Privacy & Cookie Policy

PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 (GDPR) AND CURRENT NATIONAL LEGISLATION

We inform you that the personal data you provide by visiting this website https://sctubes.com/ ("Site") will be processed by SERRAVALLE COPPER TUBES S.R.L. which, as Data Controller, has implemented adequate technical and organizational measures to ensure their protection.

Personal data are information relating to an identified or identifiable natural person ("Data Subject").

"Processing" means any operation or set of operations performed on personal data, with or without automated means, such as collection, recording, organization, storage.

In consideration of the recognized importance of protecting and securing the natural persons to whom the personal data refer, the Company has appointed a Data Protection Officer ("DPO"), pursuant to and for the purposes of Articles 37-39 of the GDPR, who can be contacted for matters relating to the processing of personal data, including the exercise of the Data Subject's rights, via e-mail: dpo.sct@sctubes.com.

How and for how long do we process your personal data?

We process your personal data (internet protocol (IP), browser type, parameters of the device used to connect to the Site, name of the Internet Service Provider (ISP), date and time of visit, web page of origin of the user (referral) and exit) to allow you to use the services offered by the Site.

The provision of this information (so-called navigation data) is mandatory and the data are stored in the server log files (hosting) and are used for statistical and analytical purposes, only in aggregate form.

The IP address is used only for security reasons and is not crossed with other data.

The data collected by the Site during navigation are kept for the time strictly necessary to carry out the specified activities: the data (IP address) used for Site security purposes (e.g. blocking attempts to damage the Site) are kept for 365 days.

Who will have information about your data?

Personal data will be processed by authorized personnel, duly trained and operating under the authority and responsibility of the Data Controller. We also use qualified service providers to manage, optimize and protect our Site. In the context of data processing, we transfer them to service providers who support us in the operation of our Site and associated operations. These include, for example, hosting service providers, web designers, IT service providers and consent management platforms.

Our Site also has special "buttons" (called "social buttons/widgets"), which show the icons of social networks (e.g. LinkedIn). These buttons allow users browsing websites to interact directly with such social networks. In this case, social networks acquire data relating to the user's visit, while the Controller will not share any navigation information or user data acquired through its website with social networks, which can be accessed through social buttons/widgets.

Where is your data processed?

The management and storage of your personal data will take place on servers of the Controller and/or third-party companies duly appointed as Data Processors, located within the European Union.

What are your rights and who should you contact to exercise them?

Your rights, pursuant to Articles 15-22 of the GDPR, are those of:

• access;
• rectification;
• withdrawal of consent;
• erasure;
• restriction of processing;
• portability;
• objection to processing;
• objection to automated decision-making processes, including profiling.

In essence, at any time and free of charge and without particular charges and formalities for the request, you can:

• obtain confirmation of the processing carried out by the Data Controller;
• access your personal data and know their origin, the purposes and purposes of the processing, the data of the subjects to whom they are communicated, the retention period of the data or the criteria useful to determine it;
• update or rectify personal data so that they are always accurate and correct;
• withdraw consent at any time, in the event that this constitutes the basis of the processing. The withdrawal of consent, however, does not affect the lawfulness of the processing based on consent carried out before the withdrawal itself;
• delete personal data from databases and/or archives, including backups, in the case, among others, where they are no longer necessary for the purposes of processing or if this is assumed to be unlawful, and always if the conditions provided for by law exist; and in any case if the processing is not justified by another equally legitimate reason;
• restrict the processing of personal data in certain circumstances, for example where you have contested its accuracy, for the period necessary for the Controller to verify its accuracy. You must be informed, in due time, also when the suspension period has been completed or the cause of the restriction of processing has ceased, and therefore the restriction itself revoked;
• obtain personal data, if their processing takes place on the basis of a contract and with automated tools, in electronic format also for the purpose of transmitting them to another data controller.

The Data Controller must proceed in this regard without delay and, in any case, at the latest within one month of receiving your request. The term can be extended by two months, if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller, within one month of receiving your request, will inform you and make you aware of the reasons for the extension.

At any time you can exercise your rights against the Data Controller:

• by sending an email to privacy@kme.com;
• by contacting the DPO at dpo.sct@sctubes.com;
• by sending a written communication to the registered office of the Data Controller.

Who can you file a complaint with?

Without prejudice to the right to take further action in administrative or judicial proceedings, you have the possibility to file a complaint with the competent Supervisory Authority. You can contact the authority of the country in which you habitually reside, work, or, if different, the Member State in which the violation of Regulation (EU) 2016/679 (Art. 77 GDPR) occurred.

COOKIE POLICY

This cookie policy is intended to illustrate the types of cookies and the methods of using cookies by the Site, as well as to provide guidance on how to manage or disable cookies themselves.

This Cookie Policy can be viewed via a link at the bottom of all pages of the Site pursuant to Art. 122 second paragraph of the Privacy Code and following the simplified methods for disclosure and acquisition of consent for the use of cookies published in the Official Gazette no. 126 of June 3, 2014, Register of measures no. 229 of May 8, 2014.