Veryfastprivacy.it Web Privacy Policy |
INFORMATION ON
PERSONAL DATA PROCESSING pursuant to Articles 13 and 14 of Regulation (EU)
no. 2016/679 V_11_2019 |
The information contained in this document is provided in compliance
with Article 13 and, for some aspects, Article 14 of Regulation (EU) 2016/679
(European Regulation on personal data protection, so-called "GDPR")
and in relation to the provisions of Directive 2002/58/EC (as updated by
Directive 2009/136/EC) on Cookies as well as the Italian Authority regulation
on personal data protection of 08.05.2014.
The website www.veryfastprivacy.it (hereinafter “Website”, “Portal” or
“Platform”) is owned by the company Very Fast People S.r.L.,
with operating office at Via Bernascone 16, 21100 Varese,
Italy, VAT no. 02953010127 (hereinafter “VFP”).
VFP is a business partner of
the company FAM 3 S.r.L., with registered office at Via
Cavour 39, 21100 Varese, Italy, VAT no. 03210920124, company that contracts the
sale of the products and services offered through this Website to its customers.
As to the personal
data that may be processed in the context of the activities carried out in
common, Very Fast People S.r.L. and Fam 3 S.r.L., as well as these latter, have entered into a Joint
Controllership Agreement pursuant to Art. 26 of the GDPR so as to determine in
a transparent manner their respective responsibilities for compliance with the
obligations under the European Regulation on the protection of personal data.
In compliance with the aforementioned agreement,
Fam 3 S.r.L., acting as Data Controller, is
responsible for providing the Data Subjects with the Information referred to in
Articles 13 and 14 of GDPR.
DATA CONTROLLER |
Without prejudice to the aforementioned Joint Controllership Agreement, the
Data Controller of the personal data which this Information refers to is:
FAM 3 S.r.L.
with registered office at Via Cavour 39, 21100 Varese, Italy, VAT no. 03210920124
certified e-mail address: fam3@pecmail.area336.it
Telephone number: (+39) 0332.242.086
It is the
common will of the Data Controller and the Joint Controllers to ensure that all
Data Subjects and, in particular, their Customers,
have the guarantee that their personal data will be processed in full respect
of fundamental rights and freedoms.
It should be noted as
of now that while providing their main services, FAM 3 S.r.L.
and the Joint Controllers may act:
·
on behalf of commissioning
entities (Customers, Businesses, Companies, Professionals) being Data
Controllers. In this case personal data will be processed on behalf of the Data
Controller by FAM and the other Companies acting in their quality as Data
Processors pursuant to art. 28 of GDPR. That being the case, Data Subjects are kindly
invited to refer to the notice provided by the commissioning entities under Articles
13 and 14 of European Regulation no. 2016/679; in any case, data will be
processed according to the instructions and indications received from them;
·
directly, for the
performance of a contract entered into with the Data Subjects, upon the Data
Subjects’ request, for the performance of pre-contractual arrangements intended
for a possible future contract, in the Data Controller’s legitimate interest or
else to comply with any Data Controller’s legal obligations. In this case, FAM
3 S.r.L. will act as Data Controller, or which
Co-owner together with VFP. That being the case, in addition to this notice,
specific Information on data processing has been prepared as clear and
transparent as possible for each area of activity.
In order to allow
access to some sections of the Portal and the use of services by users and Data
Subjects, Very Fast People S.r.L., Fam 3 S.r.L. may process the users’ personal data acting as joint
controllers (hereinafter individually “Joint Controller” or “Data Controller”
and collectively “Joint Controllers” or “Data Controllers”). The main contents
of the Joint Controllership Agreement are available upon Data Subjects’
request.
This information is,
in any case, intended for all Data Subjects (hereinafter also “Users”) interacting
with the Portal and, in particular, for those navigating
the Website.
The information is
also intended for Customers and potential Customers of the Data
Controller and/or Data Subjects having entered into or
having the intention to enter into a contract with them, except for any other
specific privacy notice, which reference should be made to.
This information is
also intended for Data Subjects having voluntarily provided their personal
data after having given their specific consent during events, meetings,
shows, fairs, conventions or other similar occasions, organized and/or
sponsored by the Joint Controllers, or else for Data Subjects having had, in
general and/or previously, commercial relationships with any Joint Controller.
The Data Controller
also acts as Data Processor on behalf of other data controllers for specific
sections of the Website (Portal). As to their data processing procedures
reference is made to their respective privacy notice, as available in the
dedicated area.
This information is, in
any case, provided only for the foregoing and not for other websites that have
been or could be visited by users through the links contained in this Website
and their relevant subsections.
The Joint Controllers are not liable for any unlawful processing of personal
data by any third parties.
DATA PROTECTION
OFFICER (D.P.O.) |
The Data Controller has appointed a Data Protection Officer (so-called
D.P.O.), who can be contacted for any information and requests at:
e-mail address: dpo@fam3.it
telephone number: (+39) 0332.242.086
For any further request, explanation or information, the Data Subject
may get in contact with:
e-mail address: privacy@fam3.it
telephone number: (+39) 0332.242.086
TYPE
OF PROCESSED PERSONAL DATA |
The Data Controller and the Joint Controllers do not, under any
circumstances, require Data Subjects to provide “special categories” of
personal data or personal data relating to criminal convictions and crimes,
data revealing racial or ethnic origin, political or religious opinions, sexual
orientation or tastes, political or trade union affiliations, nor genetic or
biometric data aimed at uniquely identifying a person. They do not process or
require the provision of personal data to persons under 18 years of age.
Navigation data
During navigation, the computer systems and procedures used to operate
the Portal acquire some personal data that are then implicitly transmitted in
the use of Internet communication protocols. Although not being collected to be
associated with each user, this information, by its very nature, could allow
the identification of users through processing and cross-referencing with other
data. This category of data includes the IP addresses or domain names of the
computers used by users connecting to the Portal, the URL addresses of the requested
resources, the time of the request, the size of the file obtained from the
server, the numerical code indicating the status of the response given by the
server, and further parameters such as the users’ operating system and computer
environment.
Data provided by users
“Contacts” form on
this Website
The provision of personal data by the Data Subjects is optional and
concerns common data (personal data such as name and surname, city and address
of residence, telephone number, e-mail address and type and/or category of
management software used in professional practice, qualification as Condominium
Manager or Condominium Co-owner).
These data are provided voluntarily by the user in order to receive
communications and information about the services and/or products marketed by
the Joint Controllers and to request dedicated appointments.
The failure to communicate the data requested in the Contact form will
have the sole consequence of the impossibility of carrying out the request
received.
As subsequently specified, Data Subjects may exercise the rights
provided for in Articles 15 to 22 of the European Regulation and, in
particular, the right to object at any time to the receipt of any
communications pursuant to Article 21 of GDPR by requesting the erasure of
their data from the lists and/or databases of the Joint Controllers offering
their services or, in any case, sending communications and updates, as the case
may be.
Sub-sections dedicated to Condominium Managers
The provision of personal data by users in the dedicated subsections of
the Portal is optional yet necessary for the Condominium Mangers, acting as
Data Controllers in the corresponding subsections, to meet the needs of their
users within the functionality of the Portal.
In all cases, before activating any specific service, appropriate
information will be provided on the pages relating to the individual services
offered, and, where necessary, consent to the collection and processing of
personal data will be acquired.
Any failure to provide or the partial or incorrect provision of mandatory
personal data (marked with *) does not make it possible to perform the
requested services, while the failure to provide or the partial or incorrect
provision of optional and unnecessary personal data does not entail any consequences.
Form filled in during events, fairs, conventions, meetings and other
occasions organized and/or sponsored by the Joint Controllers
These data are
provided voluntarily by the user in order to receive communications and information
about the services and/or products marketed by the Joint Controllers and to
request dedicated appointments.
As subsequently
specified, Data Subjects may exercise the rights provided for in Articles 15 to
22 of the European Regulation and, in particular, the right to object at any
time to the receipt of any communications pursuant to Article 21 of GDPR by
requesting the erasure of their data from the lists and/or databases of the
Joint Controllers offering their services or, in any case, sending communications
and updates, as the case may be.
This specific right
can be exercised, without any particular formality, by writing to the email
address privacy@fam3.it, calling (+39)
0332.242.086 or clicking on the appropriate button in the email message
received.
Newsletters and e-mail communications
The receipt of messages and communications via e-mail or, in general,
newsletters requires the explicit consent of the Data
Subjects (art. 6. c. 1, letter a) GDPR).
The provision of personal data by the Data Subjects is optional and
concerns common data (personal data such as name and surname, city and address
of residence, telephone number, e-mail address and type and/or category of
management software used in professional practice).
These data are provided voluntarily by the user in order to receive
communications and information about the services and/or products marketed by
the Joint Controllers and to request dedicated appointments.
As subsequently specified, Data Subjects may exercise the rights
provided for in Articles 15 to 22 of the European Regulation and, in
particular, the right to object at any time to the receipt of any
communications pursuant to Article 21 of GDPR by requesting the erasure of
their data from the lists and/or databases of the Joint Controllers offering
their services or, in any case, sending communications and updates, as the case
may be.
This specific right can be exercised, without any particular formality,
by writing to the email address privacy@fam3.it, calling (+39)
0332.242.086 or clicking on the appropriate button in the email message
received.
PURPOSES AND LEGAL BASIS FOR DATA PROCESSING |
Navigation data and
forms on the Website
As far as the Data Controller is concerned and for the navigation of the
Website, the provided personal data will be processed, in compliance with the
conditions of lawfulness under Art. 6 of EU Regulation 2016/679, for the
following purposes:
·
users' navigation data will be used for the sole purpose of obtaining statistical information
on the use of the Portal (legal basis: Art. 6.1. letter f) GDPR, legitimate
interest);
·
any request for
contact, sending information requested by users (legal basis: Art. 6.1.
letter b) and f) GDPR, performance of pre-contractual measures adopted at the
request of the Data Subject; legitimate interest);
·
any request for
condominium notice board illustrations, for the sole purpose of obtaining
access to the section where it is possible to obtain a copy of the illustrations
or download the information guide (legal basis: Article 6.1.b) GDPR, performance
of pre-contractual measures adopted at the request of the Data Subject).
Data provided by users
The provided personal data will be processed in compliance with the
conditions of lawfulness under Art. 6 of EU Regulation 2016/679, for the
following purposes:
·
Management of
information, registration, contact and/or information material requests. Personal data are used by the Data Controller and/or the Joint
Controllers to respond to any request for information or contact submitted by
Data Subjects, provide assistance, and comply with legal and regulatory
obligations which the Data Controller and/or the Joint Controllers are subject
to. In order to process requests for information and/or contact, data are
necessary for the preliminary and subsequent activities, such as receiving
information material. In this case, the legal basis legitimizing the processing
may be the contract or the need to perform activities or pre-contractual
measures (Art. 6, para. 1, letter b) of GDPR); the legitimate interest of the Data
Controller (Art. 6, para. 1, letter f) of GDPR); the consent of the Data
Subject (Art. 6, para. 1, letter a) of GDPR) or the compliance with legal
obligations (Art. 6, para. 1, letter c) of GDPR), as the case may be.
·
Management of
contractual relationship. The processing is
required to carry out preliminary and/or consequent activities related to a
contract entered or to be entered into with the Data Controller as well as order management, provision and invoicing of services,
payment management, handling of any complaints or reports and fulfilment of the
related legal obligations. The legal basis for such processing is the
fulfilment of contractual obligations or performance of pre-contractual
measures adopted at the request of Data Subjects (Art. 6, para. 1, letter b) of
GDPR).
·
Promotional activities
on services or products similar to those already
purchased by Data Subjects. Also on the basis of
the indications set out in Recital no. 47 of GDPR, the Data Controller and the
Joint Controllers may use Data Subjects’ personal data, without the need for
their consent, for direct sales or promotion of products and/or services
similar or comparable to those already purchased, unless Data Subjects have
exercised their right to object pursuant to Art. 21 of GDPR by requesting the
cancellation of their data.
·
Commercial promotion
activities for different services or products.
Personal data may also be processed for commercial promotion purposes or for
surveys and market research, with regard to products and services that the Data
Controller or the joint Controllers may offer only if Data Subjects have given
their consent and do not object to the processing, as specified above. In this
case, the legal basis legitimizing the processing is the consent of Data
Subjects (Art. 6, para. 1, letter c) of GDPR, unless they have exercised their
right to object or withdraw the consent.
·
Computer systems
security. The Data Controller, also through its suppliers, may
process Data Subjects’ personal data relating to on-line traffic and e-mail
messages and communications as strictly necessary and proportionate as to
ensure network and information security (Art. 6, para. 1, letter f) of GDPR:
legitimate interest).
PROCESSING
PROCEDURES |
Data are processed by using paper and electronic tools for the time
strictly necessary to achieve the purposes which data were collected for.
Specific security measures are applied to prevent data loss and unlawful
or incorrect use as well as unauthorized access.
DISCLOSURE TO
THIRD-PARTY RECIPIENTS |
The processed personal data will be disclosed only to expressly
authorised persons appointed by the Data Controller and/or the Joint
Controllers and may be shared with other recipients processing such data in their
capacity as data processors or independent data controllers.
In particular, data
can be shared with:
·
persons providing
services for the management of the information system and telecommunications
networks, including electronic mail, and being responsible for the management
of the Portal used by the Data Controller and/or the Joint Controllers;
·
hosting service
providers, software houses, service companies in general and other companies
which specific agreements have been entered into with for the provision or
supply of services dedicated to the management of condominium issues, the
management of professional offices and security issues, provision of various
services, such as, without limitation, legal protection services related to
administration, as well as mail services, electricity and gas, maintenance
services, risk assessment services, plant checks, and other services related to
the condominium;
·
offices or companies
for assistance and consultancy services;
·
suppliers of technical
services that contribute to the supply or performance of services reserved to
the Condominium, third parties co-operating with the Data Controller for direct
marketing activities;
·
authorities competent
to comply with legal obligations and/or provisions of public bodies;
·
credit and digital
payment institutions;
·
financial
administration entities, public bodies, judicial authorities, and supervisory
and control authorities.
The companies, entities or Professionals,
acting as Data Processors pursuant to Art. 28 of GDPR, have entered into
specific agreements with the Data Controller or the Joint Controllers in
relation to the processing and security of personal data, as provided for by
the regulations in force.
PLACE OF THE PROCESSING |
As a rule, personal data will not be transferred to countries outside
the European Union.
Should it be necessary to transfer them to a country outside the EU,
data will be transferred to third countries and/or international organizations whose
adequacy of the level of protection has been duly assessed by the European
Commission (Art. 45 o EU Regulation 2016/679).
DATA STORAGE PERIOD OR CRITERIA FOR
DETERMINING IT |
The collected personal data will be stored in a form that allows the
identification of Data Subjects for a period of time
not exceeding the pursuit of the purposes for which they are processed.
In particular, the retention of provided personal data depends on the
purpose of the processing:
· for navigation on the
Portal, please refer to the section of this notice relating to cookies;
· in case of contact
requests, receipt of newsletters or promotional communications, generally via
e-mail, and data provided to download illustrations, attachments, and
Information guides, the storage period will be twenty-four (24) months;
·
as to contractual
relationships, data will be stored for the period established by law or, in any
case, for the period strictly necessary for the pursuit of the purposes which
they were collected for;
·
unless otherwise
provided for by law or indicated in the specific notices.
DATA SUBJECTS’S
RIGHTS |
Data Subjects may exercise their rights as provided for in Articles 15,
16, 17, 18, 19, 20, 21, and 22 of EU Regulation 2016/679; in particular, they
have the right to obtain the following information from the Data Controller:
a) confirmation as to whether
or not personal data concerning them are being processed, and, where
that is the case, access to the personal data and the following information:
1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipient
to whom the personal data have been or will be disclosed, in
particular recipients in third countries or international organisations;
4. where possible, the envisaged period for
which the personal data will be stored, or, if not possible, the criteria used
to determine that period;
5. the existence of
the right to request from the Data Controller rectification or erasure of
personal data or restriction of processing of personal data concerning them or
to object to such processing;
6. the right to lodge a complaint with a
supervisory authority;
7. where the personal data are not collected
from them, any available information as to their source;
8. the existence of automated
decision-making, including profiling, and, at least in those cases, meaningful
information about the logic involved, as well as the significance and the
envisaged consequences of such processing for the data subjects;
9. the existence of the
appropriate safeguards relating to the transfer to a third (non-EU) country or
to an international organisation;
b)
the right to obtain a copy of the personal data
undergoing processing, provided that this right does not adversely affect the
rights and freedoms of others. For any further copies requested by the Data
Subjects, the Data Controller may charge a reasonable fee based on
administrative costs;
c)
the right to obtain from the Data Controller without
undue delay the rectification of inaccurate personal data concerning them;
d)
the right to obtain from the Data Controller the
erasure of personal data concerning them without undue delay where the grounds
provided for in Art. 17 of GDPR apply, including, for example, if they are no
longer necessary for the purposes of the processing or if the processing is
unlawful, and if the conditions provided for by law are met; and in any case if
the processing is not justified by another equally legitimate reason;
e)
the right to obtain from the Data Controller
restriction of processing, in the cases provided for by Art. 18 of GDPR, for
example if the accuracy of the personal data is contested by Data Subjects, for
a period enabling the Data Controller to verify the accuracy of the personal
data. Data Subjects are to always be informed, within a reasonable time, by the
Data Controller when the period of suspension has been completed and the
restriction of processing is lifted because the cause of the restriction has
ceased;
f)
the right to obtain information from the Data
Controller of the recipients whom requests for
rectification, erasure or restriction of processing have been transmitted to,
unless this proves impossible or involves a disproportionate effort
g)
the right to receive personal data concerning them in
a structured, commonly used and machine-readable format and the right to
transmit such data to another data controller without hindrance by the Data
Controller to which the personal data have been provided, in the cases provided
for by Article 20 of the GDPR, and the right to have the personal data
transmitted directly from one data controller to another, where technically
feasible.
For any
further information and, in any case, to send a request please refer to the
Data Controller at privacy@fam3.it. The Data
Controller may request Data Subjects to provide further information, so as to be sure that the aforementioned rights are not
exercised by unauthorized third parties.
Right
to object to personal data processing (Art. 21 of GDPR)
Data Subjects will have the right to object, on
grounds relating to their particular situation, at any time to processing of
personal data concerning them, if it is based on legitimate interest or if it
is for commercial promotion activities, by sending the request to the Data
Controller at privacy@fam3.it. Data Subjects have the right to obtain
erasure of their personal data if there are no overriding legitimate grounds of
the Data Controller prevailing over those that gave rise to the request, and in
any case if Data Subjects have objected to the processing for commercial
promotion activities.
Right
to lodge a complaint (Art. 15 of GDPR)
Without prejudice to any other administrative or legal
action, Data Subjects may lodge a complaint with the supervisory authority
competent on Italian territory (Supervisory Authority for personal data
protection) or to the authority that carries out these duties and exercises
these powers in the Member State where the violation of the GDPR occurred.
All useful information and guidance in this regard are
available on the website of the Italian Supervisory Authority:
https://www.garanteprivacy.it/
INFORMATION ON
COOKIES |
Cookies are small text
strings that the visited websites send to users’ terminal (usually to the
browser), where they are stored and then retransmitted to the same websites
whenever the same users navigate on the same websites. Many browsers accept
cookies by default because cookies make it easier to visualize certain content.
If you choose to disable cookies at the browser level, some websites may
operate differently or may not be able to access certain sections. Some cookies
are essential to navigate the Portal and use all of
its features.
Cookies are essential for the functioning of the Internet and ensure a
more efficient operation of the website, enriching the browsing experience, for
example by:
· remembering the
settings, so that they do not need to be changed whenever the user accesses a
new page;
· saving the information
entered (e.g. username, language, browser type, etc.).
For further information on cookies and privacy, please refer to the
documentation on the Portal of the Italian Supervisory Authority at the
following link: https://www.garanteprivacy.it/home/ricerca/-/search/key/cookie.
It is possible to manage cookies with some applications on the web, such
as the following link: https://www.cookiesandyou.com/.
Technical and
profiling cookies
The technical, functional,
and technical-analytical cookies ensure normal navigation and use of the
website; without the use of these cookies some operations could not be carried
out or would be more complex or less secure.
Profiling cookies, on the other hand, are used to
create user-related profiles and can be used to send promotional messages in
line with the preferences expressed, or for analysis and reports on such
preferences.
The use of technical, functional, and technical-analytical
cookies is necessary for the transmission of electronic
communications or for the provision of service requested by customers. They may
be either “session cookies”, i.e. saved exclusively for the duration of
navigation until the closure of users’ browsers, or “persistent cookies”, i.e.
saved in the memory of users’ devices until deletion or expiration. Pursuant to
the applicable legislation, these cookies do not require users’ consent. Some
functions can be anyway disables, also through the aforementioned application (https://www.cookiesandyou.com/).
First-Party Cookies and Third-Party Cookies
The cookies sent from our Portal are called
first-party cookies.
We also allow third parties
to send cookies to users’ devices. The difference concerns the control by the
person sending the cookies. Although we allow third parties to access the
Portal to send cookies to users’ devices, we do not have any control over the
information provided and we do not have access to those data.
This information is fully
controlled by third parties as described in their privacy policy. Reference is
therefore to be made to their respective policies.
The external services placing cookies on our
Portal are the following: Google Analytics and Google Tag Manager.
When users access the site
and login, these are the cookies generated:
_ga
_gat_UA-117796346-1
_gat_UA-117796346-2
_gat_UA-117796346-3
_gid
sid
Cookies starting with _g are related to Google
Analytics and Google Tag Manager.
Sid is the cookie to keep the session active (to avoid
login).
Google Analytics
This Portal uses Google Analytics, a web analytics service provided by
Google, Inc. (hereinafter “Google”).
Google Analytics uses cookies, which are text files stored on your
computer to enable the Portal to analyse how users use the Portal (they are
behaviour cookies analysed for statistics purposes). The information generated
by the cookies about your use of the Portal (including your anonymous IP
address) will be transmitted and stored on Google's servers. Further
information on Google's use of the Analytics are available at the following
link:
https://support.google.com/analytics/answer/2763052?hl=it.
Google will use this information for the purpose of examining the use of
the Portal, preparing activity reports and providing other services related to
the Portal's activities and Internet usage. Google may also transfer this
information to third parties where required by law or where such third parties
process the information on Google's behalf. Google will not associate users’ IP
address with any other data held by Google. Users may refuse the use of cookies
by selecting the appropriate settings on their browser, but this may prevent
the full functionality of this Portal. By using this Portal, users consent to
the processing of their data by Google in the manner and for the purposes set
out above.
Google Tag
Manager is a tag management system allowing to quickly and
easily update tracking codes and related code fragments, collectively known as
tags, on users’ website or in the mobile app. If a small segment of Tag Manager
code is added to a project, users can easily and securely deploy tag
configuration analysis and measurement from a web-based user interface.
UPDATES AND
AMENDMENTS |
Any update of this Information will be promptly communicated
by appropriate means. Furthermore, should the Data Controller intend to process
any Data Subjects’ data for purposes other than those referred to in this
Information, it will priorly notify it to the Data Subjects and process data only
after receiving the Data Subjects’ consent, where necessary.
V_11_2019 |