WITH PRIVACY NOTICE PURSUANT TO ART. 13 OF THE EU REGULATION No. 679/2016
The company Tesmec S.p.A., with registered office in 20123 Milan, Piazza S. Ambrogio no.16, tax code and VAT number: 10227100152, in the person of the legal representative pro tempore, as data controller (hereafter "Data Controller") of the personal data belonging to users/visitors who visit the website "www.tesmec.com", invites you to read this notice pursuant to art. 13 of the EU Reg. no. 679/2016 (hereinafter "GDPR") concerning the processing of your personal data, also containing important information regarding the management of the aforementioned website, in compliance with the regulations in force and as better specified below.
This notice is solely provided for the website "www.tesmec.com" and not for other websites that may be consulted by the user through links.
1. Data being processed
The Data Controller will process the personal identification data (by way of a non-limiting example: name, surname, address, telephone number, e-mail, etc. hereafter "Data") that you voluntarily provided in order to be able to take advantage of specific services offered by the website "www.tesmec.com", in addition to those (navigation data) which can be normally accessed by the Data Controller through computer systems and software procedures used to operate the website. In this latter case, reference is made to those personal data whose disclosure is implicit in the use of Internet communication protocols. This category of data includes ex-multis IP addresses or domain names of the computers used by users connecting to the website, the addresses in Uniform Resource Identifier (URI) of the requested resources, the time of request, the method used while submitting the request to the server, the file size obtained as response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user's computer environment.
2. Purpose of processing
Your data will be legally and properly processed for the purposes described below.
B. As far as data voluntarily provided by the user are concerned, the above-mentioned category of data includes information (name, surname, e-mail address, data included in curriculum vitae, content acquired through forms filled in online, etc.) voluntarily provided by the user when curriculum vitae is voluntarily sent and online applications, through the "Work with us" section, which will be subsequently used by the Data Controller to assess the user's suitability in view of a potential company recruitment, by starting, if required, the selection processes.
C. Solely upon your specific and explicit consent (pursuant to art. 7 of the GDPR) to allow the optional, explicit and voluntary sending of e-mails to the addresses indicated on this website in the section "Talk to Tesmec" to ask for information on products, relevant documentation and services offered by the Data Controller: this includes the further acquisition by the latter of the sender’s address which is needed to answer the questions and to follow up on any requests for offers; as well as to allow the Data Controller to carry out market research and analysis aimed at detecting the level of customer satisfaction on quality and type of products and services supplied and on initiatives to improve them, send
D. Solely upon your specific and explicit consent (pursuant to art. 7 of the GDPR) to allow the optional, explicit and voluntary sending of e-mails to the addresses indicated on this website in the section in the "newsletter" section to receive advertising material and/or commercial communications and information and direct marketing concerning new products offered for sale, the latest innovations and technologies of products, new services offered by the Data Controller or by third parties (including the other companies of the Group) and news and promotional events. The foregoing can occur through traditional contact systems (paper-based mail or calls through the Sales Offices) or by e-mail.
E. Solely upon your specific and explicit consent (pursuant to art. 7 of the GDPR), which could be exercised separately by the previous points C and D, to allow the optional, explicit and voluntary use of personal data personal data belonging to users to allow the Data Controller to carry out market research and analysis aimed at detecting the level of customer satisfaction on quality and type of products and services supplied and on initiatives to improve them.
3. Modalities of processing
Processing of your data is carried out through the operations mentioned in art. 4 no. 2) of the GDPR and more precisely: collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, disclosure or any other form of supply, comparison or interconnection, limitation, cancellation or destruction of Data.
Your Data are subject to both paper and electronic processing.
Acquired Data are processed, in full compliance with the laws and principles of lawfulness, fairness, transparency, limitation and protection of your privacy and your rights.
Processing of Data belonging to minors is not envisaged.
4. Data retention period
The Data Controller retains Data in compliance with local laws and internal company policies and procedures for the time necessary to fulfil the aforementioned purposes and to meet its legitimate business interests, legal obligations or to establish, exercise or defend legal rights. Once the data retention is no longer required for said purposes, Data will be deleted in a secure manner. For further information on the retention periods for documents, please refer to the abstract of Data Retention Policy.
5. Legal ground for processing
Processing of the aforementioned Data is necessary to allow you to browse the website and to follow up on your requests. Where necessary, for specific purposes, the user's express consent will be requested (see art. 8 and 12).
Processing of Data for marketing purposes is permitted in relation to the free circulation of data as provided for by the GDPR and can be translated into activities aimed at meeting the legitimate business interests of the Data Controller, including any commercial development activities (by way of example marketing, customer satisfaction etc.), performed by the latter.
6. Communication, disclosure and access to Data
Your Data may be made accessible for the purposes described above:
- employees and collaborators of the Data Controller in Italy and abroad, as internal data processors and/or sub-processors/people responsible for processing and/or system administrators;
- to other Tesmec Group companies (parent companies, subsidiaries and/or affiliates) in Italy and abroad and to their employees and collaborators;
- to other third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors, including suppliers or individuals appointed to perform ancillary or instrumental services for the purposes specified above, with whom the Data Controller concludes special agreements.
The Data Controller also reserves the right to share personal data with some third parties, including: IT providers for system development purposes and technical assistance; auditors and consultants to ascertain compliance with external and internal requirements as well as compliance with laws; bodies and agencies responsible for the application of laws and concerned parties pursuant to legal obligations to reporting; any successors or business partners of the Data Controller or of a company of the Data Controller’s group in case of sale, assignment or other extraordinary transactions; police, armed forces and other public administrations for the fulfilment of obligations set by laws, regulations or by European legislation.
Should said parties be located in extra-EU countries, the Data Controller ensures that extra-EU data transfer will take place in accordance with the applicable legal provisions.
7. Data Transfer
Data will be stored on servers located within the European Union. In any case, it is understood that the Data Controller has the right to share data with the other companies of the Tesmec Group and/or to transfer Data also to other extra-EU areas, if needed; in this case, the Data Controller hereby ensures that the extra-EU data transfer will take place in accordance with the applicable legal provisions.
The Data Controller shall apply all the necessary protections to the aforementioned transfers pursuant to the legislation on privacy in force.
8. Type of Data provision and consequences of failure to provide Data
Provision of Data for the purposes referred to in art. 2 "A." is mandatory for visiting and surfing the website "www.tesmec.com".
Provision of Data for the purposes referred to in art. 2 "B." is also mandatory. Should they be missing we cannot ensure the receipt of applications sent with their subsequent assessment.
Provision of data for the purposes referred to in article 2 "C.", 2 “D.”, 2 “E.” is optional. You may decide not to provide any data or to subsequently revoke the processing of data already provided: in this case, you cannot receive the requested information, commercial communications and advertising material concerning the services offered by the Data Controller.
9. Rights of the Data subject
As Data subject, you have the rights set forth in articles 13, paragraph 2, letters b), c) and d), 15, 16, 17, 18, 19 and 21 of the GDPR and precisely the rights to:
- receive confirmation of the existence or absence of Data concerning you, even if not yet registered, and their communication in an intelligible form;
- to receive information on: a) the origin of Data; b) the purposes and methods of processing; c) the logic applied in case of processing performed with the aid of electronic devices; d) the identification details of the Data Controller, Data Protection Officer, data processors and the designated representative pursuant to art. 3, paragraph 1, of the GDPR; e) the subjects or categories of subjects to whom Data may be disclosed or who may become aware of them as designated representative in the territory of the State and as processors;
- to obtain: a) the updating, correction or, when they are interested, integration of the Data; b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed. c) certification that the parties to which the data have been transferred or disseminated have been notified of the operations specified in points a) and b), also regarding their content, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.
- to object, in whole or in part: a) for legitimate reasons to the processing of data concerning you, even if linked to the purpose of collection; b) the processing of data concerning you for sending advertising material or for direct sales or for market researches or commercial communication, through the use of automated call systems without the intervention of an operator through e-mail and/or traditional marketing methods by phone and/or paper-based mail. It should be noted that the right to object, which the Data subject is entitled to, as set out in point b) above, for direct marketing purposes through automated methods also applies to the traditional ones and that in any case the Data subject is free to exercise even partially the right to object. Therefore, the Data subject may decide to receive communications through traditional methods or automated communications only or none of the two types of communication;
- where applicable, the Data subject also has the rights referred to in articles 16 - 21 of the GDPR (Right to correction, right to be forgotten, right to processing limitation, right to data portability, right to object), as well as the right to file a complaint to the Competent Authority;
- to revoke any consent given at any time.
10. How to exercise rights
You may exercise your rights or submit a request at any time by sending: a registered letter with notification of receipt to Tesmec S.p.A. - with registered office in Milan, Piazza S. Ambrogio no. 16 (ZIP code 20123) - or an e-mail to: email@example.com.
11. Data Controller, Data Protection Officers, Data Processors
The Data Controller is Tesmec S.p.A. with registered office in Milan, Piazza S. Ambrogio no. 16 (Post code 20123) , tax code and VAT number: 10227100152, in the person of the legal representative pro tempore
In order to run properly, this website might install on your computer or mobile device small text files named “cookies”.
This website use just technical cookies for the functionalities and the standard settings, such as: language, login and other view settings.
Technical cookies are “session” cookies: they are not saved permanently, as they will only stay on your device until you stop browsing. The use of this kind of cookies is strictly limited to the session identification transmission (consisting in casual numbers generated by the server), that is necessary for a safe and efficient browsing experience.
This website uses Google Analytics analysis instruments for the purpose of providing aggregate Service usage statistics. If you want to disable or delete cookies of this service you can do it by changing the settings of your browser on your device.
Note that if you set your browser to disable cookies, some parts of this website may not work properly.
How to control and delete cookies
If you wish to disable your browser from receiving cookies you have to change your browser settings.
Microsoft Internet Explorer: http://windows.microsoft.com/...
Mozilla Firefox: https://support.mozilla.org/it/kb/...
Google Chrome: https://support.google.com/accounts/answer/61416?hl=it
You can delete cookies anytime form the hard disk of your device.
This website can embed occasionally videos, services and other contents form social networks and other services.
We suggest you to find out more information on privacy and cookie policies directly at third-party information sites:
Linkedin e Slideshare: https://www.linkedin.com/legal/privacy-policy
MANAGEMENT POLICY OF TESMEC OFFICIAL SOCIAL PAGES
In this document, Tesmec defines the rules for its fanpage by the company and those who interact with it.
We have created the Facebook, the LinkedIn, the Twitter, the YouTube, the ISSUU page (“Tesmec official social pages”) to communicate with people interested in Tesmec activities, and we are open to fans’ ideas, comments and suggestions.
The pages are managed Monday to Friday during office hours from 8.00am to 5.00pm.
Staff that manage the pages will take care of the users’ requests and answer questions in the shortest time, ensuring that requests are taken care of (first feedback).
If the answers require a longer waiting time, it means that the topic need more in-depth analysis to provide users with all the information they need.
Tesmec informs all users that the use of the page and its contents is strictly dependent on legal compliance and good conduct towards the page administrators and other users.
Tesmec defines the following rules of conduct, the cases of violation and the consequent actions envisaged by the page administrators.
RULES OF CONDUCT
We ask users to comply with the following rules of conduct on the pages:
- Respect other’s ideas and actions as everyone has the right to express their opinions in compliance with the rules defined in this document;
- To be polite and respectful to the page administrators and other users;
- Comply with all applicable legal provisions.
CANCELLATION OF MESSAGES AND POSSIBLE BLOCKING/REPORTING TO TESMEC OFFICIAL SOCIAL PAGES
The following violates the terms and conditions of the Tesmec page and will be managed by deleting messages and/or blocking users’ activity on the page:
- Inappropriate comments about Tesmec;
- Personal insults, offensive, denigrating, defamatory, polemic, vulgar, pedo-pornographic comments or those inciting any violence;
- Racist, political or religious activism comments;
- SPAM or automatically generated comments which are repeated in the same thread or different threads;
- Advertising messages or those that offer services or goods for commercial purposes;
- Messages that violate third party rights (copyrights).
Tesmec reserves the right to report any abuse or legal violation to the relevant Authority, providing information (messages, comments etc.) and data useful and/or expressly requested by the Authority to prevent and suppress alleged offences.
Users who publish and/or share their content on the official page authorize Tesmec to use, publish, distribute that content to develop and improve its business and respond to the user needs.
Finally, users waive the right to request any compensation of any kind and nature from Tesmec for the rights to use photographs, images, names, videos and any other content published and/or shared by users on the Tesmec official social pages.
EXTRACT FROM THE RETENTION POLICY ON PERSONAL DATA OF THE COMPANY TESMEC SPA
1. Premise and scope
This document is an extract from the data retention policy with regard to personal data of Tesmec S.p.A. and is disseminated by the Company:
- in light of the new EU regulation 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation; hereinafter for brevity referred to as the “EU Privacy Regulation “ or the “Regulation” or the “GDPR”), which consolidates current rules and regulations on privacy;
- in recognition of the fact that the rules and regulations on privacy (hereinafter for brevity referred to as “Privacy rules and regulations”) are the total of all the legal provisions that apply to the protection of personal data, as consolidated by the GDPR;
- to provide general information on the data retention policies adopted by the Company with regard to personal data.
- “Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Data Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- “Data Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3. Principles relating to the duration of the processing of personal data
3.1. General principles
In conformity to the Privacy rules and regulations, the processing of personal data of which Tesmec S.p.A. is the Data Controller or Processor is performed in compliance with the principles summarised below.
The personal data:
- are processed lawfully, fairly and transparently in relation to the data subject;
- are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
In general, the data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
The fulfilment of legal obligations, the implementation of current civil, tax, company, social security, labour, etc. law or the cases in which the processing is necessary in order to establish, exercise or defend a right before the courts or any time that the judicial authorities exercise their jurisdictional functions, implies that certain personal data must be kept for longer periods of time with regard to the times laid down by said obligations or rules and regulations.
Further, the legislator and the supervisory authority may determine, for certain types of processing, specific terms with regard to the limitations set forth in the Privacy Rules and Regulations.
3.2. Specific indications per data subject category
Without prejudice to the implementation of the general principles of paragraph 3.1. above, according to which the duration of retention of the personal data depends on the achievement of the purposes for which the data are processed (purposes specified in the information notices or related to the legal basis for processing), below please find, for the main categories of data subject, the factors that determine the duration of the main processing operations of personal data of said categories of data subject and the cases where legal retention constraints may apply.
Data subject category
Factors that determine the duration of processing
Possible application of other legal retention constraints
Personnel (employees and associates)
Duration of the employment or collaboration relationship
Period of interest for the professional profile of the candidate, also following the job vacancy.
No longer than 2 years.
Term of the contractual relationship and time periods necessary for the provision of the service
Term of the contractual relationship
In case it is necessary to apply factors that determine the duration of processing other than the ones above, such factors will be promptly indicated in the information notices addressed to the recipients.
4. Right to erasure
The data subject has the right to obtain the erasure of the personal data that concern him/her without undue delay and the controller shall have the obligation to erase personal data where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based (in cases where consent constitutes the legal basis for the processing) and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to the current Rules and Regulations and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- in the other cases foreseen by the Privacy Rules and Regulations.
The paragraph above shall not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- in so far as the right referred to in the previous paragraph is likely to render impossible or seriously impair the achievement of the objectives of that processing;
- for the establishment, exercise or defence of legal claims;
- in the other cases foreseen by the Privacy Rules and Regulations.
For more information on the duration of the processing operations or for the exercise of the right to erasure, please contact the e-mail address firstname.lastname@example.org.
 For example, legal obligations or constraints arising from civil, tax, social security, labour law (usually 10 years from the end of the contractual relationship), cases of exercise of rights before the courts, etc., or other specific processing duration constraints determined by the legislator or by the supervising authorities for certain purposes.