PRIVACY POLICY
-
What is the purpose of this policy?
In accordance with the requirements of the applicable legislation on the protection of personal data, i.e. EU Regulation 2016/679 (also referred to as "GDPR") and, where applicable, additional national legislation, we wish to inform you that your personal data will be processed by the Controller's organisation in accordance with the principles of fairness, lawfulness and transparency, as well as the protection of your privacy and your rights. This policy applies to personal data provided by you – i.e., the data subject reading this policy.
-
When is my personal data collected?
This policy applies to any personal data you disclose by using this website.
-
Who is the Data Controller, and how do I get in touch with them?
FINIPER CANOVA GROUP S.p.A., with registered office in Via Ponchielli 7, 20129 Milan (MI), VAT no. 06154870965, is the Data Controller (hereinafter the "Controller"). You can either write to the above address or e-mail the Controller at finiper@iper.it.
-
Which categories of personal data do we process?
To provide you with our website services, we need to process some of your personal data, mainly in the following categories:
-
Any general identification data you may provide us with, such as your first name, surname, address, e-mail address, telephone number, etc., for instance, when completing forms;
-
Technical web identifiers such as your IP address, MAC address, the ID code of the device you are using to access this website, etc. These personal data are needed when using this website and its services (see section below on ‘Cookies’);
-
What is the purpose of personal data processing? What is the legal basis for processing data? How long will my data be stored for?
In this section, we explain the purpose of the processing, the underlying legal basis and the period of time for which your personal data will be retained.
Purpose |
Legal basis |
Data retention |
1. Providing services via this website, or a request from you for information, services, and related contractual and/or pre-contractual terms, |
Fulfilling pre-contractual or contractual obligations |
Your data will be stored no longer than for the duration of the contractual relation and the subsequent limitation period. |
2. Complying with any legal requirements the Controller is subject to. |
Compliance with legal requirements |
Your data will be retained for as long as required by the relevant fiscal and/or accounting regulations. |
-
Must I provide my personal data? What happens if I don’t disclose my personal data?
Providing your personal data for the purposes of (1) Providing services via this website is required so that the contract can be concluded and the requested services provided. Disclosure for the purposes of (2) Compliance with legal requirements is mandatory in order to comply with relevant legislation. Failure to provide data for these purposes will prevent us from executing the contract or providing you with the services you have requested;
-
Who will access my personal data? Who do you share my personal information with?
Any personal data relating to the processing in question and for the purposes set out above may be shared with or disclosed to:
-
Any person within the Controller's organisation whose duties or hierarchical position require it. Such persons are those authorised to process data under the direct authority of the Controller;
-
Any person to whom access is permitted by law or for whom the transfer of data is necessary to comply with legal or regulatory requirements or contracts, including, for example, banks, carriers, lawyers, or auditors;
-
Any third party which processes personal data on behalf of the Controller relating to the processing(s) and purposes set out above. Under Article 28 of the GDPR, such persons are entitled to process data in their capacity as Data Processors;
-
[ Companies belonging to the same business Group as the Data Controller within the EU (parent companies, subsidiaries or associated companies, per Article 2359 of the Italian Civil Code, or companies subject to joint control, as well as entities belonging to syndicates, enterprise networks and temporary companies associations) that are authorised to process data for internal administrative purposes.
-
Will my data be transferred outside of the European Union (EU)?
Any personal data collected may also be transferred outside the European Union. However, this transfer will be carried out in compliance with the guarantees laid down by the GDPR for this type of activity (Articles 45 to 49.) These include: transfers to companies in countries for which the guarantees of personal data protection are recognised as comparable to those of the GDPR (countries with recognised adequacy, as decided by the European Commission); or to companies with which specific contractual clauses on personal data protection have been signed by the Data Protection Authority or binding corporate rules have been approved by the Data Protection Authority, or where the transfer is made on the basis of specific exceptions. For more information, you may contact the Controller as outlined in the section below under “What are my rights as a data subject?”.
-
What are my rights as a data subject?
Under GDPR, you are granted the following rights in relation to your personal data, which you may exercise within the limits and in accordance with the law:
-
Right of access by the data subject (Art. 15);
-
Right to rectification (Art. 16);
-
Right to erasure (‘right to be forgotten’) (Art. 17);
-
Right to restriction of processing (Art. 18);
-
Right to data portability (Art. 20);
-
Right to object (Art. 21): The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on legitimate interest, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
-
Right to oppose decision-making based solely on automated processing (Art. 22);
-
Right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You may exercise your rights by sending a written request addressed to the Data Controller at the address or by e-mail as set out above. Moreover, you have the right to lodge a complaint with the Italian Personal Data Protection Authority (www.garanteprivacy.it) if you believe that your personal data are being processed in breach of current legislation (Art. 77) or to take legal action (Art. 79).
[
-
How do you protect my personal data?
All personal data will be processed with or without electronic tools, using technical and organisational security measures appropriate to the nature of the data, in order to guarantee their integrity and confidentiality and to protect them against the risks of unlawful intrusion, loss, alteration or disclosure to unauthorised third parties.
-
Additional policies
Here are some additional policies for specific processing:
-
Cookies. When you access the Controller's website, a series of cookies (or similar means) are installed on your device to make it easier for you to use the website or to profile you as a user. For more information about cookies, their characteristics, and to exercise your right to fully accept them or express your preferences regarding their use, we encourage you to read our "Cookie Policy" available at the footer of this website.
-
Updates
The Controller reserves the right to amend and update this policy at any time. Any changes will apply as soon as they are introduced. It is therefore necessary for you to regularly check the current Policy version.
Version dated 06/12/2023.