Privacy Policy

Privacy Policy

1. The data being processed
Personal data being processed consists of personal and contact details provided or received from the interested person on the following occasions:
– visits or phone calls or email;
– directs contacts obtained after participation in events, fairs, ecc.;
– commercial information requests, submission of proposals;
– requests received through our website or through websites of clients, suppliers, partners or other parties;
– communications and transactions following the purchase order for the supply of goods or services (supplied/purchased).

2. Purposes of processing
Personal data of natural persons who operate in the name and on behalf of clients, of suppliers, of partners and of other parties is processed for the following purposes:
– forward communications by various means of communication (phone, mobile phone, sms, email, fax, mail, ecc.); – formulate requests or process requests received;
– exchange information necessary for the performance of a contractual relationship, including pre- and post-contractual activities, which also comprise assistance;
– evaluate and analyze Research and Development projects.

The interested party can refuse to provide his/her personal data to the Data controller.
However, the provision of personal data is necessary for correct and efficient management of contractual relationship with clients, suppliers, partners and other parties involved in Data controller’s activities. Therefore a refusal to provide the data could compromise the contractual relationship itself or pre- and post-contractual activities in whole or in part.

3. Legal basis
The processing is necessary for the performance of a contract to which every subject is a party or for the performance of pre- or post-contractual measures adopted upon request of supplier, client, partner, other parties or GMS SRL
4. Methods of processing
The data of the interested parties shall be processed using manual or automated instruments also through the input into the databases, registers and lists suitable for recording, management and transfer of the data, in the ways and within the limits necessary to reach the indicated purposes. GMS SRL has provided the appropriate security measures in order to protect the data of natural persons who operate in the name and on behalf of clients, of suppliers, of partners and of other parties, for example: firewall, antivirus, encrypted back ups, secure connections such as VPN, HTTPS and SSL. The data shall be processed only by the persons authorized to process the data inside GMS SRL, in regard to the purposes of processing.

5. Recipients of data
Personal data processed by the Data controller shall not be disclosed, i.e. shall not be communicated to unspecified parties, in any possible form, including that of their availability or simple consultation. On the other hand, the data can be communicated to the Data controller’s employees and to some external parties that collaborate with them, always in compliance with the indicated purposes. In particular, these are employees/collaborators who on the grounds of their positions and work tasks carried out have been authorized to process personal data within the limits of their competency and in accordance with the instructions given to them by the Data controller. Also the data can be communicated, only if strictly necessary, to the parties that for the purposes of issuing our orders or information and quotation requests or formulation of proposals, on site or off site assistance activities, have to supply goods and/or perform professional services on our behalf. Also the following parties can access the data (with the purpose of providing assistance for SW applications, for information networks and for connectivity, within the imposed limits): our technicians in charge or external consultants or technicians appointed by the enterprises that provide such services. In the end, the data can be communicated to the parties authorized to access it pursuant to the statements of laws, regulations, European norms.

6. Transfer of personal data
The Data controller can’t transfer personal data to third countries or international organizations.

7. Conservation of personal data
The Data controller conserves and processes personal data for the period of time necessary to comply with the indicated purposes. Afterwards personal data will be stored, and not processed further, for 10 years in conformity with the relevant legislation; in case the data is processed in the frame of a financial project, the period of conservation may be subject to what is foreseen by financing organization’s tender.

8. Rights of the interested party
Pursuant to Art. 7 of the Italian legislative decree no. 196 of 30 June 2003 and to arts. 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to object to automated decision-making process of GDPR 679/16, the interested party exercises his/her rights by writing to the Data controller to the address indicated above or to the following email address:, specifying the subject of the request, the right the interested party intends to exercise and attaching a copy of identity document that certifies the legitimacy of the request.

9. Lodging a complaint
The interested party has the right to lodge a complaint with the supervisory authority of his/her home State. To get more information on the right to lodge a complaint you can visit this web page: