Slide privacy_1.jpg

PRIVACY STATEMENT PURSUANT TO EU REGULATION 2016/679 (GDPR) 


Pursuant to the applicable privacy legislation (the term “applicable privacy legislation” shall be understood to refer to the Italian Privacy Code – Legislative Decree no. 196/2003 and subsequent modifications – and the European Regulation no. 679/2016), the undersigned company Fatro S.p.A. registered in Ozzano dell’Emilia (Bologna), Italy, Via Emilia no. 285, in the person of the pro tempore legal representative, acting as the Data Controller on behalf of the aforementioned company, hereby provides the following information regarding the processing of your and/or that of your company personal data voluntarily supplied and/or otherwise collected from the Data Subject (via contracts or orders, whether verbal or otherwise, business cards, e-mail or websites).

All such data processing activities shall be deemed legitimate pursuant to article 6, paragraph 1 letters b), c) and f) of European Regulation no. 679/2016 (hereafter also the “GDPR”), to the Italian Legislative Decree no. 196/2003 and to the Italian Legislative Decree no. 51/2018.

1. Object and purpose of the intended processing of the personal data and the respective legal basis

Fatro S.p.A., acting as Data Controller, hereby informs you that your directly communicated personal data and/or that of your company (hereafter referred to as the “Company”), its legal representative and its employees (in particular: see paragraph 3), will be processed solely for the purposes of executing inter partes contracts, orders or services or of the legal relationship with Fatro S.p.A. (art. 13, paragraph 1, lett. c) of the GDPR), (hereafter referred to as the “Contract”).

In particular, the personal data that Fatro S.p.A. subjects to processing shall correspond exclusively those supplied by you during the course of negotiations and/or executing the Contract. These data shall be processed exclusively for the following purposes: fulfilling and executing the Contract and carrying out all activities necessary to meet any reciprocal obligations arising from the above-mentioned contractual agreement; fulfilling any specific requests arising before the conclusion of the current contract with the Company; fulfilling financial, administrative, technical and/or accounting obligations; management of the Contract (customer administration; administration of contracts, orders, shipping and invoicing; reliability and solvency checks, credit transfers, requests for information); litigation management (breaches of contract; injunctions; transactions; credit recovery; arbitration; legal litigation and disputes); internal auditing services (safety, productivity, service quality and asset inspections).

It is essential that such data be communicated to Fatro S.p.A. in order to establish and execute the contractual relationship to which the Company becomes a party upon signing the Contract (art. 6, paragraph 1, lett. b) of the GDPR), with particular reference to all the specific services associated with the establishment and correct execution of the above-mentioned contractual relationship. Therefore, failure to communicate such data shall render it impossible to proceed with the Contract and, hence, the establish and execute said Contract.

2. Your personal data will be processed by Fatro S.p.A. for the following purposes:

a) fulfilling the pre-contractual and contractual obligations deriving from the stipulation of the Contract;

b) complying with the provisions of law and regulations (national or community) or implementing orders issued by Judiciary Authorities to which the Data Controller is subject;

c) exercising the rights of the Data Controller, especially the right to defend itself in a court of law;

d) marketing activities, such as the distribution of material analogous to that covered by the Contract, sending information - including that required by the law - as well as newsletters and publications of both an informative and promotional nature, including via e-mail.

The provision of data for the purposes set out in the preceding sections a), b) and c) is not mandatory, however failure to provide such data and/or the expressed refusal to grant permission to process them shall render it impossible for the Data Controller to execute and fulfil the terms of the Contract or legal relationship, or result in the risk of failure to comply with the requests of the relevant Authorities.

The provision of data for the purposes set out in section d) is optional, which means that, should you wish, you can contact Fatro S.p.A. at the following e-mail address: privacy@fatro.it and ask to be cancelled from the list so that you no longer receive any form of promotional, direct marketing material, etc.

3.  Nature of the processed data

The data processed for the purposes set out in paragraph 2, above, shall be limited to the personal data of the Company, those of its legal representative and, where necessary, those of the Company’s employees, and consist, specifically, of: personal, financial, postal (including e-mail addresses), banking and accounting data. Such categories may include, but not be limited to: name and surname, national insurance number, VAT number, residence and domicile, place of work, e-mail or certified e-mail address, telephone and fax numbers, etc.

4. Data processing methods

The personal data supplied by the Company to Fatro S.p.A. are processed according to the set of the operations stipulated in the applicable regulations, i.e.: “collection, recording, organisation, storage, consultation, adaptation,  alteration, retrieval, selection, retrieval, comparison, use, interconnection, communication, erasure or destruction”.

The personal data provided are processed in paper, computerised and telematic formats and stored in the respective registries and databases (administration, accounting, commercial, technical, marketing, etc.), using technical and organisational systems such as to guarantee a level of security sufficient to protect against the risks set out in art. 32 of the GDPR. Such systems are implemented by specifically authorised personnel, pursuant to art. 29 of the GDPR, i.e. employees and/or collaborators of Fatro S.p.A. in their capacity as authorised personnel and/or delegated internal supervisors and/or system administrators, whose activities include consultation, use, adaptation, comparison and any other operation that may be necessary, through the use of electronic or computerised systems pursuant to the legislation necessary to guarantee, among other aspects, the confidentiality and security of the data, as well as ensuring they are correct, up to date and pertinent to the declared purposes and methods.

In particular, it should be noted that, pursuant to art. 13, paragraph 1, lett. e), your personal data may be processed by authorised Fatro S.p.A. personnel and/or internal supervisors and/or external data processors (in the person of professional individuals and/or professional associations or organisations), especially those assigned to accounting, financial, administrative, technical, commercial, legal and marketing duties.

Moreover, the undersigned company declares that your data will not be transferred to another country, as set out in art. 13, letter f) of the GDPR and Italian Legislative Decree no. 51/2018; if, for any reason, it is necessary to transfer your data to another country, it shall be the responsibility of the Data Controller and the Data Processor to ensure that the conditions established by the provisions of the applicable privacy regulations governing the transfer of personal data to third countries or international organisations are observed.

With regard to the processing operations it is hereby confirmed that your data will not be disclosed to third parties. The data processing operations are not automated.

5. Categories of recipients of personal data

In order to fulfil the purposes set out in paragraph 2, the personal data you supply may be rendered accessible to:

a) employees and collaborators of the Data Controller or other companies of the Fatro Group, as persons authorised to process the personal data;

b) third parties assigned to carry out activities on behalf of the Data Controller, including in outsourcing, in their capacity as external Data Processor;

c) judicial authorities and watchdogs, public administrations, bodies and organisations (national and international).

Furthermore, your data may also be communicated to the following categories of subjects: State Administrations, Regional Administrations, Credit Institutes, Insurance companies, Auditing companies, Financial administrations, Financial assistance centres, Judiciary authorities, Management and Control bodies, partners and/or shareholders, trade fair organisations, freelance professionals. They may also be communicated to travel agents in the event of company or Group meetings, as well as business organisations and public bodies and organisations.

Your basic personal data (in particular, name, surname and position) may also be communicated to subsidiary companies of the undersigned company, included those situated in other countries, as well as companies or bodies with which the company has assumed contractual obligations, in accordance with the guarantees stipulated by the privacy legislation and the Privacy Code.

The list of external Data Processors is available at the registered office of the Data Controller.

6. Data storage limitations

Fatro S.p.A. states that, in respect of the principles of lawfulness, limitation of use and storage and minimisation of data, pursuant to art. 5 of the GDPR, your data will only be stored for the time necessary to fulfil the purposes for which they were collected and processed, i.e. for the duration of the Contract and, in the event of termination of same, for a period not exceeding 10 (ten) years following the conclusion of said contractual relationship.

Upon expiry of the above-mentioned storage period, your data will be erased from every database, application and physical archive in which they have been registered and stored.

7. Rights of Data Subjects

Lastly, Fatro S.p.A. confirms that all your rights, as set out in Sections II and II of the GDPR, are guaranteed, in particular, the right to obtain information about your data, the right to access your personal data, the right to request rectification, the right to restrict processing, the right to request updates and erasure if incomplete, incorrect or collected in breach of the law, as well as the right to object to processing on legitimate grounds, submitting your request to the Data Controller, Fatro S.p.A., in the person of the pro tempore legal representative and the Data Processor.

To exercise any of the rights listed above, please send an e-mail to:privacy@fatro.it.

None of the above shall prejudice your right to lodge a complaint with the Italian Data Protection Authority at Piazza Venezia no. 11, 00187, Rome, as specified in art. 13, paragraph. 2, lett. d) and pursuant to article 77 and subsequent articles of the GDPR.

Fatro S.p.A. has nominated the lawyer, Floriana Francesconi, as its DPO, who may be contacted via e-mail at: dpo@fatro.it.

Please note that the Privacy Policy may be modified from time to time in the event any additional services are activated or in the event of changes in the applicable legislation, therefore we recommend that you check the company website for modifications at regular intervals.