INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
Pursuant to Articles 12 et seq. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, the “Regulation” or “GDPR”) and in general compliance with the principle of transparency as defined in the Regulation, the following information is provided on personal data processing (namely any information regarding an identified or identifiable natural person, or “Data Subject”) carried out in connection with the user browsing the website www.fae-group.com (the “Website”) and related user interactions.
We must stress that, if you access social media using a link on the Website, then your personal data will be processed by those third parties, and we therefore refer you to their respective privacy notices.
SUMMARY OF MAIN POINTS
|
Purpose (point 2) |
Categories of data (point 3) |
Legal basis (point 4) |
Duration (point 5) |
Disclosure to persons other than employees and Data Processors (point 6) |
|
Website operation and security
(Cookie policy) |
Browsing data |
The Data Controller’s legitimate interest in its business activity and security |
No more than 24 hours |
No |
|
Contractual (contact and use of services on the Website) |
General information, such as personal details, contact details, company, log-in credentials, etc. |
The need to take pre-contractual measures at the request of the Data Subject or perform contracts entered into with the Data Subject. Legitimate interest in legal protection. |
Limitation of rights;
If the request is not followed by the conclusion of a contract, personal data will not be deleted within 12 months of the quote's expiration. |
Requests for quotes may be forwarded to the relevant Dealer |
|
Direct marketing |
General information, such as name, company and email address |
Consent
|
No more than 48 months from consent or renewal of consent
|
No |
1 - DATA CONTROLLER The Data Controller (i.e., the person who determines the purpose and means of processing personal data) is FAE Group S.p.A. (hereinafter FAE), with registered office at 18 Zona Produttiva, Fondo – Borgo d’Anaunia (TN), Italy, Tax ID and VAT No. 01942570225.For contact specifically relating to the protection of personal data, including the exercise of the rights referred to in section 8 below, please use the email address [email protected] to address any requests.
2 - PURPOSE FOR PROCESSING Personal data may be processed for the following purposes:
3 - TYPES OF DATA PROCESSED AND COLLECTION METHODS The data processed are considered generic, such as the data indicated below. The systems and programs used for the operation of the Website gather some personal data, the transmission of which is implicit in the use of Internet communication protocols (“Browsing Data”, e.g. the IP addresses or domain names of computers used by users connecting to the Website, the URI [Uniform Resource Identifier]) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code for the status of the response returned by the server [successful, error, etc.] and other parameters related to the user’s operating system and IT environment). Although the information is not collected in order to be associated with identified data subjects, by virtue of its nature, it could — through analysis and association with data held by third parties — be used to identify users, and is therefore considered Personal Data. In relation to the browsing information gathered, we remind you to read our Cookie Policy.
We will also process data from User requests made using the contact form (in the “Contact us” section) or the help request tools, including the body of the request. General data, including what is shared by the User and, when the reserved area is used, log-in credentials (a specific notice on the processing of personal data is provided when credentials are issued in any case).
4 - OBLIGATION TO PROVIDE DATA AND LEGAL BASIS FOR PROCESSING As stated, the transmission of Browsing Data is intrinsic to using the Website, and the legal basis for processing personal data for Website operation purposes is the Data Controller’s legitimate interest in carrying out its own business activities.
As regards the contractual purpose, there is no obligation to provide data in the pre-contractual phase, but failure to provide the requested data may make it impossible to follow up on the User’s request. The processing of Personal Data for contractual purposes is based on the following legal basis: the need to perform the contract entered into with the Data Subject or pre-contractual measures adopted at the Data Subject’s request; the performance of a legal obligation to which the Data Controller is subject; the Data Controller’s legitimate interest in the protection of its rights; the Data Controller’s legitimate interest in the performance of its business activities (for those activities which, while not constituting an obligation, are strictly connected with the performance of the contractual relationship, for example, entry into the management system or in the address book, analysis of turnover, internal checks on the quality of the service, etc.).
As far as direct marketing purposes are concerned, the provision of personal data is optional, and any failure to provide the data required for subscription to the newsletter will have no consequences on the contractual relationship. There is the option to indicate topics of interest, failing which, the communication will be general. Such processing is carried out only with the consent of the recipient (consent is also required for legal persons), which is always revocable (see section 8 “Rights of the Data Subject”, below) and constitutes the legal basis.
5 - PROCESSING METHODS AND DATA RETENTION PERIODS
Processing will be carried out:
- with manual and automated systems;
- by subjects authorized to perform the relevant tasks, having been duly instructed;
- with the use of appropriate measures to ensure the confidentiality of data and to prevent access to them by unauthorized third parties.
Unless unlawful activity is detected, browsing data are deleted within 24 hours.
For marketing purposes, the data will be processed for a period not exceeding 48 months from the issue of consent or its renewal.
Data connected to the contractual relationship will be stored for the entire duration of the that relationship, and, upon its termination — limited to the data required at that point — for the fulfillment of all possible legal obligations and for the protection requirements, including contractual ones, connected to or arising from it. Ordinarily, therefore, the data will not be stored for more than 10 years after the termination of the contractual relationship. If the request is not followed by the conclusion of a contract, personal data will not be deleted within 12 months of the quote's expiration.
6 - DATA COMMUNICATION
The data collected and processed are handled exclusively by personnel authorized to do so within the context of their duties, having received adequate instruction, and may be disclosed, exclusively for the purposes outlined above, to:
- all subjects whose right to access such data is recognized by virtue of regulatory provisions;
- collaborators, business partners and suppliers of the Data Controller, operators such as Data Processors, as part of contractual obligations connected to the processing referred to in this notice (e.g. software service providers, certain dealers for handing requests for quotes);
In any case, Users may request a full and up-to-date list of the persons appointed as Data Processors by emailing the Data Controller (see section 1).
For some markets, requests for quotes will be handled by the dealer based in the relative territory, who will then make the offer directly.
Data are not subject to dissemination.
7 - LOCATION OF DATA PROCESSING
Personal Data will be processed within the European Union, without prejudice to the necessary exchange of correspondence with Users operating outside of EuropeanXterritory. For transfers to countries for which the EU Commission has issued a Decision concerning their adequacy, personal data will be transferred to the dealers after the Standard Contractual Clauses adopted by the EU Commission pursuant to Article 46 GDPR have been signed.
8 - RIGHTS OF THE DATA SUBJECT
The GDPR gives the Data Subject the ability to exercise the following rights with regard to personal data concerning him or her (the summary description is just an outline; for the full explanation of the rights, including their limitations, please refer to the Regulation, and in particular Articles 15-22):
- access to personal data (the Data Subject has the right to obtain, free of charge, information on the personal data concerning him/her held by the Controller and on the processing thereof, as well as to obtain a copy of such data in accessible format);
- rectification of personal data (at the request of the Data Subject, correction or supplementing of personal data — which are not an expression of evaluative elements — that are incorrect or inaccurate, even if they have become inaccurate because they have not been updated);
- erasure of personal data (right to be forgotten) (for example, the data are no longer necessary for the purposes for which they were collected or processed, they have been processed unlawfully, they must be deleted in order to comply with a legal obligation, the Data Subject has withdrawn consent and there is no other legal basis for the processing, the Data Subject objects, if the conditions are met, to the processing);
- right to restrict processing (in certain cases — disputing the accuracy of the data, during the time necessary for verification, disputing the lawfulness of processing, as opposed to deletion, necessary use for the rights of defense of the Data Subject, while they are no longer useful for processing purposes, if there is an objection to the processing, while the necessary verifications are carried out — the data will be stored in such a way that they can be restored if necessary; however, in the meantime, they cannot be consulted by the Data Controller except in connection with the verification of the validity of the request for restriction by the Data Subject or with the Data Subject’s consent or for the establishment, exercise or defense of legal claims in court or to protect the rights of another natural or legal person or for reasons of important public interest of theXor of a Member State);
- right to object to processing, in whole or in part, on grounds relating to the particular situation of the Data Subject, to processing carried out on the basis of the legitimate interest, to object to processing for marketing or profiling purposes, you will not need to provide grounds for your decision;
- data portability (if processing is based on consent or on a contract and is carried out by automated means, upon request, the Data Subject will receive his/her personal data in a structured format, in common use and readable by an automatic device, and he/she may transmit them to another Controller, unimpeded by the Controller which has provided them and, if technically feasible, he/she can have such transmission made directly by the latter).
Moreover, if processing takes place by virtue of your express consent (see section 4 above), you can withdraw your consent at any time, without prejudice to the lawfulness of processing carried out prior to withdrawal (as outlined in section 4 above, with regard to data processing for marketing purposes, you can also withdraw your consent for any individual method of communication — traditional or automatic). The easiest way to withdraw consent is via the link at the bottom of our correspondence or your personal dashboard in the reserved area of the Website.
The Data Subject also has the right to file a complaint with the Supervisory Authority (Garante per la Protezione dei dati personali) if he/she believes that the processing of his/her personal data violates the provisions of the law on the protection of personal data. The Garante per la protezione dei dati personali can be contacted at the addresses indicated on the Authority’s website www.garanteprivacy.it. In any case, we would like to have the opportunity to address in advance any concerns of Data Subjects who may email [email protected] or use the other means to contact the Data Controller indicated above for any clarification concerning the processing of their personal data and for the exercise of their rights, including the withdrawal of consent.