Introduction and Policy Statement
IMA S.p.A. respects individual privacy and strives to collect, use and disclose Personal Data in a
manner consistent with the laws of the countries in which it does business, and prides itself on
upholding the highest ethical standards in its business practices. IMA S.p.A. has the need to extract
and compile the human resource data of current and former employees and job applicants of IMA
S.p.A. follows with respect to Personal Data transferred from the European Union (EU) to the
United States. Accordingly, IMA S.p.A. will adhere to the Safe Harbor Principles and Frequently
Asked Questions published by the U.S. Department of Commerce (collectively referred to as the
"Principles") at http://zexport.gov/safeharbor/ with respect to all such data, and will self-certify to
the U.S. Department of Commerce compliance with the Principles.
If there is any conflict between the policies in this statement and the Principles, the Principles will
govern. This statement outlines the general policy and practices for implementing the Principles,
including the types of information IMA S.p.A. gathers, how the information is used, and the choices
affected individuals have regarding IMA S.p.A.'s use of, and their ability to correct, that
The use of EU employee Personal Data will include global enterprise headcount reporting,
statistical analysis, compensation planning and related transactions, career development, staffing,
international personal security issues, internal investigations, ethics investigations, law enforcement
inquiries, U.S. Government agency inquiries, and mergers, acquisitions, and divestitures.
The EU adopted the Directive on Data Protection ("EU Directive"), which requires EU member
states to adopt laws protecting Personal Data collected within their borders. These laws must,
among other provisions, restrict the transfer of Personal Data only to countries that have data
protection laws deemed "adequate" under standards established in the EU Directive. The U.S.
Department of Commerce and the European Commission have agreed on the Principles to enable
U.S. Companies to satisfy the requirement under EU law that adequate protection be given to
Personal Data transferred from the EU to the U.S.
Identifiable Person - means a natural person that is or can be identified, directly or indirectly, as a
particular person by reference to an identification number or to one or more aspects of the person's
physical, physiological, mental, economic, cultural or social identity. Identifiable Persons may
include any employee, applicant, former employee, or retiree of IMA S.p.A., its operating divisions,
or subsidiaries in the EU.
Personal Data - is any information about an Identifiable Person that is within the scope of the EU
Directive, is received by IMA S.p.A. in the U.S. from the EU, is recorded in any form and is about,
or pertains to, a specific individual; and can be linked to that individual.
Personal Data does not include information that is encoded or anonymized, or publicly available
information that has not been combined with non-public Personal Data.
Processing - means any online, offline or manual processing and includes such activities as copying,
filing, and inputting Personal Data into a database.
Sensitive Data - is data that pertains to medical or health conditions, racial or ethnic origin, political
opinions, religious or philosophical beliefs, trade union membership, sexual orientation or any other
data that is identified as "sensitive" by the Identifiable Person.
Where IMA S.p.A. collects Personal Data directly from Identifiable Persons in the EU, it will
inform them about the type of Personal Data collected, the purposes for which it collects and uses
the Personal Data, and the types of non-agent third parties to which IMA S.p.A. discloses or may
disclose that information, and the choices and means, if any, IMA S.p.A. offers individuals for
limiting the use and disclosure of their Personal Data. Notice will be provided in a clear and
conspicuous language when individuals are first asked to provide Personal Data to IMA S.p.A., or
as soon as practicable thereafter, and in any event before IMA S.p.A. uses or discloses the
information for a purpose other than that for which it was originally collected.
Where IMA S.p.A. receives Personal Data from their subsidiaries or operating divisions in the EU,
it will use and disclose such information in accordance with the notices provided by such entities
and the choices made by the individuals to which the Personal Data relates.
To the extent practical and appropriate, IMA S.p.A. collects Personal Data directly from the
Identifiable Person. In those cases where IMA S.p.A. collects Personal Data from other persons, it
takes measures to respect the privacy preferences of the Identifiable Persons. Examples of when
IMA S.p.A. may seek information from others include, without limitation, evaluating employees,
recruiting, benefit administration and succession planning.
IMA S.p.A.'s collection and use of Personal Data in the employment context is essential to the
conduct of IMA S.p.A.'s human resources and business functions. Examples of the purposes for
which IMA S.p.A. collects and uses Personal Data include, without limitation, recruitment, payroll,
and personnel management, such as compensation, promotion, evaluation, benefit administration
and succession planning.
While recognizing that all Personal Data deserves to be protected, IMA S.p.A. exercises special
precautions and safeguards for Sensitive Data. Unless required by applicable law, IMA S.p.A. does
not request or record Sensitive Data.
IMA S.p.A. will offer Identifiable Person(s) the opportunity to choose (opt-out) whether their
Personal Data is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other
than the purpose for which it was originally collected or subsequently authorized by the individual.
In addition, where consent of Identifiable Persons or their representatives is required by law,
contract, or agreement for the collection, use, or disclosure of Personal Data, IMA S.p.A. will
request such consent and respect the Identifiable Person's choice in such matters.
In certain limited or exceptional circumstances, in accordance with the Safe Harbor Principles, IMA
S.p.A. may disclose Personal Data without notice or the consent of the Identifiable Person. For
example, this may occur when IMA S.p.A. is required to disclose information by law or legal
process or in the vital interests of the Identifiable Person, such as when life or health are at stake.
Except as provided by the Safe Harbor Principles or applicable law, an Identifiable Person must
give affirmative permission (opt in consent) before IMA S.p.A. will disclose Sensitive Data to a
third party or use Sensitive Data for a purpose other than those for which it was originally collected
or subsequently authorized by the Identifiable Person.
IMA S.p.A. will provide Identifiable Persons with reasonable mechanisms to exercise their choices.
3. Onward Transfer
IMA S.p.A. may transfer Personal Data across state and country borders for the purposes of data
analysis and consolidation of Human Resource information worldwide. IMA S.p.A. will comply
To enable IMA S.p.A. to provide employees with certain services such as payroll direct deposit,
personnel benefits, or other human resource services, IMA S.p.A. may disclose Personal Data
without consent to sub-contractors, vendors or other third parties, if the third party (i) subscribes to
the Safe Harbor Principles, (ii) is subject to laws meeting the minimum standards required by the
EU Directive or (iii) enters into an agreement with IMA S.p.A. obligating the third party to provide
at least the same level of privacy protection as required by Safe Harbor Principles.
IMA S.p.A. takes reasonable precautions to protect Personal Data against loss, misuse and
unauthorized access, disclosure, alteration, destruction and theft.
These precautions include password protections for online information systems and restricted
access to Personal Data. All inquiries from outside IMA S.p.A., whether written or oral, concerning
the identity, employment record or performance of an employee or former employee must be
referred to the Human Resources Department.
Employees are responsible for helping maintain security through safeguarding Personal Data, e.g.,
by protecting passwords used to access IMA S.p.A. computer systems, by keeping paper records
under lock and key when not in use, and by disposing of files and reports no longer needed in a
5. Data Integrity
IMA S.p.A. takes reasonable steps to keep Personal Data accurate, complete, and up-to-date. Each
Identifiable Person is responsible for informing IMA S.p.A. or its EU subsidiaries of any changes in
Personal Data so that the information that IMA S.p.A. holds about him or her is accurate, complete
IMA S.p.A. retains Personal Data only as long as necessary to meet the purposes for which it was
collected or as required by law, contractual agreement, or the Safe Harbor Principles.
Certain Personal Data may be archived to administer post-employment benefits, to meet legal
requirements, to provide evidence in cases of litigation, for statistical purposes, or to assist in
decision relating to re-employment.
IMA S.p.A. uses reasonable procedures, following retention guidelines, to ensure that it archives or
destroys Personal Data no longer required for the purposes for which it was originally collected,
unless otherwise agreed to by the Identifiable Person.
IMA S.p.A. provides Identifiable Persons with a reasonable opportunity to examine their Personal
Data, to challenge its accuracy and to have it corrected, amended or deleted as appropriate, subject
to certain exceptions. Upon request, Identifiable Persons will be given reasonable access to the
Personal Data IMA S.p.A. holds about them. Reasonable access means that requests for access are
made during normal business hours, following standard procedures, and that the frequency of
access requests is not excessive.
If an Identifiable Person is denied access to Personal Data, IMA S.p.A. will provide such
Identifiable Person with the reason(s) for denying access and a contact point for further inquiries.
If the Identifiable Person notifies IMA S.p.A. that the Personal Data on file is incorrect and
provides IMA S.p.A. with appropriate supporting documentation, IMA S.p.A. will either correct the
Personal Data or direct the Identifiable Person to the source of the information for correction.
If, upon review, IMA S.p.A. believes that the existing Personal Data is correct, IMA S.p.A. will
inform the Identifiable Person. If the Identifiable Person continues to dispute the accuracy of the
Personal Data, IMA S.p.A. will note that dispute in the record of the Identifiable Person upon
The Safe Harbor Principles provides for some exceptions to the obligation to provide access to
Personal Data. Access to confidential or proprietary information, such as business reorganization or
succession plans, or where granting access has to be balanced against the privacy interests of others,
may be restricted. In addition, access may be denied
when the information requested relates to an ongoing investigation, litigation or potential litigation,
where the burden or expense of providing access would be disproportionate to the risks to the
privacy of the Identifiable Person or when the rights of persons other than the Identifiable Person
would be violated.
7. Enforcement and Dispute Resolution
Identifiable Persons may contact the Human Resources Director at IMA S.p.A.'s. Corporate
Headquarters to submit data access requests, register complaints or address any other relevant issues
under the Safe Harbor Principles. It is the responsibility of all employees to act in accordance with
disciplinary action, if warranted, up to and including termination of employment.
IMA S.p.A. is committed to assisting Identifiable Persons in protecting their privacy and in
retaliation. In addition, report of potential violations may be made on an anonymous basis.
For complaints that cannot be resolved between IMA S.p.A. and the complainant, IMA S.p.A. has
agreed to participate in the dispute resolution procedures of the panel established by the European
data protection authorities to resolve disputes pursuant to the Principles.
IMA S.p.A.'s privacy practices are self-certified annually to the U.S. Department of Commerce.
IMA S.p.A.'s Human Resources Director is responsible for:
Ensuring that the privacy guidelines, programs, procedures, training and other measures necessary
Overseeing responses to inquiries and resolutions of complaints relating to the privacy of
Working with IMA S.p.A.'s legal department to ensure IMA S.p.A.'s ongoing compliance with
applicable privacy laws and agreements, as well as any obligations IMA S.p.A. may enter into
voluntarily, such as the Safe Harbor Principles; and Overseeing annual assessments of IMA S.p.A. internal practices to ensure that they conform to the
This policy may be amended by time to time, consistent with the requirements of the Safe Harbor
Principles. A notice will be posted on IMA S.p.A.'s web page at www.ima.it
Targeting cookies, also known as profiling cookies, remember information regarding your use of the website so that we can serve promotional and other targeted information to you on our website. Click on the link for information on how you can opt out of targeting cookies:
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.