With this document ("Information"), the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing for your personal data and the rights granted to you by Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR")..

This Information concerns exclusively the processing of personal data relating to the website: www.fingen.it (the “Site”); any third-party websites the data subject can access though links are still subject to the privacy policy provided by the operator of the relevant third-party website. Please consult such documents prior to browsing third-party websites.

1. Who is the Data Controller?

The data controller is Fingen S.p.A. ("Fingen" or the "Data Controller"), with registered office in 50123 Florence (Italy), Piazza Strozzi No. 1, which you can contact in order to exercise your rights as listed in Article 8 hereof, as well as to gather any information, at the following addresses: Fingen S.p.A., 50123, Florence (Italy), Piazza Strozzi, No. 1; e-mail: info@fingen.it.

2. What personal data do we process?

2.1 Specific requests

Following a specific request made by you and for the purposes set forth in Article 3 hereof, the Data Controller processes the following personal data:

• common and contact data, such as name, surname, address, telephone number, e-mail address and other contact details.

2.2 Browsing data

The IT systems and the computer programs used to operate the Site collect certain personal data whose transmission is inherent in the use of Internet communication protocols (e.g., the IP addresses or domain names of the computers used by the users who visit the Site, the URI - Uniform Resource Identifier - addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code about the status of the response made by the server - success, error, etc. - and any other parameters relating to the User's operating system and IT environment). Although this is information that is not collected to be associated with any identified data subjects, by its nature it could – through processing and association with data held by third parties – allow the identification of data subjects.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing.

2.3 Cookies

In some cases, personal data are collected by FINGEN by using a number of technologies, including "cookies". Cookies are made up of a series of data that a website sends to a "browser" (such as your browser). Then, this information can be saved on a computer (such as your computer) through a tag identifying the computer but not the user.

Some pages of the Site use cookies, sent by FINGEN or by any third parties, and other technologies in order to allow the technical functioning of the Site, for a better use of the Site and to perform statistical analysis activities on the use of the Site.

For more information, please see the Cookie Policy.

3. What are the purposes and the legal basis of data processing?

Data processing is necessary in order to browse the Site and to fulfill any specific request from you, such as – merely by way of example – the submission of information about FINGEN’s new developments.

The legal basis for the processing of your data is, therefore, the fulfillment of your requests pursuant to Article 6, paragraph 1, letter b) of the GDPR; as a consequence, your consent is not necessary to authorize such processing.

4. Nature of personal data processing and consequences of a refusal

The processing of your personal data is a mandatory requirement for your request to be managed; hence, your refusal to provide such data will make it impossible for the Data Controller to fulfill it.

5. Retention period of your personal data

The Data Controller will process your personal data for the purposes described above, for the time necessary for your request to be managed, and your data will be permanently deleted few weeks after submission of the request.

The Data Controller reserves the right to retain your personal browsing data under Article 2.2. hereof for a longer period of time in order to manage possible cybercrime against the Site (e.g., hacking activities).

6. Procedures for the processing of your personal data

The processing of your personal data will be in compliance with the provisions of the GDPR, through paper, IT and telematic tools, for the aforesaid purposes or otherwise by means of appropriate procedures aimed at ensuring the safety and confidentiality of such data in accordance with the provisions set forth in Article 32 of the GDPR.

7. Whom can your personal data be disclosed to and who can learn about them?

To achieve the purposes described in Article 3 hereof, your personal data will be disclosed to Fingen’s employees, external consultants and, in general, the Fingen staff who will act as persons entitled to personal data processing, specifically appointed to be in charge of such processing.

Furthermore, your personal data may be processed by the following third parties:

• providers of services for the management of IT systems;
• providers of servicing systems;
• logistics suppliers, carriers, forwarding agents;
• other service providers.

The persons belonging to the categories listed above will act, in some cases, as separate data controllers or, in other cases, as data supervisors specially appointed by the Data Controller in accordance with Article 28 of the GDPR. You may request a list of the data supervisors at any time by contacting the Data Controller at the addresses indicated in Article 1 hereof. The server farm where the Website is located is in Arezzo (ITALY), via Gobetti 96, zip code 52100, c/o DATA Center IT1.

Your personal data shall not be disclosed to any third-party companies based outside the European Economic Area; if such disclosure should become necessary, we will ensure that the recipients of your data have taken safety measures to protect them. Finally, your personal data will not be disclosed to the public.

8. Your rights as data subject

In relation to the processing described in this Information, you may exercise the rights listed in this section, as is set forth in Articles 15 to 21 of the GDPR. In particular:

• The management of your data - Right of access - Article 15 of the GDPR: the right to obtain from the Data Controller the confirmation of whether or not any personal data processing relating to you is underway and, if so, gain access to your personal data - including a copy thereof - and be notified of the following information:
  • the purposes of data processing;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  • the data retention period or the criteria used to determine it;
  • the existence of the right to ask the Data Controller to correct or delete personal data, or the limitation to the processing of the personal data of the data subject, or even the right to object to such processing;
  • the right to lodge a complaint with the competent authority;
  • the origin of the personal data, if these were not collected directly;
  • the existence of an automated decision-making process, including the profiling.
• The correction of inaccurate or incomplete information - Right of correction - Article 16 of the GDPR: the right to obtain, without undue delay, the correction of inaccurate personal data relating to you or the supplementation of incomplete personal data.
• Deletion - Right to deletion - Article 17 of the GDPR: the right to obtain, without undue delay, the deletion of personal data about you, whenever:
  • the data are no longer necessary with regard to the purposes for which they were collected or otherwise processed;
  • you have revoked your consent and there is no other legal basis for the processing;
  • you have justifiably objected to the processing of personal data;
  • the data were processed unlawfully;
  • the data must be deleted for compliance with a legal obligation;
  • the personal data were collected with regard to the provision of services of the information society under Article 8, paragraph 1 of the GDPR.
  If you no longer want your information to be used by us, you may request the deletion of your personal data. Please note that, if you request the deletion of your personal data, we may retain and use your personal data to the extent necessary to fulfill legal obligations or for the performance of a task to be carried out in the public interest or for the exercise of public authority powers granted to the Data Controller, or to establish, exercise or defend a right in a legal claim pending before a court. For example, we may retain some of your personal data due to tax-related, legal or auditing obligations.
• The limitation of processing - Right to the limitation of processing - Article 18 of the GDPR: the right to obtain the limitation of processing from the Data Controller, if:
  • you challenge the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data;
  • the processing is unlawful and you object to the deletion of personal data and would instead request that their use be limited;
  • although the Data Controller no longer needs them for the purpose of processing, you require the personal data in order to establish, exercise or defend a right in a legal claim pending before a court;
  • you have opposed the processing pursuant to Article 21, paragraph 1 of the GDPR pending verification of the possible preponderance of the Data Controller’s legitimate reasons over yours.
• Data access and portability - Right to data portability - Article 20 of the GDPR: the right to receive – in a structured format commonly usable and readable by an automatic device – the personal data that concern you and have been provided to the Data Controller and the right to disclose them to another controller without hindrance, if the processing is based on consent and is carried out by automated means. In addition, the right to ensure that your personal data will be disclosed directly by the Data Controller to another controller if this is technically feasible.
• Complaints – lodging a complaint with the competent authority on personal data, notifying the Data Protection Authority thereof, Piazza di Monte Citorio No. 121-00186 Rome (Italy), e-mail: protocollo@pec.gpdp.it or the protection authority of your place of usual residence, of work, or of the place where the alleged violation took place.

The above rights may be exercised by contacting the Data Controller at the addresses specified in Article 1 hereof. Please note that the Data Controller can ask to verify your identity before proceeding with your request.