Statement pursuant to the regulations on personal data protection website

pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)

 

Dear Customer,

Fassa S.r.l. with registered office in Spresiano (TV), Via Lazzaris 3, tax identification/VAT no. 02015890268, as data controller (hereinafter referred to as the "Company" or “Controller”) is committed to protecting the personal data of the user (hereinafter, "User" or, in the plural, the "Users") of the website https://www.fassarchitettura.com.  As data controller, the Company is required to provide the User with certain information regarding the processing of personal data pursuant to Article 13 of Regulation (EU) 2016/679 (the "GDPR").

This Privacy Policy does not apply to other websites owned by third parties that may be accessed through links on the Website. Please review the privacy statements of such third party websites in relation to their processing of personal data.

WHAT PERSONAL DATA CONCERNING YOU MAY BE COLLECTED

The following categories of personal data may be collected that concern you. The term ‘Personal Data‘ means all the following categories, taken together:

  • Personal and contact details – information on first name, surname, place and date of birth, phone number, email address.

 

HOW WE COLLECT YOUR PERSONAL DATA

The Company collects and processes your Personal Data, for example, when you sign up on the website https://www.fassarchitettura.com/en/profile.

If you provide Personal Data on behalf of someone else, you must first ensure that they have read this Privacy Statement.

We ask you to help keep your Personal Data up-to-date and inform us of any changes to this data.

 

WHY YOUR PERSONAL DATA IS BEING USED

The Controller may process your Personal Data for one or more of the following purposes, on the legal basis indicated in each case. 

  1. Newsletters and marketing

The Controller may process for marketing purposes in order to send you, by automated means of contact (e.g. email), opinion and satisfaction surveys, newsletters and/or commercial messages containing information on products or services, as well as promotions or invitations to events that the Controller is organising or participating in.

Legal basis: your consent. The processing of your Personal Data for this purpose may only take place after the Company has obtained your free and express consent under Article 6(1)(a) of the GDPR, which can be withdrawn at any time using the contact details given below. Failure to give your consent will not entail any consequences except that it will be impossible for you to receive newsletters and promotional communications.

 

  1. Sending communications to promote products and services similar to your previous purchase(s), pursuant to and within the limits permitted by Article 130(4) of the Privacy Code.

The Controller may process your email address in order to send you promotional communications and material relating to products similar to those you previously purchased.

Legal basis: legitimate interest of the Company under Article 6(1)(f) of the GDPR to maintain an effective contractual relationship with you.  In this case, a new and specific consent is not required, since the Controller will pursue this further purpose, where necessary, by processing the Data collected for the further purposes indicated herein, which are deemed compatible with this one (also by reason of the context in which the Personal Data was collected as well as the nature of the Personal Data itself and of the appropriate safeguards for its processing, as well as of the link between the purposes indicated herein and this further purpose).

 

  1. Disclosure to third parities for their promotional purposes.

The Company may disclose your Personal Data to the Department of Architecture of the University of Ferrara for their promotional purposes.

In this case, these third parties shall process your Personal Data as independent controllers.

Legal basis: your consent. The processing of Personal Data for this purpose may only take place after the Company has obtained your free and express consent under Article 6(1)(a) of the GDPR, which can be withdrawn at any time using the contact details given below. Failure to give your consent will not entail any consequences except that it will not be possible to disclose your Personal Data to third parties for their own promotional purposes.

 

  1. To comply with legally binding requests from judicial authorities and to fulfil obligations under laws, regulations or provisions.

The Company may process your Personal Data in order to comply with requests from judicial authorities, or to fulfil a legal obligation.

Legal basis: compliance with a legal obligation to which the Controller is subject under Article 6(1)(f) of the GDPR. Providing your Personal Data for this purpose is compulsory since, without it, the Controller will be unable to fulfil specific legal obligations.

 

  1. Defence of rights in the course of judicial, administrative or out-of-court proceedings, and in the context of disputes arising in connection with the existing relationship.

The Controller may process your Personal Data to defend its rights or to take action or even make claims against you or third parties.

Legal basis: legitimate interest of the Controller under Article 6(1)(f) of the GDPR in order to protect its rights.  In this case, a new and specific consent is not required, since the Controller will pursue this further purpose, where necessary, by processing the Data collected for the purposes above, which are deemed compatible with this one (also by reason of the context in which the Personal Data was collected as well as the nature of the Personal Data itself and of the appropriate safeguards for its processing, as well as of the link between the purposes mentioned above, from point a) to point e) and this further purpose).

HOW WE KEEP YOUR PERSONAL DATA SAFE

The Controller uses appropriate security measures to improve the protection, safety, integrity and inaccessibility of your Personal Data.

All your Personal Data is stored on our protected servers (or on appropriately filed hard copies) or those of our suppliers, and are accessible and can be used in accordance with our standards and our security policies (or equivalent standards for our suppliers).

HOW LONG WE STORE YOUR PERSONAL DATA

We store your Personal Data only for the time necessary to achieve the purposes for which it has been collected or for any other associated legitimate purpose. Therefore, if your Personal Data is processed for two different purposes, we will store such Personal Data until the purpose with the longer retention period ends. However, we will no longer process Personal Data for that purpose whose retention period has ended. Access to your Personal Data is restricted to only those who need to use it for the relevant purposes. Your Personal Data that is no longer necessary, or for which there is no longer a legal basis for its storage, is irreversibly anonymised (and thus can be stored) or securely destroyed.


The retention times for the different purposes listed above are given below.

  1. newsletters and marketing: Personal Data processed for this purpose may be retained for 24 months and unless consent to receive further newsletters is revoked;
  2. sending communications to promote products and services similar to your previous purchase(s); your Personal Data processed for this purpose may be retained until you object to receiving further communications;
  3. disclosure to third parties for their own promotional purposes: your Personal Data processed for this purposes may be retained until you withdraw your consent;
  4. purposes related to the obligations provided for by the law, regulations or by EU legislation, by provisions/orders of authorities entitled to do so by law and/or by supervisory and control bodies: Personal Data processed for this purpose may be retained for the time strictly necessary to fulfil the specific obligation;
  5. defence of rights in the course of judicial, administrative or out-of-court proceedings, and in the context of disputes arising in connection with the services offered: Personal Data processed for this purpose may be retained for the time strictly necessary for the protection of the Controller’s rights.

WHO WE CAN SHARE YOUR PERSONAL DATA WITH

Your Personal Data may be accessed by duly authorised employees, as well as by external suppliers, appointed – if necessary – as data processors, such as: Companies or other third parties who carry out outsourcing (such as, for example, staff involved in graphic design, layout, printing, suppliers, hardware and software technicians, professional consultancy firms), lawyers and legal consultants, public and private bodies, also as a result of inspections and audits, sales networks.

Please contact us at the following email address: data.protection@fassabortolo.com if you wish to ask to see the list of data processors and other entities to whom we disclose your Personal Data.

INTERNATIONAL TRANSFERS 

The Company informs you that your Personal Data will be processed exclusively within countries belonging to the European Union (EU) or the European Economic Area (EEA).

 

These external parties will process your Personal Data either as independent controllers or as data processors, duly appointed by the Company in accordance with data protection legislation (depending on the role they perform in the processing).

You can write to the Company at any time, using the contact details below, to ask who your Personal Data are being transferred to and to receive a copy of the guarantees adopted for the transfer.

YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY

You have the right to obtain from the Company, subject to the existence of the legal basis behind your request:

  1. access to your Personal Data, as provided for under Article 15 of the GDPR;
  2. rectification or integration of your Personal Data in our possession that you consider to be inaccurate, as provided for under Article 16 of the GDPR;
  3. erasure of your Personal Data for which the Controller no longer has any legal basis for processing, as provided for under Article 17 of the GDPR;
  4. restriction of the way we process your Personal Data if one of the cases provided for under Article 18 of the GDPR applies;
  5. withdraw your consent, as provided for under Article 7 of the GDPR;
  6. a copy of the Personal Data you provided to the Controller in a structured, commonly used and machine-readable format and the transmission of such data to another controller (portability), as provided for under Article 20 of the GDPR.

Right to object: in addition to the aforementioned rights, you have the right to object, on grounds relating to your situation, at any time to processing of Personal Data concerning you by the Controller for the pursuit of its own legitimate interest. Your objection must be sent to the following address: data.protection@fassabortolo.com, or, in paper format, by sending a written request to the Company, for the attention of the Controller.

The Controller also informs you that you may, at any time, withdraw your consent for certain processing operations with future effect, in the same way as described above. This withdrawal shall not affect the lawfulness of processing carried out before consent was withdrawn.

 

If you believe that the processing of Personal Data relating to you is in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Personal Data Protection Authority, using the references available on the website www.garanteprivacy.it, or to take appropriate legal action.

OUR CONTACT DETAILS

The contact details of the Company (as Controller) are the following: Fassa S.r.l., with registered office in Spresiano (TV), Via Lazzaris 3, tax identification/VAT no. 02015890268, email data.protection@fassabortolo.com; tel. +39.0422.7222; fax. +39.0422.887509.

The Company has a Data Protection Officer (DPO), appointed pursuant to Article 37 of the GDPR, who can be contacted at the following email address:  dpo@fassabortolo.com

 

To exercise your rights, you may contact the Controller at the following addresses: email  data.protection@fassabortolo.com, or, in paper format, by writing a specific request to the Company, for the attention of the Controller.