STATEMENT pursuant to Article 13 of EU Regulation No. 679/2016 (“GDPR”). In compliance with the Code and the GDPR, Finat Srl, as better identified below, as “Data Controller” of the processing, provides you with some information about the use of any personal data provided by users who consult and/or interact with the site.
Purposes of data processing
Users are free to provide their personal data to send their CV, request the sending of informative material or other communications. Personal data may only be processed to respond to requests received, pursuant to Article 6.1, letter b) of the GDPR. Providing such data is optional, but failure to provide it may make it impossible to obtain what is requested.
Type of data processed
To respond to requests received through the website, we will process the contact data entered in the appropriate form by the data subject. Your identification data collected at the time of registration on the Site will also be processed.
Data processing methods
Personal data is processed using manual, IT and telematic tools and in such a way as to guarantee its security and confidentiality. Prevention and protection systems are used and are constantly updated and verified in terms of reliability.
Categories of entities to which personal data may be communicated
To pursue the aforementioned purposes, Finat Srl needs to send personal data to its “appointees” and external “data processors”. The complete list of Data Processors is available from the Data Controller’s registered office.
In particular, it should be noted that this data will not be disclosed and will be processed by entities duly assigned to perform these tasks, constantly identified and/or appointed, appropriately trained and made aware of the constraints imposed by law, and through the use of security measures to guarantee the protection of your privacy and avoid the risks of loss or destruction, unauthorised access, and processing that is not allowed or not compliant with the above purposes.
Duration of processing and retention of personal data
Your personal data will be processed:
- in the case of personal details, contact and payment data: for the period of time necessary to fulfil the sales contract for the product/service and for the period of time required by the applicable legislation (in particular, ten years for the retention times of contract and tax documentation) and until the end of contractual obligations between the Data Controllers.
- for 12 (twelve) months in the case of data concerning browsing behaviour on the Site and other websites, your consumption habits, the geographical area and the device connecting to the site, the IP address; b) for 24 (twenty-four) months in the case of data needed to carry out marketing activities. In both cases, the data subject retains the option to oppose the processing at any time, by revoking the consent provided.
It should be noted that the data is not used for the purpose of adopting automated decision-making processes.
The Data Controller is Finat Srl, with registered office in 20158 Milano (MI), via Acerenza 3, tax code and VAT No. 09347710155, email firstname.lastname@example.org
Rights of data subjects
Pursuant to Article 7 of the Privacy Code and Articles 15 and following of the GDPR, you have the right to obtain:
- confirmation of whether or not any personal data about you exists, even if the data has not yet been stored, and receive notification in an intelligible format;
- a copy of your personal data;
- the erasure of your personal data;
- the restriction of processing of your personal data;
- in a structured format, commonly used and readable by an automatic device, the personal data that you have provided to us or created yourself – excluding the judgements made by the Data Controller and/or persons in charge pursuant to Article 4 of the Privacy Code or by persons authorised to process the data in the name and on behalf of the Data Controller pursuant to Article 4 of the GDPR – and to transmit it, directly or through the Data Controller, to another data controller;
- the origin of the personal data;
- the categories of personal data processed;
- the purposes and methods of data processing;
- the logic applied to the processing, if this is done with the aid of electronic means;
- the identification details of the Data Controller and any data processors;
- the retention period of your personal data or the criteria used to determine this period;
- the entities or categories of entities to which the personal data may be communicated or who can learn about it as appointed representatives in the state territory, data processors or appointees pursuant to Article 4 of the Privacy Code or persons authorised to process data in the name and on behalf of the Data Controller pursuant to Article 4 of the GDPR;
- the updating, rectification or, where relevant, supplementation of the data;
- the transformation into anonymous form or blocking of data which has been processed unlawfully, including data which it is unnecessary to retain for the purposes for which it was collected or subsequently processed;
- attestation that the operations referred to in points (a) and (b) have been made known, including in terms of their content, to those to whom the data has been communicated or disseminated, except where such fulfilment is impossible or involves using means that are manifestly disproportionate to the protected right.
Furthermore, you have the right to object, in whole or in part:
- for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of collection;
- to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or to carry out market research or commercial communication.
To exercise the aforementioned rights, you can write TO THE FOLLOWING ADDRESS:
Finat Srl via Acerenza 3, 20158 Milano (MI)
indicating in the subject “Privacy – exercise of rights pursuant to Article 7 of Legislative Decree 196/2003 and pursuant to Articles 15 and following of the GDPR”.
Finally, we inform you that if you believe that your rights have been violated by the Data Controller and/or by a third party, you have the right to lodge a complaint with the Data Protection Authority and/or another competent control authority in relation to the GDPR.