The following companies of the Alfa Acciai Group are autonomous data controllers of the personal data collected and processed through the Site (hereinafter also "Data Controllers"):

• Alfa Acciai S.p.A., Via San Polo, no. 152 - 25134 Brescia (BS) ("Alfa Acciai")
• Acciaierie di Sicilia S.p.A., Stradale Passo Cavaliere, no. 1/A - 95121 Catania (CT)
• Alfa Derivati S.r.l, Via San Polo, no. 152 - 25134 Brescia (BS)

The Data Controllers can be contacted through the e-mail address managed by Alfa Acciai, also on behalf of the other Data Controllers: [email protected].

1. Browsing Data

During standard operations, the Site's computer systems collect certain personal data that is inherently transmitted through the use of Internet communication protocols. This information isn't collected to be linked with identified individuals but could potentially identify users by its nature. This data includes (i) the IP addresses or domain names of the computers utilized by users who connect to the Site, (ii) the URI (Uniform Resource Identifier) addresses of the requested resources, (iii) the time of Internet browising, and (iv) other parameters related to the user's operating system and computing environment. This data is solely used to ensure the Site's proper functioning and to compile anonymous statistical information about its usage.

2. Cookies
The Site employs cookies which may automatically collect personal data from users. For instructions on how to manage cookies, including enabling or disabling them, please refer to the link in opt out.

3. Data provided voluntarily
The optional, explicit and voluntary sending, by the user, of personal information (e.g. name, surname, e-mail, telephone, company, physical address, curriculum vitae) through the contact interfaces available on the pages of the Site or by e-mail to the e-mail addresses indicated on the Site entails the acquisition and processing by the Data Controllers of such data and any other information contained in such communications.

The user assumes liability for the personal data of third parties shared through the contact channels available on the Site.

Users’ data are processed for the following purposes:

1. Legitimate interest of the Data Controllers:

1. to enable the use of the Site and the content published therein relating to the organization of the Data Controllers and the products and services offered by them;
2. to exchange communications with users;
3. to carry out statistical analysis on Site navigation;
4. to perform maintenance and technical assistance for the proper functioning of the Site and to improve the quality and structure of the Site or to create new content for publication.

Processing for the aforementioned purposes is based on the legitimate interest of the Data Controllers in interacting with web users through the Site. Personal data for these purposes may be freely provided by the user.

2. Marketing purposes:

Subject to the user's consent, for sending communications and/or newsletters by e-mail regarding initiatives, products and/or services of the Data Controllers.

3. Sharing of data with partners of the Data Controllers

Subject to the user's consent, contact details may be shared with partners of the Data Controllers who are involved in training and employment activities such as, for example, educational, training and guidance and employment service providers. 

4. Pre-contractual, contractual or legal purposes:

1. to manage access to restricted areas of the Site;
2. to manage the personnel selection and application evaluation process in relation to the possibility of establishing a working relationship/collaboration with one of the Data Controllers. Please refer to the link for more information on the processing of personal data of candidates accessing the selection and evaluation process.

Processing for the aforementioned purposes is necessary for the performance of a contract and/or the execution of pre-contractual measures with the user or for related legal obligations. Unless otherwise specified, all data requested by the Site for the aforementioned purposes are mandatory. This implies that any refusal on the part of the user may make it impossible for the Data Controller to pursue the purposes indicated.

5. Judicial defense or response

Finally, personal data may be used by the Data Controller to establish, exercise or defend a right in court and in the preparatory stages of court proceedings.

The Data Controllers take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the personal data processed.

The processing is carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.

In addition to the Data Controllers, external parties, such as third parties who are involved in training and employment activities technical service providers, hosting providers, IT companies and communication agencies, may have access to the personal data, appointed, if necessary, as data processors. The updated list of data processors can be requested from the Data Controllers at the addresses indicated at the end of this privacy policy.

Personal data will generally be processed within the European Economic Area (EEA). Any transfer of personal data outside the European Economic Area will take place only after adequate safeguards have been adopted, as provided for by the regulations in force.

With reference to the purposes referred to in points 1 (Legitimate interest of the Data Controller), 2 (Marketing purposes) and 3 (Sharing of data with partners of the Data Controllers), personal data are processed and retained for the time required by the purpose for which they were collected and, in any case, for a period not exceeding 24 months. 

With reference to the purposes referred to in point 4 (Pre-contractual, contractual or legal purposes), personal data are processed and kept for the time indicated in the information documents for customers, suppliers and candidates available on the Site. 

At the end of the retention period, personal data will be destroyed or rendered anonymous, unless it is necessary to retain it in order to comply with a user request, a legal obligation or to ascertain, defend or exercise a right of the Data Controller in court.

With regard to the personal data processed, the user may exercise the following rights:

Access

• (i) The right to obtain from Data Controllers confirmation if there is or not a personal data processing and if any, to obtain information about source, purposes, categories of personal data processed, recipients to whom the personal data are communicated or transferred to, etc.; and (ii) the right to obtain a copy of personal data processed, as long as it does not damage the rights and freedoms of others.

Rectification

• The right to obtain from the Data Controllers without undue delay the rectification of inaccurate personal data, as well as the integration of uncomplete personal data, also by providing an integrative statement.

Erasure

• The right to obtain from the Data Controllers the erasure of personal data without undue delay in case of: the personal data are no longer necessary in relation to the purposes of the processing; the consent on which the processing is based is withdrawn and there are not further legal basis; the personal data have been unlawfully processed; the personal data must be deleted in order to comply with a legal obligation. 

Objection to the processing

• The right to object at any time to the processing of personal data which is based on a legitimate interest of the Data Controllers. 

Restriction of processing

• The right to obtain the restriction of processing from Data Controllers, where (i) the accuracy of personal data is disputed (for the period necessary for the Data Controllers to verify the accuracy of such personal data), (ii) the processing is unlawful and/or (iii) you, as user of the Site, have objected to the processing.

Portability of personal data

• The right to receive the personal data in a structured, commonly used and machine-readable format and to transmit such data to another Data Controllers, whenever the processing is based on the consent or a contractual relationship, as long as personal data are processed by electronic means.

Decisions based solely on automated processing

• The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning Data Subject or similarly significantly affects users, unless such decisions are necessary for entering into, or performing of, a contract or are based on the consent given by the users.

Lodge a complaint to a control authority

• Without prejudice to any other administrative proceeding or judicial legal action, you will have the right to lodge a complaint before the supervisory authority of the Member State where you normally reside or work, or of the State where the alleged violation occurs, whenever you consider that the personal data processing violates the GDPR.

Withdrawal of consent

• As the case may be, you have the right to withdraw, at any time, your consent provided for one or more of the purposes above-mentioned, without prejudice to the lawfulness of processing based on consent before its withdrawal.