FAPIM S.p.A., as the Data Controller of your personal data, in the person of its legal representative, pursuant to and for the purposes of Regulation (EU) 2016/679 (GDPR), hereby informs you that the above-mentioned legislation provides for the protection of persons and other subjects with regard to the processing of personal data and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights. Your personal data will be processed in accordance with the legal provisions of the legislation referred to above and the confidentiality obligations therein.
Processing Purpose: in particular, your data will be processed for purposes related to the implementation of the following legislative or contractual obligations:
- Customer and purchasing management, including planning and scheduling of activities;
- Mandatory legal obligations in the field of taxation and accounting;
- After-sales customer support and customer satisfaction surveys;
- Training, visits and specialised technical sessions for the correct handling of the product;
- Customer billing history;
- Managing possible disputes.
Functional data processing for the fulfilment of these obligations is necessary for the proper management of the relationship and provision of such data is compulsory for the implementation of the above-mentioned purposes. The Data Controller also points out that failure to provide, or incorrect communication of, any of the mandatory information may make it impossible for the Data Controller to guarantee the adequacy of the processing.
For the purposes of the aforementioned processing, the Data Controller may become aware of data defined as common and special, or sensitive or judicial within the meaning of the Privacy Code, when necessary for the purposes specified above, and in particular:
- Personal and billing data;
- Contact details such as e-mail address and telephone number;
- Information on booking stays or courses;
- Information concerning court orders where necessary;
- Any health data of the client or a family member for emergency management.
Your sensitive data to be processed is only that strictly pertinent to the obligations, tasks or purposes described above and will be processed in compliance with the indications contained in the relevant General Authorisations of the Data Protection Authority.
With your consent, your personal data may also be used for the following purposes:
- Sharing of personal data, photos and/or videos on the company website, social page. This data will only be collected and shared after explicit consent has been given.
Providing the data is optional for you with regard to the above-mentioned purposes, and your refusal to do so will not jeopardise the continuation of the relationship or the appropriateness of the processing.
Processing Methods: your personal data will be processed as follows:
- Manual processing using paper files of various kinds, managed by authorised personnel within the company’s workplaces;
- Processing by means of electronic devices authorised by the company network, including those used to manage access to the company and video surveillance in the event of investigations requested by the competent authorities;
- Outsourcing of processing operations to third parties, in the manner declared by the External Data Processor and previously authorised by the Data Controller;
- Anonymisation of data when possible, deletion when no longer needed.
All processing is carried out in accordance with Chapter II of Regulation (EU) 2016/679.
Disclosure: your data will be stored at our premises and will be disclosed exclusively to the subjects responsible for carrying out the services required for the proper management of the relationship, with guaranteed protection of the data subject’s rights.
Your data will only be processed by personnel expressly authorised by the Data Controller and, in particular, by the following categories of appointees:
- Management and secretariat;
- Department/office managers;
- Administrative, HR, commercial, marketing, shipping, IT, production managers;
- other employees within the limits of the assignments received and the company procedures.
Your data may be disclosed to third parties, in particular to:
- Banks and credit institutions;
- External business agents;
- Consultants and freelancers, also in associated form;
- Freight Forwarders, Transporters, Postal Service, Logistics Companies;
- Entities operating the ordinary and business mail delivery service;
- to other parties (companies and consultants appointed for this purpose) who provide services for purposes ancillary to the relationship between you and FAPIM to the extent strictly necessary to carry out tasks such as: tax compliance, accounting, information systems management, financial services, debt collection, etc..
The Data Controller will not transfer your data outside of the European Union.
Any communication that does not respond to the purposes expressed above will be subject to your prior consent.
Dissemination: without prejudice to the absolute ban on dissemination of data disclosing health status, after collecting explicit consent, the data may be disseminated for:
- Publication on the web or advertising material (personal data and any photographs/videos).
Storage: Your personal data will be stored in the manner indicated above, for the minimum time required by law and contract. When the contractual relationship between you and FAPIM is terminated, your data will be stored for 10 years on the corporate software and/or in paper-based folders. Upon deletion, the data may still be retained but anonymised.
The Data Subject’s Rights
You have the right to obtain from the controller the deletion, communication, updating, rectification, integration of your personal data, and in general you may exercise all your rights under Chapter III of the GDPR, Articles 15 to 22, including the right to lodge a complaint with the Data Protection Authority.
- The data subject has the right to obtain confirmation of the existence or non-existence of his or her personal data, even if not yet recorded, disclosure of such data in an intelligible form and the possibility of lodging a complaint with the Data Protection Authority.
- The data subject has the right to be informed:
- of the source of his or her personal data;
- of the processing purposes and methods;
- of the logic applied in the event of processing carried out with the aid of electronic instruments;
- of the identity details of the data controller, data processors and the representative designated pursuant to Article 5, paragraph 2;
- of the entities or categories of entities to whom the personal data may be disclosed or who may become aware of the data in their capacity as designated representative in the territory of the State, data processors or persons in charge of processing.
- The data subject has the right to obtain:
- updating, rectification or, when interested, integration of the data;
- deletion, transformation into anonymous form or blocking of data processed in breach of the law, including data that need not be kept for the purposes for which the data was collected or subsequently processed;
- certification that the operations referred to in points a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been disclosed or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared to the right protected;
- portability of the data.
- The data subject has the right to object, in whole or in part:
- for legitimate reasons to the processing of his or her personal data, even if pertinent to the purpose of collection;
- the processing of his or her personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.