Privacy

Privacy policy on the processing of users' personal data of the website

Articles 13 and 14 of Regulation 2016/679 / EU (hereafter referred to as "GDPR")

OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA S.P.A. (hereinafter also "Company" or "Owner") is committed to respecting and protecting your privacy and wishes you feel safe both during the simple navigation of the site and in case you decide to register providing us with your personal data to use the services made available to its Users and / or Customers. On this page, the Company intends to provide information on the processing of personal data related to users who visit or consult the website accessible via www.ocrim.com (the "Site"). This privacy policy is provided for the Company's website only, excluding any website that may be accessed through the links (a reference is made to the respective privacy policies on the websites visited). Reproduction or use of pages, materials and information contained within the Site, by any means and on any device, is not permitted without the prior written consent of the Company. Copying and / or printing is permitted for personal and non-commercial use only (for inquiries and clarifications please contact the Company at the addresses below). Other uses of contents, services and information on this site are not permitted. With regard to the content offered and the information provided, the Company will ensure that the contents of the Website are kept up-to-date and reviewed, offering no guarantee as to the adequacy, accuracy or completeness of the information provided explicitly declining any liability for any errors of omission in the information provided on the Website.
Source - Browsing data
OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA S.P.A. informs you that the personal data you provide and acquired together with the request for information and / or contact, registration on the site and use of services via smartphone or any other device used to access the Internet, as well as data necessary for the provision of these services, including the navigation data and the data used for the purchase of the products and services offered by the Company but also only the so-called "browsing" data of the site by the Users, will be processed in compliance with the applicable legislation. The information systems and software used for running this Web site capture, as part of their routine operation, certain personal data whose transmission is implicit in the use of the Internet, on the basis of the TCP/IP protocol. This information is not collected with the intent of associating it with identified users but, by its nature, it could lead to the identification of visiting users through processing and association with data held by third parties. The data in this category include "IP addresses" or the domain names of the computers used by the users connecting to the site, the URI (Uniform Resource Identifiers) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the Web server, the size of the file obtained in response, the numeric code indicating the status of the response given by the Web server (executed, error, etc.) and other parameters relative to the user's operating system and system environment. These data are used solely to compile anonymous statistics on the use of the website of YouCo and to verify its correct operation. It is pointed out that the aforementioned data could be used to ascertain responsibility in the case of computer crimes against the Company's website or to other sites connected to it: except for this eventuality, the data on web contacts do not persist for more than a few days.
Source - Data provided by the user
The Company collects, stores and processes your personal data in order to provide the products and services offered on the Site, and for legal obligations. As regard to some specific Services, Products, Promotions, etc. the Company may process your data for commercial purposes. If that is the case, a specific, separate, optional and always revocable consent will be required with the methods and the contact details indicated below. The optional, explicit and voluntary sending of emails to the address indicated in the appropriate section of the Website, as well as the filling in of questionnaires (e.g. form), communication via chat, push notification via APP, social networks, call centres, etc., involves the subsequent acquisition of some of your personal data, including the data collected through the use of Apps and related services, necessary to respond to requests. We also point out that when using the mobile connection to access digital content and services offered directly by the Company or by our partners, it may be necessary to transfer your personal data to such third parties. We also point out that you may access the Site or connect to areas where you may be able to publish information using blogs or bulletin boards, communicate with others, for example coming from the Company page on Facebook®, LinkedIn®, YouTube®, and other social networks, review products and offers and post comments or content. Before interacting with these areas, please carefully read the General Conditions of Use considering that, under certain circumstances, the information published can be viewed by anyone with access to the Internet and all the information you include in your publications can be read, collected and used by third parties.

Purposes of processing and legal basis

The data is used for purposes:
1) strictly connected and necessary to register on the site www.ocrim.com, services and / or Apps developed or made available by the Company, the use of the related information services, the management of contact requests or information, for the purchase of products and services offered through the site of 'Company; 2) for ancillary activities related to the management of User / Customer requests and sending the feedback that may include the transmission of promotional material; 3) related to the fulfilment of obligations laid down by EC and national legislation, the protection of public order or the investigation and prosecution of offences; 4) direct marketing, namely sending advertising material, direct sale, market research or commercial communication products and/or services provided by the company; this activity may also relate to products and services of The Company and group companies by sending advertising material/information, promotions and/or invitations for the participation in initiatives, events and offers aimed at rewarding customers/users, "traditionally" invited (snail mail and/or calls), or by automated "contact" systems (for example, SMS and/or MMS, automated telephone calls, e-mails, fax, interactive apps), pursuant to art. 130 c. 1 and 2 of Legislative Decree No. 196/03 and amendments; The provision of data for the purposes referred to in points 1), 2) and 3), connected to a pre-contractual and / or contractual or functional phase to a user request or required by a specific regulatory provision, is mandatory and Failing this, it will not be possible to receive the information and access any services requested; with regard to point 4) of this Information, the consent to the processing of data by the user / customer is instead free and optional and always revocable without consequences on the usability of products and services unless it is impossible for the Company to keep up to date on new initiatives or particular promotions or advantages available to users / customers. The Company may send commercial communications relating to products and / or services similar to those already provided, pursuant to Directive 2002/58 / EU, using the electronic mail coordinates, or the paper ones, indicated by you on such occasions to which you may oppose with the methods and the contact details below.
Processing methods and criteria, storage times and protection measures
The processing is also performed with the help of electronic or automated means and is carried out by the Company and / or by third parties that the Company may employ for the storage, management and transmission of the data. Organisation and processing logics will also be applied to your personal data in relation to access and usage logs for online services, for the purposes mentioned above and in a way that ensures the security and confidentiality of the data. The personal data processed will be kept for the time required by the legislation in the applicable time. More specifically, in the sections of the Web site dedicated to specific services, where the user's personal data are requested, the data are encrypted through a security technology known as Secure Sockets Layer (SSL). The SSL technology codes the data before they are exchanged (via the Internet) between the user's processing system and Sopaf's main systems, thereby making the data indecipherable by non-authorized persons and guaranteeing the confidentiality of the information transmitted. Precisely with reference to the personal data protection aspects, the user / customer is invited, pursuant to art. 33 of the GDPR to report to the Company any circumstances or events from which a potential "breach of personal data (data breach)" may occur in order to allow an immediate evaluation and the adoption of any actions aimed at combating such event by sending a communication to m.latini@ocrim.com or contacting Customer Service. The measures adopted by the Company do not exempt the Customer from paying the necessary attention to the use, where required, of a password / PIN of adequate complexity, which will have to be updated periodically, especially in case the subject has been violated / known by third parties, as well as carefully and make it inaccessible to third parties, in order to avoid improper and unauthorized use.

Cookies

A cookie is a short string of text that is sent to your browser and possibly saved on your computer (alternatively on your smartphone / tablet or any other tool used to access the Internet); this submission generally occurs every time you visit a website. The Company uses cookies for different purposes, in order to offer you a fast and secure digital experience, for example, allowing you to keep the connection to the protected area active while browsing through the pages of the site. The cookie stored on your computer, cannot be used to retrieve any data from your hard drive, pass on computer viruses or to identify and use your e-mail. Each cookie is unique in relation to the browser and device you use to access the Website or use the Company App. Generally, the purpose of cookies is to improve the functioning of the website and the user's experience in using it, even if cookies can also send advertising messages (as specified below). For more information on what cookies are and how they work, please consult the website "All about cookies" http://www.allaboutcookies.org.

Areas of communication and data transfer.

For the pursuit of the aforementioned purposes, the Company will be able to communicate and have users'/ customers' personal data to deal with third parties with whom we have relationships, in Italy and abroad, in the case third parties provide services upon our request. The latter will only provide them with the information necessary to perform the services required, taking all measures to protect your personal data. Your details may be passed to countries outside of the European Economic Area in order to process and arrange for the products and services you request. In this case, the recipients of the data will be imposed security and obligations equivalent to those guaranteed by the Data Controller. In the case of use of services offered directly by Partners we will provide only the data strictly necessary. In any case, only the data necessary for the achievement of the intended purposes will be communicated and, where required, the guarantees applicable to transfers of data to third countries will be applied. We may also disclose personal data to our commercial suppliers, for marketing reasons, in which case will external processors be appointed. In addition, personal data may be disclosed to the competent public bodies and authorities for compliance with regulatory requirements or for ascertaining responsibility in the case of computer crimes to the detriment of the site as well as communicated to, or allocated to, third parties (as responsible or, in the case of providers of electronic communication services, autonomous owners), who provide computerised and services (e.g. websites hosting, management and development) and which the Company uses to carry out technical and organisational tasks and activities that are instrumental to the functioning of the website. The subjects belonging to the above categories operate as separate Data Controllers or as Managers appointed by the Company for this purpose. Personal data may also be known by the Employees/Consultants of the Data Controller, who have been specifically appointed to be in charge of the data processing. A list of the recipients or categories of recipients to whom personal data are communicated is available by writing to the contacts below.

Data subjects' rights

You can exercise at any time the rights that are recognised by law, in order to
a) access your personal data, obtaining evidence of the purposes pursued by the Owner, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes; b) allow to correct inaccurate personal data without delay; c) obtain, in the cases provided for, the deletion of your data; d) obtain the limitation of the treatment or to oppose it, whenever possible; e) request the portability of the data that you have provided to the Company, ie receive them in a structured format, commonly used and readable by automatic device, also to transmit this data to another owner, within the limits and with foreseen limits art. 20 of the GDPR; Furthermore, you can lodge a complaint with the Guarantor for the Protection of Personal Data pursuant to art. 77 of the GDPR. For the treatments referred to in point 4), the Customer can always revoke the consent and exercise the right to oppose direct marketing (in "traditional" and "automated" forms). Unless otherwise indicated, the opposition shall be taken as referring to both traditional and automated communications.
Data Controller
Data controller, pursuant to art. 4 of the GDPR, is OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA S.P.A., Via Angelo Massarotti, 76 – 26100 Cremona (CR) VAT number: 00106320195 – Tax code: 00106320195 The rights indicated above may be exercised upon request of the interested party as disclosed by the Customer Service or on the Company's website or by using the following references: Marta Latini (m.latini@ocrim.com). The use of the Website, as well as intended for tablets and / or smartphones, by the Customer and / or the User implies full knowledge and acceptance of the content and any indications included in this version of information published by the Company when the site is accessed. The Company informs that this information may be changed without prior notice and therefore recommends a periodic reading.

The Data Controller

OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA S.P.A.

This privacy statement was updated on October 11, 2018

CLIENTS'/ SUPPLIERS’ PERSONAL DATA PROCESSING POLICY

Pursuant to Articles 13 and 14 of Regulation 2016/679 / EU (hereafter "GDPR") OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA (hereinafter "Holder") established in Cremona (CR), Via Angelo Massarotti, 76 - 26100, in its capacity as "Data Controller", informs you that your personal data collected for the purpose of concluding the contract with the Customer / Supplier and / or in the context of execution and / or stipulation of the same will be processed in compliance with the cited legislation, in order to guarantee the rights, fundamental freedoms, as well as the dignity of natural persons, with particular reference to privacy and personal identity. We inform you that if the activities outsourced to you provide for the processing of personal data of third parties, as data controller it will be your responsibility to ensure that you have complied with the provisions of the legislation with regard to the subjects concerned in order to make their processing legitimate on our part.
Origin, purpose, legal basis and nature of the data processed
The processing of your personal data, directly provided by you, is carried out by OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA for the contract with the Customer / Supplier and / or in the context of its execution and / or stipulation. Furthermore, the processing of personal data of third parties communicated by the Customer / Supplier to the Company is made possible. With respect to this hypothesis, the Customer / Supplier acts as autonomous data controller and accepts the consequent legal obligations and responsibilities, relieving the Company from any objection, claim and / or request for compensation for the damage caused by any processing that should reach the Company from interested third parties. In compliance with the current legislation on the protection of personal data, the Data will be stored, collected and processed by the Company for the following purposes: a) fulfilment of contractual obligations, execution and / or conclusion of the contract with the Customer/ Supplier and / or management of any pre-contractual measures; b) fulfilment of any legal obligations, tax and fiscal provisions deriving from the performance of the business activity and obligations related to administrative and accounting activities; c) sending, directly or through third parties, suppliers of marketing and communication services, newsletters and communications for the purpose of direct marketing through email, SMS, MMS, push notifications, fax, paper mail, cold calls, in relation to products supplied by other companies pursuant to art. 130 c. 1 and 2 of Legislative Decree. 196/03 (hereinafter "Code"); d) communication of data to third-party companies for the sending of newsletters and communications for marketing purposes through email, SMS, MMS, push notifications, fax, paper mail, cold calls, in relation to products supplied by other companies pursuant to art. 130 c. 1 and 2 of the Code. e) Publication of customer / supplier’s biometric data on the company's website or on any catalogues / brochures, for promotional purposes.

Processing for the purposes a) and b) above legally based on the articles. 6.1 b), 6.1 c) of the Regulations.

The provision of data for the aforementioned purposes is optional, but any failure to provide the data and the refusal to supply them would make it impossible for the Company to execute and / or stipulate the contract and provide the services requested.
The legal basis for the processing of personal data for the purposes c), d) and e) is art. 6.1.a) of the GDPR as processing are based on consent; it is specified that the Data Controller may collect a single consent for the marketing purposes described herein, in accordance with the General Provision of the Guarantor for the protection of personal data "Guidelines on promotional activities and the fight against spam" of 4 July 2013. The conferment of consent to the use of data for marketing and promotional purposes is optional and if the interested party wishes to oppose the processing of data for marketing and promotional purposes performed with the means indicated herein, as well as revoke the consent given; may at any time do so without any consequence (except for the fact that you will no longer receive marketing communications and your image will no longer be published) by following the instructions in the "Rights of Interest" section of this Notice. Finally, please note that for processing carried out for the purpose of sending direct advertising material or direct sales or for carrying out market research or commercial communications in relation to products or services similar to those used by the Customer / Supplier, the Company may use the e-mail addresses or personal data according to and within the limits permitted by art. 130, paragraph 4 of the Code and the provision of the Authority for the protection of personal data as of June 19, 2008 even in the absence of explicit consent. The legal basis of data processing for this purpose is art. 6, paragraph 1, let. f) of the GDPR, without prejudice to the possibility of opposing this processing at any time, following the instructions in the "Rights of the Interested Subject" section of this Notice.

Marketing

The data may be disclosed to third parties appointed as data processors in accordance with article 28 of the GDPR and in particular to banks, to companies operating in the insurance field, to service providers strictly necessary for carrying out the business activity, or to consultants of the company, where this proves necessary for fiscal, administrative, contractual or for reasons protected by the current regulations. Your personal data, or the personal data of third parties in its ownership, may also be disclosed to external companies, identified from time to time, to whom OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA entrusts the execution of obligations deriving from the assignment received. Only data necessary for the activities requested by them will be transmitted. All employees, consultants, temporary workers and / or any other "natural person" who carry out their activities on the basis of the instructions received from OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA, pursuant to art. 29 of the GDPR, are appointed "persons in charge of processing" (hereinafter also "persons in charge"). To the persons in charge or to the Managers, possibly designated, OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA provides adequate operating instructions, with particular reference to the adoption and compliance with security measures, in order to guarantee the confidentiality and security of data. Precisely with reference to the personal data protection aspects, the Customer / Supplier is invited, pursuant to art. 33 of the GDPR to report OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA any circumstances or events from which a potential "breach of personal data (data breach)" may occur in order to allow an immediate evaluation and the adoption of any actions aimed at combating such event by sending a communication to OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA at the addresses indicated below.

Transfer abroad

The transfer of your personal data abroad may occur if necessary, for the management of the assignment received. For the processing of information that will be communicated to these subjects’ equivalent levels of protection for the processing of their staff's personal data will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory instruments will be applied in accordance with articles chapter V of the GDPR.

Methods, logics of the treatment and storage times

Your data are collected and registered in a lawful and correct manner for the purposes indicated above in compliance with the principles and provisions of art. 5 paragraph 1 of the GDPR.
Data is processed through manual, computer and electronic instruments with a logic strictly correlated to the purposes and, in any case, ensuring the security and confidentiality of the information itself. Personal Data will be processed by OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA for the entire duration of the assignment and also subsequently to assert or protect their rights or for administrative purposes and / or to fulfil obligations arising from the regulatory and regulatory framework pro tempore applicable and in compliance with the specific legal requirements on data retention.

Rights of the Data Subject

In compliance with the limits and conditions established by the legislation on personal data protection regarding the exercise of the rights of data subjects with reference to the subject matter of this Disclosure Paper concerning data processing, as a data subject you have the right to request confirmation on whether your personal data is being processed, access to your personal data, and in relation thereto, you have the right to request rectification, cancellation, notification of corrections and deletions and to those whom any data is transmitted by our company. The limitation of processing in the cases envisaged by the law, the portability of the personal data you provided - in the cases indicated by the law, to oppose the processing of your data and, specifically, you have the right to object to decisions concerning processing your information if based solely on automated processing, including profiling. If you believe that the way your data has been processed is in violation of the rules of the GDPR, you have the right to lodge a complaint with the Guarantor pursuant to Article 77 of the GDPR. If you wish to request further information on the processing of your personal data or for the possible exercise of your rights, you may contact in writing a Marta Latini (m.latini@ocrim.com).

Data Controller

Data controller, pursuant to art. 4 of the GDPR, is OCRIM – SOCIETA’ PER L’INDUSTRIA MECCANICA SPA, Via Angelo Massarotti, 76 - 26100 Cremona (CR) VAT: 00106320195 – Tax code: 00106320195