Privacy notice
Engraving solutions
Contacts
Who are we and what do we do with your personal data?
Valmet Engraving Solutions S.r.l. based in 55100, Lucca (LU), Via di Mugnano, 815, hereafter, Data Controller, protects the confidentiality of your personal data and guarantees the safeguarding required by each event that may place them at risk of violation.
To that end, the Data Controller implements policies and practices concerning the collection and use of personal data and the exercise of the rights granted to you by the applicable regulations. The Data Controller updates its policies and practices on personal data protection every time this is necessary or when regulatory and organisational changes are made that may affect the processing of your personal data.
The Data Controller has appointed a Data Protection Officer (DPO) who you may contact if you have questions about the policies and practices adopted. The Data Protection Officer’s contact details are the following:
DPO.Engraving@valmet.com
How does Valmet Engraving Solutions S.r.l. collect and process your data?
The Data Controller collects and/or receives information relating to you, such as: IP addresses, identifying personal data (such as name, surname, email address, company and role of belonging, nation) issued during browsing on the website www.engravingsolutions.it. They are used by the Data Controller to manage the website and to follow up on any requests by you to receive information. Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary to perform the activities relating to the aforementioned purposes, and also to comply with certain legal obligations. Any communication not related to those purposes will be submitted for your consent in advance.
Your personal data will not be disseminated or disclosed to indeterminate entities in any way.
The Data Controller may transfer your personal data abroad and in particular to:
USA, South Africa, Russia, Turkey, Singapore, South Korea (Agents) – pursuant to Art. 49 letter b) “the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request”.
Israel (Agents) – Adequacy decision of the European Commission on the adequate safeguarding of personal data by the state of Israel.
China, Brazil, USA (Sister Companies) – Preparation of standard contractual clauses aimed at guaranteeing adequate safeguards, also with regard to the rights of the data subjects relating to the non-EU transfer of personal data.
Japan (Sister Company) – EU-Japan adequacy decision.
What happens if you do not provide your data?
The personal data relating to you and that identify you are necessary in order to fulfil the request submitted by you via the “contacts” section and, if not provided, this will prevent the Data Controller from fulfilling your requests.
How and for how long will your data be stored?
Data relating to you is processed using both electronic and manual tools and instruments made available to persons acting under the authority of the Data Controller and for authorised and trained purposes. The paper and, above all, electronic archives in which your data are archived and stored are protected using effective security measures adequate to combat the risks of violation considered by the Data Controller. The Data Controller periodically and constantly checks the measures adopted, particularly for electronic and online tools, as a guarantee of the confidentiality of the personal data processed, archived and stored using them, especially if belonging to particular categories.
The IT archives are located within the borders of the EU (and EEA); however, they may be connected to or interact with databases located in non-EU countries. In particular:
USA, South Africa, Russia, Turkey, Singapore, South Korea (Agents) – pursuant to Art. 49 letter b) “the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request”.
Israel (Agents) – Adequacy decision of the European Commission on the adequate safeguarding of personal data by the state of Israel.
China, Brazil, USA (Sister Companies) – Preparation of standard contractual clauses aimed at guaranteeing adequate safeguards, also with regard to the rights of the data subjects relating to the non-EU transfer of personal data.
Japan (Sister Company) – EU-Japan adequacy decision.
How long will your data be stored?
For the time necessary to fulfil information requests and to send communications of that exclusive nature which the Data Controller performs following your request and in any case for a period not exceeding a maximum of 2 years, subject to cases where events occur involving the intervention of the competent Authorities, also in collaboration with third parties/recipients in charge of IT security activity of the Data Controller’s data, to perform any investigations on the causes that determined the event.
This is without prejudice to your right to object at any time to processing based upon the legitimate interest for reasons connected to your particular situation.
What are your rights?
In line with the time limits established above for the processing of personal data relating to you, the rights that are granted to you allow you always to have control of your data. Your rights are those of:
- access;
- rectification;
- erasure;
- restriction on processing;
- opposition to processing;
- portability.
Your rights are granted to you without particular burdens and formalities in relation to the request to exercise them which is essentially understood to be free of charge. You have the right:
- to obtain a copy, even in electronic format, of the data that you have asked to access. If you request further copies, the Data Controller may charge to you a reasonable contribution to costs;
- to obtain the erasure of the same or the restriction of processing or even the update or rectification of your personal data and to guarantee that third parties/recipients, who have received your data, also adjust to your request, unless legitimate reasons prevail over those that determined your request (e.g. environmental surveys and containment of risk determined by the emergency managed through them by the Controller);
- to obtain any useful communication in relation to the activities performed following the exercise of your rights without delay and in any case within one month from your request, subject to motivated extension of up to two months, which must be duly communicated to you.
- For any further communication and in any case to submit your request, you must contact the Controller, at the address es.it.privacy@Valmet.com
How and when can you object to the processing of your personal data?
For reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on legitimate interest or if it concerns the processing of personal data whose conferment is subject to your consent, sending your request to the Controller at the address es.it.privacy@Valmet.com
You are entitled to the erasure of your personal data if there is no legitimate reason prevailing over that which gave rise to your request, and in any case in case you are opposed to the treatment.
With whom may I lodge a complaint?
Subject to any other action in the administrative or judicial venue, you may lodge a complaint with the competent supervisory authority or with that which performs its duties and exercises its powers in Italy where you have your habitual residence or where you work or, if different, in the Member State in which the violation of Regulation (EU) 2016/679 occurred.
Any update to this privacy policy will be communicated to you promptly and by appropriate methods and you will also be notified if the Data Controller is to process your data for purposes additional to those indicated in this privacy policy before it proceeds to do so and in time for your to provide your consent, if required.