Privacy Policy
Privacy Policy
Data controller
The Data Controller is Berco S.p.A with registered office at Via I Maggio, 237, 44034 Copparo (FE) (the “Company” or “Berco”), who can be contacted writing to the Company’s registered office or by e-mail at the following e-mail address: bercoprivacy@thyssenkrupp.com. The Company is part of the Thyssenkrupp Group (the “Group”) which has appointed its own Personal Data Protection Officer (“DPO”) who can be contacted at the email address: datenschutzbeauftragter@thyssenkrupp.com
Types of data collected
The categories of data we collect when you access our Site are listed below.
A. Navigation data
The Site’s computer systems only collect certain Personal Data, the transmission of which is implicit in the use of Internet communication protocols. This data includes the type of Internet browser and the operating system used, the domain names of the website from which it originates, the number of visits, the average time spent on the site, the pages viewed. This information is not collected in order to be associated with the user, however, through processing and association with data in the possession of third parties, it could make it possible to identify users only if necessary in relation to any violations carried out against the Company.
B. Contact details
By using our Site, the User may voluntarily provide his or her contact data such as name, surname, contact details (e-mail, telephone number) – used to contact the Data Controller through the forms to be filled in or to request information about our products/services and activities.
C. Product Data
By using our Site, the user has the possibility of directly downloading the material made available in the ‘E-commerce’ section after registering and logging in to freely access the content (information and commercial material) published.
With regards to the Personal Data voluntarily provided through the registration form and the Personal Data collected to process the registration request, please refer to paragraph B above.
D. Access and use data
Once the registration procedure has been completed in order to provide you with the requested services, our Site will also collect further Personal Data: the date of the login/logout/password recovery event; the pdf of the download/upload; other Personal Data that you may have entered in the forms available on other pages of our Site.
E. Consent
We ask you to give your free, informed and express consent to the processing of your Personal Data in order to send our information and promotional material and that of the companies belonging to the Thyssenkrupp Group.
F. Cookie
Information on the use of cookies can be found in the Cookie Policy.
Your Personal Data may be freely provided or, in the case of navigation data, automatically collected during the use of the Site. Where specified (i.e. Personal Data marked with an asterisk) the provision of Personal Data is necessary to provide you with the requested service: refusal to provide such Data may make it impossible for the Controller to fulfil your request. With reference to the Personal Data not marked as compulsory, you may refuse to communicate such Data and such refusal shall not have any consequence on the availability of the service or on the functioning of the Sites.
The provision of your Personal Data for sending promotional communications by the Data Controller is optional, consequently you are free to decide whether or not to give your consent or to revoke it at any time. Therefore, if you decide not to give your consent, the Company will not be able to carry out the aforementioned activities.
Treatment modalities
The Data Controller takes appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. The processing is carried out using computer and/or telematic tools, with organisational methods and logics strictly related to the purposes indicated below.
Recipients or categories of recipients of Personal Data
Your Personal Data will be processed by employees of the Company expressly authorised to do so and adequately instructed on the correct methods of processing for the purposes indicated below. Your Personal Data may be communicated to third parties appointed to carry out the activities necessary to provide the services offered by the Company, such as (by way of example but not limited to): third party suppliers of support and consultancy services with reference to activities in the technological, accounting, administrative, marketing, legal and insurance sectors, companies in the Thyssenkrupp Group, banks and credit institutions, debt collection companies. The subjects belonging to the categories to which the data may be communicated will use them as Data Processors specifically appointed by the Company pursuant to Article 28 of the GDPR or as autonomous Data Controllers. Finally, Personal Data may be communicated to private parties or public authorities that have access to the same by virtue of provisions of law or other measures issued by competent authorities.
Place and Transfer of Personal Data
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. If the Company needs to transfer Personal Data outside the European Union, to countries not considered adequate by the European Commission, it will take the necessary measures to protect its Personal Data in compliance with the legal guarantees, pursuant to the applicable legislation and in particular Articles 45 and 46 of the GDPR.
Purpose of processing, legal basis and retention period
Below Berco describes the purpose of the processing of your Personal Data, the legal bases that make the processing lawful and the storage period.
| Purpose of processing | Legal basis | Retention period |
| a. Allowing Users to browse the website | Processing is necessary for the performance of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR) | For a period equal to the duration of the provision of the requested services and for 10 years thereafter (limitation period for any contractual liability) |
| b. Providing customer support, including handling requests for quotes and order processing via the ‘Contact’ form | Processing is necessary for the performance of a contract or the implementation of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR) | Data provided for requests for information/quotations on our products/services or for requests for assistance will be kept for the period of time strictly necessary to answer the request and to implement the related assistance or supply |
| c. Fulfilling obligations arising from national or EU regulations or legislation (e.g. tax and accounting obligations) or handling or responding to requests from judicial or administrative and tax authorities | Processing is necessary for the performance of a legal obligation to which the data controller is subject (Art. 6(1)(c) GDPR) | Personal Data will be kept for as long as necessary to fulfil the authority’s requests |
| d. Obtain the information necessary to detect anomalies, fraudulent activity and/or abuse in the use of the website or to exercise the Company’s rights | Legitimate interest of the data controller in the proper functioning of the websites, the prevention of unlawful conduct and the exercise of its rights (Art. 6(1)(f) GDPR) | Personal Data will be retained for the period necessary to settle disputes or to respond to requests from competent authorities |
| e. Conducting analysis and research (anonymously or in aggregate) in relation to the products and services provided in order to improve and develop our products and services and for statistical and internal reporting purposes, including in the context of intra-group information flows | Legitimate interest of the data controller in improving its core business and economic strategies (Art. 6(1)(f) GDPR) | As long as necessary to carry out the activities in question, in any case no longer than 36 months after the last registration |
| f. Sending marketing communications and updates on the Company’s activities via e-mail or commercial newsletters | Consent of the data subject (Art. 6(1)(a) GDPR) | Personal Data provided for the purpose of sending marketing communications will be retained for 7 years from the day on which it was collected, unless consent is revoked or renewed prior to such expiry. |
| g. Transmitting information and promotional communications relating to products and services marketed by other companies belonging to the Group (by Berco Aftermarket S.r.l.) via e-mail or commercial newsletters | Consent of the data subject (Art. 6(1)(a) GDPR) | Personal Data provided for the purpose of sending marketing communications will be retained for 7 years from the day on which it was collected, unless consent is revoked or renewed prior to such expiry. |
| h. Send commercial communications relating to products and/or services similar to those already purchased and/or subscribed by the customer (so-called ‘Soft Spam’) | Legitimate interest of the Controller in promoting products/services to its customers (Art. 6(1)(f) GDPR) | Personal Data provided for the purpose of sending marketing communications will be retained for 7 years from the day on which it was collected, subject always to the right of objection of the data subject |
| i. Manage the pre-contractual and contractual relationship in relation to purchases and related services requested by the customer via the “E-commerce” section | Processing is necessary for the performance of pre-contractual/contractual measures at the request of the data subject (Art. 6(1)(b) GDPR) | Personal Data will be retained for the period of 10 years or for as long as necessary to settle any disputes or to respond to requests from competent authorities |
| j. Manage applications for open positions in the careers section | Processing is necessary for the performance of pre-contractual/contractual measures at the request of the data subject (Art. 6(1)(b) GDPR) | Personal Data will be kept for a period of 2 years after receipt of the CV |
Rights of the data subject
You may, at any time, exercise the following rights by contacting the Data Controller with regard to your Personal Data:
a. Right of access and to obtain a copy of your personal data (Art. 15 GDPR)
You may obtain confirmation as to whether or not personal data relating to you are being processed, also in order to be informed of the processing and to check that it is lawful, correct and up to date. In this case, you may obtain access to your Personal Data and to your information, in particular to information on the purposes of the processing, the categories of Personal Data concerned, the recipients or categories of recipients to whom the Personal Data are or will be disclosed, the storage period, etc.
b. Right to rectification of personal data (Art. 16 GDPR)
The user may obtain, without undue delay, the rectification of inaccurate Personal Data concerning him or her, or the supplementation thereof, if incomplete.
c. Right to erasure of personal data (Art. 17 GDPR)
You may obtain, without undue delay, the deletion of Personal Data relating to you if the data is no longer required to fulfil the purpose for which it was collected. Please note that deletion is subject to the existence of valid reasons.
d. Right to restriction of personal data processing (Article 18 GDPR)
You may obtain the restriction of the processing of Personal Data concerning you or the marking of the Personal Data used to limit its processing in the future.
e. Right to data portability (Art. 20 GDPR)
In the event of automated processing carried out on the basis of consent or in performance of a contract, you have the right to receive from the data controller in a structured, commonly used and machine-readable format the data concerning you and to transmit them to another data controller.
f. Right to object to processing (Article 21 GDPR)
You have the right to object to the processing of Personal Data concerning you, unless there are reasons of legitimate interest of the Controller that justify the continuation of the processing.
g. Right to withdraw consent freely given (Art. 7 GDPR)
You have the right to revoke your consent at any time without affecting the lawfulness of the processing based on the consent given before revocation, only for the purposes for which the consent is the legal basis.
You may exercise your rights by sending a request to the data controller by e-mail to: bercoprivacy@thyssenkrupp.com.
Requests relating to the exercise of your rights will be processed without undue delay and, in any event, within 30 days of receipt of the request.
In any case, you always have the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR if you believe that the processing of your data is contrary to the applicable data protection legislation. For Italy, the supervisory authority is the Garante per la protezione dei dati personali, which can be contacted using the methods indicated at the following link: https://www.garanteprivacy.it/home/footer/contatti.
Information not contained in this policy
Further information in connection with the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by notifying Users on this page as well as, if technically and legally feasible, by sending a notification to Users through one of the contact details it has.
Version updated on 14/03/2025