Dear User, pursuant to Articles 12 et seq. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, "Regulation" or "GDPR"), and in general in compliance with the principle of transparency provided for by the Regulation, we provide the following information on the processing of personal data (i.e. any information concerning a natural person) identified or identifiable: "Data Subject") carried out in connection with browsing the "www.blmgroup.com" website ("Website") and related interaction by the User (it should be noted that this information therefore does not apply to other websites that may be consulted by the user through links on the Website).
- DATA CONTROLLER
The Data Controller (i.e. the person who determines the purposes and means of the processing of personal data, the "Data Controller" or "Data Controller") is BLM GROUP (BLM S.p.A., with registered office in Cantù (CO), via Selvaregina 30, VAT no. 01653120137 – Adige S.p.A., with registered office in Levico Terme (TN), via per Barco 11, VAT no. 01429670225 – Adige-Sys S.p.A., with registered office in Levico Terme (TN), viale Venezia 84/B, P.IVA nr. 01713040226 - BGS S.r.l., with registered office in Gossolengo (PC), via I Maggio nr. 26, VAT number 01356980332 and the other subsidiaries belonging to the BLM GROUP). For contacts specifically relating to the protection of personal data, including the exercise of the rights referred to in point 8 below, please indicate in particular the e-mail address: privacy@blmgroup.it to which you would like to address any requests you may have.
- TYPE OF DATA THAT CAN BE PROCESSED
The following categories of data may be processed:
- User navigation data: the computer systems and computer programs used for the operation of the Site collect some personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses or domain names of the computers used by users who connect to the Site, URI - Uniform Resource Identifier - addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code about the status of the response rendered by the server - successful, error, etc. - and other parameters related to the operating system and the user's computer environment). Although this information is not collected to be associated with identified data subjects, by its nature, it could, through processing and association with data held by third parties, allow users to be identified;
- personal data such as name and surname, company to which they belong, contact details, address and other contact details, tax code, education, specializations, previous work experience, information contained in the curriculum vitae including any images and/or photographs.
- free information left by the candidate in the message space.
- (if any) special data contained in the curriculum vitae manifestly made known by the data subject.
- PURPOSE OF THE PROCESSING, LEGAL BASIS OF THE PROCESSING, NATURE OF THE PROVISION AND RETENTION PERIOD
The personal data collected will be processed, in compliance with current legislation, for the following purposes:
|
Purpose of the processing
|
Legal basis
|
Nature of the provision
|
Retention period
|
|
a) Browsing this Website: the data are used for the sole purpose of obtaining statistical information not associated with any user identification data on the use of the Website and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site
|
Art. 6, par. 1, lett. f) GDPR – Legitimate interest of the Data Controller in the operation and security of the Website
|
The provision of personal data is necessary for the pursuit of the legitimate interest of the Data Controller, in compliance with the fundamental rights and freedoms of the data subject – user
|
Art. 6, par. 1, lett. f) GDPR – Legitimate interest of the Data Controller in the operation and security of the Website
|
|
b) Sending contact requests or requests for information by telephone contacts or filling in dedicated data collection forms
|
Art. 6, par. 1, lett. b) GDPR - The processing is necessary for the execution of pre-contractual measures adopted at the request of the data subject – user
Art. 6, par. 1, lett. f) GDPR – Legitimate interest of the Data Controller
|
The provision of personal data is necessary to follow up on the request for contact or information. Failure to provide the data marked with the symbol* will make it impossible to obtain what has been requested or to use the services of the data controller
|
For the time strictly necessary to provide the Data Subject with answers to the requests made, without prejudice to further retention obligations provided for by law
|
|
c) Subscription to the Newsletter, through a special section, to receive periodic information/promotional information about our products and services – Direct marketing through automated systems
|
Art. 6, par. 1, lett. a) GDPR - Consent of the data subject - user
|
The provision of personal data is optional
|
Until you revoke your consent (opt-out)
|
|
(d) Filling in the data collection form in the "Work with us" Area to apply for any job positions and allow the Data Controller to carry out all the activities necessary for the management of the personnel search, selection and evaluation process.
For all purposes related to the search and selection of personnel, as well as the further information to be provided to the user pursuant to current legislation, please refer to the specific information ("Recruitment Policy") available in the appropriate section at the following link
|
Art. 6, par. 1, lett. b) GDPR - The processing is necessary for the execution of pre-contractual measures adopted at the request of the same
For special data:
Art. 9(2)(a) GDPR – Consent of the data subject
|
The provision of personal data is necessary for the purpose of personnel selection. Failure to provide the data will make it impossible for the data subject to apply and therefore participate in the personnel selection process carried out by the Data Controller.
The provision of special data is optional
|
Please refer to the specific information ("Recruitment Policy") available in the appropriate section of the website
|
|
e) Registration and/or access to the "BLM PORTAL" reserved area.
For more details, please refer to the specific information ("BLM GROUP Customer Portal") accessible from the appropriate section of the website
|
Art. 6, par. 1, lett. b) GDPR - The processing is necessary for the execution of pre-contractual measures adopted at the request of the data subject - user
|
The provision of personal data is necessary for the purposes of registration, access and the execution of pre-contractual measures
|
For the duration of account activation and for the next 2 years
|
|
(f) Sending and managing the Whistleblowing report through the dedicated platform.
For more details, please refer to the specific information ("Whistleblowing") accessible from the appropriate section of the website
|
Art. 6, par. 1, lett. c) GDPR - Compliance with legal obligation: Legislative Decree 24/2023
Art. 6, par. 1, lett. f) GDPR – Legitimate interest of the Data Controller
For the details:
Art. 9, par. 2, lett. b) GDPR: the processing is necessary to fulfill the obligations and exercise the specific rights of the Data Controller and/or the data subject in the field of labor law
For data relating to criminal convictions and offences - Fulfilment of legal obligations: Legislative Decree 24/2023
|
The provision of personal data is necessary to comply with a legal obligation to which the Data Controller is subject.
Therefore, there is no obligation to provide data, but in the absence of it, it will not be possible to proceed with the report through the "Whistleblower Software" platform
|
Please refer to the specific information ("Whistleblowing") available in the appropriate section of the website
|
- COOKIES
The Site uses cookies, for which specific information is provided at the following link.
- METHODS OF PROCESSING
The processing of personal data will be carried out by persons authorised by the Data Controller through the use of manual, electronic and automated tools and systems and with the use of appropriate measures to ensure the security and confidentiality of the data and avoid access to the same by unauthorised third parties. There are no fully automated decision-making processes.
The data are not subject to dissemination and may be communicated to collaborators, suppliers of the Data Controller, as part of the related tasks and/or contractual obligations relating to the execution of the contractual relationship with the Data Subjects.
- RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
Personal data will be collected and processed by authorized personnel of the Data Controller (pursuant to Art. 29 GDPR) on the basis of specific instructions provided regarding the purposes and methods of processing, as well as may be processed by recipients who will act as data processors (pursuant to Art. 28 GDPR) or as independent Data Controllers.
More precisely, they may be processed by: - companies of the group; - external consultants who work for the Data Controller in the field; - companies that provide services for the management of telecommunications networks and/or for the management of BLM GROUP's information system (including e-mail and SW platforms); - consulting firms; - banking and credit institutions; - insurance companies, legal advisors; - software suppliers and related support; - financial administration and other bodies for which mandatory communications are required - competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request. This list is provided by way of example.
- TRANSFER OF DATA ABROAD
There is no intention to transfer personal data to countries outside the European Union or to International Organizations. If, for specific technical reasons, the controller transfers data to third countries in order to ensure an adequate level of data protection, this is done under the following conditions: transfer on the basis of an adequacy decision, transfer subject to appropriate safeguards, binding corporate rules or application of derogations provided for specific situations.
- RIGHTS OF THE DATA SUBJECT
The GDPR gives the Data Subject the exercise of the following rights with reference to personal data concerning him/her, by writing to the Data Controller at the e-mail address indicated above. In particular, you may request, at any time, from the Data Controller access to your personal data, rectification, erasure, limitation as well as you may request data portability and in this case they will be provided to you in a structured, commonly used and readable format, by an automatic device or you may object at any time to the processing of data based on legitimate interest as well as revoke the consent given without prejudice to the lawfulness of the treatment. You may also lodge a complaint with the Data Protection Authority if you believe that the processing of your personal data violates the provisions of the Regulation; The Guarantor for the protection of personal data can be contacted through the contact details indicated on the Authority's website "www.garanteprivacy.it). In any case, we would like to have the opportunity to address in advance any concerns of the Data Subjects, who may contact the e-mail address privacy@blmgroup.it or other contact details of the Data Controller indicated above for any clarification relating to the processing of personal data concerning them and for the exercise of the related rights, including the withdrawal of consent.
Updated: November 2025
The Data Controller may modify or update its content in whole or in part, also taking into account any changes in the legislation on the protection of personal data. Data subjects are therefore invited to consult this page regularly, in order to be aware of what concerns the processing processes.
