Subject: Information on the Processing of Personal Data, pursuant to Article 13, Regulation (EU) No. 2016/679 – “GENERAL DATA PROTECTION REGULATION” (hereinafter “GDPR”) and Legislative Decree 196/2003, supplemented by Legislative Decree 101/2018

With this notice, we wish to inform you about how our Company, SIMIC S.p.A., processes your personal data, which you provided while browsing our company’s website.

1. Data Controller
The Data Controller is SIMIC S.p.A., located at Via Vittorio Veneto snc in Camerana (CN – 12072) – VAT: 02121640045, represented by Ferruccio Boveri, the legal representative.

2.DPO Appointment

The Data Controller, not falling within the cases indicated by Art. 37 of the GDPR, nor in those indicated by various interpretations of the Supervisory Authority, has not deemed it necessary to appoint a Data Protection Officer

3. Subject of Processing

1. Browsing Data
   The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
   This information is not collected to be associated with identified data subjects, but by its nature, it could allow users to be identified through processing and association with data held by third parties.
   This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.
   
   
2.  Data Provided Voluntarily by the User
   The optional, explicit, and voluntary sending of emails to the addresses indicated on this site, the filling out of a form to request informatio involves the subsequent acquisition of the sender’s address and/or phone number, necessary to respond to requests, as well as any other personal data included in the request.
   The processing of the information concerning you will be carried out in compliance with the principles of fairness, lawfulness, transparency, and confidentiality. The data will be processed and stored using IT tools for the time strictly necessary to achieve the purposes for which it was collected.
   Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.
   
   
3. Cookies
   Cookies are small text files that the sites visited send to the user’s terminal, where they are stored and then retransmitted to the same sites on the next visit.
   The type of cookies and their management are detailed in the relevant policy available on the company website and managed through a specific banner, which allows users to enable/disable cookies individually.
   The user can choose to enable or disable cookies by adjusting their browser settings according to the instructions provided by the respective providers at the links indicated below:

• Chrome
• Firefox
• Safari
• Internet Explorer/Edge

4. Purpose of Processing, Legal Basis, Nature of Data Provision

The purpose of the processing referred to in point 3.1 is to obtain anonymous statistical information on the use of the site and to monitor its proper functioning. The data could be used to ascertain responsibility in case of hypothetical cybercrimes against the site. The processing is lawful pursuant to Art. 6, paragraph 1(b) and (f) of the GDPR. The provision of data is mandatory, under penalty of being unable to properly manage contractual aspects.
The purpose of the processing referred to in point 3.2 is always related to and/or instrumental to the use of the site (therefore, any different and/or conflicting use with that of the Data Subject is excluded). Specifically, the processing is limited to responding to questions posed by the data subject. This processing is legitimate pursuant to Art. 6, paragraph 1(b), and does not require the explicit consent of the data subject. The provision of data is optional; however, refusal to provide personal data pertinent to the purpose of the collection will prevent the requested service from being provided.
The purpose of the processing referred to in point 3.3 is to improve the user’s browsing experience and to collect aggregated information for statistical purposes. The provision of data is optional, but the management of cookies is determined by the browser’s functionalities.

5. Processing Methods, Duration of Processing

The processing of your personal data in relation to point 3.1 is carried out through the operations indicated in Art. 4 no. 2 GDPR, namely: collection, registration, organization, use, deletion. Your personal data is processed electronically and/or automatically, and is deleted immediately after processing.
The processing of your personal data in relation to point 3.2 is carried out through the operations indicated in Art. 4 no. 2 GDPR, namely: collection, registration, organization, use, deletion. Your personal data is processed electronically and/or automatically, and is deleted once the purpose for which it was provided has been fulfilled. Your personal data will not be disseminated in any way.
The processing of your personal data in relation to point 3.3 is carried out in accordance with the rules and methods of those providing the different services, and is indicated in the dedicated notices mentioned in point 3.3. The expiration of cookies is determined by you, through the navigation tool. In any case, it does not exceed 6 months.

6. Data Communication

Without the need for express consent (pursuant to Art. 6(b) and (c) of the GDPR), the Data Controller may communicate your data to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, and to those subjects to whom communication is mandatory by law for the fulfillment of the purposes mentioned. These subjects will process the data as independent data controllers. Your data will not be disseminated.

7. Data Transfer to Non-EU Countries

The data provided, as per point 3, is stored electronically on dedicated company servers, provided by external processors, or in cloud platforms adopted by the Data Controller.
However, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU, for example, in the case of using Cloud services. In such cases, it is guaranteed that the transfer of data outside the EU will take place in accordance with applicable legal provisions, following the stipulation of standard contractual clauses provided by the European Commission.

8. Rights of the Data Subject

As a data subject, you have the rights under Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR. Specifically:

• Right of access
• Right of rectification
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to notification in case of rectification or erasure of personal data or restriction of processing
• Right to data portability
• Right to object
• Rights related to automated decision-making, including profiling

9. Procedures for Exercising the Rights of the Data Subject

You may exercise your rights at any time by sending:

• A registered letter with return receipt addressed to the Data Controller, as per point 1;
• An email to privacy@simic.it.