Privacy policy

Privacy Notice for Website Visitors (Art. 13 of Regulation (EU) 2016/679 and Art. 13 of Legislative Decree 196/2003)

Dear User,

This Privacy Notice describes how this website (dafram.it) is managed with regard to the processing of your personal data when you browse it.

The information provided below is given pursuant to Article 13 of Regulation (EU) 679/2016 (hereinafter “GDPR”), concerning the protection of natural persons with regard to the processing of personal data of all users interacting with the website.

This Privacy Notice applies solely to this website (dafram.it) and not to any other websites that may be accessed by the user via hyperlinks.

DATA CONTROLLER.  The Data Controller is DAFRAM S.p.A. (Tax Code: 00837680156), with registered office in Milan (MI), Via S. Raffaele no. 1, Email: privacy@dafram.it - Certified Email (PEC): pec@pec.dafram.it 

PROCESSED DATA, PURPOSES AND LEGAL BASIS FOR PROCESSING

  1. Data provided by the user.  The voluntary sending of messages to DAFRAM contact addresses or through the completion and submission of the “Request information” form available on the website entails the acquisition of the sender’s contact details, first and last name, and any other personal data voluntarily included in the communications.

Such data will be processed for the purpose of responding to communications and handling information requests. The provision of such data is optional; however, failure to provide them will make it impossible to process the request.

For the above purposes, the legal basis for processing is Article 6(1)(b) GDPR, as the processing is necessary for the performance of pre-contractual measures adopted at the request of the Data Subject.

  1. Personal data provided through the whistleblowing application.  Users submitting reports of unlawful conduct through the whistleblowing application accessible from the website may choose to do so anonymously or by disclosing their identity.  If the user chooses to disclose their identity, it will be known only to the “Organismo di Vigilanza” of DAFRAM S.p.A., which is entrusted with managing such reports and is required to ensure confidentiality.  The identity of the whistleblower (and any information from which such identity may be inferred) will never be disclosed without the whistleblower’s prior consent.

The personal data provided by the whistleblower will be processed for the purpose of managing and responding to reports of unlawful conduct pursuant to Legislative Decree no. 24/2023.

The legal basis for such processing is Article 6(1)(c) and Article 6(3)(a) and (b) GDPR, namely compliance with a legal obligation established by Legislative Decree no. 24/2023.

Where processing results from the disclosure of the whistleblower’s identity, the legal basis shall instead be the Data Subject’s consent (Article 6(1)(a) GDPR).

  1. Browsing data.  The IT systems and software procedures used to operate this website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols.  This category includes IP addresses or domain names of users’ devices, URI/URL addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (success, error, etc.), and other parameters relating to the user’s operating system and IT environment.

The purpose of processing such data is to ensure the proper functioning of the website and to enable browsing, consultation, and interaction with its contents. The provision of such data is necessary for browsing.

For these purposes, the legal basis for processing is Article 6(1)(f) GDPR, as processing is necessary for the pursuit of the Data Controller’s legitimate interest, namely activities strictly necessary for the functioning of the website and the provision of browsing services.

  1. Cookies and other tracking systems.  This website uses technical cookies, including session and persistent cookies, as well as third-party cookies for statistical purposes, in order to ensure the proper, secure, and efficient operation of the website and to analyse its use.

The use of third-party cookies for statistical purposes is based on the Data Subject’s consent pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 and applicable national legislation. Such consent may be freely given, refused, or withdrawn at any time.

For further information on the cookies used by this website, please refer at all times to the cookie policy available at the following link: cookie policy.

DATA DISCLOSURE.  Personal data are processed by personnel authorized by the Data Controller, who have been appropriately instructed and trained.  Both browsing data and data voluntarily provided by users (via messages or the “Request information” form) may be disclosed to external parties formally appointed as Data Processors under a specific agreement, belonging to the following categories:

  • companies providing website and IT system maintenance services; 
  • companies providing electronic communication and email services; 
  • companies providing database management and maintenance services for the Data Controller. 

The updated list of Data Processors may be requested at any time from the Data Controller.

DATA RETENTION PERIOD

Browsing data are retained for the duration of the browsing session (without prejudice to any need to ascertain criminal offences by judicial authorities).  Personal data voluntarily provided by users will be processed for the time necessary to handle the request and, in any case, for no longer than 1 year.

DATA TRANSFER

With reference to the processing described above (whistleblowing), the Data Controller may use, also through its Data Processors, providers of electronic communication services, particularly email services, which may transfer users’ messages and personal information to countries outside the European Union or store backup copies of such data in those countries to mitigate risks related to data loss.  Such service providers are selected based on reliability, security, and compliance with national and European data protection legislation.

DATA SUBJECT’S RIGHTS

Pursuant to Articles 13–21 GDPR, under the conditions set therein, the Data Subject may at any time exercise the following rights against the Data Controller:

  • Right of access: to obtain confirmation as to whether or not personal data concerning them are being processed and access to such data, including a copy thereof; 
  • Right to rectification: to request the updating or correction of personal data; 
  • Right to withdraw consent: where processing is based on consent, to withdraw such consent for the future; 
  • Right to erasure: in the cases provided for in Article 17 GDPR, to request deletion of personal data; 
  • Right to data portability: in the cases provided for in Article 20 GDPR, to receive personal data in a structured, commonly used, and machine-readable format and to transmit them to another controller where technically feasible; 
  • Right to restriction of processing: in the cases provided for in Article 18 GDPR, to request restriction of processing. In such cases, data may be processed, aside from storage, only with the Data Subject’s consent or for the establishment, exercise, or defence of legal claims or for reasons of public interest; 
  • Right to object: where personal data are processed for public interest purposes (Article 6(1)(e) GDPR) or for the Data Controller’s legitimate interest (Article 6(1)(f) GDPR), to object to processing on grounds relating to their particular situation; 
  • Right to lodge a complaint: to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it). 

The above rights may be exercised by sending a written communication to the Data Controller, via email to: privacy@dafram.it or via certified email (PEC) to: pec@pec.dafram.it

Privacy policy - Dafram