WEBSITE USERS PRIVACY POLICY – REVISIONE A CURA DEL DPO ANCORA DA REALIZZARE 08/07/2024

PURSUANT TO ARTICLES  13 AND 14, RECITALS 60-62, EU GENERAL DATA PROTECTION REGULATION 2016/679 (EU-GDPR)

VALID FOR WWW.LINCOTEK.COM & SUB-DOMAINS
(www.lincoteksurfacesolutions.com, www.lincotekmedical.com, www.lincotekequpment.com)

DATA CONTROLLER
Lincotek Group S.p.A.

Address: Via Mistrali 7. 43046 Rubbiano di Solignano Parma (Province of Parma – Italy)

Phone: +39 0525-305808

Mail: group@lincotek.com;

Certified e-mail address: lincotekgroup@pec.lincotek.it

VAT number, Tax Code and ITVAT: IT 02657910341

Economic Administrative Index No. PR  256485

Authorised Share Capital 376,361.00 and Paid-up Share Capital 356,000.00

www.lincotek.com

privacy@lincotek.com

Business sector and activities:

Financial Holding Company. Activities of the affiliated companies: providing special services in niche markets such as gas turbines for power generation aviation and medical devices. (Group)
DATA CONTROLLER
MICROELL S.R.L. – Referente: Francesco Traficante

E-mail: dpo@lincotek.com
WEB PAGES – MISSION
www.lincotek.com aims to transparently and clearly provide the Users with detailed and specific information on Lincotek Group S.p.A. products and services to suit all requirements, in particular on those products and services offered by its product Strategic Business Unit (SBU) namely Surface Solutions (www.lincoteksurfacesolutions.com), Equipment (www.lincotekequipment.com), Additive (www.lincotek.com/additive/) and Medical (www.lincotekmedical.com), undertakings belonging to the same group (Lincotek Group S.p.A.).

The User can:

  • Be constantly kept up to date regarding the offered services and products;
  • Request information free through the “Contacts” page or by clicking on “Get in touch”;

Be contacted by experts in the field, so that the User’s application may be passed on to the relevant recipient that can better deal with it and provide the necessary information.
PRINCIPLES
One of our main goals is to protect personal data.

Personal data are processed lawfully, fairly and in a transparent manner, and they shall be adequate, relevant and limited to the minimum necessary and, where necessary, kept up to date and collected for specified, explicit and legitimate purposes pursuant to Articles 5 and 6 of EU General Data Protection Regulation 2016/679 (GDPR) following consent if so required.

Personal Data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, and against accidental loss, destruction or damage, by taking suitable technical and organisational measures (Integrity and Confidentiality).

In case of substantial modification to this Privacy Policy and to the related data processing the User shall be informed and shall have the right to decide whether or not to continue to use our services.
SOURCES OF PRERSONAL DATA
Personal data collected from the Data Subject:
• Web pages and/or Social Media Profiles of the Data Controller.Personal data NOT collected from the Data Subject:
• Internet / Search engines / Social Networks.
CATEGORIES OF DATA SUBJECTS
  • USERS: legal persons and other professionals, including the personal data of the workers and persons treated as such, corporate representatives, shareholders of the companies that are already customers/suppliers of ours or potential ones.
CATEGORIES AND PERSONAL DATA PROCESSED WEBSITE
COMMON PERSONAL DATA:

Personally identifiable information, contact details and other information following telephone and/or e-mail contact:

Name and Surname, Company Name, Country, City, Phone, E-mail address, Occupation and Capacity, Reason for the request.
PURPOSE OF DATA PROCESSING DESCRIPTION OF PURPOSE AND LAWFULNESS OF PROCESSING DURATION OF THE PROCESSING AND DATA RETENTION PERIOD
Pre-contractual measures Purposes connected with the imposition and implementation of pre-contractual measures (Request for information and quote):

  • Information, advice, quotations, assistance and quotation monitoring;
  • including the necessary processing of other Subjects’ data whose services are used to promote, place and conclude a contract, and who are involved in the correct and complete management of requests – this data processing occurring upon prior notification to these Subjects (own Sales Network and/or Distributors and/or Agent).

Lawfulness of processing:

Implementation of pre-contractual measures.
  • For a period strictly necessary for the correct and complete management of the request; further processing and retention at the request of the Data subject.
  • Blocking of data once the request has been handled.
Communication between group companies Transfer of personal data for administrative- accounting purposes, including sales within the companies of the multinational group. 

Lawfulness of processing:

Legitimate interest of the Data Controller.
    • Duration of the contract (for the Data Controller).
    • Upon termination, data retention occurs in compliance with the legal requirements in force in the Country where data are stored (of the Recipient of the communication or Parent Company).
COOKIE
Cookies are small text files that a website stores on the user’s computer or mobile device when the user visits the site. Cookies are used to collect information relating to both a registered user (authenticated user) and a website visitor that accesses website pages without sending his/her credentials (unauthenticated user). Even if such information is not collected with the aim of being associated with the User’s identity, it could indirectly allow identification of the User through processing and association with further data held by third parties. By combining and integrating this information, these third parties could analyse customs, preferences and usage expressed when interacting with websites. This process might also result in a user profiling process for commercial purposes. We use cookies to help users customize their browsing experience and speed up their web browsing, to increase safety, to analyse the use and efficiency of services, to allow users to make direct contact with us by using our chat service and to provide commercial information.   On first login users can accept the use of cookies or, alternatively, choose to manage cookies by allowing or blocking them by selecting the dedicated tool and by clicking on the Cookie consent banner. If you want to remove or disable our cookies you can change the browser settings as described in the Cookie policy.

For more information about the different types of cookies we use and how to disable cookies please read the Cookie Policy.
OTHER RECIPIENTS AS DATA CONTROLLER
Data may be shared with and processed by external parties acting as Data Controller such as, by way of example:

Italy and European Union

  • Supervisory and monitoring Authorities and Bodies;
  • Police and Judicial Authorities;
  • Business transferees, transferees of a business branch, of legal relationships in bulk or of single legal relationships (for example the assignment of receivables or the transfer of contracts);
  • Persons/entities providing professional consultancy services also in partnership;
  • Persons/entities providing ICT services (Hosting/Data Center);
  • Credit agencies to check the solvency.
  • Companies, even foreign ones, that are associated or belong to the Group or to the Parent company LINCOTEK GROUP S.P.A. (Italy), also considering the existence of telematic IT links or of correspondence (Companies belonging to division Lincotek Surface Solution – Lincotek Medical – Lincotek Equipment);
  • As for the product Additive, data will be disclosed to the product Strategic Business Units Surface Solution and Medical, since these latter are involved in the manufacturing and distribution of the product;
  • Persons/entities providing ICT services (Hosting/Data Center).

NO EU Country

  • Switzerland: Companies, even foreign ones, that are associated or belong to the Group or to the Parent company.
  • USA: Companies, even foreign ones, that are associated or belong to the Group or to the Parent company.
  • China: Companies, even foreign ones, that are associated or belong to the Group or to the Parent company.
  • Singapore: Other commercial parties authorized to distribute our products on the basis of their territorial competence corresponding to the same area to which the customer or the prospective customer belongs.

Entities providing IT, ICT, Cloud, Web and Digital Marketing services.
OTHER RECIPIENTS AS DATA CONTROLLER
Personal data may also be processed by external parties appointed as Data Processors acting in the name and on behalf of the Data Controller. The appointed external Data Processor shall receive adequate operative instructions. The above-mentioned external parties are included in the following categories:

Italy and European Union:

  1. Persons/entities providing compliance support services on a continuous basis;
  2. Persons/entities providing IT, ICT, Cloud, Web and Digital Marketing services;
  3. Persons/entities providing digital and physical archiving services and electronic storage;
  4. Persons/entities providing mailing services and electronic mail services;
  5. Persons/entities providing market research support services;
  6. Companies or professional consultants providing other services;
  7. Agents and other commercial parties authorized to distribute our products and services based on their territorial competence corresponding to the same area to which the customer or the prospective customer belongs;
  8. Agents or other commercial parties authorized to distribute our products on the basis of their territorial competence corresponding to the same area to which the customer or the prospective customer belongs;
  9. Entities providing IT, ICT, Cloud, Web and Digital Marketing services.
OBLIGATION TO PROVIDE PERSONAL DATA
The provision of personal data is a statutory requirement necessary to enter into a contract. For this reason, failure to provide such data as well as incorrect, incomplete or inaccurate data will cause the impossibility to finalize the contract, thus leading to its termination.
PARTIES AUTHORIZED TO PROCESS THE PERSONAL DATA
Personal data may be processed by employees and collaborators in their functions, including the sales network and the people responsible for the fulfilment of the above mentioned purposes, that have been expressly authorised to process the personal data after having been informed and appropriately trained and after having received adequate operative instructions.
TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES
Personal data may be transferred to countries outside the EEA, in particular to:

  • Switzerland: Level of personal data protection being considered as adequate by a decision of the European Commission (Art. 25, paragraph 6, Directive 95/46/EC and Art. 45, paragraph 3 GDPR);
  • USA, China and Singapore: the personal data of Data subjects who are outside the EU/EEA shall be transferred to other commercial parties authorized to distribute our products within their territory, specifically to those customers or potential ones located in the same geographical area;

For this reason, pursuant to Art. 3, paragraph 2 of GDPR, the European Regulation is not applicable and the personal data protection law in force in the States where the Data Recipients reside shall therefore apply.
RIGHTS OF THE DATA SUBJECT -LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
By writing an e-mail to privacy@lincotek.com, Data subjects have the right to obtain from the Data controller access to their personal data, blocking of personal data and subsequent data anonymization, as well as rectification of inaccurate personal data, completion of incomplete personal data, restriction of their processing in the cases provided for in Art. 18 of GDPR, and finally objection to data processing in the event of Legitimate interest of the Data Controller. As regards Indirect Marketing, Data subjects can exercise their rights against us and/or the Supplier (Lead or List Provider). In order to guarantee these Rights and Claims, the Data Controller shall duly and immediately inform the Supplier about any Data Subject Access Request received by us or by the Supplier or by both, in particular when Data subjects object to processing of their personal data.
The Data Controller shall provide Data subjects with all relevant information on their requests to exercise their rights (pursuant to Articles 15 to 22 of GDPR) without undue delay and, in any case, no later than one month after the receipt of such request, as provided for by Article 12 of GDPR.
Furthermore, when processing is based on consent or on the contract and occurs by means of automatic data processing equipment, the Data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data controller without hindrance, where technically feasible, (Right to data portability) as well as to obtain the permanent erasure of such data (Right to erasure /”Right to be forgotten”).
Data subjects shall have the right to withdraw consent at any time for marketing purposes, and to object to the processing by sending an email to the email address specified above, writing the following statement in the subject header: “please erase my personal data – contact mode in use”. If Data subjects no longer want to receive further advertisements, they shall write following statement in the subject header: “please erase my personal data – marketing”. In case of promotional advertising (Targeted Advertising) on websites and/or internet search engines and/or social networks, through the platform in use it is possible to know the reason why a Data subject is part of a target audience or a custom audience, in case he/she sees a promotional advertisement, and also how it is possible to get out of such audience: objection is possible at any time, consent is revocable by  removing “Follow” or “Like” or “Hide ad or advertiser”  in the section “Why you see this advertisement”, that can be selected directly from the Promotional Post.
Where processing is based on consent for one or more than one purposes (Art. 6, Paragraph 1, Letter A of GDPR) or for processing special category data (Art. 9, Paragraph 2, Letter A of GDPR) withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Data subjects shall have the right to lodge a complaint with a Supervisory Authority of the Member State in which they are habitually resident or work, or of the place where the alleged violation took place.