The company Fassa UK Ltd with registered office in Fassa House - Ashchurch Business Centre, Alexandra Way, Ashchurch - Tewkesbury GL20 8TD (United Kingdom), VAT Registration No GB 186 5447 69, as data controller (hereinafter referred to as the "Company") is committed to protecting the personal data of the user (hereinafter, "User" or, in the plural, the "Users") of the website https://www.fassabortolo.co.uk/. As data controller, the Company is required to provide the User with certain information regarding the processing of personal data pursuant to Article 13 of the UK GDPR (i.e. the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) and to Article 13 of Regulation (EU) 2016/679 (the "GDPR").
WHAT PERSONAL DATA MAY BE PROCESSED
Through the Website, the following types of User's data may be processed (hereinafter also jointly referred to as "personal data").
A) Browsing data and cookies
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified subjects, but which by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses of the computers used by Users who connect to the Website, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system used. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain liability in the event of any computer crimes to the detriment of the Website.
B) Personal data voluntarily provided by the User
The Company processes certain personal data that may be provided voluntarily by Users:
- to request registration to the Private Area on the Website (first name, last name, telephone, e-mail address, profession, province company/firm, city company/firm - mandatory fields - company name, role in the company - optional fields);
- to send unsolicited applications in the ["Work with us "] area on the Website: please refer to the specific “candidate privacy notice”;
- to register for webinars, as part of the FassAcademy (first name, last name, company, residence/domicile address, city, zip code, province, telephone, profession, e-mail address);
- to download data sheets, DoPs (declaration of performance), MSDSs, and product certificates in the appropriate section on the Website (e-mail address);
- to request information and technical assistance in the dedicated area on the Website (first name, last name, profession, intervention location, company, address, province, zip code, city, state, telephone, e-mail address, subject of the request - mandatory fields - fax, website - optional fields).
Or personal data that can be sent to the Company by e-mail or otherwise using the contact details provided on the Website.
FOR WHAT PURPOSES MAY PERSONAL DATA BE USED
A) Management of the User Private Area on the Website.
The Company may process the User's personal data in order to (a) follow up on the requested registration to the Reserved Area on the Website, (b) to allow the User to view videos of training events organized by the Company, download brochures and technical - informative material, (c) carry out the activities preliminary and consequent to the management of the User's Reserved Area.
Basis for processing: fulfillment of a contractual obligation or execution of pre-contractual measures. The provision of personal data is mandatory; in default, it will not be possible to complete the registration to the User's Reserved Area as well as to access the related services.
B) Handling of requests for information and technical assistance submitted by the User through the appropriate section on the Website.
The Company may process the User's personal data to execute a contract or pre-contractual measures, to handle and respond to requests for information and technical assistance submitted through the affixed section on the Website.
Basis for processing: fulfillment of a contractual obligation or execution of pre-contractual measures. The provision of personal data is obligatory; failing this, the Company will not be able to respond to the User's requests or execute the contract or contractual measures to be taken at the User's request.
C) Management of the User's application submitted in the "Work with us" section.
The Company may process the User's personal data in order to manage the spontaneous application submitted by the User in the ["Work with us "] section on the Website; the specific "candidate privacy notice", can be found here.
D) Sending promotional communications via e-mail.
The Company may process personal data for marketing purposes to promote promotional initiatives and events including through automated contact methods (e.g., e-mail address).
Basis for processing: the User's consent, pursuant to Art. 6, par. 1, lett. a) of the GDPR and the UK GDPR, which can be revoked at any time by using the unsubscribe button present in the promotional communications sent by email, as well as by using the contact details below in the "Contact" section. Failure to provide consent has no consequences other than the impossibility for the User to receive promotional communications.
E) Sending communications for the promotion of products and services similar to that of a previous purchase, pursuant to and within the limits allowed by relevant laws.
The Company may process the User's e-mail address to send promotional communications and material related to similar products covered by a previous purchase under which the User's e-mail address was collected.
Basis for processing: the legitimate interest of the Company pursuant to art. 6(1)(f) of the GDPR and the UK GDPR in maintaining an effective contractual relationship with the User. The User may object at any time by using the unsubscribe button found in promotional communications sent via email, as well as by using the contact information below in the "Contact" section.
F) Disclosure of personal data to third parties for marketing activities.
The Company may process the User's personal data by disclosing them to third parties such as customers of the Company itself for their marketing activities.
Basis for processing: Your consent, pursuant to Article 6(1)(a) of the GDPR and the UK GDPR, which can be revoked at any time by using the contact details below in the "Contact Us" section. Failure to provide consent has no consequences other than the impossibility of communicating your personal data to third parties for their marketing activities.
G) Purposes related to obligations under laws, regulations or EU legislation, provisions/requirements of authorities empowered to do so by law and/or supervisory and control bodies.
The Company may process the User's personal data in order to fulfill the obligations to which the Company is bound.
Basis for processing: fulfillment of a legal obligation, pursuant to Article 6(1)(c) of the GDPR and the UK GDPR. The provision of personal data for this purpose is compulsory since failure to do so will make it impossible for the Company to fulfill specific legal obligations.
H) Defense of rights in the course of proceedings (judicial, administrative or extrajudicial), and in the context of disputes arising in connection with the services/activities offered.
The Company may process personal data to defend its rights or take action or even make claims against the User or third parties.
Basis for processing: legitimate interest of the Company in the protection of its rights, pursuant to Article 6(1)(f) of the GDPR and the UK GDPR. In this case, no new and specific contribution is required, as the Company will pursue this further purpose, where necessary, by processing the data collected for the above purposes, which are deemed compatible with this further purpose (also because of the context in which the data were collected, nature of the data themselves and the appropriate safeguards for their processing, as well as the link between the above purposes and this further purpose).
HOW WE KEEP PERSONAL DATA SECURE AND WHERE WE KEEP IT
The Company takes appropriate security measures in order to ensure the protection, security, integrity and accessibility of Users' personal data. Appropriate security measures are designed to prevent unauthorized access, disclosure, modification or destruction of personal data.
All personal data are stored on the Company's secure computer devices or those of our suppliers and are accessible and usable according to our standards and security policies (or equivalent standards for our suppliers).
In order to carry out some of the activities of the processing of the User's personal data, the Company discloses the same to external parties located in countries that do not belong to the United Kingdom (UK) or the European Economic Area (EEA) (hereinafter the "Third Countries").
The lawfulness of such a transfer is, in any case, guaranteed through the means provided by Chapter V of the GDPR and the UK GDPR.
These external parties will process personal data either as autonomous data controllers or as data processors, duly appointed by the Company in accordance with data protection regulations (depending on their role in relation to the processing).
You may write to the Company at any time, using the contact information below, asking which parties personal data are transferred to as well as to receive copies of the safeguards adopted for the transfer.
HOW LONG WE KEEP PERSONAL DATA
We retain personal data only as long as necessary to fulfill the purpose for which it was collected or for any other legitimate related purpose. Therefore, if personal data are processed for two different purposes, we will retain such data until the purpose with the longer retention period ceases. In any case, we will no longer process personal data for that purpose whose retention period has expired.
Personal data that are no longer needed, or for which there is no longer a legal basis for their retention, are securely destroyed.
Browsing data are not retained by the portal, except for any need for the investigation of crimes by judicial authorities.
The data processed to fulfill contractual obligations related to the management of the User's personal area may be retained for the duration of the contract and in any case no longer than the next 10 years, in compliance with the statute of limitations provided by law.
Data processed to fulfill contractual obligations related to the handling of requests for information and technical assistance submitted by the User, may be retained for 6 months from the feedback provided to the User.
The data processed as part of the User's application through the ["Work with us "] section may be kept for period indicated in the specific "candidate privacy notice ", which can be found here.
Data processed for purposes of sending promotional communications via email may be retained for 24 months from the date we last obtained your consent for that purpose.
Data processed for the purpose of so-called soft spam may be retained until the User objects.
Data processed for purposes of communication to third parties for their own marketing purposes may be retained for 24 months from the date we last obtained your consent for that purpose.
If it is necessary to process data for judicial purposes, it will be retained for as long as any claims may be pursued by law.
WHO CAN ACCESS PERSONAL DATA
The personal data of Users may be accessed by duly authorized employees of the Company, as well as, if necessary, by external suppliers (including consultants), appointed, if necessary, as data processors.
You may contact the Company using the contact information provided in the "Contact Us" section if you wish to request to see the list of data processors and other parties to whom data are disclosed.
DATA PROTECTION RIGHTS
Each User has the right to obtain from the Company, subject to the existence of the legal prerequisite underlying the request:
- access to personal data concerning him or her, pursuant to the UK GDPR and Article 15 of the GDPR;
- the deletion of personal data, pursuant to the UK GDPR and Article 17 of the GDPR;
- the rectification of personal data held by the Company concerning Users, pursuant to the UK GDPR and Article 16 of the GDPR;
- withdrawal of consent in cases where processing is based on consent, pursuant to the UK GDPR and Article 7 of the GDPR;
- the restriction of the processing of personal data concerning Users, pursuant to the UK GDPR and Article 21 of the GDPR;
- the copying of personal data provided by Users to the Company, in a structured, commonly used and machine-readable format and the transmission of such personal data to another data controller (so-called portability), pursuant to the UK GDPR Article 20 of the GDPR.
Right to object: Users have the right to object, in whole or in part, to the use of personal data processed by the Company, if the prerequisites set forth in the data protection legislation are met, for example, if personal data are processed for direct marketing purposes.
In the event that the User exercises any of the aforementioned rights, it shall be the responsibility of the Company to verify that the User is entitled to exercise such rights and will be acknowledged, as a rule, within one month.
If you believe that the processing of your personal data is in violation of the provisions of the applicable data protection regulations, you have the right to lodge a complaint with the relevant Data Protection Authority, using the references available on the website of the UK Information Commissioner’s Office www.ico.org.uk or on the website of the Italian Garante per la Protezione dei Dati Personali www.garanteprivacy.it, or to take appropriate legal action.
The Company's contact details for questions and for exercising the rights inherent in the processing of personal data are as follows: e-mail email@example.com;
For more information regarding our services, please write to the following e-mail address firstname.lastname@example.org.
The Company has appointed a Data Protection Officer ("DPO") pursuant to Article 37 of the GDPR and the UK GDPR, who can be contacted at the following email address: email@example.com