INFORMATION SUPPLIED BY FELSINEO SPA WITH REGARD TO THE EFFECTS REFERRED TO THE ARTICLE 13 REG. EU 679/2016
In compliance with the provisions of EU Reg. 679/2016, herewith, FELSINEO SPA with registered office in Via c. Masetti, 8-10, Zola Predosa (BO) VAT No. IT00499291201, provides to those who consult the pages of the website the necessary information regarding the purposes and methods of processing personal data.
This information is to be considered valid only for this website (www.felsineo.com) and not for other websites that may be consulted via links therein; for the processing of data carried out by such third-party sites, FELSINEO SPA is not to be considered in any way responsible.
Users are informed that the hosting of this website is provided by the company Welcome Italia SpA, with registered office in Via Montramito, n. 431 55054 – Massarosa (LU), Tax Code / VAT No. IT01059440469, whose servers hosting the website are located in Italy.
2. TYPES OF DATA PROCESSED
Regarding only aspects of technical nature and protocols, we wish to inform you that:
- The computer systems and software procedures used to operate this website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
- This information is not collected to be associated with identified interested subjects, but for their own nature could, through processing and association with data held by third parties, allow Users to be identified.
- This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the IT environment of the User.
- These data can be used to ascertain any liability in the event of hypothetical computer crimes against the website.
Data provided voluntarily by the user
Following consultation of this website, data relating to identified or identifiable people may be processed. In particular, it specifies that such processing may take place in relation to personal data freely provided by the Users who send to the data processor personal information through the contact details present on the website (www.felsineo.com), such as, for example, the corporate email address. In fact, the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary in order to respond to the requests made, as well as any other personal data included in the message.
It should be noted that, in no section of the site, nor for access to any site functionality, is required to provide “special categories of personal data” and / or “personal data relating to criminal convictions and crimes”, as defined by art. 9 and 10 of the EU Regulation 679/2016. If the User spontaneously sends these type of information to the data controller, the data controller will process these data in compliance with the current legislation on the protection of personal data (EU Regulation 679/2016) and within the limits of what is strictly necessary in relation to the requests expressed by the User concerned.
In general, with regards to the data voluntarily provided by the User, the data controller wishes to inform Users that EU Reg. 679/2016 (and Legislative Decree 196/2003) provide for the protection of natural persons with respect to the processing of their personal data. According to this legislation, the processing of data will be based on principles of correctness, lawfulness and transparency, protecting the privacy and rights of the data subjects.
3. ADDITIONAL INFORMATION
In accordance with EU Regulation 679/2016, we also provide you with the following information:
a) The process that the Data Controller may carry out will be performed by electronic means, pursues the purposes of verifying the requests of the users, as well as the possible development of the contact for commercial / professional purposes and is based on the legitimate interest of the Data Controller to develop the business of the company ( Article 6, paragraph 1, let. f), GDPR). If the user uses the chat service on the website www.felsineo.com he will receive a specific informative for the processing of the data transferred to Felsineo SpA.
b) The User is free to provide his / her own information by sending them to the data controller through the contact details found on the website (www.felsineo.com). The voluntary sending of personal data automatically involves the declaration of acknowledgment of this informative and the release of explicit consent to the processing of the aforementioned data for the purposes referred to in letter a).
c) The User’s personal data will be processed by subjects specifically appointed by the data controller as responsible for the data processing and / or by anyone acting under his authority and having access to personal data; these subjects will process the data only when necessary in relation to the purposes of the bestowal and only within the context of the processing of the tasks assigned to them by the data controller, committing to treat only the data necessary to perform these tasks and to perform only the operations necessary for the performance of the same.
Furthermore, personal data may be disclosed to any third parties only if strictly necessary to provide specific services or information requested by the User or to obey legal obligations.
Finally, it should be noted that the data controller may use internal or external computer technicians for occasional maintenance, updating or assistance, in the event of malfunctioning, of the website.
The data communications described above are strictly connected to the normal company operations in the context of managing the relationship with the user and are strictly necessary for the purposes for which the data were provided.
c1) the data controller will not transfer personal data to a third country or an international organization. If this should occur in the future, the data controller is committed to carry out the processing only in the presence of appropriate guarantees.
c2) in compliance with the Provision “Measures and precautions prescribed to the holders of the processing carried out with electronic instruments relating to the attributions of the functions of system administrator – 27 November 2008“ (GU n. 300 of 24 December 2008) and related additions and modifications, the data controller has appointed specific “System Administrators” who, as part of their duties, will be able to access, even indirectly, services or systems that process or allow the processing of personal information.
c3) except as above, the data will not be communicated to other third parties, without asking you your express consent in advance.
Your personal data will not be disclosed.
d) The data will be stored for the time necessary to achieve the purposes for which they were conferred and in a form that allows the identification of the interested party for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed, after which, unless expressly confirmed by the interested party, they will be deleted, save their transformation into anonymous form.
e) The personal data provided will not be processed in order to carry out an automated decision-making process (c.d. profiling).
f) Whether the personal data provided must be processed for purposes other than those indicated above, the Data Controller will provide you with information regarding this different purpose and any other pertinent information.
The Data Controller, taking into account the state of the art and the implementation costs, as well as the nature, the scope of application, the context and the purposes of the processing, both when determining the means of processing and at the time of processing itself, has implemented adequate technical and organizational measures, aimed at effectively implementing the data protection principles and integrating the necessary guarantees into the processing in order to meet the requirements of EU Regulation 679/2016 and to protect the rights of the subject interested.
The data will be processed using methods and tools that guarantee security (art. 24, 25 and 32 of the EU Regulation 679/2016) and will be carried out using IT methods that will be applied to all technical and organizational measures to guarantee a level of security adequate to the risk, so as to ensure, on a permanent basis, their confidentiality, integrity, availability and resilience of the treatment systems and services (by way of example but not exhaustive: checks both the assignment of tasks to the persons in charge of processing of data and the classification of the data itself, procedures, if sustainable, of encryption, disaster recovery mechanisms, etc.).
The data controller is: FELSINEO SPA with registered office in Via c. Masetti 8-10 Zola Predosa (BO), P.I. n. 00499291201, Telephone: +39 051 3517011, Fax: +39 051 3517101, Website www.felsineo.com, E-mail: firstname.lastname@example.org, PEC: email@example.com (above and below defined as data controller).
According to the art. 28 of the REG. EU 679/2016, the Data Controller may use third parties that process data on its behalf and formally appointed by it as data processing managers. The complete and updated list of those responsible for the processing of the designated data can be consulted by sending a request to the email address firstname.lastname@example.org.
According to the art. 29 of the REG. EU 679/2016, the Data Controller may use anyone acting under his authority and / or the appointed manager; these subjects will be duly instructed.
The Data Controller has not designated the D.P.O. (art. 37 REG. EU 679/2016 and WP Guidelines article 29 of 13th Dec 2016), as a legally non-mandatory figure within the structure, given that the characteristics of the treatments do not fall within the cases referred to in the cited article 37.
4. RIGHTS OF THE INTERESTED PARTY
The Data Controller also informs that:
a) The subject interested party has the right to request the Data Controller access to his personal data and the correction or the cancellation of the same or the limitation of the treatments concerning him or to oppose to their processing, in addition to the right to data portability ( Article 15, Article 16, Article 17, Article 18, Article 20 of the EU Regulation 679/2016). With the exercise of the right of access, the subject interested has the right to obtain from the data controller the confirmation that the processing of personal data concerning him is taking place, while the exercise of the right to portability allows the interested party to obtain from the data controller the personal data in a structured format, for common and legible use and the transfer of said data from the original data controller to another (see WP 242 of 13.12.2016). The aforementioned rights may be exercised by sending an email communication to: email@example.com or by writing via ordinary mail to the registered office of the owner.
b) The subject interested is entitled, in case the processing is based on Article 6, paragraph 1, letter a), or on Article 9, paragraph 2, letter a), to revoke the consent at any time without prejudice the lawfulness of the processing based on the consent given before the revocation.
c) The interested subject has the right to complaint with a supervisory authority.
d) The interested subject has the right to become aware, by the data controller, without unjustified delay, of a violation of his personal data likely to represent a high risk for the rights and freedoms of natural persons (art. 34 REG. EU 679/2016).
e) For reasons connected to his particular situation, the interested subject has the right to object to the processing of his personal data (Article 21 of EU Regulation 679/2016).
The full text of the articles of the REG. EU 679/2016 relating to your rights (articles 15 to 23 inclusive) can be consulted at any time on the following link on the website of the Authority for the Protection of Personal Data:
or, alternatively, they will be provided by the Data Controller upon your simple request, by sending a communication to the addresses indicated above.
In the event of any updates or changes to this document, Users will be placed in a position to understand and evaluate the changes made, by comparing the various versions of the information that may have occurred over time, as the previous versions of the document will still be available for consultation by the Users on the website.
In the event of non-acceptance of the changes made to this privacy statement, the User is required to cease using this website and request the data controller to delete his or her personal data by sending a specific communication to the data controller, to the addresses indicated above.
In the case of questions, comments and requests regarding this privacy statement, we ask Users to contact us at the following addresses: Fax: +39 051 3517101 / E-mail: firstname.lastname@example.org, PEC: email@example.com.
Date of last modification 11th June 2019