IRBM S.p.A. pays particular attention to the privacy protection and aims that those who visit the website www.irbm.com feel safe, both during simple navigation and in the event they decide to provide their personal data to take advantage of specific services or features.
- Data Controller
The Data Controller is IRBM S.p.A. with registered office in Pomezia (RM) – via Pontina km 30.600.
- Where to contact the Data Controller
- Personal data processing purposes and legal basis
With the user’s consent, the Data Controller may process the user’s personal data to allow the use of services and features of the website and to optimize its functioning, to perform statistics on visits, to manage requests and reports received through the website, for registration in any reserved areas or for specific initiatives, pursuant to Article 6.1. (a) of the GDPR. The Data Controller may also process the user’s personal data to fulfill obligations deriving from laws, regulations, EU legislation: the legal basis of the processing for this purpose is Article 6.1. (c) of the GDPR.
With the optional consent of the user, common and/or particular data can be processed for the management of job applications pursuant to Articles 6.1. (a) and 9.2. (a) of the GDPR.
Furthermore, with the optional consent of the user, personal data may also be used for the purpose of carrying out institutional communications (including newsletters) or promotional activities (marketing), i.e. to send promotional material and/or commercial communications relating to the Company’s services, to the addresses indicated by the user, both through traditional methods of contact (such as, paper mail, telephone calls with operator, etc.) and through automated means (such as, communications via internet, fax, e-mail, sms, applications for mobile devices such as smartphones and tablets – so-called APPS – social network accounts – e.g. via Facebook – etc.). The legal basis of the processing for this purpose is art. 6.1. (a) of the GDPR.
- Mandatory or optional nature of data submission and consequences of any refusal
The forms to be filled in on this website include both data that are strictly necessary in order to be able to manage communications and user’s requests, marked with the symbol [*], whose failure to indicate does not allow us to follow up on the requests themselves, and optional data which are not
strictly necessary to respond to the requests of the interested parties. Failure to provide the latter will not entail any consequences. Please note that it is also possible to withdraw consent at any time.
- Processing methods
The processing of personal data takes place using automated and non-automated tools, with logics strictly related to the purposes of the processing.
In particular, the Data Controller undertakes to guarantee the logical and physical security of the data and, in general, the confidentiality of the processed personal data, implementing all the necessary technical and organizational measures needed to guarantee their security.
Please note also that in processing personal data we will strictly adhere to the limits and conditions imposed by the current legislation as well as to the conditions imposed by the Italian Data Protection Authority. Indeed, the processing takes place in such a way as to guarantee the security and confidentiality of the data, through the adoption of the measures provided for by Article 32 of the GDPR in order to preserve the integrity of the data processed and prevent access to the same by unauthorized subjects.
- Personal data retention period
Personal data collected for the purposes referred to in this informational note will be processed and stored for the period of time strictly necessary to achieve the purposes actually pursued and, in any case, the criterion used to determine the retention period is based on compliance with the terms permitted by applicable laws and by the principles of minimization of processing, limitation of conservation and rational management of archives.
- Scope of transfer or dissemination of personal data
The personal data that you provide may be made accessible to employees and/or collaborators of the Data Controller, in their capacity as authorized persons and/or data processors and/or system administrators in the context of their duties and/or assignments.
Furthermore, the data can be communicated to:
- professionals, third parties and/or suppliers that the Data Controller uses for the execution of services of commercial, professional and technical nature, needed for the management of the website and its related functions (e.g. IT service providers and Cloud Computing), for the pursuit of the aforementioned purposes and for the services requested by the user;
- Judicial or supervisory authorities, administrations, public bodies (national and foreign), if this is necessary to fulfill legal obligations or to follow up on requests made by them as well as for the prosecution of crimes and for the safeguarding from public security threats.
In any case, your personal data will not be disseminated.
- Territorial scope of processing
Your personal data will be stored on servers located within the European Union owned and/or in the availability of the Data Controller and/or of third-party companies, duly appointed as data processors. Should the processing of your personal data require a transfer outside the European Economic Area, the Data Controller informs that the processing will in any case take place according to one of the methods allowed by the GDPR, such as for example the user’s consent, the adoption of Standards Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
- Navigation data
The processing of personal data of users who only visit the website (i.e. without sending communications or using any of the services/functions available) is limited to navigation data, i.e. those data for which transmission to the website is necessary for the functioning of the IT systems in
Cookies are used by websites to recognize users within a work session. As indicated by the provisions of the Italian Data Protection Authority, these are “small text files” – made up of letters and numbers
– “that the sites visited by the user send to his terminal (usually to the browser), where they are stored before being re-transmitted to the same sites at the next visit by the same user “.
Cookies are safe, they can only store the information that is entered by the browser, relating to access to the browser itself or that is included in the requested page. They cannot be transformed into codes and cannot be used to access the user’s computer. If a website encrypts the information in the cookie, only the website can read the information.
- Rights provided by the GDPR
The users to whom the personal data refer can always contact the Data Controller as identified above to assert their rights as provided for by the European Regulation and in particular they are entitled to exercise the right (i) to access their Personal Data (and know the origin, purposes and scope of the processing, the subjects to whom their personal data are communicated, the data retention period or the criteria useful for determining it), (ii) to request their correction and/or cancellation (“right to be forgotten”), if no longer necessary, incomplete, erroneous or collected in violation of the law, (iii) to request that the processing be limited to a part of the information concerning them; (iv) to the extent that it is technically possible, to receive in a structured format or to transmit to third parties indicated by the user the information concerning him (so-called “portability” of the information voluntarily provided); (v) as well as to withdraw their consent at any time, in the event that this constitutes the basis of the processing without prejudice to the lawfulness of the processing carried out up to that moment.
Each user has also the right to object, in the cases provided by law, to the processing of their personal data, as well as to file complaints with the competent Data Protection Authority.
For any request relating to the processing of personal data by the Data Controller, to exercise the rights recognized by the applicable legislation, as well as to know the updated list of the subjects to whom the data are accessible, the user can contact the Data Controller at the e-mail address email@example.com.