Data Subjects: Visitors to this website
FAPIM S.p.A., as the Data Controller of your personal data, in the person of its legal representative, pursuant to and for the purposes of Regulation (EU) 2016/679 (GDPR), hereby informs you that the above-mentioned legislation provides for the protection of persons and other subjects with regard to the processing of personal data and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights.
Your personal data will be processed in accordance with the legal provisions of the legislation referred to above and the confidentiality obligations therein. The websites referred to are the following:
Website security measures: Specific security measures have been adopted for the management of the website to ensure secure user access and to protect the information contained on the website from the risk of loss or destruction, including accidental.
An identification code and password will be assigned to the data subjects who request access to the reserved part of the website; these passwords are generated in order not to contain references that can be easily traced back to the associate to avoid possible fraud. Users are required to keep their passwords confidential.
Processing Purposes: In particular, your data will be processed for the purposes described in the following sections; if they relate to legislative or contractual obligations, you are simply required to read the policy; if, on the other hand, they relate to other purposes, the provision of the data will be optional for you, and any refusal to process it will not compromise the continuation of the relationship or the appropriateness of the processing itself.
In general, User data is collected to enable the Data Controller to provide its services, as well as for the following purposes: contacting the user, sending e-mail messages, interaction with social networks, statistical purposes and displaying content from external platforms.
In particular, reference is made to the following channels:
The types of Personal Data used for each purpose are indicated in the specific sections of this document. The Personal Data collected through this website refer to:
- Browsing and usage data, cookies
- Data provided voluntarily by the user
The Personal Data collected may relate either to the User or to third parties of which the User provides data.
The User assumes liability for the Personal Data of third parties published or shared through the website and guarantees that he/she has the right to communicate or disseminate them, thus releasing the Data Controller from any liability towards third parties.
For the purposes of the following processing operations, the Data Controller may become aware of data defined as special, i.e. sensitive or legal in accordance with the Privacy Code, when necessary for the purposes specified below, and in particular:
- E-mail address and Telephone number,
- Personal and/or billing data,
- Other data you voluntarily provide (e.g. by filling in forms in the “Work with us” section or by sending CVs by e-mail).
Your sensitive data to be processed are only those strictly pertinent to the obligations, tasks or purposes described above and will be processed in compliance with the indications contained in the relevant General Authorisations of the Data Protection Authority.
- Browsing data.
The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data the transmission of which is involved in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or the domain names of the computers used by users who connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning. The data could be used to ascertain liability in case of computer crimes against the website.
Like practically all websites, ours also uses certain cookies. Cookies are small text files that the websites visited by the user (but also other websites or web servers) send and store on the user’s computer (or mobile device), and are then transmitted back to the same websites (or web servers) when the user visits them again, thus sending information.
Cookies are becoming fundamental in enabling modern websites to function at their best, allowing for maximum personalisation, interaction and smooth browsing. However, they can also be used to monitor the user’s browsing patterns and then send advertising messages in line with those patterns.
Cookies may be:
- session (if they expire when the browser is closed) or permanent (they remain until a time limit, even years, has elapsed);
- first-party or third-party (in the latter case they are set up by a website or web server other than the one the user is currently visiting);
- technical (necessary, sometimes essential, for a complete – or better – use of the website) or profiling (aimed at creating a user profile, and then sending advertising messages in line with the preferences expressed by the same during browsing).
The Privacy Authority considers technical cookies to be session cookies, functionality cookies and – only under certain conditions – analytics cookies; in particular, the Authority, in its order of 8 May 2014, specified that the latter can be assimilated to technical cookies only if they are used to optimise the website directly by the website owner, who may collect information in aggregate form on the number of users and how they visit the website.
For more information on the types of cookies, their features and functioning, go to the websites http://www.allaboutcookies.org, www.youronlinechoices.com, http://cookiepedia.co.uk and the specific provision of the Privacy Authority mentioned above.
- Data provided voluntarily by the user.
Sending of e-mails to the addresses indicated on the website
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message.
Contacts (to request information)
The “CONTACTS” page of the website allows data subjects to request information by sending an e-mail to the contact details provided, which involves the disclosure of certain personal data (such as name and surname, company name, e-mail address, other logistical information, etc.). Such data will be processed, manually and also through the use of computer instruments by specially appointed personnel of FAPIM, exclusively to respond to the user’s request. The personal data provided helps the company respond to your request and offer you a better service, and will be kept for the time strictly necessary. Please note that you may exercise the rights indicated in the section entitled “DATA SUBJECT’S RIGHTS” at any time by contacting the Data Controller directly.
Publication of photos and videos (sections ABOUT US, FAPIM PEOPLE and OUR BUSINESS NETWORK)
The website and/or the social pages related to the same, allow data subjects to view their photos and videos, collected during events, projects or company visits. Such data will be processed by FAPIM for purposes related to the presentation of its staff and collaborators, also in connection with the organisation of events. The processing will be carried out with computer and telematic tools in a manner strictly related to the above-mentioned purposes. The data will be processed until explicit consent is withdrawn and will then be deleted, unless otherwise indicated by the data subject. The provision of data is optional; it is possible to request the removal of such data from this website and from company archives. The data is disclosed only on this website and associated social pages and will be processed exclusively for the aforementioned purposes by specially appointed personnel. The data subject is asked, after assessing the above, to provide us with his or her consent to the processing (by means of an explicit request during the recording of photos and videos and the completion of an appropriate release, in the case of events not considered public). The data subject may at any time exercise the rights recognised by current legislation on the protection of personal data by contacting the Data Controller.
The website allows data subjects to forward their application by entering some personal data (such as personal details, e-mail, telephone number) and attaching their Curriculum Vitae. Such data will be processed by FAPIM for purposes related to the assessment of the application and to plan a possible interview with the data subject. The data will be processed using computerised and telematic instruments in a manner strictly related to the purposes indicated above. The data will be processed until the explicit consent is revoked and will then be deleted, unless otherwise indicated by the data subject. The data will not be disseminated and will be processed exclusively for the aforementioned purposes by specially appointed personnel. The data subject may exercise the rights recognised by current legislation on the protection of personal data at any time by contacting the Data Controller. Applications may also be sent through external platforms (e.g. Linkedin), but the purposes and methods of data processing are similar.
Processing Methods: Processing is carried out using appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. In particular, the processing is carried out by means of:
- IT tools, with organisational methods strictly related to the purposes indicated above;
- Outsourcing of processing operations to third parties;
- Analysis and profiling for in-house use of user patterns of use for statistical purposes.
All processing is carried out in accordance with Chapter II of Regulation (EU) 2016/679.
Disclosure: your data will be stored at our premises and will be disclosed exclusively to the subjects responsible for carrying out the services required for the proper management of the relationship, with guaranteed protection of the data subject’s rights.
Your data will only be processed by personnel expressly authorised by the Data Controller and, in particular, by the following categories of appointees:
- Management and secretariat;
- Department/office managers;
- Administrative, HR, commercial, IT, production management;
- other employees within the limits of the assignments received and the company procedures.
In addition to the data controller and internal staff, in some cases external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data. Your Data may be disclosed to third parties, in particular to:
- Consultants and freelancers, also in associated form;
- to other parties (companies and consultants appointed for this purpose) who provide services for purposes ancillary to the relationship between you and FAPIM to the extent strictly necessary to carry out tasks such as: tax compliance, accounting, information systems management, financial services, debt collection.
Dissemination: without prejudice to the absolute ban on dissemination of data disclosing health status, the data may be disseminated, in the manner described above, to:
- This website and/or social pages related to it, limited to photos or videos collected subject to the explicit expression of consent by the data subject.
Storage: The data processing associated with this website’s web services takes place at the company’s headquarters and possibly on platforms for which the data controller has verified that management is compliant, and is carried out by technical personnel in charge of processing.
Your personal data will be stored in the manner indicated above, for the minimum period of time required by law and by contract, or until you request deletion. At the time of collection, the data will be stored in the reference folders on the company’s IT systems and/or in paper files. At the time of deletion, the data may still be retained but anonymised.
The Data Subject’s Rights: Every data subject has the right to obtain from the data controller the deletion, communication, updating, rectification, integration of his or her personal data, as well as, in general, the right to exercise all the rights provided for by Article 7 of the Privacy Code and Chapter III of the GDPR, Articles 12 to 23, including the right to lodge a complaint with the Data Protection Authority.
Specifically, as defined in EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – The Data Subject’s Rights:
- The data subject has the right to obtain confirmation of the existence or non-existence of his or her personal data, even if not yet recorded, disclosure of such data in an intelligible form and the possibility of lodging a complaint with the Data Protection Authority.
- The data subject has the right to be informed:
- of the source of his or her personal data;
- of the processing purposes and methods;
- of the logic applied in the event of processing carried out with the aid of electronic instruments;
- of the identity details of the data controller, data processors and the representative designated pursuant to Article 5, paragraph 2;
- of the entities or categories of entities to whom the personal data may be disclosed or who may become aware of the data in their capacity as designated representative in the territory of the State, data processors or persons in charge of processing.
- The data subject has the right to obtain:
- updating, rectification or, when interested, integration of the data;
- deletion, transformation into anonymous form or blocking of data processed in breach of the law, including data that need not be kept for the purposes for which the data was collected or subsequently processed;
- certification that the operations referred to in points a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been disclosed or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared to the right protected;
- portability of the data.
- The data subject has the right to object, in whole or in part:
- for legitimate reasons to the processing of his or her personal data, even if pertinent to the purpose of collection;
- the processing of his or her personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
Other information on the processing:
The User’s Personal Data may be used to defend the Data Controller against misuse of the website or related services by the User in legal proceedings or in the preparatory stages of such proceedings.
Specific Privacy Policies
Specific privacy policies may be presented on the Website pages in connection with particular services or processing of Data provided by the User or the Data Subject.
The User’s Personal Data may be processed in additional ways and for additional purposes related to site maintenance.
For operation and maintenance purposes, this website and any third-party services used by it may collect system logs, i.e. files that record interactions – including browsing – and may also contain Personal Data, such as IP addresses.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller.
Linking to third-party websites
The Data Controller is not liable for the processing of personal data that may be carried out by websites to which this website is linked.