Privacy policy

Information on personal data processing, pursuant art. 13-14 of the EU Regulation 2016/679

Data subjects: users of website, catalogue, Fapim social media (Facebook and Linkedin pages), Youtube channel, Fapim App


FAPIM S.p.A. with registered office in Via delle Cerbaie, 114 – 55011 Altopascio (Lu) T. +39 0583 2601 F. +39 0583 25291 email:, CEM:, Fiscal number 02224030466, (hereafter “Company” or “Controller”), as Controller of your personal data, pursuant to EU Regulation 2016/679 hereafter ‘GDPR’, informs you herewith that the aforementioned legislation provides for the protection of data subjects with regard to data processing and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.

This privacy statement refers to:

This information is provided pursuant art. 13 of the GDPR to the users (hereafter “Users”) who interact with our Site pages, the App, the Catalogue and the above mentioned social media pages (hereafter altogether called “Pages”).

In particular, we would like to inform you of the following:


The data processed through the Pages can be collected automatically during use (as in the case of navigation data and use of Cookies, internet protocol address (IP); type of browser; parameters of the device used to connect; name of the internet service provider (ISP); date and time of visit; web page of origin of the visitor (referral) and exit; possibly the number of clicks) or can be entered voluntarily by the User (as in the case of Social Media, of any data entry mask or sending of emails or communications to the addresses indicated in the Pages, in such cases the data may be name; email address; any further data spontaneously sent by the user).

The App requires that language, nationality and field of activity among those proposed by the App itself are entered.

Any use of technical Cookies or other tracking tools, unless otherwise stated, aims at granting the User the correct use of the Pages and, with regard to cookies on the Site and App, record their preferences anonymously (the Company is unable to identify users through cookies).

Personal data processed through Social Networks is that related to the profiles of the Users who interact with the Company Pages on the Social Networks mentioned above.

Purpose of the processing is to provide the services requested by the Users through the Pages, responses, release of information and interactions based on the requests of the Users themselves and related to the Company’s activity (production and sale to professionals of solutions and accessories for windows and doors). The data collected through the Pages can then be processed in an exclusively aggregated and anonymous form in order to assess the correct operation of Site and App and for internal statistical analysis, as well as to protect the security of Site, App (antispam filters, firewall, virus detection) and of the Users and to prevent or unmask fraud or abuse, these data are automatically recorded and may also include data (such as the IP address) that could be used, in accordance with the applicable law, to block any attempt of damage or causing damage to other users, carrying out harmful activities or activities constituting a crime. This data is never used by the Controller for the identification or profiling of the User and is periodically deleted. None of this information is related to the natural person-User, and does not allow identification in any way.

In case of a spontaneous sending of personal data to request information about the Controller’s products and services or for a possible purchase of products sold by the Controller, the data will be used for that purpose only (execution of a contract or pre-contractual measures).

Consent is not required for these purposes, but failure to provide some Personal data, could prevent the Company from providing the services requested by Users.

The legal basis is therefore the execution of contracts and pre-contractual measures and the legitimate interest of the Controller with regard to the analysis and security of the Site and the App.

With regard to the types of data processed a detail is provided below by dividing the data into the two following types: a) Data voluntarily provided by the user; b) Browsing data and use of cookies.

  1. a) Data voluntarily provided by the user

The optional, explicit and voluntary sending of e-mails, or of other messaging systems, to the addresses listed on the Pages, implies the acquisition of the sender’s address, necessary to reply to the inquiries, as well as of any other personal data included in the message. With regard to the App, the User can also enter his nationality and the line of business he belongs to. In addition to the data voluntarily provided by the User we point out that the computer systems and software procedures used to operate the App [Apple store, Google Play Store] acquire, during their normal operation, a number of data however referred to the User and whose transmission is implicit in the use of internet communication protocols, smartphones and other devices used. This category of data includes, by way of example but not limited to, the geographical position, the telephone identity, the User’s contacts, e-mails, credit card data. The User can consult the Privacy information available on the following sites:


Google play

  1. b) Browsing and usage data, cookies

The computer systems and software procedures used to operate the Pages acquire, during their normal operation, a number of data however referred to the User and whose transmission is implicit in the use of internet communication protocols. This information is not collected for the purpose of being associated to identified data subjects, but due to its very nature, through processing and association with data held by third parties (e.g. Internet Service Provider or browsers), could allow Users to be identified. This category of data includes cookies (V. infra), IP addresses or domain names of the computers used by Users who connect to the Pages, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the User.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and App and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes. Some detailed information regarding the cookies used are provided below.

What are cookies? Cookies are data created by a server which are stored in text files on the computer ‘s ’hard disk or on any device used by the User to access the Internet (smartphone, tablet etc.) and allow to collect information on the navigation performed by the User on websites and are retransmitted on subsequent visits. Cookies can be used for different purposes, have different characteristics, and can be used both by the owner of the site you are visiting and by third parties. Cookies can be stored permanently on the User’s computer and have a variable duration (so-called persistent cookies), but they can also disappear when the browser is closed or have a limited duration (so-called session cookies). Cookies can be installed by the site you are visiting (so-called first-party cookies) or they can be installed by other websites (so-called third party cookies).

Some information concerning the cookies installed through the Site and the App is provided below, along with the necessary indications on how to manage preferences regarding them. Please refer to the specific table for details on the cookies used.

Cookies used from the Site and the App. (The use of the cookies by the Site owner is part of the Privacy Policy of the same for all the information required by art. 13 and 14 of the EU Regulation 2016/679)

b.1) Technical cookies which do not require consent. The use of cookies refers to activities closely related to the operation of Site and App and to their service delivery. The User is reminded that all technical cookies do not require consent, therefore they are automatically installed upon site or App access. Please refer to the specific table for the complete list of technical cookies.

b.2) Cookies for which consent is required. All cookies other than the technical ones indicated above are installed or activated only upon the consent expressed by the User when Site or App are visited for the first time. Consent can be given or denied selectively for each item by interacting with a brief information banner on the landing page of the Site or the App in the way indicated in the banner or in the way indicated below. This consent is tracked on the occasion of subsequent visits. However, the User always has the option to revoke all or part of the consent already expressed.

The cookies other than the technical ones are divided into profiling Cookies and Cookies managed by third parties. Site and App do not use profiling cookies. The Site uses third-party cookies, specifically the Google cookie, Google Analytics, Google Tag Manager. More details are available in the specific table of the cookie policy.

The User can manage the cookie preferences also through the browser. If he does not know the type and version of the browser he is using, by clicking on “Help” on top of the browser window he can access all the required information. If the User knows his browser, by clicking on the one he is using he can access the cookie management page.

With regard to the use of the navigation and use data and cookies from the Social Networks, please refer to the privacy policy of the latter, as in this case processing is performed as autonomous “Controllers”.

With regard to the Facebook Insights service, we wish to highlight the following: Joint-control of the processing of the statistical data with Facebook. Concerning the company Pages on Facebook, the “Facebook Insights” service of the Page is a function offering aggregated data which help understand how people interact with the Facebook Pages. With regard to the Facebook page, FAPIM S.p.A. is Joint Controller of the processing of the statistical data together with Facebook Ireland Limited (“Facebook Ireland”). On the page you can consult the appendix on the Controller of the processing for Insights of the Facebook Page, clarifying the division of responsibilities between Facebook Ireland and FAPIM S.p.A. as the administrator of the page On this page you can consult the Facebook data legislation and find, among other information on the kind of information that Facebook collects, how such information is used by Facebook, how it is shared, the legal basis for data processing, how to exercise the rights provided for by the GDPR, the contact details of Facebook Ireland regarding the protection of personal data, the contact details of the Data Protection Officer for Facebook Ireland, the Facebook visitor’s rights provided for by the GDPR and the data retention n period. On this page you can also consult the legislation on Facebook cookies.

Regarding the processing modalities the Company processes Users’ Personal Data by taking the appropriate security measures to prevent unauthorized access, disclosure, alteration, substraction or destruction of Personal Data. Processing is carried out by means of IT and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Controller, sometimes special categories of persons involved in the organization of the Site (staff expressly authorized to the processing) or external subjects (as better specified in the session “Data communication and transfer”) may have access to the Data.

  • The Data is processed and stored for the time required by the purposes which it was collected for. Therefore:
  • Personal Data collected for purposes related to the execution of a contract and pre-contractual measures between the Controller and the User will be retained until the execution of such contract is completed. This includes, for example, inquiries the User can obtain by sending e-mails to the addresses indicated on the Pages.
  • Personal Data collected to fulfil a legal obligation will be retained under the terms established by law.
  • Personal Data collected for purposes related to a legitimate interest of the Controller will be retained until satisfaction of such interest . This includes, for example, the data processed for security purposes and traffic analysis on Site and App, and in particular: the data ( IP address) used for security purposes (block damaging attempts) are retained for 30 days and the data for internal (statistical) analysis purposes are retained anonymous and aggregated for 24 months
  • With regard to the duration of the Cookies processing, please refer to the appropriate table.

At the end of the retention period the Personal Data will be deleted or anonymized, unless there are additional purposes for the retention of the same. Therefore, upon expiration of such term, the right to access, cancellation, rectification, as well as the right to data portability can no longer be exercised.


the Company does not make personal data available to any other subject but to the persons authorized to process them within the company itself and only where necessary and for the purposes indicated in this statement. Data can be communicated to external subjects (such as third party technical service providers, hosting provider, IT companies, communication agencies) appointed, if necessary, Data Processors by the Controller. The updated list of the Data Processors can be requested at any time to the Data Controller. The Data can be disclosed to third parties who perform functions necessary or instrumental to the operation of the services provided and to enable third parties to carry out technical, logistical and other activities on behalf of the Data Controller. Suppliers can have only access to personal data that are needed to perform their duty, undertake not to use the Data for other purposes and are required to process personal data in accordance with the regulations.

The Company has some subsidiaries/affiliates abroad (both within and outside the EU) whom it can transfer aggregated data anonymously or personal data to meet the requests of the Data Subjects. Some of these jurisdictions may be unable to guarantee the same level of data protection guaranteed by the country where the Data Subject resides: in this case, the Company undertakes to ensure that the data is processed in the strictest confidence by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.

Part of the data is collected and managed by Google Analytics.

The complete and updated list of the Data Processors, appointed in accordance with art. 28 of the EU Regulation 2016/679, is available at the Company’s headquarters.

The Data Controller manages and stores the Data mentioned above at the organization’s registered office and on servers located in the EU territory; it is understood that the Controller, if necessary, has the right to move the location of the servers: in this case, the Controller ensures that transfer would take place in accordance with the law provisions and stipulating, if necessary, specific agreements with an adequate level of protection.


The Data Subject can, at any time, exercise his rights towards the data controller in accordance with the provisions of the EU Regulation 679/2016 and in particular: access to data – art. 15 GDPR; rectification of data – art. 16 GDPR; deletion of data – art. 17 GDPR; limitation of data processing – art. 18 GDPR; portability of data – art. 20 GDPR; opposition to data processing – art. 21 GDPR; request not to be subjected to a solely automated decision-making process, including profiling – art. 22 GDPR; the GDPR also provides for the possibility for the data subject to exercise additional rights such as: withdrawal of consent – art. 7 point 3 GDPR; propose a complaint to a supervisory authority – art. 77 GDPR.

The data subject can exercise the rights contemplated by the Regulations by contacting the Data Controller at the addresses indicated above or by e-mail to .


this statement may undergo variations; you can view the updated version at any time by connecting to the website

Altopascio, 2019/05/20 The Data Controller     FAPIM S.p.A.


adminPrivacy policy