Fedrigoni

NOTICE ON PERSONAL DATA PROCESSING

Introduction

FEDRIGONI S.p.A., as the Data Controller, attributes great value to respecting the privacy of its interlocutors and is committed to safeguarding it by applying the provisions that European and Italian law establish in this regard. The relevant European legislation on the protection of personal data is the European Parliament’s Regulation no. 2016/679/ EU of 27/04/2016 (GDPR). The content of the information to be distributed to interested parties is shown in articles 13 and 14 of the GDPR.

Personal data is any information concerning an identified or identifiable natural person, the so-called “interested party” (or “data subject”) considering that a natural person can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, data related to the location, an online identifier or one or more characteristic elements of their physical, physiological, genetic, psychic, economic, cultural or social identity.

Principles applicable to personal data processing

The Data Controller processes personal data in compliance with the principles established by the GDPR: lawfulness, correctness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity, confidentiality and lawfulness, informing the interested party that processing of the data is only permissible if and to the extent that there is at least one of the following conditions:

  1. the interested party has given their consent to processing their personal data for one or more specific purposes;
  2. processing is necessary to execute a contract that involves the interested party or to execute pre-contractual measures adopted on their request;
  3. processing is necessary to fulfil a legal obligation to which the data controller is subject;
  4. processing is necessary to safeguard the vital interests of the interested party or another natural person;
  5. processing is necessary to execute a task of public interest or one connected to the exercise of public powers vested in the data controller;
  6. processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, unless the interests or fundamental rights and freedoms of the interested party that require the protection of personal data prevail, particularly if the interested party is a minor.

Characteristics of personal data processing

The Data Controller can process personal data according to the characteristics indicated below:

category of interested partiespurpose of processing data processed legal basis of processingobligation or right to communicate dataconsequences of failure to communicate datamaximum data storage period
potential customers; customerscommercial proposalspersonal data; tax data; tel; e-mail; other contact detailspre-contractual activityrightfailure to receive information on products; failure to sign a contract5 years
customerscommercial relationspersonal data; tax data; tel; e-mail; bank referencescontractual activityobligationfailure to execute the contractthe time needed to manage the contract and any disputes
potential customers; customers; end users general marketing: sending information messages, promotions and events on Fedrigoni products and servicespersonal data; tel; e-mail; other contact detailsconsentrightfailure to receive marketing communications5 years
potential customers; customersdirect marketing: sending information messages, promotions and events on Fedrigoni products and services of interestpersonal data; tel; e-mail; other contact detailslegitimate interest of the Data Controller to offer products in which the interested party has expressed an interestrightfailure to receive marketing communications5 years
potential customers; customersdirect marketing: sending product samples by ordinary mailpersonal data; tel; e-maillegitimate interest of the Data Controller to offer products in which the interested party has expressed an interestrightfailure to receive marketing communications5 years
customerscustomer satisfaction surveys on Fedrigoni products and servicespersonal data; tel; e-mail; other contact detailsLegitimate interest of the Data Controller in making enquiries about customers’ satisfactionrightfailure to participate in the initiativethe time strictly needed to process responses
customers; potential customers; end usersmarket surveys and pollspersonal data; tel; e-mail; other contact detailsconsentrightfailure to participate in the initiativethe time strictly needed to process responses
Customers, potential customers, end userstransfer of data to Fedrigoni Group companies for general and direct marketing purposespersonal data; tel; e-mail; other contact detailsconsentRightfailure to transfer data to Fedrigoni Group companiesfor the expected time for the purpose the information was collected

If the processing is based on consent, the interested party can revoke it at any time, without prejudice to the legality of the processing based on the consent given prior to the revocation.

Where consent is requested for the direct offer via internet of goods or services to minors, processing the minor’s personal data is lawful if the minor is at least 16 years old.

Authors of personal data processing

Authors of processingpurpose of processing
Employees of the Data Controller or any third parties appointed by the Data Controllerpre-contractual and contractual relationships;
possible marketing activities
Employees of the Data Controller or any third parties appointed by the Data Controllerupdating and maintenance of the management systems, software, websites

Transfer of personal data to other countries

The Data Controller can transfer personal data to recipients in countries outside the EU, as long as they ensure an adequate level of protection in accordance with the GDPR.
An interested party who decides to access external sites through the Data Controller’s website (i.e. social networks) is subject to the guarantees and data processing methods of the operators of such sites.

Rights of the interested party

The interested party has the following rights versus the Data Controller:

  1. the right to obtain the information foreseen in art. 13 if the personal data is held by the same Data Controller;
  2. the right to obtain the information foreseen in art. 14 if personal data is not held by the same Data Controller;
  3. right of access (art. 15);
  4. right of rectification (art. 16);
  5. right to cancellation (so-called “right to be forgotten”); (art. 17);
  6. right to restrict processing (art. 18);
  7. the right by which the Data Controller has to communicate to each of the recipients to whom personal data have been transmitted any corrections, cancellations or restrictions on processing that have been implemented, unless this proves impossible or involves a disproportionate effort. On request, the Data Controller informs the interested party about such recipients (art. 19);
  8. right to data portability (art. 20);
  9. right of opposition (art. 21);
  10. right to know if the interest party is subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern them or that significantly affect their person (art. 22);
  11. right to receive notification of a breach of personal data (art. 34).

To exercise these rights, the interested party can send an e-mail to privacy@fedrigoni.com or a registered letter to: FEDRIGONI S.p.A. Via E. Fermi, 13/F – 37135 Verona (I).

The data controller will give the interested party information on the action taken with regard to a request without undue delay and, in any case, no later than one month after receipt of the request. This deadline can be extended by two months if necessary, taking into account the complexity and the number of requests. The Data Controller informs the interested party of this extension, and of the reasons for the delay, within one month of receiving the request.

The interested party can also lodge a complaint with a European Supervisory Authority (see the references of the European supervisory authorities in https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)

References of the Italian Data Protection Authority:
Piazza di Monte Citorio, 121, 00186 Roma. Tel. +39 06 69677 1; fax +39 06 69677 785.
e-mail: garante@garanteprivacy.it; website: http://www.garanteprivacy.it

Data Controller: Fedrigoni S.p.A., Via E. Fermi, 13/F – 37135 Verona (I) Tel. +390458087888

BACK