NOTICE ON PERSONAL DATA PROCESSING
FEDRIGONI S.p.A., as the Data Controller, attributes great value to respecting the privacy of its interlocutors and is committed to safeguarding it by applying the provisions that European and Italian law establish in this regard. The relevant European legislation on the protection of personal data is the European Parliament’s Regulation no. 2016/679/ EU of 27/04/2016 (GDPR). The content of the information to be distributed to interested parties is shown in articles 13 and 14 of the GDPR.
Personal data is any information concerning an identified or identifiable natural person (the “interested party”). A person can be identified, directly or indirectly, by their: name; identification number; location data; online identifier; one or more characteristic elements of physical, physiological, genetic, psychological, economic, cultural or social identity.
Principles applicable to personal data processing
The Data Controller processes personal data in compliance with the principles established by the GDPR: lawfulness, correctness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality.
Characteristics of personal data processing
The Data Controller can process personal data according to the characteristics indicated below:
|interested party||purpose of processing||data processed||legal basis of processing||obligation or right to communicate data||consequences of failure to communicate data||data storage period|
|potential customers; customers; potential suppliers; suppliers||pre-contractual activity||personal data; tax data; tel; e-mail;||the activity||right||failure to receive information on products; failure to sign a contract||5 years|
|customers; suppliers||contractual activity||personal data; tax data; tel; e-mail; bank references; accounting data||the activity||obligation||failure to execute the contract||the time needed to manage the contract and any disputes|
|potential customers; customers||marketing activities (e.g. newsletters, informative e-mails)||personal data; tel; e-mail||consent||right||failure to receive marketing communication||5 years|
If the processing is based on consent, the interested party can revoke it at any time, without prejudice to the legality of the processing based on the consent given prior to the revocation.
To carry out pre-contractual or contractual activities, the interested party must have the ability to act as required by law. The Data Controller does not accept data-processing consent from anyone under the age of 18.
Authors of personal data processing
|authors of processing||purpose of processing|
|Employees of the Data Controller or any third parties appointed by the Data Controller||pre-contractual and contractual relationships; possible marketing activities|
|Employees of the Data Controller or any third parties appointed by the Data Controller||updating and maintenance of the management systems, software, websites|
Transfer of personal data to other countries
The Data Controller can transfer personal data to recipients in countries outside the EU, as long as they ensure an adequate level of protection in accordance with the GDPR.
An interested party who decides to access external sites through the Data Controller’s website (i.e. social networks) is subject to the guarantees and data processing methods of the operators of such sites.
Rights of the interested party
The interested party has the right to ask the Data Controller:
- for access to their personal data;
- to modify or delete personal data;
- to limit or terminate the processing;
- with the limitations indicated in art. 20 of the GDPR, the “portability of data” (i.e. to receive personal data in a structured format that is commonly used and readable by an automatic device; the right to transmit such data to another holder without hindrance by the Data Controller that provided them).
To exercise these rights, the interested party can send an e-mail to firstname.lastname@example.org or a registered letter to: Fedrigoni S.p.A. Viale Piave, 3 – 371356 Verona – Italy.
The data controller will give the interested party information on the action taken with regard to a request without undue delay and, in any case, no later than one month after receipt of the request. This deadline can be extended by two months if necessary, taking into account the complexity and the number of requests. The Data Controller informs the interested party of this extension, and of the reasons for the delay, within one month of receiving the request.
The interested party can also lodge a complaint with a European Supervisory Authority (see the references of the European supervisory authorities in https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).
References of the Italian Data Protection Authority:
Piazza di Monte Citorio, 121, 00186 Roma.
Tel. +39 06 69677 1; fax +39 06 69677 785.