Valmet Engraving Solutions S.r.l. based in 55100, Lucca (LU), Via Giovanni Diodati, 50, hereafter, Data Controller, protects the confidentiality of your personal data and guarantees the safeguarding required by each event that may place them at risk of violation.
To that end, the Data Controller implements policies and practices concerning the collection and use of personal data and the exercise of the rights granted to you by the applicable regulations. The Data Controller updates its policies and practices on personal data protection every time this is necessary or when regulatory and organisational changes are made that may affect the processing of your personal data.
The Data Controller has appointed a Data Protection Officer (DPO) who you may contact if you have questions about the policies and practices adopted. The Data Protection Officer’s contact details are the following:
DPO.Engraving@valmet.com
The Data Controller collects and/or receives information relating to you, such as: IP addresses, identifying personal data (such as name, surname, email address, company and role of belonging, nation) issued during browsing on the website www.engravingsolutions.it. They are used by the Data Controller to manage the website and to follow up on any requests by you to receive information. Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary to perform the activities relating to the aforementioned purposes, and also to comply with certain legal obligations. Any communication not related to those purposes will be submitted for your consent in advance.
Your personal data will not be disseminated or disclosed to indeterminate entities in any way.
The Data Controller may transfer your personal data abroad and in particular to:
USA, South Africa, Russia, Turkey, Singapore, South Korea (Agents) – pursuant to Art. 49 letter b) “the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request”.
Israel (Agents) – Adequacy decision of the European Commission on the adequate safeguarding of personal data by the state of Israel.
China, Brazil, USA (Sister Companies) – Preparation of standard contractual clauses aimed at guaranteeing adequate safeguards, also with regard to the rights of the data subjects relating to the non-EU transfer of personal data.
Japan (Sister Company) – EU-Japan adequacy decision.
The personal data relating to you and that identify you are necessary in order to fulfil the request submitted by you via the “contacts” section and, if not provided, this will prevent the Data Controller from fulfilling your requests.
Data relating to you is processed using both electronic and manual tools and instruments made available to persons acting under the authority of the Data Controller and for authorised and trained purposes. The paper and, above all, electronic archives in which your data are archived and stored are protected using effective security measures adequate to combat the risks of violation considered by the Data Controller. The Data Controller periodically and constantly checks the measures adopted, particularly for electronic and online tools, as a guarantee of the confidentiality of the personal data processed, archived and stored using them, especially if belonging to particular categories.
The IT archives are located within the borders of the EU (and EEA); however, they may be connected to or interact with databases located in non-EU countries. In particular:
USA, South Africa, Russia, Turkey, Singapore, South Korea (Agents) – pursuant to Art. 49 letter b) “the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request”.
Israel (Agents) – Adequacy decision of the European Commission on the adequate safeguarding of personal data by the state of Israel.
China, Brazil, USA (Sister Companies) – Preparation of standard contractual clauses aimed at guaranteeing adequate safeguards, also with regard to the rights of the data subjects relating to the non-EU transfer of personal data.
Japan (Sister Company) – EU-Japan adequacy decision.
For the time necessary to fulfil information requests and to send communications of that exclusive nature which the Data Controller performs following your request and in any case for a period not exceeding a maximum of 2 years, subject to cases where events occur involving the intervention of the competent Authorities, also in collaboration with third parties/recipients in charge of IT security activity of the Data Controller’s data, to perform any investigations on the causes that determined the event.
This is without prejudice to your right to object at any time to processing based upon the legitimate interest for reasons connected to your particular situation.
In line with the time limits established above for the processing of personal data relating to you, the rights that are granted to you allow you always to have control of your data. Your rights are those of:
Your rights are granted to you without particular burdens and formalities in relation to the request to exercise them which is essentially understood to be free of charge. You have the right:
For reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on legitimate interest or if it concerns the processing of personal data whose conferment is subject to your consent, sending your request to the Controller at the address es.it.privacy@Valmet.com
You are entitled to the erasure of your personal data if there is no legitimate reason prevailing over that which gave rise to your request, and in any case in case you are opposed to the treatment.
Subject to any other action in the administrative or judicial venue, you may lodge a complaint with the competent supervisory authority or with that which performs its duties and exercises its powers in Italy where you have your habitual residence or where you work or, if different, in the Member State in which the violation of Regulation (EU) 2016/679 occurred.
Any update to this privacy policy will be communicated to you promptly and by appropriate methods and you will also be notified if the Data Controller is to process your data for purposes additional to those indicated in this privacy policy before it proceeds to do so and in time for your to provide your consent, if required.
Complete privacy policy for actual and potential customers
Complete privacy policy for Suppliers
Complete privacy policy for Job Applicants