PRIVACY STATEMENT FOR VISITORS OF THE WEBSITE www.fiso.info
pursuant to art. 13 of the EU Regulation n. 2016/679 (GDPR - General Data Protection Regulation)
Pursuant to Article 13 of EU Regulation n. 2016/679 (hereinafter "GDPR" - General Data Protection Regulation), this Privacy Statement is intended to provide relevant information regarding the method and purpose of processing, carried out by F.I.S.O. S.r.l. (hereinafter "F.I.S.O." or "we"), of personal data that F.I S.O. collects through its website www.fiso.info (hereinafter "website") and/or following the establishment of contractual, commercial or business relationships.
The subject of data protection is personal data (hereinafter "personal data“ or "personal information"). Pursuant to article 4, paragraph 1 of EU Regulation no. 2016/679, this includes all information relating to an identified or identifiable natural person (for example, names or identification numbers or location data, etc.).
2. DEFINITIONS PURSUANT TO THE ART. 4 OF THE EU REGULATION No. 2016/679
«personal data» means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
«processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
«controller» means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
«processor» means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
«profiling» means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
For other definitions, see art. 4 of EU Regulation no. 2016/679.
3. CONTROLLER, PROCESSORS AND PERSONS IN CHARGE
The processing Controller (hereinafter "Controller") is F.I.S.O. S.r.l., having registered and operational headquarters in Via IV Novembre 118, 21058 Solbiate Olona (VA), Italy; Fiscal Code and VAT number 02251040123. The updated list of processors and persons in charge of data processing is kept at the headquarters of the controller.
4. TYPE AND ORIGIN OF PROCESSED DATA
F.I.S.O. can collect personal, identifying and non-sensitive data (by way of example but not limited to: name, surname, company name, address, telephone number, email address, tax code, VAT number, etc.) which are provided by you when you fill in the request for information form on our website, or when you interact or establish business relationships with us, or during customer satisfaction surveys and/or customer buying habits, or on any other occasion. We can also collect contact company names from companies with whom we have contractual or commercial relationships.
F.I.S.O. can also collect other technical information (hereinafter "navigation data") such as your IP address, your MAC address, your internet provider, your computer's operating system, your browser and other similar information.
5. PURPOSE AND LEGAL BASIS OF PROCESSING
Personal data are processed,
A. without your express consent (pursuant to Article 6, paragraph 1, letters "b", "c" and "f", of the GDPR), for the following Service purposes:
processing a request for information made through our website;
manage and maintain the website;
preventing or detecting fraudulent activities or malicious abuse of the website;
conclude supply contracts relating to the products/services offered by F.I.S.O and requested by you;
fulfill pre-contractual and contractual obligations deriving from existing and/or past relationships with you;
fulfill fiscal obligations deriving from existing and/or past relationships with you;
fulfill the obligations established by law, by a regulation, by EU legislation or by an order of the Authority;
exercise the rights of the Controller, for example the right of defense in court.
For the aforementioned Service Purposes, the legal basis for processing your personal data, and therefore the condition that determines the lawfulness of the processing, is determined by the fact that:
for the purposes mentioned in points 1, 4 and 5, processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (art. 6, paragraph 1 letter "b" , of the GDPR);
for the purposes mentioned in points 6 and 7, processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6, paragraph 1 letter "c", of the GDPR),
for the purposes mentioned in points 2, 3 and 8, processing is necessary for the purposes of our legitimate interests (Article 6, paragraph 1 letter "f" of the GDPR), consisting in providing customers with an efficient and efficient website, for purposes 2 and 3, and consisting in pursuing our rights, in the case of point 8.
B. Only with your specific and distinct consent (pursuant to Article 6, paragraph 1, letters "a", of the GDPR), for the following Marketing purposes::
Send you promotional material and/or commercial communications relating to our services/products and/or newsletters and/or opinion/satisfaction surveys.
For the aforementioned Marketing Purposes, the legal basis of the processing of your personal data, and therefore the condition that determines the lawfulness of the processing, consists in the fact that you have given your consent to processing of your data for the aforementioned purposes (art 6, paragraph 1 letter "a", of the GDPR).
6. WAY OF PROCESSING
Personal data processing is carried out by F.I.S.O. through both manual and computerized and telematic tools with logic strictly related to the same purposes and in any case in order to guarantee the security and confidentiality of the data and according to principles of correctness, lawfulness, transparency and protection of the rights of the data subject. Data storage is done both electronically and on paper.
Here are some essential information:
The collection of personal data is limited to the minimum necessary for each specific processing purpose.
Data processing is limited to the purposes for which it was collected.
The storage of personal data is limited to the minimum necessary for each specific processing purpose.
We do not sell or rent personal data.
No automated decision making or profiling processes are present.
7. DATA STORAGE PERIOD
F.I.S.O. will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purpose and for no more than 10 years from the collection of data for the Marketing purposes.
8. DATA ACCESS
Your personal data will be made accessible only to those who, within the company, need it because of their job. These persons will be appropriately trained in order to avoid problems of any kind with the data held. Your personal data may be made accessible for the purposes referred to in points 5.A and 5.B to the following subjects:
Employees and collaborators of the Controller, in their capacity as persons in charge and/or external processors and/or system administrators.
Third-party companies or other subjects that carry out outsourced activities on behalf of the Controller, in their capacity as external processors.
Professionals, consulting companies, credit institutions, information companies, debt collection companies or companies operating in the transport sector.
Subjects that can access your data pursuant to legal provisions.
Public and private bodies, also following inspections and audits.
Companies, which offer adequate security guarantees, of IT services including the personnel in charge of the ordinary and extraordinary maintenance operations or who support the Controller in providing the services offered.
9. DATA COMMUNICATION
Your data will never be published, disseminated, displayed or made available/consulted by subjects not specified in the previous point. The persons to whom the data will be communicated, will process them as autonomous data controllers and will in any case be required to comply with the provisions regarding the security of the data processing required by current legislation.
Without your express consent (art. 6, letter "b" and "c", of the GDPR), we will be able to communicate your data for the purposes of the art. 5.A to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is obligatory by law for the fulfillment of the aforementioned purposes.
10. NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF ITS REFUSAL
The provision of data for the purposes of the Service referred to in point 5.A is mandatory. In their absence, we cannot guarantee the Services listed in point 5.A.
The provision of data for the Marketing purposes referred to in point 5.B is instead optional. You can then decide not to give any data or subsequently deny the possibility of processing data already provided. In this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by us. In any case, you will continue to be entitled to the Services referred to in point 5.A.
11. DATA SUBJECT’S RIGHTS
Pursuant to articles 13 and 15-22 of the GDPR, the data Subject has, in particular, the right to:
Obtain confirmation that his or her personal data are being processed.
Obtain access to data and the following information: purpose of processing, categories of personal data, recipients and/or categories of recipients, storage period.
Obtain the correction or integration of inaccurate personal data concerning him or her.
Obtain the deletion of personal data concerning him or her in the cases provided for by art. 17 of the GDPR.
Obtain that the personal data concerning him are only stored without any other use being made of them in the cases provided for by art. 18 of the GDPR.
Receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, in the cases provided for by art. 20 of the GDPR.
Object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, within the limits set by the art. 22 of the GDPR.
Make a complaint to the responsible supervisory authority.
12. HOW TO EXERCISE OF THE RIGHTS OF THE DATA SUBJECT
You may at any time exercise the rights referred to in paragraph 11 above, by sending:
a registered letter with return receipt to F.I.S.O. S.r.l., Via IV Novembre 118, 21058 Solbiate Olona (VA), Italy; or
a pec at the address firstname.lastname@example.org
This website and the Services of the Controller are not intended for persons under the age of 18 and the Data Controller does not intentionally collect personal data referring to minors. In the event that information on minors is unintentionally registered, the Controller will delete them in a timely manner, at the request of users.
14. CHANGES TO THIS STATEMENT
This information may be subject to change. We therefore recommend that you regularly check this Privacy Statement and refer to the latest version.