Privacy Policy for Website Visitors

Ghella S.p.A., with registered office in Via Pietro Borsieri, 2/a – 00195 Rome, VAT Number 00898971007, as data controller (hereinafter, the “Company” or the “Data Controller”), hereby provides this privacy policy pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter, the “GDPR”) in relation to the processing of personal data of visitors to the website www.ghella.com (hereinafter, the “Website”). If you intend to apply for a job offer at the Company, please refer to the specific privacy policy for candidates available in the “Work with us” section of the Website.

1. What types of data are processed and for what purposes?

Navigation data:

The information systems and software procedures relied upon to operate this Website acquire, as part of their standard operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses and/or domain names of the computers and terminals equipment used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful outcome, error, etc.), and other parameters relating to the user’s operating system and IT environment. Such data, which are necessary for the use of web services, are also processed for the following purposes: (i) obtaining statistical information on the use of the services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.); and (ii) monitoring the correct functioning of the services offered. Browsing data may also be used to ascertain liability in the event of hypothetical cybercrimes to the detriment of the Website. Browsing data are processed on the basis of the Data Controller’s legitimate interest in ensuring the security of the Website, monitoring its proper functioning, and obtaining statistics relating to its use (Article 6(1)(f) GDPR).

Data voluntarily provided by you:

• in letters or emails spontaneously sent to us: the optional, explicit, and voluntary sending of your personal data to the postal or email addresses published on the Website entails the subsequent acquisition of such data, which are necessary to pursue our and your legitimate interest in responding to your requests relating to the Website and/or our activities (Article 6(1)(f) GDPR). You are free not to provide such data. However, failure to provide such data may cause the impossibility to comply with your request;
• on the occasion of telephone calls: when you contact our telephone number, we may process the personal data you voluntarily provide during the call or that we reasonably request in order to pursue our and your legitimate interest in providing you with the requested information (Article 6(1)(f) GDPR). You are free not to provide such data. However, failure to provide such data may cause the impossibility to comply with your request.

 2. Who might have knowledge of my personal data?

Employees and/or collaborators of the Company in charge to manage the Website, provide assistance, or provide you with what you have requested, might have knowledge of your personal data. Furthermore, entities which, acting as data processors, provide us with services that are instrumental to the performance of our business, might have knowledge of your personal data, including, but not limited to, IT and logistics service providers that are functional to the operation of the Website, and group companies that provide us with intra-group services.

3. Will my personal data be disclosed to third parties?

Your data may be disclosed to the Judicial Authority upon request, in the cases provided for by law.

4. How will my personal data be processed and how long will they be stored?

Your personal data will be processed using automated and non-automated tools. Specific security measures are implemented to prevent data loss, unlawful or incorrect use, and unauthorized access. Navigation data will be retained for a maximum period of seven (7) days, unless further retention is necessary to ascertain liability in the event of hypothetical cybercrimes to the detriment of the Website or to comply with requests from the Judicial Authority. If you have contacted us by letter, fax, email, or telephone to obtain information relating to the Website or our company, your data will be retained for the period required by law or for the time necessary to pursue the processing purposes described above.

5. Will my data be transferred outside the European Economic Area?

No, your personal data will be stored and processed exclusively within the territory of the European Economic Area. However, with regard to data collected through cookies, please refer to the information provided in our Cookie Policy.

6. Do you use cookies or similar tools on the Website?

Yes, we use cookies on our Website. Please refer to our Cookie Policy.

7. What are my rights?

You have the right to exercise at any time, free of charge and without formalities the following rights as per articles from 15 to 22 of the GDPR: the right to request access to personal data (or the right to obtain from us the confirmation that data concerning you are being processed and, if so, to obtain the access to personal data, obtaining a copy thereof and of the information referred to in Article 15 of the GDPR) and rectification (i.e. the right to obtain the correction of inaccurate data concerning you or the integration of incomplete data) or the erasure of the same (meaning the right to obtain the deletion of data concerning you, should any of the events indicated in Article 17 of the GDPR occur) or the restriction of the processing related to you (meaning the right to obtain, in the cases indicated in Article 18 of the GDPR, the marking of stored personal data with the aim of limiting their processing in the future), in addition to the right to data portability (i.e. the right, in the cases indicated in Article 20 of the GDPR, to receive from us, in a structured, commonly used and machine-readable format the data concerning you, and to transmit it to another data controller without impediments). You also have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, based on point (e) (performance of a task carried out in the public interest or in the exercise of official authority) or (f) (legitimate interest) of Article 6(1) of the GDPR, including profiling based on those provisions. You also have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.

8. How can I contact the Company and exercise my rights?

You may exercise your rights by contacting us by letter at the following address: “Ghella S.p.A., Via Pietro Borsieri 2/a, 00195 – Rome – Attn. Privacy Coordinator”, or by email at privacy@ghella.com. You are reminded that you always have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali – www.garanteprivacy.it) or with the supervisory authority of the EU Member State in which you reside, work, or where the alleged infringement occurred. Ghella has appointed a Data Protection Officer (DPO), who may be contacted by post at the above-mentioned address (Attn. DPO) or by email at dpo@ghella.com.

Last update: September 2023