GDPR.
2. – REFERENCES OF THE DATA CONTROLLER | DATA PROTECTION OFFICER
   Company name: General Electric Monfalcone S.r.l.
   Part. VAT: IT 00433840311
   Registered office: Sede legale: Via Rosa Agazzi, 21 Z.A. 34079 Staranzano (GO)
   Telephone contact details: 0481 483613
   Email contact details: gemgroup@gemgroup.it
   Certified mail contact details: gemgroup@legalmail.it
3. – DATA PROCESSING
   Modalities, purposes of data processing and legal bases
   1. When browsing https://gemgroup.it/en/, the software applications used to operate the site acquire certain data transmitted via secure protocols. This information is not collected in order to be associated with identified data subjects, but could, through processing and association with data held by third parties, allow users to be identified. This category of data includes, but is not limited to:
      1. Internet Protocol (IP) address;
      2. Browser identifier (user agent);
      3. Name of the Internet Service Provider (ISP);
      4. Addresses in URI (Uniform Resource Identifier) notation;
      5. Date and time of visit;
      6. Web page where the user enters and leaves the site (referral);
      7. Possibly the number of clicks.
   2. The processing of personal data is carried out using IT tools suitable for guaranteeing the security and confidentiality of such data and in any case in compliance with the appropriate security measures as required by art. 32 GDPR, using secure communication protocols with SSL encryption algorithms. Personal data will be processed in accordance with the legal provisions of the aforementioned legislation and the confidentiality obligations therein. The measure of the Italian Data Protection Authority “Guidelines on promotional activities and the fight against spam” of 4 July 2013, the “Guidelines on the processing of personal data for online profiling” of 19 March 2015, the “Guidelines on automated decision-making processes and profiling” – WP251, defined according to the provisions of Regulation (EU) 2016/679, are considered good practices. The aforementioned information is collected in automated form and processed in an exclusively aggregate form for the purpose of verifying the proper functioning of the https://gemgroup.it/en/ website and for security reasons in order to block attempts to damage the https://gemgroup.it/en/ website itself, harm other users or activities that are harmful or constitute a criminal offence. This data is not used for user profiling, but only for the purpose of protecting https:// gemgroup.it/en/ and its users. The legal basis for the processing is the legitimate interest of the data controller under Art. 6 (1) (F).
   3. In the event that, through the v website, the user decides to send his or her Curricula for a possible employment relationship, the https://gemgroup.it/en/ website receives and records some of the user’s identification data, including the user’s first name, last name, e-mail address, telephone number and any other contact data. When sending their Curricula, applicants may also provide data on their state of health, information relating to other legal entities and/or natural persons, racial or ethnic origin, religious or philosophical beliefs, trade union membership or sexual orientation. This data is understood to be provided voluntarily and spontaneously by the user when sending Curricula. The legal basis for the processing is consent pursuant to Art. 6 (1) (A).
   4. If the site https://gemgroup.it/en/ receives a request for information on the services/products offered by General Electric Monfalcone S.r.l., the https://gemgroup.it/en/ site receives and records some user identification data, including the user’s name, surname, e-mail address, telephone number and other possible contact data. The data received will be used exclusively for the provision of the requested service and only for the time necessary for the provision of the service. The legal basis for the processing is the execution of pre-contractual measures taken at the request of the data subject ex art. 6 (1) (B).

   Direct marketing and soft spam

   1. In case of specific consent General Electric Monfalcone S.r.l. may send by e-mail information on its services and/or products, promotions and special offers. The user may disable the service at any time. Specific brief information will be displayed in the appropriate sections of the site pages. This consent may be revoked at any time by simple request sent to the contact details indicated in SECTION II of this notice or by using the UNSUBSCRIBE option at the bottom of the newsletter. The legal basis for the processing is consent pursuant to Art. 6 (1) (A).
   2. If the data subject is already our customer, we may send him or her commercial communications concerning services and products similar to those he or she has already used, unless he or she objects. The legal basis for the processing is Art. 130 par. 4 of Legislative Decree. 101/2018.

   Short information

   1. Specific short information on specific data processing (e.g. when subscribing to a newsletter or filling in a contact form) will be displayed on the pages of the https://gemgroup.it/en/ website set up for particular services on request.
4. – USER RIGHTS
   1. Articles 15 to 23 of EU Regulation 679/2016 list the user’s rights.
   2. The data subject, in relation to the personal data covered by this information notice, is entitled to exercise the rights provided for in the EU Regulation below:
      1. right of access of the interested party [Art. 15 of the EU Regulation] (the possibility of being informed about the processing performed on one’s Personal Data and possibly receiving a copy of it);
      2. right to rectification of one’s Personal Data [Art. 16 of the EU Regulation] (the data subject has the right to rectification of inaccurate personal data concerning them);
      3. right to erasure of one’s Personal Data without undue delay (‘right to be forgotten’) [Art. 17 of the EU Regulation] (the data subject has, as well as will have, the right to the deletion of their data);
      4. right to restrict the processing of one’s Personal Data in the cases provided for in Art. 18 of the EU Regulation, including in the case of unlawful processing or contestation of the accuracy of Personal Data by the data subject [Art. 18 of the EU Regulation];
      5. right to data portability [Art. 20 of the EU Regulation], the data subject may request his or her Personal Data in a structured format in order to transmit them to another controller, in the cases provided for by the same article;
      6. Right to object to the processing of one’s Personal Data [Art. 21 of the EU Regulation] (the data subject has, as well as will have, the right to object to the processing of their personal data);
      7. right not to be subject to automated decision-making processes, [Art. 22 of the EU Regulation] (the data subject has, as well as will have, the right not to be subject to a decision based solely on automated processing).
   3. Requests may be addressed to the data controller at the e-mail address info@maggioloconsulting.it using the form provided by the Personal Data Protection Authority, which can be downloaded from the website https://www.garanteprivacy.it/home/modulistica-e-servizi-online. In the event of an alleged breach of the law, the user has the right to lodge a complaint with the Personal Data Protection Authority, as the authority responsible for monitoring processing in the Italian state. For more information on how to file a complaint with the Data Protection Authority, click on the link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524. For more information on the rights of data subjects, see Art. 15 et seq. of EU Regulation 679/2016 at https://www.garanteprivacy.it/i-miei-diritti
5. – SECURITY OF DATA PROVIDED
   1. The website, https://gemgroup.it/en/, processes user data lawfully and correctly, taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. Processing is carried out by means of computer and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated.
6. – DOMAIN SERVER POSITIONING
   1. The domain server of https://gemgroup.it/en/ is hosted on servers located in the S.E.E.
7. – AMENDMENTS TO THIS DOCUMENT
   1. This document constitutes the privacy policy of this website https://gemgroup.it/en/ and may be subject to changes or updates.