This Privacy Policy is provided pursuant to Article 13 of European Regulation No. 679/2016 and applies to the Data collected through the website www.metalltech-expandedmetal.com. This document may be subject to updates that will be published on the aforementioned website.
This Privacy Policy, together with the Cookie Policy, aims to regulate the contractual and legal procedures based on which the User’s personal data will be processed.
Data Controller
The Data Controller of the Data collected by this website is Metalltech Srl, represented by its legal representative pro tempore (hereinafter “the Data Controller”), with registered office in Seriate (BG), Via Monte Rosa 20, CAP 24068, and can be contacted, in order to know the processing methods of your data and exercise your rights, at the following email address: privacy@metalltech.it
Methods of Processing Personal Data
The Personal Data provided directly or acquired through this website or its connected domains will be processed in accordance with the principles of fairness, lawfulness, transparency, and protection of privacy as established by the applicable regulations. The Data Controller processes Users’ Personal Data by adopting the most appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of said Personal Data by unauthorized subjects or entities. Processing is carried out using computer and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated.
Category of Personal Data processed
The Personal Data processed through this website, independently or through third parties, mainly but not exclusively include: Cookies, Usage Data, Email, Phone Number, and Personal Information.
Personal Data may be collected independently by the Data Controller or through third parties. Personal Data may also be voluntarily provided by the User when using the website, by filling out the contact form, when communicating with the Data Controller via email and/or phone. Additional Personal Data collected may be indicated in other sections of this Privacy Policy or through informative texts displayed at the time of data collection. The optional, explicit, and voluntary sending of emails via the Contact Form or through the addresses indicated on this website, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other Personal Data entered in the email.
The provision of Data by the User is necessary for inclusion in the Data Controller’s databases, for the purpose of establishing and carrying out what is offered by the Data Controller to its Users, as well as to third parties for the fulfillment of the specific requested activity.
Failure to provide Data therefore prevents registration in the Data Controller’s databases, the completion of any contracts, as well as the execution of the same and any other possible activities.
Purposes of Personal Data Processing and Legal Basis
The Personal Data subject to processing may be collected independently by the Data Controller or through third parties.
The computer systems and software procedures responsible for the operation of this website automatically acquire specific types of User Personal Data, of a technical-computer nature (such as IP address, type of browser used, operating system, domain name, and addresses of websites from which access or exit was made, etc.), the transmission of which is inherent and essential to the normal functioning of the internet; therefore, disabling them may result in a reduction in the quality of the service offered or a limitation thereof. Such Data will be processed solely for the purpose of obtaining anonymous statistical information about the use of the site and/or to monitor its correct functioning and will be deleted immediately after processing.
The data that the User chooses to provide voluntarily, on the other hand, are collected to allow the Data Controller to provide its services, as well as for the following Purposes:
1) In order to comply with any type of obligation contemplated and provided for by current laws, regulations, related norms, and commercial practices, especially in tax matters. This processing is mandatory for the fulfillment of the legal obligations to which the Data Controller is subject;
2) In order to provide ad hoc services requested by the User. Since this processing is optional, it is based on the contractual consent of the User, and as such, the failure to communicate one or more Data will result in the impossibility of providing the service offered by the Data Controller;
3) In order to carry out other accessory or related purposes to those indicated above and in any case falling within the scope of the activities of the website;
4) In order to respond to specific requests addressed to the Data Controller by the User for informational communications regarding the services of the Data Controller, through email messages or filling out the contact form and other communication tools such as telephone. Since this processing is also optional and based on the consent of the User, the failure to communicate one or more Data will result in the impossibility of responding to the request for information and benefiting from the services offered by the Data Controller;
5) In order to carry out statistical analysis on aggregated and anonymous data to analyze User behaviors for the purpose of improving the products and services provided by the Data Controller as well as meeting the expectations of the User;
6) To fulfill the obligations arising from any contract entered into between the User and the Data Controller for the sale of Services available on the website and to provide the information requested by the User. This processing is mandatory for the execution of the contract to which the User is a party, for the execution of pre-contractual measures, or to comply with a legal obligation to which the Data Controller is subject, therefore the failure to consent to the processing prevents the execution of the contract.
Specifically, the following processing activities do not require the explicit consent of the data subject:
– Conclusion of contracts with the Data Controller;
– Fulfillment of pre-contractual, contractual, and tax obligations arising from existing relationships;
– Compliance with obligations provided by law, regulations, EU legislation, or an order from the Authority;
– Satisfaction of a legitimate interest of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail (e.g., the Data Controller’s right to legal defense in court).
Location of the Processing and Transfer of Data Abroad
The data is processed at the operational headquarters of the Data Controller. The data may be processed by individuals and/or legal entities operating on behalf of the Data Controller and under specific contractual constraints, located in EU member states. If the data is transferred outside the European Union, the Data Controller will take all appropriate measures to ensure adequate protection of such data.
Disclosure of Data
In addition to the Data Controller, it is possible that in certain situations third parties, including those within the corporate structure or external parties, may have access to the Data:
1) Categories of specifically trained personnel involved in the organization of the website (administrative, commercial, marketing, legal, system administrators);
2) External parties (e.g., third-party technical service providers, hosting providers, IT companies) acting as Data Processors appointed by the Data Controller in accordance with Article 28 of the GDPR. An updated list of Data Processors, if appointed, can be requested from the Data Controller at any time;
3) Public or private entities that have access to the Data in compliance with legal obligations;
4) Entities performing ancillary and instrumental activities related to the Data Controller’s operations.
Duration of Processing
Based on the combined provisions of the relevant regulations, and specifically based on Article 5(1)(e) of the GDPR, the data collected or provided by users are kept only for the time necessary for their processing, in relation to the performance of the service requested by the user, or as otherwise required by the purposes described in this Privacy Policy, specifically:
– Data collected for purposes related to the legitimate interests of the Data Controller will be retained until such interests are satisfied and in any case not beyond the limits set by law;
– Data collected based on the user’s consent may be retained as long as such consent is not revoked;
– Data collected for tax/administrative obligations or contractual obligations will be retained for the time necessary to fulfill specific purposes and as provided by law, for a period not exceeding that dictated by civil law and in any case for a period not exceeding 10 (ten) years;
– Data collected for marketing and profiling purposes will be retained for a period not exceeding 12 (twelve) months from the acquisition of consent.
The Data may be kept by the Data Controller for a longer period in compliance with legal obligations or by order of an authority. However, the user is always allowed to request the cessation of processing or the deletion of data processed based on the legal basis of consent.
Since at the end of the retention period the Personal Data will be deleted, the data subject will no longer be able to exercise the rights of access, deletion, rectification, and portability of the Data.
Cookies
This website may use cookies. Cookies are small text files that can be used by websites to make the user experience more efficient, personalize content and ads, provide social media features, and analyze traffic. To learn about the types of cookies potentially active on this site, please refer to the Cookie Policy.
Tools Used for Personal Data Processing
Security Measures Adopted
This website, to ensure the security of the input of Personal Data, has an SSL certificate and uses the HTTPS protocol. With the use of this protocol, transactions and data transmitted on websites occur with the highest security, and the content of the communication is not read or manipulated in any way by third parties.
Address Management and Email Sending
These services allow the management of a database of email contacts, phone contacts, or contacts of any other type, used to communicate with the User. These services may also allow the collection of data regarding the date and time of message viewing by the User, as well as the User’s interaction with them, such as information on clicks on links inserted in the messages.
1. Contact Form
By filling in their Data on the Contact Form, the User consents to their use to respond to requests for information or for any other purpose indicated by the heading of the form. Personal Data collected through Contact Forms: Email, First Name and Last Name, Phone Number.
Newsletter
By subscribing to the newsletter, the User’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, related to this website may be sent. The User’s email address may also be added to this list as a result of registering on this Site (e.g., downloading the catalog). The User can choose at any time to unsubscribe from the newsletter by clicking on a specific button found within the emails. After clicking on the unsubscribe button, the User’s Data will be immediately deleted from the “email marketing” software. Personal Data collected: Email, First Name and Last Name.
This website uses the newsletter service provided by:
1. Mailchimp
Mailchimp is an email address management and messaging service provided by The Rocket Science Group LLC. Personal Data collected: email. Location of processing: USA. – Privacy Policy
Statistics
Statistical services allow the Data Controller to monitor and analyze exclusively traffic data and serve to track user behavior. This website uses the following services:
1. Google Analytics (Google Ireland Limited)
Google Analytics is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected to track and examine the use of this website, compile reports, and share them with other Google services. Google may use Personal Data to contextualize and personalize the ads of its own advertising network. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. This website implements IP anonymization. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google.
Personal Data collected: Cookies and Usage Data. Location of processing: Ireland. – Privacy Policy
Remarketing and Retargeting
These services allow this website to communicate, optimize, and present advertisements based on the User’s past usage of this website. This activity is performed through the tracking of Usage Data and the use of Cookies. This website uses the following service:
1. Google ADS
Google ADS is a service provided by Google Ireland Limited that connects this website to Google’s advertising network. This website utilizes Google Analytics’ Remarketing features combined with the adaptability to various devices of Google ADS. This feature enables linking target groups for promotional campaigns created by Google Analytics’ Marketing function with the adaptability to different devices of Google ADS. This allows displaying advertisements based on the user’s personal interests, identified through an analysis of the user’s behavior on the web, whether on a mobile device or other devices. You can permanently disable targeting and remarketing functions by disabling the “personalized advertising” function in your Google account. To do so, simply follow this link: https://www.google.com/settings/ads/onweb/ Personal Data collected: Cookies and Usage Data. Location of processing: Ireland. Privacy Policy
Exercise of Data Subject Rights
The Data Subject has the right to exercise the faculties provided for in Articles 7, 15-22 of European Regulation 679/2016. In particular, the Data Subject has the right to:
– withdraw their consent at any time
– access Personal Data upon simple request to the Data Controller
– receive the Personal Data provided to the Controller and, where possible, transmit them to another Controller without hindrance (so-called portability)
– obtain the update, limitation of processing, rectification of Data, and deletion of those processed in violation of current regulations.
– object to the Processing of Personal Data concerning them and to Processing for the purpose of sending advertising material, direct sales, and conducting market research.
– lodge a complaint with the Privacy Guarantor as the supervisory authority in the field of personal data protection.
The Data Subject may exercise their rights by contacting the Controller via email at: privacy@metalltech.it
The request to exercise rights is free of charge; however, if it is found to be unfounded or excessive, we may be compelled to request payment of an administrative fee for fulfillment, or alternatively, we may refuse to comply with the request.
To exercise these rights, it will be necessary to request information needed to confirm the identity of the data subject and establish the validity of these rights.
Regional Regulations
In addition to the provisions mentioned above, they are supplemented by regulations issued in specific global regions. Where rules overlap, reference is made to other parts of this document.
Brazil:
This notice is provided as a supplement to the Privacy Policy and includes information regarding the rights of Brazilian citizens under the Lei Geral de Proteção de Dados Pessoais (“LGPD”). This notice does not apply to personal data we collect from employees or job applicants.
User Rights:
The LGPD recognizes the following rights for Brazilian Users. These include:
– the right to confirm the existence of processing;
– the right to access data;
– the right to correction, anonymization, blocking, or deletion of unnecessary data;
– the right to portability;
– the right to delete personal data processed with consent;
– the right to be informed about public and private entities with whom data is shared;
– the right to be informed about the possibility of denying consent and the consequences of refusal;
– the right to withdraw consent.
China:
This notice is provided as a supplement to the Privacy Policy and includes information regarding the rights of Chinese citizens under the Personal Information Protection Law of the People’s Republic of China (“China”) (“PIPL”).
Personal Information Processor:
For Chinese Users, the data controller indicated within the Privacy Policy is defined as the Personal Information Processor under the PIPL. All references to the data controller should be understood as referring to the role of the PIP.
Categories of Personal Data:
According to the principles of the PIPL, all types of information, recorded in electronic format or in any other format, concerning an identified or identifiable natural person, excluding anonymized information, are considered Personal Data. The term Sensitive Personal Data refers to all personal data that, if disclosed or used illegally, are likely to harm the personal dignity of a natural person or jeopardize their personal safety or the safety of their property.
We collect and process personal data only for specific, explicit, and reasonable purposes, to the extent proportionate to the needs of the Processing, and in a way that has the least impact on the rights and personal interests of the data subjects.
Legal Bases of Processing
In addition to the legal bases outlined in the “Purposes of Personal Data Processing and Legal Basis” section, the PIPL allows for the processing of Personal Data even if the Personal Data has been made public by the data subject or otherwise made public legally, the processing is conducted in accordance with the PIPL, and the scope of the latter is reasonable.
User Rights
The PIPL guarantees certain rights to Chinese Users. These include:
– The right to be informed and decide on the processing of their personal data;
– The right to access and obtain a copy of their personal data;
– The right to correct and supplement incorrect or incomplete personal data;
– The right to data portability;
– The right to withdraw consent with future effect;
– The right to erasure;
– The right to request explanations regarding the rules governing the processing of their personal data.
California:
This Supplemental Privacy Notice is provided in addition to the Privacy Policy and includes information on how California residents can exercise their rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA) (collectively, the “California Privacy Laws”). We reserve the right to modify this California Privacy Notice from time to time. Changes will become effective from the date they are published. The California Privacy Laws identify a “Consumer” as an individual residing in California.
Categories of Personal Information We May Collect from California Users
Identifying Information:
Information that allows us to identify the user, such as name, phone number, email address.
Characteristics identified as Protected Data under California or federal law:
In certain circumstances, we may process data pertaining to age, gender, country of birth, nationality, employment status, marital status, or other demographic information.
User Rights
California privacy laws provide various rights to residents of California. These include:
– The right to access their personal data;
– The right to deletion;
– The right to correct and supplement incorrect or incomplete personal data;
– The right to data portability;
– The right to revoke consent (opt-out);
– The right to limit processing;
– The right to non-discrimination.
Do Not Track
California law requires us to specify how we respond to Do Not Track (DNT) signals sent by web browsers. Since there is currently no industry standard or legal requirement to recognize or honor such signals, we are unable to respond to them at this time.
Shine the Light
California residents have the right to request and obtain, no more than once a year at no charge, certain information about the disclosure, if any, of certain categories of personal information to third parties for direct marketing purposes made during the preceding calendar year. Currently, Metalltech does not share this information with third parties.
Minor Users
We do not knowingly collect, disclose, or sell the personal information of consumers under the age of 16.
Colorado
This Notice is provided in addition to the Privacy Policy and includes information on how Colorado residents can exercise their rights under the Colorado Consumer Data Protection Act (CPA). The CPA identifies “Consumer” as the individual residing in Colorado.
User Rights
Colorado residents have the ability to assert the following rights regarding the processing of their Personal Data:
– The right to access their personal data;
– The right to deletion;
– The right to correct and supplement incorrect or incomplete personal data;
– The right to revoke profiling;
– The right to revoke consent (opt-out);
– The right to revoke consent for Targeted Advertising;
– The right to non-discrimination.
Please note that the CPA allows us to deny a request to exercise Rights under the following conditions:
– When refusal is required or authorized by law;
– When consenting to the request would negatively impact another person’s privacy;
– When it is necessary to protect our rights and property;
– When the request is excessive or particularly burdensome;
– Other legitimate reasons (to be assessed on a case-by-case basis).
Connecticut
This Notice is provided in addition to the Privacy Policy and includes information on how Connecticut residents can exercise their rights under the Connecticut Data Privacy Act (CTDPA).
User Rights
Connecticut residents have the ability to assert the following rights regarding the processing of their Personal Data:
– The right to access their personal data;
– The right to deletion;
– The right to correct and supplement incorrect or incomplete personal data;
– The right to revoke profiling;
– The right to revoke consent (opt-out);
– The right to revoke consent for Targeted Advertising;
– The right to non-discrimination.
Please note that the CTDPA allows us to deny a request to exercise Rights under the following conditions:
– When refusal is required or authorized by law;
– When consenting to the request would negatively impact another person’s privacy;
– When it is necessary to protect our rights and property;
– When the request is excessive or particularly burdensome;
– Other legitimate reasons (to be assessed on a case-by-case basis).
Utah
This Notice is provided in addition to the Privacy Policy and includes information on how Utah residents can exercise their rights under the Utah Consumer Privacy Act (UCPA).
User Rights
Utah residents have the ability to assert the following rights regarding the processing of their Personal Data:
– The right to access their personal data;
– The right to deletion;
– The right to revoke consent (opt-out);
– The right to revoke consent for Targeted Advertising;
– The right to non-discrimination.
Please note that the UCPA allows us to deny a request to exercise Rights under the following conditions:
– When refusal is required or authorized by law;
– When consenting to the request would negatively impact another person’s privacy;
– When the request is excessive, repetitive, technically infeasible, or clearly unfounded;
– When we can reasonably believe that the primary purpose of the request is not to exercise a right;
– When fulfilling the request would harass, disrupt, or impose an undue burden on our business resources;
– For other legal reasons.
Virginia
This Notice is provided in addition to the Privacy Policy and includes information on how Virginia residents can exercise their rights under the Virginia Consumer Data Protection Act (VCDPA).
User Rights
Virginia residents have the ability to assert the following rights regarding the processing of their Personal Data:
– The right to access their personal data;
– The right to deletion;
– The right to correct and supplement incorrect or incomplete personal data;
– The right to revoke profiling;
– The right to revoke consent (opt-out);
– The right to revoke consent for Targeted Advertising;
– The right to non-discrimination.
Please note that the VCDPA allows us to deny a request to exercise Rights under the following conditions:
– When refusal is required or authorized by law;
– When consenting to the request would negatively impact another person’s privacy;
– When it is necessary to protect our rights and property;
– When the request is excessive or particularly burdensome;
– Other legitimate reasons (to be assessed on a case-by-case basis).
Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Therefore, please check this page frequently, referring to the last modified date indicated at the bottom. In the event of non-acceptance of the changes made to this Privacy Policy, the User is required to cease using this website and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point. The Controller is not responsible for updating all links displayed in this Privacy Policy; therefore, whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by such link.
Privacy Policy updated as of January 2024.