Privacy Policy on the processing of personal data
FAPIM S.p.A., as Data Controller of your personal data, in the person of its legal representative, pursuant to and for the purposes of Regulation (EU) 2016/679 (GDPR), hereby informs you that the aforementioned legislation provides for the protection of persons and other subjects with respect to the processing of personal data and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights.
Your personal data will be processed in accordance with the legislative provisions of the aforementioned regulation and the confidentiality obligations provided for therein.
Purposes of processing and legal bases: in particular, your data will be processed for purposes related to the implementation of the following obligations, relating to legislative or contractual obligations:
• Customer and purchase management, including planning and programming of activities (Art. 6.1.b and 6.1.f of the GDPR);
• Mandatory obligations by law in the tax and accounting field (Art. 6.1.c – Art. 9.2.b of the GDPR);
• After-sales assistance to the customer and detection of the degree of satisfaction of the same (Art. 6.1.b and 6.1.a of the GDPR);
• Training, visits and specialist technical sessions for the correct management of the product (Art. 6.1.c of the GDPR);
• Customer invoicing history (Art. 6.1.b – Art. 6.1.c of the GDPR);
• Management of any disputes (Art. 6.1.c – Art. 6.1.f of the GDPR);
The processing of functional data for the fulfillment of these obligations is necessary for the correct management of the relationship and their provision is mandatory to implement the purposes indicated above. The Data Controller also informs that any failure to communicate, or incorrect communication, of one of the mandatory information, may cause the Data Controller to be unable to guarantee the appropriateness of the processing itself.
For the purposes of the indicated processing, the Data Controller may become aware of data defined as common and particular, or sensitive or judicial pursuant to the Privacy Code, when necessary for the purposes specified above, and in particular:
• Personal and billing data;
• Contact details such as email address and telephone numbers;
• Information relating to the booking of the stay or course;
• Information relating to judicial measures where necessary;
• Any health data of the customer or a family member for the management of emergency situations.
Your special data (formerly sensitive), subject to processing are only those strictly relevant to the obligations, tasks or purposes described above and will be processed in compliance with the indications contained in the relevant General Authorizations of the Guarantor.
Your personal data may also, with your consent, be used for the following purposes:
• Sharing on the company website, social page of personal data, photos and/or videos. The collection and sharing of these data will only occur following the expression of explicit consent.
The provision of data is optional for you with regard to the aforementioned purposes, and any refusal on your part to process them does not compromise the continuation of the relationship or the appropriateness of the processing itself.
Processing methods: your personal data may be processed in the following ways:
• Manual processing using paper archives of various types, managed by authorized personnel within the company work environments;
• Processing using electronic devices authorized by the company network, including those used to manage access to the company and video surveillance in the event of investigations requested by the competent authorities;
• Entrusting processing operations to third parties, according to the methods declared by the External Manager and previously authorized by the Data Controller;
• Anonymization of data when possible, deletion when no longer necessary.
All processing takes place in compliance with the methods set out in Chapter II of Regulation (EU) 2016/679.
Communication: your data will be stored at our headquarters and will be communicated exclusively to the competent subjects for the performance of the services necessary for correct management of the relationship, with a guarantee of protection of the rights of the interested party.
Your data will be processed only by personnel expressly authorised by the Data Controller and, in particular, by the following categories of persons in charge:
• Management and secretariat;
• Department/office managers;
• Administrative, HR, commercial, marketing, shipping, IT, production management staff;
• other employees within the limits of the tasks received and as provided for by company procedures.
Your data may be communicated to third parties, in particular to:
• Banks and credit institutions;
• External sales agents;
• Consultants and freelancers, including in associated form;
• Freight forwarders, transporters, post offices, logistics companies;
• Entities that manage the delivery service of ordinary and commercial correspondence;
• to other entities (companies and consultants appointed as managers for this purpose) that provide services for purposes ancillary to the relationship between you and FAPIM within the limits strictly necessary to carry out tasks such as: tax and accounting obligations, information systems management, financial services, debt collection, etc.
The Data Controller does not transfer your personal data outside the European Union.
Any communication that does not respond to the purposes previously expressed will be previously submitted for your consent.
Dissemination: the data, without prejudice to the absolute prohibition on disseminating data suitable for revealing the state of health, following the collection of explicit consent, may be disseminated to:
• Publication on the internet or advertising material (personal data and any photograph/video).
Storage: Your personal data will be stored according to the methods indicated above, for the minimum time required by the legislative and contractual nature. Upon termination of the contractual relationship between you and FAPIM, the data will be stored for 10 years on company management systems and/or in paper archives. Upon cancellation, it is possible that the data will still be stored but anonymized.
Rights of the interested party
You have the right to obtain from the owner the cancellation, communication, updating, rectification, integration of personal data concerning you, as well as in general you can exercise all the rights provided for by Chapter III of the GDPR, Articles 15 to 22, including the right to lodge a complaint with the supervisory authority.
1. The interested party has the right to obtain confirmation of the existence or otherwise of personal data concerning him, even if not yet registered, their communication in an intelligible form and the possibility of filing a complaint with the Supervisory Authority.
2. The interested party has the right to obtain the indication:
a. of the origin of the personal data;
b. of the purposes and methods of processing;
c. of the logic applied in the case of processing carried out with the aid of electronic instruments;
d. of the identification details of the owner, managers and the designated representative pursuant to art. 5, paragraph 2;
e. of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or agents.
3. The interested party has the right to obtain:
a. the updating, rectification or, when interested, integration of the data;
b. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
c. certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected;
d. data portability.
4. The interested party has the right to object, in whole or in part:
a. for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection;
b. to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication
download information “Customers and potential customers”