IN ACCORDANCE WITH ART.13 OF UE REGULATION 679/2016 – GDPR
- DATA CONTROLLER AND CONTACTS
- PERSONAL DATA SUBJECT TO PROCESSING
- PURPOSE OF THE PROCESSING
- LEGAL GROUNDS AND OBLIGATORY OR VOLUNTARY NATURE OF THE PROCESSING
- RECIPIENTS OF PERSONAL DATA
- TRANSFER OF PERSONAL DATA
- STORAGE OF PERSONAL DATA
- DATA SUBJECT RIGHTS
- HOW TO EXERCISE RIGHTS AND COMPLAINT
- CHANGES AND UPDATES
GENERAL TERMS AND CONDITIONS
In accordance with art. 13 of GDPR (UE Regulation 679/2016), FRARI S.r.l., via Crosariole 6, 35010 Trebaseleghe (PD), CF e PI 04393310281 (“FRARI” or “company”), provide the users and clients – according to the principle of transparency – with the following information in order to make them aware of the ways in which their Personal Data, as defined below, are processed in the context of using the Site and buying the products and services offered by the website.
Generally speaking, the information or Personal Data that the User gives to FRARI through the Site, or that is collected in other ways through the Site, in the context of using the services it offers is processed in accordance with the internationally recognised principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality and with tools suitable to guarantee data security and confidentiality and using procedures aimed to avoid data lost, unauthorizes access and abuses. Data will be processed according to the purposes they have been collected.
1 – DATA CONTROLLER AND CONTACTS
FRARI informs the User that the Data Controller is: FRARI S.R.L., via Crosariole n.6, 35010 Trebaseleghe (PD), CF e P.I. 04393310281, legal representative Mr. Fabrizio Pignaffo. The Data Controller can be contacted by telephone: +39.049.9388491; by email: email@example.com; by legal email: firstname.lastname@example.org.
2 – PERSONAL DATA SUBJECT TO PROCESSING
Following the use of the Site, the company will process your Personal Data, which may include—in part depending on how you choose to use the Services—identifiers such as your name, surname, fiscal code, province of residence, telephone number, email address, identification number such as customer number, an online identifier or one or more pieces of information about your physical, physiological, psychic, economic, cultural or social identity that are identifiable or can be used to identify you (hereafter, “Personal Data”).
User’s Personal Data can be collected either because he/she willingly provided it (for example, when creating an account in order to receive the Services offered) or by simply analysing his/her use of the Site.
The following types of Persona Data are processed through the Site:
2.1 Name, Contact Details and other Personal Data
In various sections of the Site, in particular those relative to creating an account, the User is asked to enter information such as name, surname, telephone number, email address and etc.
Furthermore, if the User participates in a survey or any promotions through the Site, as well as when he/she communicates with the company through the Site or Customer Service, the company will be able to collect the additional information that the User decides to provide.
2.2 Special categories of personal data
The User might provide the company with information that might contain personal data through the Site (for example, through the Customer Service information request form).
Since these fields are open, the User might use them to communicate (voluntarily or not) certain sensitive categories of Personal Data, such as information that reveals racial origin or ethnicity, political opinions, religious or philosophical beliefs, union membership, genetic data, biometric data processed solely to identify a human being, data relative to health, sexual activity or sexual orientation.
The company asks that the user refrains from sending such Personal Data unless strictly necessary. In fact, these special categories of Personal Data can only be subject to processing with his/her explicit consent and in accordance with current regulations. The company would therefore like to stress the importance of providing the user’s explicit consent to the processing of these special categories of personal data, should the user decide to share such information.
2.3 Data voluntarily provided by the data subject
As noted above, the User can communicate various kinds of information to the company through the Site, and this information might contain the Personal Data of other people.
In such a case, the User becomes an independent data controller, assuming all of the relevant legal obligations and responsibilities. In this regard, the User fully indemnify the company against any complaint, claim, request for damages in consequence of the processing and etc. that the company might receive from the third party whose Personal Data was processed through the user’s use of the Site in violation of applicable personal data protection laws. In any case, should the User provide or in some other way process the Personal Data of third parties through the use of the Site, the User guarantees from that point forward—assuming all relevant responsibility—that any processing is based on the consent of the third party in question or on other applicable legal grounds that legitimise the processing of the data in question.
2.4 Browsing Data
The computer systems and software procedures responsible for making this Site function, during the normal course of business, collect some personal data which are transmitted implicitly when using Internet communication protocols. This information is not gathered for the purposes of its association with the identified data subjects, but by its very nature, it could enable the users to be identified when processed and associated with data held by third parties. This category of data includes the IP addresses or domain names of the computers used by visitors to the Site, the addresses of the requested resources in URI (Uniform Resource identifier) form, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code that indicates the status of the response provided by the server (successfully delivered, error and etc.) and other parameters relative to the user’s operating system and IT environment. This data is only used to process anonymous statistical information about the use of the Site, to check that it is functioning smoothly and to identify anomalies and/or abuse, and is erased immediately after processing. The data might be used to determine responsibility in the case of computer crimes that damage the site or third parties: apart from this eventuality, data on web contacts is not stored for more than seven days.
3 – PURPOSE OF THE PROCESSING
The company will use the User Personal Data, collected through the Site, for the following purposes:
- To provide the client with access and make it possible for him/her to register for an account on the Site; verify the user identity and help him/her, in case he looses or forgets the login or password for the account on the Site; send informational material or provide with any other Service that the user have requested including, for example, business contacts, technical information downloads, model downloads and etc. (“Provision of Service”);
- To send marketing communications via email for products and services similar to those that the user has purchased through the Site (“Soft Marketing”);
- To discharge legal obligations, which might entail their storage and communication to the Authorities to meet accounting, fiscal or other obligations (“Compliance”);
- To prevent and/or identify possible fraudulent activity or abusive use of the Site and therefore permit the company to protect itself in court (“Abuse/Fraud”);
Data will not used to perform any profiling activities.
4 – LEGAL GROUNDS AND OBLIGATORY OR VOLUNTARY NATURE OF THE PROCESSING
The legal grounds for processing Data, in accordance with the purposes listed above in Section 3, are the following:
- Provision of Service: the legal ground is the necessity to provide the Client with the Services and, therefore, to fulfil the contract obligations. It is not obligatory to provide the company with Personal Data for this purpose, but if the client does not provide it, it will not be possible to provide him/her with any Services.
- Soft Marketing: the legal ground is the company’s interest in sending marketing communications via email for products and services similar to the ones the client has already purchased. The user can opt out of receiving these communications, without any consequences (besides no longer receiving communications of this kind from the company).
- Compliance: the legal ground id the necessity to discharge legal obligations. When the User provide Personal Data to the company, they must be processed in accordance with the applicable regulations, which might entail their storage and communication to the Authorities to meet accounting, fiscal or other obligations.
- Abuse/Fraud: the legal ground is the necessity to prevent and/or identify possible fraudulent activity or abusive use of the Site and therefore permit the company to protect itself in court.
5 – RECIPIENTS OF PERSONAL DATA
Personal Data would be communicated in accordance with law requirements to the authorities indicated by law. Personal data can be shared – just for the purposes reported above – with the following subjects:
- Persons authorised by the company to process Personal Information as required for actions strictly related to the provision of Services, whether they have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality (e.g. employees);
- Subjects who work primarily as data officers or persons, companies or professional firms that provide accounting, administrative, legal, taxation, financial and debt collection assistance and consulting to the company relative to the provision of Services;
- Subjects with whom it is necessary to interact for the provision of Services (for example, email providers);
- Subjects hired to carry out technical maintenance activity (including the maintenance of network equipment and electronic communication networks);
6 – TRANSFER OF PERSONAL DATA
Some Personal Data might be shared with recipients outside the European Economic Area. The company ensures that the processing of Personal Data by such recipients is carried out in accordance with the applicable regulations. In fact, the transfer of data can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. For more information, please write to the company as instructed in Section 9 below.
7 – STORAGE OF PERSONAL DATA
Personal Data processed for the purpose of Service Provision will be preserved solely for the time strictly necessary for the fulfilment of said purpose (e.g. for managing the contract). In any case, since this Personal Data is processed in order to provide Services, the company may store it for a longer period (not more than 10 years), in particular since it might be needed for protecting its interests from possible complaints relative to the Services.
Personal Data processed for the purpose of Soft Marketing will be stored until the User withdraws your consent through the link that will find at the bottom of every Soft Marketing email.
Personal Data processed for the purpose of Compliance will be stored for the period provided for by specific legal obligations or the applicable regulations.
Personal Data processed for the purpose of Abuse/Fraud will be stored for the time strictly necessary for this purpose and in any case as long as the company needs to store it in order to protect itself in court to communicate said data to the competent authorities. More information concerning the personal data storage period can be gathered contacting to the Company.
8 – DATA SUBJECT RIGHTS
Concerning the Personal data Processing described in this document, the User has the right to ask the company, at any time:
- For access to your Personal Data (or a copy of your Personal Data), as well as further information about the way and purposes it is being processed, their recipients and their period of storage;
- To amend or update your Personal Data, should it be incomplete or out of date (art.16 GDPR);
- To erase your Personal Data from the company database (art.17 GDPR);
- To limit the company’s processing of your Personal Data (art.18 GDPR);
- To obtain the Personal Data and the chance to transmit them to a new owner in a structured format in all the cases provided in art.20 GDPR;
- To oppose to Data Processing in the cases reported in art. 21 GDPR.
9 – HOW TO EXERCISE RIGHTS AND COMPLAINT
IThe rights reported above can be excercised at any time sending:
a registered post to: FRARI S.r.l., via Crosariole, 6 – 35010 – Trebaseleghe (PD);
an email to: email@example.com;
a legal mail to: firstname.lastname@example.org;
FRARI would like to inform the User he/she has the right to purpose, in case of violations of Data Protection, complaint to the Guarantor of Personal Data Protection. For further information visit the website: www.garanteprivacy.it
10 – CHANGES AND UPDATES