PRIVACY POLICY

EU Regulation 2016/679 of 27 April 2016 regarding the “Protection of individual persons with regard to the processing of their personal data, and also the free circulation of said data” (so-called “General Data protection Regulation” or “Regulation”) provides for the protection of personal data the processing of which must be carried out in respect of the fundamental rights and liberties, with specific regard to confidentiality.

Pursuant to articles 12 and 13 of the Regulation, C.I.EL. S.p.A., with head office in Rome, Via Giulio Vincenzo Bona 101, 00156, e-mail: info@cielspa.it, hereinafter “C.I.EL.”, in the capacity of Data Controller of the data processed through the company website www.cielspa.it (or “Website”), hereby informs you that the processing of your personal data shall be based on the principles of correctness, legality and transparency, protecting its confidentiality and your rights.

We would therefore ask that, prior to communicating any personal data to the Controller, you read this disclosure carefully, as it contains important information regarding the protection of your personal data.

1. Identity and contact details of the Data Controller
The Data Controller for your personal data is C.I.EL. Costruzioni Impianti Elettromeccanici SpA, with head office in Via Via Giulio Vincenzo Bona 101, 00156, Roma, e-mail: info@cielspa.it.

2. Contact details of the Data Protection Officer
In fulfilment of art. 37 of the Regulation, the Controller has appointed a Data Protection Officer (so-called “DPO”), who can be contacted at the following e-mail address: cristina.rabazzi@milano.pecavvocati.it.

3. Purpose of Data Processing
Your personal data will be processed by C.I.EL. for purposes relating to the management and administration of the company website.

Specifically, your personal data may be processed for:

1. enabling website browsing;
2. detection and prevention of illegalities;
3. receipt of correspondence and/or requests for information by the users;
4. enabling personnel recruitment;
5. enabling access to the supplier portal.

4. Legal basis of Data Processing
The legal basis for data processing is the following: for the purposes in points 1 and 2, legitimate interest, ex art. 6, para. 1, sub. f of the Regulation;

for the purposes in points 3 and 4, the consent of the interested party/website user, ex art. 6, para. 1, sub. a of the Regulation;

for the purpose in point 5, the need to draw up a contract that the user is a party to, ex art. 6, para. 1, sub. b of the Regulation.

The “contact us” section of the website asks for specific consent prior to sending messages.

Regarding cookies, consent is requested specifically in the banner viewed on the homepage and can always be revoked and/or modified using the icon available on the bottom right of all pages of the website, which takes you to the settings, in respect of the measures of the Privacy Guarantor on the “Identification of the simplified methods of disclosure and acquisition of consent for the use of cookies” of 8 May 2014 and the “Guidelines for cookies and other tracing tools” of 10 June 2021.

Specific information will be published by C.I.EL. on the website pages prepared in order to provide specific services, or for specific purposes, for which the relative consent will be requested.

5. Nature of the personal data processed

Data collected automatically through the website:Technical browsing data

The web server used by C.I.EL., which is managed by third parties, automatically collects certain personal data during browsing, the transmission of which is implicit in the use of Internet communication protocols.

Data provided voluntarily by the users

The optional, explicit and voluntary sending of messages to the C.I.EL. contacts, and also filling out and forwarding the forms present on the Website implies the acquisition of the user/sender’s data which is required or in any event useful in terms of responding or following up the request for a specific service. Such data will be preserved for the time strictly necessary in order to follow up the request submitted by the user. They are then archived anonymously or deleted.

6. Processing methods
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which the data is collected. Specific technical and organizational security measures are observed and adopted in order to prevent the loss of data. illegal or improper use and unauthorized access.

7. Categories of personal data recipients

The data collected over the internet is not distributed or communicated to third parties other than those who have been specifically authorized by the Controller.

Specifically, only those providing website management and hosting services, appointed as “external officers” and the employees of C.I.EL. designated as “data processing officers” for the purpose may have access to the personal data processed through this website, in order to control and manage the site contacts and its contents, and also analyzing website access.

The data collected for the purposes described in this disclosure will not be transferred overseas or to Companies or entities located outside of EU borders. However, the Controller reserves the right to use cloud services; in such an eventuality, the service providers must be located in other countries and shall only be selected from among those which ensure adequate guarantees, as envisaged and required by art. 46 of GDPR 2016/679.

8. Preservation of personal data
The technical personal data from website browsing will be kept for the sole purpose of ascertaining and preventing illegalities for a time period of 12 (twelve) months from the registration of the data, after which the data will either be deleted or rendered anonymous. The data contained in the messages sent through the forms on the website will be kept for the time period strictly necessary to follow up any specific request.

9. Rights of the interested party

In the capacity of interested party in the data processing, they may exercise the rights in arts. 15 to 22 of GDPR 2016/679, and specifically:

obtain confirmation of the existence or otherwise of personal data regarding them, even if not yet registered, in a concise, transparent, comprehensible and easily accessible form, in simple and clear language;

an indication of: a. the origin of the personal data; b. processing purposes and methods; c. the legitimate interests of the Controller or others; d. the eventual recipients or categories of recipients of the personal data; e. the eventual intention of the data controller to transfer personal data to an overseas country or to an international organization; f. the time period for which the personal data will be preserved; g. the logic applied, and also the importance and consequences of such processing for the interested party, if data is processed with the aid of electronic tools in the framework of an automatic process of data collection and/or profiling; h. the identification details of the Controller, the Officers and Representative, if any, designated and the Data Protection Officer (so-called DPO); i. the subjects and categories of subjects to which the personal data may be communicated or which may become aware of said data in the capacity of representative appointed within national borders, controllers or officers;

the updating, correction or, when in their personal interest, integration of the data;

the deletion, transformation into anonymous form or blocking of any data processed in breach of the law, including that which does need to be kept with regard to the purposes for which the data was collected or subsequently processed;

ùprocessing restrictions;

the transferability of the personal data regarding them to another Data Controller;

revocation of processing;

the full or partial objection, for legitimate reasons, to the processing of personal data regarding them, as long as pertinent to the purpose of data collection.

With regard to art. 7 of EU Reg. 2016/679, in the capacity of interested party, you may revoke the consent given at any time. Revoking the consent given implies the termination of any processing carried out on the data inserted in the forms present on the website.

To exercise the aforementioned rights, in the capacity of interested party, you may contact C.I.EL. S.p.A. or its DP at any time, using the contacts in points 1 and 2 of this disclosure notice.

10. Appeals to the Controlling Authority
Lastly, pursuant to Article 77 of the Regulation, the user has the right to file an appeal before the Controlling Authority (Guarantor for the Protection of personal data), should you believe that the processing of your data is in breach of the dispositions of the Regulation.

11. Nature of data processing and compulsory nature of data conferment
Data is only requested when necessary (also in execution of the obligations deriving from the laws in force) in order to follow up a request submitted through the website. Failure to provide said data may signify that the request is not received.

12. Existence of automated decision-making processes in data processing
It must be pointed out that the above data processing DOES NOT include any automated decision-making process, pursuant to Article 22 of the Regulation.