Disclosure on the processing of Personal Data
Pursuant to art. 13 of EU Regulation 2016/679 (hereinafter "G.D.P.R."), this disclosure describes the methods with which Cementir Holding N.V. (hereinafter "Cementir Holding" or the "Data Controller") - with registered office in Amsterdam, the Netherlands - 36, Zuidplein, 1077 XV, and secondary and operational offices in Rome, Corso di Francia, 200, 00191 - as Data Controller of the processing of personal data, processes the personal data of those who visit the institutional website https://www.cementirholding.com (hereinafter, the "Site").
Identity and contact details of the Data Controller
The Data Controller is Cementir Holding N.V. in the person of its legal representative and may be contacted by registered mail to be sent to the secondary and operational office in Corso di Francia, 200, 00191 Rome, or by e-mail to the e-mail address: firstname.lastname@example.org.
Source from which personal data originate. Categories of personal data processed
Personal data are collected through direct conferment by the Data Subject.
Personal data processed:
A) Browsing data
The IT systems used to operate the Site acquire some data from the user during their normal operation, the transmission of which is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which by their very nature, could, through processing and association with data held by third party, allow users to be identified.
This category of personal data includes, among others, the IP addresses or domain names of the computers used by users, the addresses of the requested resources in URI notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server and other parameters relating to the operating system and the user's computer environment.
Browsing data are processed for the following purposes: technical administration of the Data Controller's Site and checking its correct functioning, ascertaining any liability in the event of any computer crimes against the Site, finding anonymous statistical information on the use of the Site.
The related legal basis is the legitimate interest of the Data Controller in the functioning and security of the Site. The provision of personal data is therefore necessary for the above processes.
Personal data will be deleted after six months from their acquisition, except for the right of the Company to use the data collected to ascertain responsibility in the event of computer crimes against the Site.
B) Data voluntarily provided by the user
In the following sections of the Site:
- PEOPLE: https://cementirholding.com/people/join -us
- MEDIA: https://www.cementirholding.com/media/E-mail alert
- GOVERNANCE: https://cementirholding.com/governance/ethics-and-compliance
the user can voluntarily provide some personal data. In such cases, the information on the processing of personal data is made available, drawn up in accordance with the applicable legislation, where, among other things, the processing purposes, the legal basis, the retention times of personal data are explained.
Personal data are processed by the Data Controller pursuant to art. 6 of the G.D.P.R., with mainly automated and sometimes manual tools, with logic strictly related to the purposes themselves and for the period of time strictly necessary to achieve the purposes for which they were collected. The information collected is recorded in a computer environment that guarantees the security and confidentiality of the data.
Categories of recipients of personal data
Personal data may be communicated to law enforcement agencies and judicial authorities, to professionals and consultants, including legal consultants, to Cementir Holding's controlled company, and to the service company in charge of managing the hosting and maintenance services of the Site.
All the aforesaid parties will be qualified as "Data Processors", as "Sub Data Processors", pursuant to art. 28 of the G.D.P.R., or as autonomous "Data Controllers.
Personal data will also be processed by parties authorized to process by the Data Controller. Personal data processed by Cementir Holding are not disclosed.
Extra EU transfers
For the pursuit of the processing purposes described above, personal data may be transferred to the recipients indicated above in Italy and abroad. In no case will personal data be transferred outside the European Union.
Third party websites
Rights of the data subject
Pursuant to and in accordance with the GDPR, Data Subject is recognised the following rights which may be exercised with respect to Data Controller:
- a) right to obtain from the Data Controller confirmation as to whether or not personal data of Data Subject are being processed, and, where that is the case, access to the personal data and the information set forth in Article 15 and specially on the purposes of the processing, categories of personal data concerned, recipients or categories of recipient to whom the personal data have been or shall be disclosed, period for which the personal data shall be stored, etc.;
- b) right to have your personal data rectified if inaccurate as well as supplemented when deemed incomplete again in relation to the purposes of the processing (Article 16;
- c) right to erasure of data (“right to be forgotten”), in one of the circumstances set forth in Article 17;
- d) right to restriction of processing, in the cases envisaged in Article 18;
- e) right to data portability pursuant to Article 20;
- f) right to object to processing pursuant to Article 21.
These rights may be exercised by sending a request by registered letter with return receipt to the Data Controller at the following address: Corso di Francia, 200, 00191 Rome, or by e-mail to the e-mail address: email@example.com
The data subject has the right to submit a complaint with the Personal Data Protection Authority or to another Supervisory Authority pursuant to art. 13, par. 2, letter d) of the GDPR.
Changes to this disclosure
The Data Controller reserves the right to modify and update this disclosure over time; therefore every user is encouraged to regularly consult this document.