Privacy Policy

SIRMET S.r.l., as Data Controller, with this policy informs you about the processing of personal data carried out through this website, in compliance with EU Regulation 2016/679 and international, European, and Italian laws regarding the processing of personal data.

This information is provided pursuant to Articles 13 and 14 of EU Regulation 679/2016 as amended (hereinafter, the “GDPR”) and international, European, and Italian laws regarding the processing of personal data.

This Privacy Policy is an integral part of SIRMET S.r.l.’s Cookie Policy, available here

Data Controller

The company SIRMET S.r.l., with registered office at Via Capograssa 218, 04100 B.go San Michele (LT), Tax Code/VAT: 01262580598, is the Data Controller of personal data collected on the website www.sirmet-srl.com/

Data Protection Officer

We do not have a designated Data Protection Officer (DPO), but we are fully committed to addressing your privacy concerns. For questions or further information on how SIRMET manages personal data, you can contact us at: info@sirmet-srl.it or +39 0773250335

Types of Data Processed

Browsing Data:

The IT systems, communication protocols, and software involved in managing the website automatically acquire information about visitors. This information is provided in anonymous form and used by the Data Controller to monitor the correct functioning of services and protocols on the website.

These data may become personally identifiable if processed and combined with additional information (e.g., IP addresses) held by third parties, in case requested or ordered by public authorities. The data are used solely to obtain anonymous statistical information on website usage and to monitor its correct operation, and are deleted immediately after processing. Data may be used to establish liability in the event of hypothetical cybercrimes against the website; except for this eventuality, web contact data do not persist for more than thirty days.

Personal Data Voluntarily Provided by the User

Personal data are those relating to identified or identifiable individuals. Providing such data is not mandatory; users can browse the website without entering any personal data. If the user wishes to contact the Data Controller, request information, or activate services, they must provide certain personal data (e.g., first name, last name, email address). Other information transmitted while using the site’s services (e.g., the content of a message in the “Contact Us” form or a spontaneous job application via the “Submit CV” button in the “Careers” section) is also considered personal data voluntarily provided by the user. The optional, explicit, and voluntary sending of emails to the addresses indicated on this website results in the subsequent acquisition of the sender’s email address and any other personal data included in the message.

Purpose of Processing and Legal Basis of Processing

Purpose of Processing

Legal Basis of Processing

Responding to specific requests from the data subject via the “Contact Us” section

Art. 6 para. 1 letter b) GDPR – processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the data subject’s request

Evaluate job applications received via the “Careers” section

Art. 6 para. 1 letter a) – processing may be carried out with the consent of the data subject. The specific information notice is available in the “Careers” section

Profiling purposes through third-party cookies

Art. 6 para. 1 letter a) – processing may be carried out with the consent of the data subject

Conduct research and statistical analysis on anonymous aggregated data regarding the use of Services, to improve them and meet specific user needs

Art. 6 para. 1 letter f) GDPR – legitimate interest of the Data Controller to continuously improve the efficiency and security of its Services

 

Processing Methods

The processing of data consists of recording, analysis, and storage and is aimed at enabling the management of relationships between the Data Controller and users interested in activities promoted via the website.

If consent has been given for marketing activities, the email provided by the user may be used to send communications regarding offers, discounts, and commercial initiatives of the website Data Controller. You may withdraw your consent at any time without giving any reason.

Processing will take place using electronic tools or on paper, in order to ensure the security and confidentiality of the data.

The personal data collected may also be processed to comply with obligations established by laws, regulations, and EU legislation, as well as by provisions issued by public authorities and supervisory bodies.

For services requiring international data transfers, we ensure that such transfers comply with all applicable laws and maintain data protection standards equivalent to those of our main office.

Data Hosting Partners: We work with reliable data hosting providers committed to using state-of-the-art security measures. These partners are selected based on their compliance with strict data protection standards.

The processing of collected data takes place on these servers and on IT devices exclusively under the control of the Data Controller. Data stored on paper is kept exclusively at the Data Controller’s premises and protected through appropriate security measures.

Data Retention Period

Data will be retained for the time necessary according to the indicated purposes. Data collected for contractual purposes will be kept for a maximum of 5 years from the termination of the specific contractual relationship. Data collected for informational or commercial purposes will be kept for a maximum of 2 years from the first contact, unless the data subject withdraws consent. After the expiry of the retention periods, the data will be deleted, unless a different term is required by law (e.g., in case of judicial document production or orders from authorities).

Transfer of Data Outside the EU

The Data Controller undertakes to limit the circulation and processing of personal data (e.g., storage, archiving, retention on its servers) to countries within the European Union, with an express prohibition on transferring them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or in the absence of safeguards provided by EU Regulation 2016/679 – CHAPTER V (adequacy decision, Standard Contractual Clauses, Binding Corporate Rules, or explicit consent from the data subject).

Profiling

Personal data collected may be subject to profiling for commercial and marketing activities, strictly related to the legitimate interest of the Data Controller or the consent of the data subject, based on the user’s activity through social plugins, cookies, or interactions via private social accounts. For the tools, logic used, and specific application policies, refer to the information in the site’s cookie policy.

Withdrawal of Consent

Consent to processing can be withdrawn at any time by written communication to the Data Controller, including via email at: info@sirmet-srl.it. Withdrawal of consent does not affect processing carried out prior to the withdrawal, which remains valid and legitimate in all respects.

Your consent to receive commercial information can be revoked at any time, but the withdrawal of consent will not affect other requests or any collaborations or contracts established between the parties.

Subjects Involved in Processing

Personal data will be accessible to the Data Controller’s employees and the company appointed for technical management of the site, designated as external Data Processor, as authorized and responsible parties for the processing.

Your personal data may also be disclosed to external parties when required by law or regulation (Public Authorities).

Rights of the Data Subject

Pursuant to Articles 15 and following of EU Regulation 2016/679, the data subject, i.e., the individual providing personal data, has the right to obtain:


  1. a) the updating, rectification, or, when relevant, integration of the data;
    b) the deletion, anonymization, or blocking of data processed in violation of the law, including data not required to be retained for the purposes for which it was collected or subsequently processed;
    c) restriction of processing;
  2. d) data portability, i.e., the ability to receive data in a format allowing its transfer for use in other processing;
  3. e) certification that the operations referred to in letters a) and b) have been communicated, including their content, to those to whom the data were disclosed, except where this is impossible or involves a manifestly disproportionate effort relative to the protected right;
  4. f) the possibility to withdraw consent to processing. Withdrawal does not affect processing already carried out.

The data subject also has the right to object, in whole or in part: 
g) for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
h) to the processing of personal data for the sending of advertising, direct sales, market research, or commercial communication.

  1. i) to contact a competent authority to lodge a complaint in case of violation of the above rights (for more information: garanteprivacy.it) 

Exercise of Rights

All requests regarding the exercise of the data subject’s rights can be sent by email to info@sirmet-srl.it, or to the registered office of SIRMET S.r.l., Via Capograssa 218, 04100 B.go San Michele (LT).

In case of violation of the rights described in this Notice, pursuant to Art. 77 of EU Regulation 2016/679, a complaint may be filed with the competent supervisory authority based on your habitual residence, place of work, or place of violation of your rights: in Italy, the competent authority is the Italian Data Protection Authority (all relevant information is available at: www.garanteprivacy.it). 

Update and Review of This Privacy Policy

The entry into force of new applicable regulations, as well as the ongoing review of emerging needs, may require changes to the processing of personal data.

In such circumstances, the Data Controller reserves the right to partially or fully modify its Privacy Policy.

This Privacy Policy is provided in its most updated version, dated 26/06/2025.