Products
Aesthetics - Hairdressing- Wellness
Professional Hygiene
Healthcare sector
Ho.Re.Ca.
This privacy notice is intended for individuals who will use the services provided by the website imetcarta.com, specifically:
1. Natural persons browsing the website, even for consultation purposes only.
2. Natural persons contacting IMET s.a.s through the “Contact” form.
In this notice, they will be referred to as Data Subjects.
The Data Controller for all processing activities resulting from the use of the website imetcarta.com is IMET s.a.s (VAT No. 00537701203), an Italian company based in Medicina (BO), represented by its legal representative. For matters related to the processing activities covered by this notice, the Data Controller can be contacted at:
Address: Via Torricelli, 171 - Loc. Fossatone, 40059 Medicina (Bologna)
Phone: +39 051 856349
The data is processed by employees and collaborators of the Data Controller, who have been previously instructed and authorized to process the data.
To manage the services provided through the website imetcarta.com, the following data is processed:
• For website navigation: IP address, location, and activity on the website.
• For contacting IMET s.a.s: Name, Surname, Phone, Email (mandatory).
The data collected through the website imetcarta.com will be processed by the Data Controller at its offices in Italy and by any external parties responsible for administrative, organizational, or technological management. These external parties, previously appointed as Data Processors, operate from offices and branches located within the European Union.
Data is collected directly from the Data Subject through cookies or via online forms dedicated to contacting the company. Once collected, the Data Subject’s data is stored and preserved in digital form on the IT systems of the Data Controller and/or its Data Processors.
The website imetcarta.com uses technical cookies, which may be used without the Data Subject’s consent as they are strictly necessary for service provision.
Additionally, third-party profiling cookies may be used, which require the Data Subject’s consent provided directly to these third parties by accessing their respective cookie policies.
Profiling cookies may be used by the Data Controller or the cookie owner to store the choices made by the Data Subject, provide personalized or optimized functionality, or record their habits and preferences during navigation.
The website imetcarta.com uses the following tools that utilize cookies:
• Google Analytics (Google LLC)
• Google Fonts (Google LLC)
For more information: policies.google.com/privacy
Consent for data collection and storage through cookies can be revoked at any time. The Data Subject can disable the use of cookies through specific settings in different browsers or by modifying their preferences directly on the cookie provider’s website.
The data collected by the Data Controller is used for:
• Processing based on the explicit consent of the Data Subject (e.g., navigation, contact requests).
The Data Controller will process the Data Subject’s personal data only if at least one of the following conditions is met:
• The processing is based on the explicit consent of the Data Subject (e.g., navigation, contact requests).
In any case, the Data Subject may always request the Data Controller to clarify the specific legal basis for each processing activity and, in particular, to specify whether the processing is required by contract, necessary to conclude a contract, or based on consent.
If the Data Subject revokes their consent for processing, the Data Controller may continue processing the data due to legal obligations and/or based on the legitimate interest of the Data Controller.
To ensure the availability, integrity, and confidentiality of information, IMET s.a.s. has implemented specific IT security measures to protect information from risks of loss or destruction, including accidental loss or destruction, of stored data.
In particular, both physical and IT measures have been put in place, including:
• Access control measures
• Credential management
• Modification restrictions
• Incremental backups
• Intrusion prevention systems
Providing data by the Data Subject is mandatory to fulfill their requests, such as contact requests or the submission of spontaneous applications.
Refusal to provide data will make it impossible to provide the requested service, preventing the Data Subject from contacting IMET s.a.s.
Providing data collected through technical cookies is mandatory for browsing the website, while it is optional for analytical and profiling cookies.
The data collected and processed by the Data Controller may be shared with public and private entities, in compliance with current legislation or for organizational, technical, or informational needs related to requests received from the Data Subject.
The data collected through the website demo.orderfactory.it is stored and processed only as long as the purposes for which it was collected remain valid, specifically:
• For navigation: The data is processed for the duration specified for each cookie.
• For contact requests: The data will be processed until the request is fully resolved, but in any case, for no longer than 12 months.
• For spontaneous applications and/or submission of resumes (CVs): The data will be processed until the recruitment process is completed or until the candidate’s profile is no longer of potential future interest to Cosmobile S.r.l., and in any case, for no longer than 5 years.
At the end of the period specified for each activity, the data will be destroyed or, where applicable, anonymized for statistical purposes.
The Data Subject can protect themselves and their personal data by exercising the rights provided under current legislation by submitting a free-form request to the Data Controller.
The Data Controller will respond as soon as possible and, in any case, within one month of receiving the request, or, if additional time is needed to process the request, within a maximum of two months. In such a case, the Data Controller will inform the Data Subject of the reasons for the delay.
If the Data Controller decides not to process the request, they will communicate their refusal directly to the Data Subject within one month of receiving the request. In such cases, the Data Subject may file a complaint with the Supervisory Authority of their country or seek recourse through the judiciary of their country.
Exercising the Data Subject’s rights is free of charge unless the requests are manifestly unfounded or repetitive; in such cases, the Data Controller may charge a fee or refuse the request.
The Data Subject can exercise their Right of Access, pursuant to Article 15 of Regulation (EU) 2016/679, by submitting a request to the Data Controller to confirm whether or not data concerning them is being processed. They may also request to know:
• What data is being processed and for what purposes;
• How long the data is stored;
• Whether the data has been or will be shared with other parties and, if so, the identity of these parties and the country where they are located, as well as the existence of appropriate guarantees for the transfer;
• The existence of the right to request rectification, limitation, or deletion of their data;
• The right to object to processing;
• The right to lodge a complaint with a Supervisory Authority;
• The existence of automated decision-making, including profiling, and the consequences of such processing.
The Data Subject is also entitled to receive a free copy of their personal data undergoing processing, provided it does not infringe the rights of other parties; any additional copies requested may be provided for a fee.
The Data Subject can exercise their Right of Rectification, pursuant to Article 16 of Regulation (EU) 2016/679, by requesting the Data Controller to correct inaccurate data concerning them. Similarly, they may request that the processed data be supplemented with additional information by providing their declaration to that effect.
The Data Subject can exercise their Right to Erasure, pursuant to Article 17 of Regulation (EU) 2016/679, by requesting the Data Controller to delete personal data collected and processed by the company in the following cases:
• If the personal data is no longer necessary for the purposes for which it was collected;
• If the Data Subject has withdrawn their consent to processing;
• If the Data Subject objects to processing;
• If the personal data has been unlawfully processed by the Data Controller;
• If the data must be erased to comply with a legal obligation to which the Data Controller is subject;
• If the Data Subject is under 16 years of age and their parental guardians have not provided consent.
If the Data Controller has made the Data Subject’s personal data public and is required to erase it, they will inform other parties processing the Data Subject’s data of the erasure request, limited to the actual technical and economic feasibility of this procedure.
The Data Subject can exercise their Right to Restriction, pursuant to Article 18 of Regulation (EU) 2016/679, by requesting the Data Controller to limit processing solely to storing the data without any further processing in the following cases:
• If the Data Subject disputes the accuracy of the data, for the time necessary for the Data Controller to verify it;
• If the processing is unlawful and the Data Subject opposes erasure;
• If the Data Controller no longer needs the data for processing but must store it for judicial purposes;
• If the Data Subject has objected to processing, for the time necessary to verify the balance between the Data Subject’s rights and the legitimate interests of the Data Controller.
The Data Subject can exercise their Right to Object, pursuant to Article 21 of Regulation (EU) 2016/679, at any time and for reasons related to their particular situation. This right can be exercised by sending a communication to the Data Controller if the processing is based on the Data Controller’s legitimate interest or if the data is processed for scientific research or statistical purposes.
If the Data Subject believes their personal data has been processed in violation of Regulation (EU) 2016/679, they have the Right to Lodge a Complaint with a Supervisory Authority pursuant to Article 77 of Regulation (EU) 2016/679, choosing from the authorities in their country of residence, employment, or where the alleged violation occurred.
In any case, the Data Subject may also protect their rights through administrative or judicial recourse in their country.
The Data Subject can withdraw their consent to data processing at any time using the same method by which they provided consent or by sending a communication to the Data Controller. Withdrawal of consent will not affect processing already carried out but will result in the termination of ongoing processing and the destruction of the Data Subject’s data.
This notice is provided under Regulation (EU) 2016/679, Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, and the General Provision of the Data Protection Authority of May 8, 2014. This version has been in effect since February 12, 2021.