INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION 2016/679, GENERAL DATA PROTECTION REGULATION (‘GDPR’) FOR THE WEBSITE OF COSTRUZIONI GENERALI GILARDI S.P.A.

With this information Costruzioni Generali Gilardi S.p.A. (hereinafter the “Data Controller”), intends to inform users visiting the “www.gilardi.it” website (hereinafter the “Site”) of the policy adopted regarding the protection of personal data, underlining its commitment and attention with reference to the protection of the privacy of visitors to the Site. Navigation within the Site is free and does not require any registration. Pursuant to and for the purposes of EU Regulation 2016/679, the Data Controller provides the following information.

1.The Data Controller
The Data Controller of personal data is Costruzioni Generali Gilardi S.p.a., with registered office, in via Vela 42, 10128, Torino, tax code and VAT n. 03743350013, Tel. +39/011.5613177 e-mail torino@gilardi.t, pec: cgg-torino@pec.gilardi.it

2.Categories of personal data processed
Connection and navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whosetrasmissione è implicita nell’uso dei protocolli di comunicazione di Internet. In questa categoria di dati rientrano gli indirizzi IP o i nomi a dominio dei computer e dei terminali utilizzati dagli utenti, gli indirizzi in notazione URI/URL (Uniform Resource Identifier/Locator) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment are collected for the sole purpose of obtaining information anonymous statistics on the use of the Site and to check its correct functioning and are deleted immediately after processing. Data communicated by the user The optional, explicit and voluntary sending of communications to the addresses of the owner on the Site, involves the acquisition of the sender’s contact data, necessary to reply, as well as all personal data included in communications. Cookies and other tracking systems For more information on the use of cookies by the Data Controller, please read our Cookie Policy on our Site.

3. Methods of data processing
The processing of personal data concerning you will be mainly carried out with the aid of electronic means, including automated ones, according to the methods and with the appropriate tools to guarantee the security and confidentiality of the data. In particular, all technical, IT and organizational security measures will be adopted, so that an adequate level of data protection is guaranteed, as required by law, allowing access only to persons authorized to process by the Data Controller, so that an adequate level of data protection is guaranteed, as required by law, allowing access only to persons authorized to process by the Data Controller or Managers designated by the Data Controller pursuant to art. 28 GDPR. The information acquired and the methods of processing will be relevant and not excessive with respect to the type of services rendered. The data will also be managed and protected in environments whose access is under constant control.

4.Purposes and legal bases of processing
The processing carried out through the Site is carried out for the following purposes and according to the conditions of lawfulness (or legal bases) indicated below:
a) to allow you to browse our Site
b) ;
c)to respond to your request via email or telephone
for this purpose the legal basis of the processing is the execution of a contract and the execution of pre-contractual measures (Article 6 letter b) GDPR); the failure, partial or incorrect provision of the data in question will make it impossible to process your specific requests to comply with obligations imposed by laws or regulations or by orders from the competent Authorities
the legal basis of this processing is the need to fulfill a legal obligation (Article 6 letter c) GDPR). The provision of data for this purpose where required, is mandatory by law (art. 6 lett. c) GDPR). The provision of data for this purpose where required, is mandatory by law;
d) Protection of rights and compliance with the conditions of use of the Site
to ascertain responsibility in case of hypothetical computer crimes against the Site and protect our rights in court. The legal basis for such processing is the need to pursue our legitimate interests (art. 6 lett. f) GDPR) (protection of our rights in court).

5. Recipients of the data
Users’ personal data may be communicated, in addition to personnel authorized by the Data Controller, to the following categories of recipients:
(a) IT companies or IT technicians delegated by the Data Controller to maintain, assist and update the Site;
(b)companies that perform hosting services of the Site;
(c) judicial authorities and judicial police (eg postal police) for any activities of prevention and detection of computer crimes against the Site.
A list of Autonomous Data Controllers and Data Processors is available on request at the addresses of the owner.Processors are bound by appropriate contractual obligations to implement appropriate security measures in order to protect the security and confidentiality of personal data.

6. Period and place of storage of personal data
The Data Controller keeps personal data through servers mainly located within the European Economic Area for the time strictly necessary for the pursuit of the purposes indicated above in compliance with civil and tax retention obligations and the limits established by law. For cookie storage times, please refer to the Cookie Policy.

7. Rights of the interested parties
The data subject has the right to exercise the following rights towards the Data Controller.
Right of access: right to request and obtain confirmation as to whether or not your personal data are processed and, if so, to access such data and specific information on processing, such as, by way of example, the purposes, the categories of data being processed,the existence of the other rights indicated below. You may also request a copy of your data.
Right of rectification: right to request and obtain rectification of personal data concerning you and/or the integration of incomplete personal data.
Right to erasure: right to obtain the erasure of your data, without undue delay, if (i) such data are no longer necessary for the purposes for which they were collected, (ii) you have revoked your consent that was the basis for the processing (unless there is no other legal basis for such processing), (iii)you oppose the processing of your data (as indicated below) and there is no other legitimate overriding reason for the processing or if you oppose the processing of your data for marketing purposes, (iv) your data are processed unlawfully, (v)your data must be deleted by virtue of a legal obligation. This right does not apply if the processing of the data is necessary,moreover for compliance with a legal obligation, and for the establishment, exercise or defence of legal claims. Interested parties are informed that the personal data present in the backup copies may not be erasable before the automatic overwriting by the back-up system.
Right of limitation: right to obtain the limitation of processing in case of: (i)contesting the accuracy of the personal data concerning you within the time necessary for the Data Controller to verify the accuracy of these data, (ii) unlawful processing and request by you for the limitation of use instead of its cancellation; (iii) necessity of the data for
the assessment, exercise or defense of a right in court, (iv) opposition on your part to the processing, as indicated below, pending verification of the prevalence of legitimate reasons by the owner.
Right to portability: right to receive personal data concerning you in a structured, commonly used and machine-readable format and to transmit them to another data controller in relation to the cases in which the processing of your data is based on consent or the processing is based on the execution of a contract and such processing is carried out by automated means; as well as the right to obtain the direct transmission of data from one holder to another, where technically operable.The possibility of obtaining the deletion of data, as indicated above, remains unaffected.
Right to object: right to object at any time to processing based on a legitimate interest of the owner, unless the latter demonstrates compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and fundamental freedoms of the interested party or for the assessment, exercise or defense of a right in court.
Furthermore, if the processing is based on the consent of the interested party, the latter has the right to revoke the consent.
The above rights may be exercised with a request addressed without formalities to the Data Controller by letter to the addresses indicated above or by e-mail by writing to privacy@gilardi.it.
Right of complaint: The interested party also always has the right pursuant to art. 77 of the GDPR, to lodge a complaint with the Guarantor Authority for the protection of personal data (Privacy Guarantor, http://www.garanteprivacy.it), if the same considers that the processing of your personal data is contrary to the legislation in force.

8. Revision of this Information
The Data Controller reserves the right to modify or simply update the content of this information, in whole or in part, also due to changes in the applicable legislation. The full text of the Regulation can be consulted on the website of the Guarantor for the Protection of Personal Data www.garanteprivacy.it