Declaration of compliance with the personal data protection rules pertaining to the website www.thy-marcinelle.com
(LAST UPDATE: 01/03/2021)
This Declaration of compliance with the personal data protection rules (hereunder the “Declaration”) provides you with information about the various data processing activities carried out when exploiting the website www.thy-marcinelle.com (hereunder the “Webiste”).
These data processing operations are carried out by THY MARCINELLE S.A. a company incorporated under Belgian law, having its registered office at Rue de l’Acier 1, 6000 Charleroi, registered with the Banque Carrefour des Entreprises under number 0437.347.363, which is a subsidiary of Riva Forni Elettrici S.p.A., a company incorporated under Italian law, having its registered office at Viale Certosa, 249 – 20151 Milan, and whose official registration number is 07969220966, both the companies acting in their capacity of joint controllers and both referred to hereunder as “Data Controller” or “we”. This joint controllership arises from the fact that, being part of the same group of companies, Riva Forni Elettrici S.p.A. is responsible within the group for the management of common ICT systems, the management of internal control activities and the preparation of financial statements. Overall, the joint controllers collaborate with each other in order to comply with the obligations of the GDPR. A joint-controllership agreement has been signed between the joint controllers, in compliance with Article 26 of the GDPR. The essence of the arrangement is available to the data subjects and can be obtained by contacting the DPO.
The Data Protection Officer (DPO) of Thy Marcinelle can be contacted at the following email address: Dpd.belgique[at]rivagroup.com.
- Objective of this policy
This Declaration informs you (as the data subject) about how we process your personal data, in our capacity as controller, in accordance with all applicable data protection and privacy laws and regulations, including the “RGPD” – Regulation (EU) 2016/679 (hereinafter referred to as “Data Protection Laws”), and in particular pursuant to Articles 13 and 14 of the RGPD.
This policy is also intended to inform you of your rights regarding the processing of your personal data.
The Data Controller undertakes to respect and protect the personal data encountered in the course of his activities.
Personal Data is any information relating to an identified or identifiable natural person. An “identifiable natural person” is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity. This includes, for example (and not limited to), your name, home and business addresses, telephone number, email address, credit card or other billing information, certain data about your business activities, certain data about your activities on our website, and other information you provide us.
This Declaration describes how we manage Personal Data collected through the Website and through other means (for example, from forms, telephone calls, e-mails, purchase orders, or other communications with you).
We process your data in accordance with all applicable laws regarding the protection of personal data and privacy, including the “GDPR” – General Data Protection Regulation (EU) 2016/679.
By accessing and using the Website, you acknowledge that you have read and, where necessary, accept the terms of this Declaration and the processing and transfer of Personal Data in accordance with this Declaration.
- Informed consent
In some cases (specified below), the legal basis for our processing is your informed consent. In such cases, the other purpose of this policy is to provide you with the information necessary to obtain valid consent from you.
Where our processing of personal data is based on your consent, you have the right to withdraw your consent at any time, but this withdrawal may not affect the lawfulness of the processing carried out prior to this withdrawal. To withdraw your consent, you are invited to use the easy unsubscribe procedures provided to you by our communications tools or by sending us an e-mail (to the address below).
When our processing of personal data is based on your consent, it is our duty to be able to demonstrate that you have consented to the processing of your personal data. To do so, we retain data relating to your consent as long as we need to demonstrate our full and complete compliance with data protection laws.
If you are under 16 years of age, it is our duty to make reasonable efforts to verify, in such cases, that consent is given or authorized by the person having parental authority, taking into account the available technology. This explains why, if necessary, we may ask for more information about this holder of parental authority.
- Information on the different processing of personal data
In this section, for each treatment we perform, we provide you with information on:
- The purposes of the processing for which the personal data are intended (why we process your data);
- The legal basis of the processing (and, where applicable, the legitimate interest pursued by us or by a third party);
- The categories of personal data concerned (what types of data are processed);
- The sources of your data;
- If applicable, the recipients, or categories of recipients of personal data (with whom we share data);
- The length of time for which personal data are kept, or if it is not possible to specify, the criterion used to determine this length of time;
- Where appropriate, the transfer of personal data to recipients in countries outside the EU or to international organizations and the safeguards allowing such transfer;
In order to be as transparent and clear as possible, this information is presented in the table below, and is provided by processing:
|Management and securing of this website||Categories of persons concerned : any visitor of our website (including you, as you are currently consulting this policy on our website)
Purpose : ensure a good connection with our website, and secure the website and the infrastructure used to put it online
Legal basis : GDPR, art. 6, §1 f) (legitimate interest : securing the website)
Data categories : electronic identifyers (IP address) and connection data (logs)
Sources : internet connections and website
Recipients : /
Transfer outside EU : /
Retention period : as long as necessary to properly secure the website
|Cookies||Categories of persons concerned: Internet users (Clients / Prospects / Partners)
Purpose: Website operation, Website improvement, Analysis and statistics, Website customization
Legal basis: GDPR, art. 6, §1 f) (legitimate interest: functioning of the website) and GDPR, art. 6, §1, a) (consent: non-essential cookies)
Data categories: Connection data
Sources: Data subjects, Website
Transfer outside EU: /
Retention period: As long as necessary for the proper functioning of the website for its use by the Internet user concerned
If we process personal data for purposes other than those set out in this article, we will provide you with information about this new purpose and any other relevant information before starting the new processing.
- Your rights as a data subject
Data protection laws grant you rights in certain cases and under certain conditions, including the rights of access, rectification, request for deletion of your personal data, as well as the right to request the limitation of processing or to oppose processing. In certain cases and under certain conditions, you also have a right to the portability of your data.
Please contact us as specified in the “Who to contact about your personal data” section below to make any request to exercise your rights or if you have any questions or concerns about how we handle your personal data.
You can, in principle, exercise these rights free of charge. Please note, however, that the processing of external requests, which are found to be unfounded or excessive, may sometimes be subject to reasonable administrative fees.
Please note that some personal data may be exempted from the rights of access, rectification, objection, deletion, limitation or portability in accordance with personal data protection laws or other legislation.
- Safety and security
The Data Controller shall take appropriate technical, physical, legal and organizational measures, which comply with the Laws on the Protection of Personal Data.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that an interaction with us is no longer secure (for example, if you believe that the security of any personal data you may have with us has been compromised), please notify us immediately. See the section “Who to contact about your personal data” below.
When the controller provides personal data to a service provider, the service provider will be carefully selected and must use appropriate measures to protect the confidentiality and security of personal data.
If you are not satisfied with our handling of your personal data and you think that contacting us will not solve the problem, the Data Protection Laws give you the right to file a complaint with the competent supervisory authority (more information on the latter’s website):
Autorité de Protection des Données
Rue de la Presse, 35
1000 Bruxelles (Belgique)
Tel. : +32 (0)2 274 48 00
Fax : +32 (0)2 274 48 35
Email : contact(at)apd-gba.be
- Who to contact about your personal data
Questions or requests relating to our processing of personal data may be addressed to the following address: THY MARCINELLE, Data Protection Officer, Rue de l’Acier 1, 6000 Charleroi, Belgium.
Questions or requests concerning the processing of personal data may also be addressed to the Data Protection Officer (DPO): Dpd.belgique[at]rivagroup.com
- Changes to this Declaration
We regularly review this Declaration and reserve the right to make changes at any time to reflect changes in our business or new legal requirements.
To inform you of the changes, we will post the updates on our website. In some cases (and if we have your address), we may also inform you by email.