PREMISE

EU Regulation 2016/679 "General Data Protection Regulation" (herein after, GDPR or Regulation) upholds the right to the protection of personal data (Data Protection), in line with the recognition of the protection of personal data as a fundamental right in the EU. The Regulation is also an urgently needed response to the challenges posed by technological developments that enable the collection and processing of large amounts of personal data in real time, enabling the development of automated decisions beyond human intervention. The Regulation meets the need for privacy protection increasingly felt by European citizens.

Italferr S.p.A. considers the protection of the personal data of its clients, employees and suppliers an obligation which goes beyond mere regulatory compliance. For this reason, it has equipped itself with its own Data Protection Framework understood as the set of roles and responsibilities, internal rules and methodologies, aimed at guaranteeing the management and mitigation of risks to the rights and freedoms of individuals related to the processing of personal data.

SUBJECTS' RIGHTS

EU Regulation 2016/679 (Articles 15 to 23) grants data subjects the exercise of specific rights. In particular, in relation to the processing of personal data, the data subject has the right to request from Italferr S.p.A.: access to data; rectification, erasure and portability of data; restriction of processing; opposition to processing, and more specifically:

  • Right of access: the interested party may ask Italferr S.p.A. to confirm whether or not personal data concerning him or her is being processed and, if so, to obtain access to the personal data;
  • Right to rectification: the data subject may obtain from Italferr S.p.A. the rectification of inaccurate personal data concerning him/her;
  • Right to erasure/to be forgotten: the data subject may, under certain circumstances, obtain from Italferr S.p.A. the erasure of personal data concerning him/her;
  • Right to data portability: the data subject may, under certain circumstances, obtain from Italferr S.p.A. his personal data in a structured, commonly used and machine-readable format. He/she also has the right to transmit them to another data controller without objection from Italferr S.p.A;
  • Right to restriction of processing: the data subject may, under certain circumstances, obtain from Italferr S.p.A. the restriction of processing;
  • Right to object to the processing: the data subject may object at any time, for reasons related to his or her particular situation, to the processing of personal data concerning him or her; Italferr S.p.A. will refrain from further processing of personal data, unless it can be demonstrated that there are compelling legitimate grounds for processing that override the relevant interests, rights and freedoms or in the event of ascertaining, exercising or defending a right in a court of law.
In addition, the data subject may lodge a complaint with the Supervising Authority, which in Italy is the known as the Guarantor for the Protection of Personal Data. At any time, he/she may ask to exercise his/her rights to Italferr S.p.A., who can be contacted at the email address titolaretrattamento@italferr.it or by contacting the Data Protection Officer (DPO) who can be reached at the email address protezionedati@italferr.it.
 

USERS CONSULTING THE WEBSITE WWW.ITALFERR.IT

This policy (along with other documents referred to in it) describes the personal information we collect from users and how we process it. The policy is dedicated to the processing of personal data of users who consult the italferr.it website for the purposes specifically identified below and does not concern any of the information collected through other methods, sources or any other sites that can be reached by the user through links on the italferr.it website, unless this is expressly specified.

Please refer to the specific information provided at the data collection stage for details on processing. Italferr S.p.A. considers the protection of the personal data of its clients, employees and suppliers to be an obligation which goes beyond mere regulatory compliance. For this reason, we have equipped ourselves with a Data Protection Framework understood as the set of roles and responsibilities, internal rules and methodologies, aimed at ensuring the management and mitigation of risks to the rights and freedoms of individuals related to the processing of personal data.

Below are the references for Italferr S.p.a.:

  • Italferr S.p.A., Data Controller, is represented by the pro-tempore Chief Executive Officer with registered office in Via Vito Giuseppe Galati, 71 - 00155 (Rome), who can be contacted at the email address titolaretrattamento@italferr.it
  • The Data Protection Officer (DPO) can be contacted at the email address protezionedati@italferr.it.

The following are the types of personal data processed through the website, within the limits of the purposes defined in this statement:

  • Personal data provided voluntarily (e.g. first name, last name, email address, etc.) will be processed only for the purposes described in the specific "Privacy Policy" prepared by the Data Controller for the different online services. This policy, which can be consulted at the time of providing the data, will provide further information, such as the legal bases of the processing, the possible recipients of the personal data, the period of personal data storage (or the criterion for determining this period), the existence of automated decision-making processes, including profiling, as well as all the useful information, also reported at the end of this section, for the exercise of privacy rights;
  • The sending on a voluntary basis of electronic mail to the addresses indicated on this website entails the subsequent acquisition of the e-mail address and any other personal data included in the electronic communication, as well as the sender's data, necessary to respond to requests. These data are used for the sole purpose of providing the requested information;
  • The data will not be used for any other purpose except with the explicit consent of the data subject;
  • By browsing the website, technical information is collected about the hardware and software used by visitors. This information does not provide personal data of the user, but only technical/informational data that is used in an aggregate and anonymous manner for the sole purpose of improving the quality of service and providing statistics concerning the use of the website. For more information see the section on cookies.

Personal data will be processed for the time strictly necessary to achieve the purposes for which they have been provided and the related computer media will be protected by the adoption of appropriate technical and organisational measures pursuant to Article 32 of the GDPR.

The accuracy and truthfulness of the personal data communicated to Italferr S.p.A. falls under the responsibility of the person making the transmission.