This privacy policy is provided pursuant to Article 13 of the EU Regulation 2016/679 GDPR (hereinafter referred to as "GDPR") as well as to the current Italian legislation on the protection of personal data and is intended to describe and inform users consulting the website about the processing of personal data collected during website navigation.

It also has the purpose of informing users about the processing of data voluntarily provided by them, including through the contact form on the website.

Acciaierie Valbruna S.p.A., in line with the GDPR and Italian legislation protecting personal data, intends to guarantee the privacy and security of the data of users and visitors to the website

Where not otherwise specified, this document is also intended as privacy policy - pursuant to Article 13 of EU Regulation 2016/679 - GDPR - given to those who visit the website, accessible electronically from the address:  

Please note that this privacy policy is provided only for the website of and not also for other websites that may be consulted by the user through links.

  1. Data controller

The Data Controller of your personal data is Acciaierie Valbruna S.p.A. with registered office in Via Volta 4, 39100 - Bolzano.

  1. Purpose and legal basis of the processing - Type of data processed

2.1.  Browsing data

We inform you that the website, in order to operate and enable your internet navigation, collects data from visitors/users.

The computer systems and software procedures used to operate the website collect, in the course of their regular activity, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes:

- IP addresses or domain names of computers used by users connecting to the website;

- the addresses in URI (Uniform Resource Identifier) notation of the requested resources;

- date and time of visit;

- web page of the visitor's origin (referral) and exit;

- browser type;

- the method used in submitting the request to the server;

- the size of the file obtained in response;

- the numeric code indicating the status of the response given by the server (successful, error, etc.);

- other parameters related to the user's operating system and computer environment.

It should be noted that these data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning. The data could be used to ascertain responsibility in the event of any computer crimes against the website. 

The above category also includes cookies, small files containing strings of text (usually formed by letters and numbers) that allow a website to recognize a particular device or browser. To know in detail the policy on the use of cookies, please refer to the specific policy available at the following address

2.2.   Data voluntarily provided by the user

The personal data voluntarily provided by you (e.g. e-mail, telephone), including through the contact form on the website, will be used for the sole purpose of being able to contact you back through the details that you provided in order to respond to your requests.

The legal basis for the aforementioned processing is the execution of pre-contractual measures taken at your request and the need to respond to your requests. 

  1. Modalities of processing

Data processing is based on the principles of correctness, lawfulness and transparency; it will be carried out mainly using electronic procedures and media for the time strictly necessary to achieve the purposes for which the data were collected. These tools are set up to store, manage and transmit them by means of technical and organizational measures adequate to guarantee, as far as reason and the state of the art, the security, confidentiality, integrity, availability and resilience of the systems and services, through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.

Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorized access, in accordance with the principle of accountability under the GDPR.

  1. Period of data retention

The data collected for the purposes referred to in 2.1. could be used to ascertain responsibility in case of any computer crimes against the website: except for this eventuality, at present, data on web contacts do not persist for more than seven days.

The data collected for the purposes of point 2.2. are stored by the Data Controller for the time necessary to respond to your request, after which they will be deleted, unless a contractual relationship has been established. 

  1. Recipients or categories of recipients of personal data

The personal data processed by the Data Controller will not be disseminated, i.e. they will not be disclosed to unspecified parties, in any possible form, including making them available or mere consultation.

Data may be communicated to workers employed by the Data Controller. In particular, according to the roles and tasks performed, certain employees of the Data Controller have been authorized to process personal data within the limits of their duties and in accordance with the instructions given to them by the Data Controller.

Data may also be communicated, to the extent strictly necessary, to external parties who collaborate with the Data Controller designated where necessary as Data Processors. Finally, data may be communicated to the subjects entitled to access them in accordance with provisions of the law, regulations, and EU legislation.

  1. Extra-EU data transfers

The Data Controller does not transfer your personal data outside the European Economic Area ("EEA"). However, should it become necessary to transfer your personal data outside the European Economic Area, in order to protect your personal data in the context of international transfers, Data Controller assesses the impact and adopts appropriate safeguards, including European Commission adequacy decisions under Art. 45 of the GDPR, standard contractual clauses approved by the European Commission, and contractual instruments providing appropriate safeguards (Article 46 GDPR); alternatively, transfers may take place if there are exceptions provided for in Article 49 GDPR where applicable (i.e. consent of the data subject, necessity of the transfer for the purpose of contractual/pre-contractual measures, overriding public interest, right of defense in court, vital interests of the data subject or other persons, data entered in a public register).

  1. Rights of the interested parties and methods of exercise

Acciaierie Valbruna S.p.A. informs you that, as a data subject, if the limitations provided by law do not apply, you have the right to:

- request confirmation as to whether or not your personal data is being processed;

- access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, the existence of automated decision-making processes;

- obtain without delay the rectification of inaccurate personal data concerning you and the notification thereof to those to whom the data may have been transmitted;

- obtain, in the cases provided for, the deletion of your data and notification thereof to those to whom the data may have been transmitted;

- obtain the restriction of processing, when provided for by the law;

- object to the processing of personal data, when possible;

- not be subjected to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or that significantly affects you in a similar way;

- request and obtain the portability of personal data in the established cases and in a structured, commonly used and machine-readable format, including for the purpose of transmitting such data to another data controller, within the limits of the material feasibility of the operation and costs to be incurred;

- to lodge a complaint to a supervisory authority under Article 77 of the GDPR. Contact information for the Data Protection Authority can be found at;

- bring a judicial remedy against a legally binding decision of the Supervisory Authority referred to in the previous point (Art. 78 GDPR);

- bring judicial remedy if you believe that your rights have been violated as a result of processing (Art. 79 GDPR).

You may exercise your rights by writing to the e-mail address [email protected] c/o Acciaierie Valbruna S.p.A., Via Volta 4, 39100 - Bolzano. The Data Controller will, within the time limits established by current regulations, provide you with a timely response.

Any request for clarification may be addressed in writing to the Data Controller at the e-mail address [email protected].  

  1. Updates and changes

The Data Controller reserves the right to amend, supplement or update this policy periodically in accordance with applicable legislation or provision adopted by the Data Protection Authority.  We therefore invite you to consult this page periodically. For this purpose, this notice highlights the date of update.


(Version, September 28th, 2022)