FASSI GRU S.p.A., with offices in via Roma no. 110 – 24021 Albino (BG), VAT No. 00834280166, email: firstname.lastname@example.org is the Data Controller.
Moreover, possible partner websites that participate independently in data processing activities can also take on the role of independent Data Controllers.
Subject of the Processing
1) Navigation data
The computer systems and the software procedures used for the operation of these websites, during their standard function, acquire personal data which are implicitly transmitted in the use of internet communication protocols.
This is information that, due to its very nature, could, through associations and processing with data held by third parties, allow users/visitors to be identified (e.g. IP address, domain names of the computers used by users/visitors that connect to the website, etc.).
These data are used only for statistical information and to check the proper operation of the websites.
The data on the web contacts are retained for the time needed to fulfil the service requested by the user and then destroyed using secure destruction methods, save for possible investigation into IT crimes against the website.
No data from the web service will be communicated or distributed.
2) Data provided voluntarily by users/visitors
Whenever users/visitors connect to these websites and send their personal data to access certain services, or to make requests via email, they are aware that this means the Data Controller acquires the sender’s address and/or any other personal data, which will be processed exclusively to respond to the request, or to provide the service.
Personal data provided by users/visitors will only be communicated to third parties if the communication is necessary to meet the requests of the users/visitors or if required by law (as in the case of invoicing).
Processing is performed using automated instruments (e.g. using electronic supports and procedures) and/or manually (e.g. on paper) only for the time strictly necessary to achieve the purposes for which the data were collected and in compliance with the current legislation.
Purposes of data processing
Along with those indicated in the individual notices that precede completion of the forms in the various sections of the website, the Controller’s purposes for processing the data are understood as:
- a) collection, retention, and processing for the purposes of establishing, administering, and managing the contractual relationship linked to delivering the service offered on the website;
- b) use of the user’s personal data (in particular the email address) to send communications related to the established relationship;
- c) processing of the personal data provided and those presumed from navigation on the website in order to provide a service consistent with the indications transmitted during use of the service;
- d) collection, retention, and processing of the data to perform anonymous and/or aggregated statistical analysis;
- e) operational purposes for performing our business, like custom content such as newsletters;
- f) communication of commercial information on future initiatives, announcement of new products or services;
- g) market research, statistical and economic analysis;
- g) sending advertising or promotional materials and executing promotional initiatives in general;
- i) receiving employment applications also through sending a CV.
Legal basis of the processing
Besides the Data Controller, in some cases, certain categories of managers and employees involved in the company organisation of the website (administrative, commercial, marketing, and legal staff and system administrators) may have access to the data. Moreover, the Data Controller may involve external subjects (such as third-party technical service suppliers, transporters, hosting providers, cloud services, computer companies, and advertising agencies), which may be appointed as external Data Processors. The updated list of the Processors may always be requested to the Data Controller, at the address indicated above.
Transfer to a third country
For the services offered on the websites, the Data Controller uses servers located in the following Countries:
and therefore, based on Reg. 2016/679/EU, is considered suitable as it falls within the EU.
The data processed by the Data Controller will never be disclosed.
Data processing location
Processing connected with web services for this site are at the aforementioned registered offices of the Data Controller and are handled only by technical Office staff entrusted with data processing. If needed, the data connected to the newsletter service may be processed by the staff of the company that manages the Data Center (Data Processor per Article 29 of the Personal Data Protection Law) at that company’s premises.
Duration and location of data storage
The data are processed for the time necessary to perform the service requested by the User, no less than 5 years in the case of curriculum vitae, and then destroyed using secure destruction methods.
Optional and mandatory provision of data
Except when specified for navigation data that acquires data automatically, users/visitors are free to choose whether or not to provide their personal data. Failure to provide the information could only result in it being impossible to obtain the information requested.
Rights of Data Subjects
Subjects about whom personal data are collected have the right at any time, pursuant to the GDPR, to obtain confirmation of the existence of such data and to know the content and origin, to either verify their accuracy or request their integration, updating, or correction.
In relation to the processing of said data, the User has the right to obtain from the Controller:
- Confirmation of whether or not the personal data exist, communication of the data in an intelligible form, and knowledge of the origin, as well as the logic on which processing is based;
- Deletion, within a reasonable time, of the data, their transformation into anonymous form, or the blocking of data processed in violation of the law;
- Updating, rectification or, when necessary, integration of the data;
- Confirmation that the operations set forth in points 2 and 3 were brought to the attention of those to whom they were communicated, provided that it is not impossible or involves a disproportionate use of resources.
- The User also has the right to correction or deletion of their data or limitation of processing.
- The User has the right to revoke consent regarding voluntary processing and not connected to the execution of the contract signed with the Data Controller.
- The User also has the right to oppose, for legitimate reasons, the processing of their personal data, even if pertinent to the purpose for their collection, to request their portability, to exercise the right to be forgotten, as well as to contact the Supervisory Authority regarding personal data protection (which for Italy is the Garante) for any violation that is considered to have occurred, via email at: email@example.com, fax: (+39) 06.69677.3785, or via post at Garante per la Protezione dei Dati Personal, in Rome (Italy), Postal Code 00187, via Piazza Venezia no. 11.
Automated decision-making processes
No automated decision-making processes are performed on aggregate data collected except that aimed at improving website management.
To express consent to the use of personal data to receive information, communications on future events, and newsletters from the Data Controller, check the consent box on the notice in the dedicated section of the website.