Privacy Policy

INFORMATION PROVIDED PURSUANT TO REG.EU 2016/679 (GDPR), ART.13

GENERAL INFORMATION
The interested parties (pursuant to ex Article 4, paragraph 1 of the GDPR) are informed of the following general profiles, valid for all areas of processing:

• all data are processed in compliance with current privacy regulations (EU Reg. 2016/679 and Legislative Decree 196/2003, as amended and supplemented by Legislative Decree 101/2018);
• all data are processed in a lawful, correct and transparent manner towards the data subject, in compliance with the general principles set out in Article 5 of the GDPR;
• specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access (GDPR, Article 32).

Data Controller

The Data Controller is the undersigned Company (in the person of the pro-tempore Legal Representative) who can be contacted for any request regarding privacy or to exercise the rights listed below, at the following addresses:

• Contact Details
  Nuova General Instruments Srl
  Tel: 0523-994629 - Email: [email protected]
• Data Protection Officer
  Name: Galli Data Service Srl
  Email: [email protected]

DATA SUBJECT’S RIGHTS

• Right to request the presence and access to personal data concerning him (Art.15 “Right of access”)
• Right to obtein the correction/integration of inaccurate or incomplete data (Art.16 “Right to rectification”)
• Right to obtain, if justified reasons exist, the cancellation of data (Art.17 “Right of erasure”)
• Right to obtain the limitation of treatment (Art.18 “Right to restriction of processing”)
• Right to receive data concerning him in a structured format (Art.20 “Right of Data Portability”)
• Right to object to processing and automated decision-making, including profiling (Art.21, 22)
• Right to revoke a previously given consent;
• Right to file a complaint with the Data Protection Authority in the event of non-response

The following specific information is provided below, referring to:

• 1) data processing related to the operation of the site
• 2) data processing of the Data Controller's customers / Data Controller’s suppliers

1) DATA PROCESSING CONNECTED TO THE OPERATION OF THIS SITE
1.1) Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT system.

Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, lett.c)	These data are used for the only purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site (legitimate interests of the owner).
Communication scope (GDPR-Art.13, paragraph 1, lett.e,f)	The data can be processed exclusively by internal personnel, duly authorized and trained in the processing (GDPR-Art.29) or by any subjects in charge of the maintenance of the web platform (appointed in this case external managers) and will not be disclosed to other subjects, disseminated or transferred to non-EU countries (unless subject to compliance with the requirements set out in Chapter V of the GDPR). Only in the event of an investigation can they be made available to the competent authorities.
Data retention period (GDPR-Art.13, paragraph 2, lett.a)	The data are usually kept for short periods of time, with the exception of any extensions connected to investigation activities.
Conferment (GDPR-Art.13, paragraph 2, lett.f)	The data is not provided by the interested party but automatically acquired by the site's technological systems.

1.2) Cookies
This information is provided pursuant to Article 13 of EU Reg. 2016/679 "GDPR", as well as the specific regulations in force regarding cookies:

• "Guidelines for cookies and other tracking tools" of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021);
• Guidelines 5/2020 on consent pursuant to regulation (EU) 2016/679, adopted by the European Data Protection Board.

What are cookies: Cookies are short fragments of text (letters and / or numbers) that allow the web server to store information on the client (the browser) to be reused during the same visit to the site (session cookies) or later, even after some days (persistent cookies). Cookies are stored, according to user preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as, for example, web beacons, transparent GIFs and all forms of local storage introduced with HTML5, can be used to collect information on user behavior and on the use of services. In the remainder of this information we will refer to cookies and all similar technologies by simply using the term "cookie".

Possible types of cookies:
In relation to the provision "Guidelines for cookies and other tracking tools" of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021) and in the Register of 231 measures of 10 June 2021, the following categories are classified of cookies used, the purposes and the coding criteria.

CATEGORY	PURPOSE	CODING CRITERIA
Navigation, session and functionality technicians	Guarantee the normal navigation and use of the site	They are coded as technical since they are used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contractor or user to provide this service".
Analytical (comparable to technicians)	Collect information on the number of visitors and the pages viewed	FIRST-PARTY COOKIES They are coded as comparable to technical cookies, since they are used only to produce aggregate statistics in relation to the single site (also possibly with unencrypted IP, in compliance with the purpose constraint) THIRD PARTY COOKIES They are coded as comparable to technical cookies, since they are used with IP address masking, without combination with other processing and without transmission to other third parties

Insights into the types and methods of managing preferences:
Through the main navigation browsers, by clicking on the appropriate icons, it is possible to obtain an analytical classification of the cookies used by the site, complete with: cookie name, content, domain, sending method, persistence.
Through the main navigation browsers it is also possible:

• block the reception of all (or some) types of cookies by default
• remove all or some of the cookies installed

For information on setting individual browsers see the following paragraph. It should be noted that blocking or deleting cookies could compromise the navigability of the site. The site may contain links to third party sites and third party cookies; for more information, we invite you to view the privacy policies of any linked sites.

Correlations with portals and social networks: On the pages of the site there may be buttons, widgets, plug-ins, links, Social Network cookies to facilitate interaction with social platforms and content sharing. We point out, by way of non- exhaustive example: facebook pixel, facebook remarketing, facebook segmentation, etc. (which in any case use technologies and tools that reduce the identifying power of cookies, such as anonymization or hashing / encryption systems). It should be noted that the processing of the data entered by the user on the various social channels takes place according to the rules and privacy settings of the social network itself, accepted by the user upon registration. By way of information, here are some links of the main social networks, through which you can manage your privacy configurations and accept cookies:

• Facebook (informativa): https://www.facebook.com/help/cookies/
• Facebook (configurazione): own account - privacy section
• Youtube: https://www.youtube.com/t/terms
• Linkedin (informativa): https://www.linkedin.com/legal/cookie-policy
• Linkedin (configurazione): https://www.linkedin.com/settings
• Google+ (informativa): http://www.google.it/intl/it/policies/technologies/cookies/
• Google+ (configurazione): http://www.google.it/intl/it/policies/technologies/managing/
• Google remarketing (informativa): http://www.google.com/intl/it_it/policies/technologies/ads/
• Google remarketing (disabilitazione): https://www.google.it/ads/preferences

Management of preferences through the main navigation browsers
The user can decide whether or not to accept cookies using the settings of his browser (we point out that, by default, almost all web browsers are set to automatically accept cookies). The setting can be changed and defined specifically for different websites and web applications. Furthermore, the best browsers allow you to define different settings for the best browsers and for ”those“ or "third parties". Usually, the configuration of cookies is done from the "Preferences", "Tools" or "Options" menu.

Below are the links to the guides for managing the cookies of the main browsers:
Internet Explorer: http://support.microsoft.com/kb/278835
Internet Explorer [versione mobile]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
Chrome: https://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
Safari [versione mobile]: https://support.apple.com/kb/HT1677
Firefox: https://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
Android: https://support.google.com/accounts/answer/61416?hl=it&co=GENIE.Platform%3DAndroid
Opera: https://help.opera.com/opera/Windows/1781/it/controlPages.html#manageCookies

Further information

• www.allaboutcookies.org (for more information on cookie technologies and how they work)
• www.youronlinechoices.com/it/a-proposito (allows users to oppose the installation of the main profiling cookies)
• www.garanteprivacy.it/cookie (collection of the main regulatory interventions on the subject by the Italian Guarantor Authority)

1.3) Site specific functions
Some pages of the site may involve the request for information from the user in relation to specific services (eg: request information, user registration, etc.).

Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, lett.c)	Only the data necessary for the correct provision of the service and necessary to give a correct and exhaustive answer to the interested parties will be requested. The processing is subject to the acceptance of specific, free and informed consent (GDPR- Article 6, paragraph 1, letter a)
Communication scope (GDPR-Art.13, paragraph 1, lett.e,f)	The data are processed exclusively by duly authorized and trained personnel (GDPR- Art.29) or by any persons in charge of the maintenance of the web platform (appointed in this case external managers). The data will not be disseminated or transferred to non-EU countries (unless subject to compliance with the requirements set out in Chapter V of the GDPR).
Data retention period (GDPR-Art.13, paragraph 2, lett.a)	The data are kept for times compatible with the purpose of the collection.
Conferment (GDPR-Art.13, paragraph 2, lett.f)	The provision of data relating to the mandatory spaces is necessary in order to obtain an answer, while the optional spaces are aimed at providing the staff with further elements useful to facilitate contact.

1.4) Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic and / or ordinary mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. If the sender sends his CV to submit his professional application, he remains solely responsible for the relevance and accuracy of the data sent. It should be noted that any curriculum without authorization to process data will be immediately deleted.

2) PROCESSING OF DATA RELATED TO RELATIONS WITH CUSTOMERS AND SUPPLIERS

2.1) Object of the treatment
The company processes personal identification data of customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and of their possible operational contacts (name, surname and contact data) acquired and used in the supply of the products / services provided.

2.2) Purpose and legal basis of the processing
Data are processed for:

• conclude contractual / professional relationships and supply services;
• fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
• fulfill the obligations established by law, by a regulation, by Community Legislation or by an order of the Authority;
• exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; the ordinary internal needs of an operational, managerial and accounting nature).

Failure to provide the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If you intend to carry out treatments for different purposes (eg: marketing communications, photo / video content production, etc.), specific consent will be requested from the interested parties.

2.3) Methods of processing and storage time
The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.

2.4) Scope of the processing
The data is processed by internal subjects duly authorized and trained in accordance with Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects who operate as managers or independent data controllers (consultants, technicians, banks, transporters, etc.) The data may be transferred outside the EU as part of the management of international contracts, in compliance with the conditions set out in Chapter V of the GDPR, aimed at ensuring that the level of protection of the data subjects is not compromised "Article 45 Transfer on the basis of an adequacy decision, Article 46 Transfer subject to adequate guarantees, Article 47 Binding corporate rules, Article 49 Specific exemptions "). The data are not subject to automated processes that produce significant consequences for the data subject.

3) POLICY UPDATE
It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of significant changes, appropriate evidence will be given on the home page of the site for a suitable time. However, the interested party is invited to periodically consult this policy.

INFORMATION ON DATA PROCESSING FOR VIDEO SURVEILLANCE PURPOSES

To complete the information provided to whom it may concern with cartel exposed in the areas where the active video surveillance system is set, we therefore inform you that:

- The treatment of the personal data using video surveillance systems is made according to the current legislation regarding Privacy (UE 2016/679 “GDPR”; D.Lgs.196/2003, modified and integrated by D.Lgs.101/2018; General Provisions of the Guarantor Authority for the protection of personal data recognized by the art.22, paragraph 4 of the D.Lgs.101/2018)

- The record of the images is made by Nuova General Instruments Srl as Holder of the treatment and as Legal representative pro tempore;

- The video surveillance system has been installed for SECURITY scope and the use of the cameras is done for the protection of goods, people and property from possible intrusions, fire, theft, robbery or act of vandalism; and for the eventual defence of the Holder in judicial place (acquisition of evidences);

- The access or the passage of the people to all kind of premises, locals and spaces of relevance leads necessary to the record of the image that may regard them;

 - The images detected can be recorded and stored for the period of time strictly necessary to achieve the scope described above, the preservation time can’t be over the period described by the legislation (7 days), except for the longer term necessary to fulfil specific requests from judicial authority or judicial police in relation to ongoing investigative activities; at the end of the retention period, the recorded images are deleted from electronic, computer or magnetic media;

- The images can be used only by formally authorized and instructed personnel or by external societies responsible of the treatment of these data which cooperate to the maintenance of the system and likewise to the surveillance activities; the images are not divulgated externally by the holder, except for the execution of official orders received from the judicial authority or from the judicial police. In case of illegal acts, the image can be used in judicial places;

- The images will be used with the instruments and with the correct methodology that will grant the correct level of security and confidentiality, with particular attention regarding the Art.32 description of the GDPR and General Measure of the 08/04/2010;

- The people interested have the right to ask to the Holder of the treatment for the access of the data recorded which concern them according to the Art.15 and sequential of the GDPR. Should the person interested be recognized, he has the right to obtain the confirmation of the presence of personal data that concern him from the Holder; he has the right to know the use of those personal data (origin of the data, scope and method of use; identification details of the owner and, if known, the responsible, etc…); he has the right to ask for the cancellation or the blocking of the use of the personal data if used not accordingly to the law; he has the right to oppose, for legitimate reasons, of the treatment of these personal data;

- The eventual record of works and the use of the recorded image is done according to the current legislation regarding labour matters ( 4 L.300/70 “Worked Statement”, modified by the Art. 23 of the D.Lgs. 151/2015 “Last decree of the Jobs Act”)

 HOLDER OF THE TREATMENT DATA AND DATA PROTECTION OFFICER (IF PREFSENT)

  The Holder of the Treatment is the undersigned Organization, in the person of the pro-tempore legal representative:
- Nuova General Instruments Srl
- Tel: 0523-994629 – Email: [email protected]

The Holder, according to the Art. 37-39 of the GDPR, has nominated the Data Protection Officer to whom it is possible to ask for information regarding Privacy and grant own Privacy rights:
- Galli Data Service Srl
- Tel: 0523-1865049 – Email: [email protected]