Privacy Policy

This document (hereinafter “Privacy Policy“) provides information on the processing of personal data that are collected by IRBM S.p.A. (hereinafter “Company” or “Data Controller“) through this website and therefore is to be intended as notice to the interested parties pursuant to the current legislation and the provisions of Article 13 of EU Regulation 2016/679 of the European Parliament and of the Council dated April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR“).

IRBM S.p.A. pays particular attention to the privacy protection and aims that those who visit the website www.irbm.com feel safe, both during simple navigation and in the event they decide to provide their personal data to take advantage of specific services or features.

Data Controller
The Data Controller is IRBM S.p.A. with registered office in Pomezia (RM) – via Pontina km 30.600.
Where to contact the Data Controller
The Data Controller can be contacted through e-mail at privacyirbmgroup@irbm.com
Personal data processing purposes and legal basis
Any personal data provided by the user will be processed when the user interacts with the functions of the website, including navigation data, or requests to use the services offered on the website (registration in any reserved areas/applications and other initiatives, use of any Apps, requests for information and reports also via contact forms, etc.), as well as the data collected through cookies as specified in the cookie policy.

With the user’s consent, the Data Controller may process the user’s personal data to allow the use of services and features of the website and to optimize its functioning, to perform statistics on visits, to manage requests and reports received through the website, for registration in any reserved areas or for specific initiatives, pursuant to Article 6.1. (a) of the GDPR. The Data Controller may also process the user’s personal data to fulfill obligations deriving from laws, regulations, EU legislation: the legal basis of the processing for this purpose is Article 6.1. (c) of the GDPR.

With the optional consent of the user, common and/or particular data can be processed for the management of job applications pursuant to Articles 6.1. (a) and 9.2. (a) of the GDPR.

Furthermore, with the optional consent of the user, personal data may also be used for the purpose of carrying out institutional communications (including newsletters) or promotional activities (marketing), i.e. to send promotional material and/or commercial communications relating to the Company’s services, to the addresses indicated by the user, both through traditional methods of contact (such as, paper mail, telephone calls with operator, etc.) and through automated means (such as, communications via internet, fax, e-mail, sms, applications for mobile devices such as smartphones and tablets – so-called APPS – social network accounts – e.g. via Facebook – etc.). The legal basis of the processing for this purpose is art. 6.1. (a) of the GDPR.
Mandatory or optional nature of data submission and consequences of any refusal
The forms to be filled in on this website include both data that are strictly necessary in order to be able to manage communications and user’s requests, marked with the symbol [*], whose failure to indicate does not allow us to follow up on the requests themselves, and optional data which are not

strictly necessary to respond to the requests of the interested parties. Failure to provide the latter will not entail any consequences. Please note that it is also possible to withdraw consent at any time.
Processing methods
The processing of personal data takes place using automated and non-automated tools, with logics strictly related to the purposes of the processing.

In particular, the Data Controller undertakes to guarantee the logical and physical security of the data and, in general, the confidentiality of the processed personal data, implementing all the necessary technical and organizational measures needed to guarantee their security.

Please note also that in processing personal data we will strictly adhere to the limits and conditions imposed by the current legislation as well as to the conditions imposed by the Italian Data Protection Authority. Indeed, the processing takes place in such a way as to guarantee the security and confidentiality of the data, through the adoption of the measures provided for by Article 32 of the GDPR in order to preserve the integrity of the data processed and prevent access to the same by unauthorized subjects.
Personal data retention period
Personal data collected for the purposes referred to in this informational note will be processed and stored for the period of time strictly necessary to achieve the purposes actually pursued and, in any case, the criterion used to determine the retention period is based on compliance with the terms permitted by applicable laws and by the principles of minimization of processing, limitation of conservation and rational management of archives.
Scope of transfer or dissemination of personal data
The personal data that you provide may be made accessible to employees and/or collaborators of the Data Controller, in their capacity as authorized persons and/or data processors and/or system administrators in the context of their duties and/or assignments.

Furthermore, the data can be communicated to:
1. professionals, third parties and/or suppliers that the Data Controller uses for the execution of services of commercial, professional and technical nature, needed for the management of the website and its related functions (e.g. IT service providers and Cloud Computing), for the pursuit of the aforementioned purposes and for the services requested by the user;
2. Judicial or supervisory authorities, administrations, public bodies (national and foreign), if this is necessary to fulfill legal obligations or to follow up on requests made by them as well as for the prosecution of crimes and for the safeguarding from public security threats.
In any case, your personal data will not be disseminated.
Territorial scope of processing
Your personal data will be stored on servers located within the European Union owned and/or in the availability of the Data Controller and/or of third-party companies, duly appointed as data processors. Should the processing of your personal data require a transfer outside the European Economic Area, the Data Controller informs that the processing will in any case take place according to one of the methods allowed by the GDPR, such as for example the user’s consent, the adoption of Standards Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
Navigation data
The processing of personal data of users who only visit the website (i.e. without sending communications or using any of the services/functions available) is limited to navigation data, i.e. those data for which transmission to the website is necessary for the functioning of the IT systems in

charge of managing the website and of Internet communication protocols. This category includes, for example, the IP addresses or the domain of the computer used to visit the website and other parameters relating to the operating system used by the user to connect to the website. The Company collects these and other data (such as, for example, the number of visits and the time spent on the website) only for statistical purposes and anonymously in order to check the functioning of the website and improve its functionality. This information is not collected to be associated with other information about users and to identify the latter; however, such information by their very nature may allow the identification of users through processing and association with data held by third parties. The navigation data are normally deleted after processing in anonymous form but may be stored and used by the Company to ascertain and identify the perpetrators of any computer crimes committed against the website or through the website. With the exception of this eventuality and what is specified in the Cookie Policy section, the navigation data described above are stored only temporarily in compliance with the applicable legislation.

Cookie

Cookies are used by websites to recognize users within a work session. As indicated by the provisions of the Italian Data Protection Authority, these are “small text files” – made up of letters and numbers

– “that the sites visited by the user send to his terminal (usually to the browser), where they are stored before being re-transmitted to the same sites at the next visit by the same user “.

Cookies are safe, they can only store the information that is entered by the browser, relating to access to the browser itself or that is included in the requested page. They cannot be transformed into codes and cannot be used to access the user’s computer. If a website encrypts the information in the cookie, only the website can read the information.

For more information on the use of cookies, please read the relevant notice.
Rights provided by the GDPR

The users to whom the personal data refer can always contact the Data Controller as identified above to assert their rights as provided for by the European Regulation and in particular they are entitled to exercise the right (i) to access their Personal Data (and know the origin, purposes and scope of the processing, the subjects to whom their personal data are communicated, the data retention period or the criteria useful for determining it), (ii) to request their correction and/or cancellation (“right to be forgotten”), if no longer necessary, incomplete, erroneous or collected in violation of the law, (iii) to request that the processing be limited to a part of the information concerning them; (iv) to the extent that it is technically possible, to receive in a structured format or to transmit to third parties indicated by the user the information concerning him (so-called “portability” of the information voluntarily provided); (v) as well as to withdraw their consent at any time, in the event that this constitutes the basis of the processing without prejudice to the lawfulness of the processing carried out up to that moment.

Each user has also the right to object, in the cases provided by law, to the processing of their personal data, as well as to file complaints with the competent Data Protection Authority.

For any request relating to the processing of personal data by the Data Controller, to exercise the rights recognized by the applicable legislation, as well as to know the updated list of the subjects to whom the data are accessible, the user can contact the Data Controller at the e-mail address privacyirbmgroup@irbm.com.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_35080545_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

MEET THE TEAM