Veryfastprivacy.it

Web Privacy Policy

INFORMATION ON PERSONAL DATA PROCESSING

pursuant to Articles 13 and 14 of Regulation (EU) no. 2016/679

V_11_2019

The information contained in this document is provided in compliance with Article 13 and, for some aspects, Article 14 of Regulation (EU) 2016/679 (European Regulation on personal data protection, so-called "GDPR") and in relation to the provisions of Directive 2002/58/EC (as updated by Directive 2009/136/EC) on Cookies as well as the Italian Authority regulation on personal data protection of 08.05.2014.

The website www.veryfastprivacy.it (hereinafter “Website”, “Portal” or “Platform”) is owned by the company Very Fast People S.r.L., with operating office at Via Bernascone 16, 21100 Varese, Italy, VAT no. 02953010127 (hereinafter “VFP”).

VFP is a business partner of the company FAM 3 S.r.L., with registered office at Via Cavour 39, 21100 Varese, Italy, VAT no. 03210920124, company that contracts the sale of the products and services offered through this Website to its customers.

As to the personal data that may be processed in the context of the activities carried out in common, Very Fast People S.r.L. and Fam 3 S.r.L., as well as these latter, have entered into a Joint Controllership Agreement pursuant to Art. 26 of the GDPR so as to determine in a transparent manner their respective responsibilities for compliance with the obligations under the European Regulation on the protection of personal data.

In compliance with the aforementioned agreement, Fam 3 S.r.L., acting as Data Controller, is responsible for providing the Data Subjects with the Information referred to in Articles 13 and 14 of GDPR.

DATA CONTROLLER

Without prejudice to the aforementioned Joint Controllership Agreement, the Data Controller of the personal data which this Information refers to is:

FAM 3 S.r.L.

with registered office at Via Cavour 39, 21100 Varese, Italy, VAT no. 03210920124

certified e-mail address: fam3@pecmail.area336.it

Telephone number: (+39) 0332.242.086

It is the common will of the Data Controller and the Joint Controllers to ensure that all Data Subjects and, in particular, their Customers, have the guarantee that their personal data will be processed in full respect of fundamental rights and freedoms.

It should be noted as of now that while providing their main services, FAM 3 S.r.L. and the Joint Controllers may act:

· on behalf of commissioning entities (Customers, Businesses, Companies, Professionals) being Data Controllers. In this case personal data will be processed on behalf of the Data Controller by FAM and the other Companies acting in their quality as Data Processors pursuant to art. 28 of GDPR. That being the case, Data Subjects are kindly invited to refer to the notice provided by the commissioning entities under Articles 13 and 14 of European Regulation no. 2016/679; in any case, data will be processed according to the instructions and indications received from them;

· directly, for the performance of a contract entered into with the Data Subjects, upon the Data Subjects’ request, for the performance of pre-contractual arrangements intended for a possible future contract, in the Data Controller’s legitimate interest or else to comply with any Data Controller’s legal obligations. In this case, FAM 3 S.r.L. will act as Data Controller, or which Co-owner together with VFP. That being the case, in addition to this notice, specific Information on data processing has been prepared as clear and transparent as possible for each area of activity.

In order to allow access to some sections of the Portal and the use of services by users and Data Subjects, Very Fast People S.r.L., Fam 3 S.r.L. may process the users’ personal data acting as joint controllers (hereinafter individually “Joint Controller” or “Data Controller” and collectively “Joint Controllers” or “Data Controllers”). The main contents of the Joint Controllership Agreement are available upon Data Subjects’ request.

This information is, in any case, intended for all Data Subjects (hereinafter also “Users”) interacting with the Portal and, in particular, for those navigating the Website.

The information is also intended for Customers and potential Customers of the Data Controller and/or Data Subjects having entered into or having the intention to enter into a contract with them, except for any other specific privacy notice, which reference should be made to.

This information is also intended for Data Subjects having voluntarily provided their personal data after having given their specific consent during events, meetings, shows, fairs, conventions or other similar occasions, organized and/or sponsored by the Joint Controllers, or else for Data Subjects having had, in general and/or previously, commercial relationships with any Joint Controller.

The Data Controller also acts as Data Processor on behalf of other data controllers for specific sections of the Website (Portal). As to their data processing procedures reference is made to their respective privacy notice, as available in the dedicated area.

This information is, in any case, provided only for the foregoing and not for other websites that have been or could be visited by users through the links contained in this Website and their relevant subsections.

The Joint Controllers are not liable for any unlawful processing of personal data by any third parties.

DATA PROTECTION OFFICER (D.P.O.)

The Data Controller has appointed a Data Protection Officer (so-called D.P.O.), who can be contacted for any information and requests at:

e-mail address: dpo@fam3.it

telephone number: (+39) 0332.242.086

For any further request, explanation or information, the Data Subject may get in contact with:

e-mail address: privacy@fam3.it

telephone number: (+39) 0332.242.086

TYPE OF PROCESSED PERSONAL DATA

The Data Controller and the Joint Controllers do not, under any circumstances, require Data Subjects to provide “special categories” of personal data or personal data relating to criminal convictions and crimes, data revealing racial or ethnic origin, political or religious opinions, sexual orientation or tastes, political or trade union affiliations, nor genetic or biometric data aimed at uniquely identifying a person. They do not process or require the provision of personal data to persons under 18 years of age.

Navigation data

During navigation, the computer systems and procedures used to operate the Portal acquire some personal data that are then implicitly transmitted in the use of Internet communication protocols. Although not being collected to be associated with each user, this information, by its very nature, could allow the identification of users through processing and cross-referencing with other data. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Portal, the URL addresses of the requested resources, the time of the request, the size of the file obtained from the server, the numerical code indicating the status of the response given by the server, and further parameters such as the users’ operating system and computer environment.

Data provided by users

“Contacts” form on this Website

The provision of personal data by the Data Subjects is optional and concerns common data (personal data such as name and surname, city and address of residence, telephone number, e-mail address and type and/or category of management software used in professional practice, qualification as Condominium Manager or Condominium Co-owner).

These data are provided voluntarily by the user in order to receive communications and information about the services and/or products marketed by the Joint Controllers and to request dedicated appointments.

The failure to communicate the data requested in the Contact form will have the sole consequence of the impossibility of carrying out the request received.

As subsequently specified, Data Subjects may exercise the rights provided for in Articles 15 to 22 of the European Regulation and, in particular, the right to object at any time to the receipt of any communications pursuant to Article 21 of GDPR by requesting the erasure of their data from the lists and/or databases of the Joint Controllers offering their services or, in any case, sending communications and updates, as the case may be.

Sub-sections dedicated to Condominium Managers

The provision of personal data by users in the dedicated subsections of the Portal is optional yet necessary for the Condominium Mangers, acting as Data Controllers in the corresponding subsections, to meet the needs of their users within the functionality of the Portal.

In all cases, before activating any specific service, appropriate information will be provided on the pages relating to the individual services offered, and, where necessary, consent to the collection and processing of personal data will be acquired.

Any failure to provide or the partial or incorrect provision of mandatory personal data (marked with *) does not make it possible to perform the requested services, while the failure to provide or the partial or incorrect provision of optional and unnecessary personal data does not entail any consequences.

Form filled in during events, fairs, conventions, meetings and other occasions organized and/or sponsored by the Joint Controllers

This specific right can be exercised, without any particular formality, by writing to the email address privacy@fam3.it, calling (+39) 0332.242.086 or clicking on the appropriate button in the email message received.

Newsletters and e-mail communications

The receipt of messages and communications via e-mail or, in general, newsletters requires the explicit consent of the Data Subjects (art. 6. c. 1, letter a) GDPR).

PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

Navigation data and forms on the Website

As far as the Data Controller is concerned and for the navigation of the Website, the provided personal data will be processed, in compliance with the conditions of lawfulness under Art. 6 of EU Regulation 2016/679, for the following purposes:

· users' navigation data will be used for the sole purpose of obtaining statistical information on the use of the Portal (legal basis: Art. 6.1. letter f) GDPR, legitimate interest);

· any request for contact, sending information requested by users (legal basis: Art. 6.1. letter b) and f) GDPR, performance of pre-contractual measures adopted at the request of the Data Subject; legitimate interest);

· any request for condominium notice board illustrations, for the sole purpose of obtaining access to the section where it is possible to obtain a copy of the illustrations or download the information guide (legal basis: Article 6.1.b) GDPR, performance of pre-contractual measures adopted at the request of the Data Subject).

Data provided by users

The provided personal data will be processed in compliance with the conditions of lawfulness under Art. 6 of EU Regulation 2016/679, for the following purposes:

· Management of information, registration, contact and/or information material requests. Personal data are used by the Data Controller and/or the Joint Controllers to respond to any request for information or contact submitted by Data Subjects, provide assistance, and comply with legal and regulatory obligations which the Data Controller and/or the Joint Controllers are subject to. In order to process requests for information and/or contact, data are necessary for the preliminary and subsequent activities, such as receiving information material. In this case, the legal basis legitimizing the processing may be the contract or the need to perform activities or pre-contractual measures (Art. 6, para. 1, letter b) of GDPR); the legitimate interest of the Data Controller (Art. 6, para. 1, letter f) of GDPR); the consent of the Data Subject (Art. 6, para. 1, letter a) of GDPR) or the compliance with legal obligations (Art. 6, para. 1, letter c) of GDPR), as the case may be.

· Management of contractual relationship. The processing is required to carry out preliminary and/or consequent activities related to a contract entered or to be entered into with the Data Controller as well as order management, provision and invoicing of services, payment management, handling of any complaints or reports and fulfilment of the related legal obligations. The legal basis for such processing is the fulfilment of contractual obligations or performance of pre-contractual measures adopted at the request of Data Subjects (Art. 6, para. 1, letter b) of GDPR).

· Promotional activities on services or products similar to those already purchased by Data Subjects. Also on the basis of the indications set out in Recital no. 47 of GDPR, the Data Controller and the Joint Controllers may use Data Subjects’ personal data, without the need for their consent, for direct sales or promotion of products and/or services similar or comparable to those already purchased, unless Data Subjects have exercised their right to object pursuant to Art. 21 of GDPR by requesting the cancellation of their data.

· Commercial promotion activities for different services or products. Personal data may also be processed for commercial promotion purposes or for surveys and market research, with regard to products and services that the Data Controller or the joint Controllers may offer only if Data Subjects have given their consent and do not object to the processing, as specified above. In this case, the legal basis legitimizing the processing is the consent of Data Subjects (Art. 6, para. 1, letter c) of GDPR, unless they have exercised their right to object or withdraw the consent.

· Computer systems security. The Data Controller, also through its suppliers, may process Data Subjects’ personal data relating to on-line traffic and e-mail messages and communications as strictly necessary and proportionate as to ensure network and information security (Art. 6, para. 1, letter f) of GDPR: legitimate interest).

PROCESSING PROCEDURES

Data are processed by using paper and electronic tools for the time strictly necessary to achieve the purposes which data were collected for.

Specific security measures are applied to prevent data loss and unlawful or incorrect use as well as unauthorized access.

DISCLOSURE TO THIRD-PARTY RECIPIENTS

The processed personal data will be disclosed only to expressly authorised persons appointed by the Data Controller and/or the Joint Controllers and may be shared with other recipients processing such data in their capacity as data processors or independent data controllers.

In particular, data can be shared with:

· persons providing services for the management of the information system and telecommunications networks, including electronic mail, and being responsible for the management of the Portal used by the Data Controller and/or the Joint Controllers;

· hosting service providers, software houses, service companies in general and other companies which specific agreements have been entered into with for the provision or supply of services dedicated to the management of condominium issues, the management of professional offices and security issues, provision of various services, such as, without limitation, legal protection services related to administration, as well as mail services, electricity and gas, maintenance services, risk assessment services, plant checks, and other services related to the condominium;

· offices or companies for assistance and consultancy services;

· suppliers of technical services that contribute to the supply or performance of services reserved to the Condominium, third parties co-operating with the Data Controller for direct marketing activities;

· authorities competent to comply with legal obligations and/or provisions of public bodies;

· credit and digital payment institutions;

· financial administration entities, public bodies, judicial authorities, and supervisory and control authorities.

The companies, entities or Professionals, acting as Data Processors pursuant to Art. 28 of GDPR, have entered into specific agreements with the Data Controller or the Joint Controllers in relation to the processing and security of personal data, as provided for by the regulations in force.

PLACE OF THE PROCESSING

As a rule, personal data will not be transferred to countries outside the European Union.

Should it be necessary to transfer them to a country outside the EU, data will be transferred to third countries and/or international organizations whose adequacy of the level of protection has been duly assessed by the European Commission (Art. 45 o EU Regulation 2016/679).

DATA STORAGE PERIOD OR CRITERIA FOR DETERMINING IT

The collected personal data will be stored in a form that allows the identification of Data Subjects for a period of time not exceeding the pursuit of the purposes for which they are processed.

In particular, the retention of provided personal data depends on the purpose of the processing:

· for navigation on the Portal, please refer to the section of this notice relating to cookies;

· in case of contact requests, receipt of newsletters or promotional communications, generally via e-mail, and data provided to download illustrations, attachments, and Information guides, the storage period will be twenty-four (24) months;

· as to contractual relationships, data will be stored for the period established by law or, in any case, for the period strictly necessary for the pursuit of the purposes which they were collected for;

· unless otherwise provided for by law or indicated in the specific notices.

DATA SUBJECTS’S RIGHTS

Data Subjects may exercise their rights as provided for in Articles 15, 16, 17, 18, 19, 20, 21, and 22 of EU Regulation 2016/679; in particular, they have the right to obtain the following information from the Data Controller:

a) confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:

1. the purposes of the processing;

2. the categories of personal data concerned;

3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

5. the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to such processing;

6. the right to lodge a complaint with a supervisory authority;

7. where the personal data are not collected from them, any available information as to their source;

8. the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subjects;

9. the existence of the appropriate safeguards relating to the transfer to a third (non-EU) country or to an international organisation;

b) the right to obtain a copy of the personal data undergoing processing, provided that this right does not adversely affect the rights and freedoms of others. For any further copies requested by the Data Subjects, the Data Controller may charge a reasonable fee based on administrative costs;

c) the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning them;

d) the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay where the grounds provided for in Art. 17 of GDPR apply, including, for example, if they are no longer necessary for the purposes of the processing or if the processing is unlawful, and if the conditions provided for by law are met; and in any case if the processing is not justified by another equally legitimate reason;

e) the right to obtain from the Data Controller restriction of processing, in the cases provided for by Art. 18 of GDPR, for example if the accuracy of the personal data is contested by Data Subjects, for a period enabling the Data Controller to verify the accuracy of the personal data. Data Subjects are to always be informed, within a reasonable time, by the Data Controller when the period of suspension has been completed and the restriction of processing is lifted because the cause of the restriction has ceased;

f) the right to obtain information from the Data Controller of the recipients whom requests for rectification, erasure or restriction of processing have been transmitted to, unless this proves impossible or involves a disproportionate effort

g) the right to receive personal data concerning them in a structured, commonly used and machine-readable format and the right to transmit such data to another data controller without hindrance by the Data Controller to which the personal data have been provided, in the cases provided for by Article 20 of the GDPR, and the right to have the personal data transmitted directly from one data controller to another, where technically feasible.

For any further information and, in any case, to send a request please refer to the Data Controller at privacy@fam3.it. The Data Controller may request Data Subjects to provide further information, so as to be sure that the aforementioned rights are not exercised by unauthorized third parties.

Right to object to personal data processing (Art. 21 of GDPR)

Data Subjects will have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, if it is based on legitimate interest or if it is for commercial promotion activities, by sending the request to the Data Controller at privacy@fam3.it. Data Subjects have the right to obtain erasure of their personal data if there are no overriding legitimate grounds of the Data Controller prevailing over those that gave rise to the request, and in any case if Data Subjects have objected to the processing for commercial promotion activities.

Right to lodge a complaint (Art. 15 of GDPR)

Without prejudice to any other administrative or legal action, Data Subjects may lodge a complaint with the supervisory authority competent on Italian territory (Supervisory Authority for personal data protection) or to the authority that carries out these duties and exercises these powers in the Member State where the violation of the GDPR occurred.

All useful information and guidance in this regard are available on the website of the Italian Supervisory Authority:

https://www.garanteprivacy.it/

INFORMATION ON COOKIES

Cookies are small text strings that the visited websites send to users’ terminal (usually to the browser), where they are stored and then retransmitted to the same websites whenever the same users navigate on the same websites. Many browsers accept cookies by default because cookies make it easier to visualize certain content.

If you choose to disable cookies at the browser level, some websites may operate differently or may not be able to access certain sections. Some cookies are essential to navigate the Portal and use all of its features.

Cookies are essential for the functioning of the Internet and ensure a more efficient operation of the website, enriching the browsing experience, for example by:

· remembering the settings, so that they do not need to be changed whenever the user accesses a new page;

· saving the information entered (e.g. username, language, browser type, etc.).

For further information on cookies and privacy, please refer to the documentation on the Portal of the Italian Supervisory Authority at the following link: https://www.garanteprivacy.it/home/ricerca/-/search/key/cookie.

It is possible to manage cookies with some applications on the web, such as the following link: https://www.cookiesandyou.com/.

Technical and profiling cookies

The technical, functional, and technical-analytical cookies ensure normal navigation and use of the website; without the use of these cookies some operations could not be carried out or would be more complex or less secure.

Profiling cookies, on the other hand, are used to create user-related profiles and can be used to send promotional messages in line with the preferences expressed, or for analysis and reports on such preferences.

The use of technical, functional, and technical-analytical cookies is necessary for the transmission of electronic communications or for the provision of service requested by customers. They may be either “session cookies”, i.e. saved exclusively for the duration of navigation until the closure of users’ browsers, or “persistent cookies”, i.e. saved in the memory of users’ devices until deletion or expiration. Pursuant to the applicable legislation, these cookies do not require users’ consent. Some functions can be anyway disables, also through the aforementioned application (https://www.cookiesandyou.com/).

First-Party Cookies and Third-Party Cookies

The cookies sent from our Portal are called first-party cookies.

We also allow third parties to send cookies to users’ devices. The difference concerns the control by the person sending the cookies. Although we allow third parties to access the Portal to send cookies to users’ devices, we do not have any control over the information provided and we do not have access to those data.

This information is fully controlled by third parties as described in their privacy policy. Reference is therefore to be made to their respective policies.

The external services placing cookies on our Portal are the following: Google Analytics and Google Tag Manager.

When users access the site and login, these are the cookies generated:

_ga
_gat_UA-117796346-1
_gat_UA-117796346-2
_gat_UA-117796346-3
_gid
sid

Cookies starting with _g are related to Google Analytics and Google Tag Manager.

Sid is the cookie to keep the session active (to avoid login).

Google Analytics

This Portal uses Google Analytics, a web analytics service provided by Google, Inc. (hereinafter “Google”).

Google Analytics uses cookies, which are text files stored on your computer to enable the Portal to analyse how users use the Portal (they are behaviour cookies analysed for statistics purposes). The information generated by the cookies about your use of the Portal (including your anonymous IP address) will be transmitted and stored on Google's servers. Further information on Google's use of the Analytics are available at the following link:

https://support.google.com/analytics/answer/2763052?hl=it.

Google will use this information for the purpose of examining the use of the Portal, preparing activity reports and providing other services related to the Portal's activities and Internet usage. Google may also transfer this information to third parties where required by law or where such third parties process the information on Google's behalf. Google will not associate users’ IP address with any other data held by Google. Users may refuse the use of cookies by selecting the appropriate settings on their browser, but this may prevent the full functionality of this Portal. By using this Portal, users consent to the processing of their data by Google in the manner and for the purposes set out above.

Google Tag Manager is a tag management system allowing to quickly and easily update tracking codes and related code fragments, collectively known as tags, on users’ website or in the mobile app. If a small segment of Tag Manager code is added to a project, users can easily and securely deploy tag configuration analysis and measurement from a web-based user interface.

UPDATES AND AMENDMENTS

Any update of this Information will be promptly communicated by appropriate means. Furthermore, should the Data Controller intend to process any Data Subjects’ data for purposes other than those referred to in this Information, it will priorly notify it to the Data Subjects and process data only after receiving the Data Subjects’ consent, where necessary.

V_11_2019