TRANSPARENT COMMUNICATION AND METHODS FOR EXERCISING YOUR RIGHTS
The user is asked to carefully read the following information relating to privacy, in accordance with articles 12, 13 and 14 (in the case of personal data not obtained from the person concerned but from other sources) of the General European Data Protection Regulation (GDPR) and subsequent modifications and additions, to fully understand how the personal data are gathered, used and stored and to whom they are passed on, with particular reference to:
1. WHO WE ARE
This information is made available by Fast from Fast S.p.A. (hereafter the Company) in its role as data controller and as part of the “Giordano Riello International Group” (hereafter the Group).
2. SHARING OF INFORMATION
Each company of the Group may have a legitimate interest in sharing the personal data of its customers and suppliers with the other companies of the Group, even including them in centralised databases.
The Company may also transfer the personal data to suppliers and third parties who provide certain services on its behalf, always respecting the data processing agreements and, when required, with the user's consent. The data will be shared and made available to external service suppliers only insofar as required to meet the aims outlined herein. The categories of external persons that the Company may approach for certain tasks are as follows:
3. LEGAL RIGHTS
The law guarantees a series of rights with regards your personal data. The Company undertakes to protect personal data and respect the data privacy laws in force at any given time. More information and details about rights can be obtained from theNational authority for the protection of personal data.
| Rights | What does that mean? |
| 1. Right to be informed | The user has the right to receive clear, transparent and easily understandable information about how their personal data are used, and about their rights. For this reason we provide the information you can read in this notice. |
| 2. Right of access | The user has the right to access their data (if those data are processed) and other information (similar to that provided in this privacy notice). The aim is to ensure that the user is aware and can verify that their personal data are used in accordance with the data privacy law. |
| 3. Right to rectification | The user has the right to have information corrected if it is inaccurate or incomplete. |
| 4. Right to erasure | Also known as the “right to be forgotten”, meaning that the user can request the deletion or removal of their data if there is no valid reason for continuing to use them. This is not a general right to deletion however – there are certain exceptions. |
| 5. Right to restrict processing | The user has the right to halt or restrict any further use of the information. When the data processing action is limited, the company may keep the information but no longer use it. The company keeps a list of the people who have requested that any further use of their information be halted, to ensure that this request is respected in the future. |
| 6. Right to data portability | The user has the right to obtain and reuse their own personal data for the same aims in other services. For example, on deciding to switch to a new supplier, this right allows the information to be easily moved, copied or transferred from one company IT system to another in a safe and protected manner, without jeopardising the level of usability. |
| 7. Right to object | The user has the right to object to the processing of their data for the aim of direct marketing (processing only performed with consent) or for the aim of safeguarding the legitimate interests of the company. |
| 8. Right to make a complaint | The user has the right to make a complaint to the national data protection authority regarding how the company processes their personal data. |
| 9. Right to withdraw consent | If the user has consented to the use of their personal data for the purposes of any activity, they have the right to withdraw such consent at any time (as long as this does not lead to the unlawfulness of what has been done with the personal data up until that moment with the user's consent). This includes the right to withdraw consent for the use of the personal data for marketing purposes. |
For more information about how to exercise your rights, write to: FAST S.p.A. Via Luppia Alberi 170, Montagnana – Padova, Italy.
4. WHAT PERSONAL DATA ARE COLLECTED, AND HOW ARE THEY USED?
What are “personal data”?
“Personal data” refers to the information that, directly or indirectly, allows the user to be identified as a physical person.
“Directly” means, for example, the user's name, surname and address; “indirectly” means when such information is processed together with other information.
4.1. Navigation data
The IT systems and software procedures that enable this website to operate acquire, during their normal functioning, some personal data whose transmission is implicit when using Internet communication protocols. This is information that is not collected in order to be associated with identified persons but which, by its very nature, might allow users to be identified via processing and association with data held by third parties.This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the addresses of the requested resources in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.), session start/end time indications, and other parameters relating to the operating system and the user's computer environment.
| Processing purpose and legal basis | These data are used for the sole purpose of obtaining anonymous statistical information about the use of the website, and to ensure it is operating properly. The data may also be used to ascertain responsibilities in the event of computer crime against the website (legitimate interests of the data controller). |
| Storage time | The data are usually stored for a brief period of time, barring any possible extensions relating to survey activities. |
| Provision of data | The data are not provided by the user, but automatically acquired by the technological systems of the website. |
4.2 Cookies
When a user visits a website, that site sends small text files – “cookies” – to the user's device, where they are stored and then sent back to those same sites during the next visit. So-called “third party” cookies, on the other hand, are set by another website (not the one that the user is visiting). This is because a site may contain elements (images, maps, sounds, specific links to the pages of other domains, etc.) that reside on servers other than the one of the site being viewed in that moment.
There are two types of cookie, depending on their duration: “session” cookies (i.e. temporary and automatically deleted by the device at the end of the navigation session) and “persistent” cookies (that remain stored on the device until they expire or are deleted by the user).
Cookies are used for various aims: firstly, to transmit the communication or provide the service requested by the user. More precisely, they allow the enabling and optimisation of the functioning of the Internet site. They permit computerised authentication and the prevention of infringement, the monitoring of sessions and improved navigation for the user (e.g. keeping the connection to reserved areas active during navigation on the website pages without the need to enter the user ID and password again, and storing specific information relating to the users themselves, such as preferences and the type of browser and computer used).
Cookies can only be read or modified by the website that generated them; they can't be used to obtain any data from the user's terminal, and nor can they transmit computer viruses. Some of the functions of cookies can also be carried out by other technologies so, in the context of this web privacy policy, the term “cookies” refers not only to cookies themselves but also to all similar technologies.
The use of cookies on this website
This website uses session cookies and persistent cookies. The type of cookie directly generated by the site is the “technical” cookie, used to:
a) personalise the user interface (e.g. to register the preferences expressed by the user with regards language and the product catalogue);
b) authenticate and manage a navigation session (e.g. to identify and validate the user for Support Area access);
“Third party” cookies
This website does not allow the transmission of third party cookies to the user's terminal.
Consent
For the type of cookie used by this website, the user's prior consent is not required. By accessing and navigating the site, the user gives their implicit consent to receive cookies. Users can, however, decide not to receive cookies by activating the relative option in the browser.
4.3 Contacts and data provided voluntarily by the user when using the website
The optional, explicit and voluntary forwarding of data by the user in relation to:
may lead to the subsequent acquisition and use of the personal data for the necessary purposes. Such personal data will be stored for a period compatible with the aims of its collection.
4.4 Registration for Support Area access
The Company gathers personal data for the purpose of registration on the website, to access services including: Technical documentation, Software, Publications, Technical drawings.
| Processing purpose and legal basis | To allow access to the reserved area (contract and legitimate interest). |
| Storage time | Times compatible with the aims for which the data were gathered. |
| Provision of data | Mandatory in order to access the area. |
4.5 Job opportunities
The Company gathers the data of persons interested in applying for any possible openings in the Group. The following data may be requested: CV, ID and contact data in order to evaluate the application.
| Processing purpose and legal basis | To assess the application (legitimate interest and then the individual's consent where necessary). |
| Storage time | Times compatible with the aims for which the data were gathered. |
| Provision of data | Mandatory in order to evaluate the application. |
4.6 Data processing relating to customers and suppliers
The data are processed for the purpose of:
| Processing purpose and legal basis | Administrative and accounting (contract and legitimate interest). |
| Storage time | Times compatible with the aims for which the data were gathered. |
| Provision of data | Mandatory in order to contact the Company. |
4.7 Marketing, promotional and advertising activities
| Processing purpose and legal basis | Marketing, promotional and advertising activities based on the Company's products and services and using automated systems (fax, ordinary post, email). The legal basis is provided by the individual's consent. |
| Storage time | Stored until consent is revoked. Once consent has been revoked, the data controller will stop using the data for the above purposes but may store them as a safeguard against any possible liability based on the processing. |
| Provision of data | Explicit, optional consent. |
5. LEGAL GROUNDS FOR THE USE OF THE USER'S INFORMATION
In certain circumstances, the personal data may be processed after obtaining the user's consent, so that marketing information can be sent out. In most cases, it is in the Company's legitimate interest to gather and use the personal data (as described above in “What personal data are collected, and how are they used?”) in order to be able to provide the most useful service for the user and better understand its clientèle to fine-tune its marketing activities.
The personal data are processed using manual and IT tools, adopting logics strictly linked to the above-listed purposes and, in any case, in such a way as to guarantee their security and confidentiality.
6. REQUESTS TO THE COMPANY
The Company is required by law to follow up requests and provide information free of charge, unless the request is manifestly unfounded or excessive (particularly if of a repetitive nature) in which case the Company may apply a reasonable charge (taking into account the administrative costs incurred to provide the information or communication, or to undertake the requested action) or refuse to follow it up.
Please consider your request in a responsible manner before sending it. The Company will reply as quickly as possible, and generally within a month of receiving the request; if more time is required, the user will be informed.
7. MODIFICATIONS
This notice came into force on 12 September 2018. The Company reserves the right to alter it or simply update the contents, whether fully or in part, also as a result of changes to the relative regulations. The Company recommends that this section be checked regularly to see the most recent and updated version of the notice, so the user is always up-to-date on what personal data are gathered and how they are used.
8. DEFINITIONS
1) “personal data”: means any information relating to an identified or identifiable natural person (the “person concerned”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2) “processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3) “data controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4) “data processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5) “recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients; the processing of those data by those public authorities complies with the applicable data protection rules according to the purposes of the processing;
6) “third party”: means a natural or legal person, public authority, agency or body other than the person concerned, the data controller, the data processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
7) “consent of the person concerned”: means any specific, informed and unambiguous indication freely given by the person concerned, by which they – by a statement or a clear affirmative action – agree to the processing of their personal data;
8) “personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
9) “supervisory authority”: means an independent public authority established by a Member State pursuant to Article 51;
10) “supervisory authority concerned”: means a supervisory authority involved in the personal data processing because: a) the data controller or processor is established in the territory of the Member State of that supervisory authority; b) the persons concerned, who reside in the Member State of that supervisory authority, are – or are likely to be – substantially affected by the processing; or c) a complaint has been lodged with that supervisory authority.
Via Luppia Alberi 170 – 35044
Montagnana (PD) - Italy
VAT 02375450281
Share capital € 2.900.000 i.v.
Phone (+39) 0429 – 806311
Fax. (+39) 0429 – 806340
E-mail: info@fastaer.com
