PRIVACY POLICY

Privacy notice

This notice describes how Masmec S.p.A. processes the personal data of visitors (hereinafter “users” or “interested parties”) who access the company website, electronically accessible from the address www.masmec.com (hereinafter “Website”). This notice, provided pursuant to and for the purposes of art. 13 of EU Regulation 2016/679 (hereinafter “GDPR”), relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data, does not extend to other sites, pages, and/or online services accessible via hypertext links that may be present on the Website and referring to external resources owned by entities other than Masmec.

Data Controller and contact details

The Data Controller of your personal data is Masmec S.p.A., in the person of the legal representative, with headquarters in Modugno (BA) at Via delle Violette no. 14. You can contact the Data Controller via e-mail at privacy@masmec.com.

Data Protection Officer

Masmec S.p.A. has designated a Data Protection Officer, who can be contacted via e-mail at dpo@masmec.com.

Purpose of processing and categories of data processed

Personal data are processed:

  1. to allow users to browse the Data Controller’s Website. The computer systems and software procedures used to operate the Website acquire some personal data, during their normal operation, that is necessarily transmitted when using internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the operating system and the user’s IT environment. Browsing data also includes information stored in cookies, for which please refer to the specific cookie policy of the Website;
  2. to respond to user requests, such as requests for information or download of material from the Website;
  3. to promote the business activity carried out by the Data Controller, through the publication of video and/or photographic material, including the reproduction of images of natural persons, captured at events of public interest or taking place in public;
  4. to allow users to submit a spontaneous application for job positions within Masmec S.p.A. by sending their curriculum vitae. However, for this specific purpose, please refer to the dedicated notice available in the “Working with us” section of the Website before providing your personal data.

Legal bases for processing

The processing of data for the purposes referred to in letter a) is based on the provisions of art. 6 par. 1 letter f) of the GDPR, being necessary for the pursuit of the legitimate interest of the Data Controller in the provision of an information society service as defined by art. 2 co. 1 letter a) of the Legislative Decree no. 70/2003.

In relation to the purpose referred to in letter b), the processing is based on the provisions referred to in art. 6 par. 1 letter b) of the GDPR, being necessary for the execution of pre-contractual measures of which the user is a party and, in any case, to respond to a request. The provision of the personal data in question is mandatory, and any refusal to process would make it impossible to follow up on the request.

With reference to the purpose referred to in letter c), the processing is based on the provisions of art. 6 par. 1 letter f) of the GDPR, that is on the legitimate interest of the Data Controller in promoting its business.

Recipients of the data

In pursuit of the aforementioned purposes, personal data may be communicated to the Data Controller’s staff, specifically authorized, and/or to IT service providers, as well as – in relation to the purpose referred to in letter c) – to editorial and/or advertising service providers, expressly designated by the Data Controller as Data Processors pursuant to art. 28 GDPR.

To find out the updated list of designated Processors in relation to the aforementioned processing, you can contact the Data Controller at the contact details indicated above.

Transfer of personal data

The data collected and processed for the aforementioned purposes will not be transferred to third countries and/or international organizations, with the exception of the data referred to in letter c) which, due to their method of dissemination through publication, could constitute the subject of transfer to third countries.

Retention period

The navigation data will be stored for a period not exceeding 180 days, while the data relating to the purpose referred to in letter b) will be processed for the time necessary to respond to the user’s requests. Finally, the data referred to in letter c), will be kept for the time necessary to pursue the purpose for which they were collected, and in any case until the interested parties exercise their right to object.

Exercise of rights

The user can obtain confirmation from the Data Controller at any time that personal data concerning them are being processed (or not) and, in this case, has the right to access such data and information on the relevant treatment.

During the entire processing period, the user, compatibly with the purposes of the processing, also has the right to request:

– the rectification of data (if inaccurate) or their integration (if incomplete);

– their cancellation, in the cases provided for by art. 17 of the Regulation;

– the limitation of processing in the cases contemplated by art. 18 of the Regulation;

– portability, in the cases referred to in art. 20 of the Regulation.

Pursuant to art. 21 of the Regulation, the user may object at any time, for reasons related to their particular situation, to the processing of data carried out on the basis of art. 6 par. 1 letter f) and, within the limits and conditions set out in art. 22 of the Regulation, has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects on them or which, in a similar way, significantly affects them.

All the aforementioned rights can be exercised by means of a request addressed to the Data Controller and/or the Data Protection Officer at the addresses indicated above.

Finally, if the user believes that processing by the Data Controller violates the Regulation, they can lodge a complaint with the Authority for the Protection of Personal Data, by hand delivery to the office located in Rome at Piazza Venezia no. 11, by registered letter with return receipt to be sent to the same address, or by certified e-mail to the address protocollo@pec.gpdp.it.