Chat with us
FAQ

Definitions and legal references

Personal Data (or Data)

Personal data is any information that, directly or indirectly, alone or in connection with any other information, including a personal identification number, identifies or makes identifiable a natural person.

Usage Data

This refers to the information that is collected automatically through this website (including from third party applications integrated into this website), including: IP addresses or domain names of the computers used by the User connecting to this website, addresses in URI (Uniform Resource Identifier) format, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (success, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, various temporal aspects of the visit (e.g., time spent on each page), and details regarding the User’s navigation within the application, with particular reference to the sequence of pages visited, parameters related to the User’s operating system, and computing environment.

User

The individual using this website, unless otherwise specified, is the Data Subject.

Data Subject

The natural person to whom the personal data relate.

Data Processor (or Processor)

The natural or legal person, public authority, or any other entity that processes personal data on behalf of the Data Controller, as described in this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, service, or other body that, alone or jointly with others, determines the purposes and means of processing personal data and the tools adopted, including security measures related to the operation and use of this website. Unless otherwise specified, the Data Controller is the owner of this website.

This website (or this application)

The hardware or software tool that collects and processes Users’ personal data.

Service

The Service provided by this website, or more generally, the service provided by the Data Controller, also through this website and its related applications.

European Union (or EU)

Unless otherwise specified, any reference to the European Union in this document is intended to include all current member states of the European Union and the European Economic Area.

Cookie

A small amount of data stored on the User’s device.

PRIVACY POLICY

In compliance with the obligations arising from national legislation (Legislative Decree No. 196 of 30 June 2003, personal data Protection Code) and EU law (European Regulation on the protection of personal data No. 679/2016, GDPR) and subsequent amendments, this website respects and safeguards the privacy of visitors and Users, making every reasonable and proportionate effort not to infringe the rights of Users.

This privacy policy applies exclusively to the online activities of this website and is valid for the website’s visitors/users. It does not apply to information collected through channels other than this website. The purpose of this privacy notice is to provide maximum transparency regarding the information the site collects and how it is used. This policy has also been prepared with consideration for the expected and planned developments and structural changes aimed at improving the level of communication between the site and its users.

Legal basis for processing

This website processes data based on consent. By using or consulting this document, Users/visitors and Data Subjects in general explicitly approve this privacy policy and consent to the processing of their personal data in accordance with the methods and purposes described below, including, where necessary, disclosure to third parties for the provision of a service.

Providing data—and therefore consenting to its collection and processing—is optional. The User may refuse consent and may withdraw previously given consent at any time (by contacting the representatives listed in the “Contacts” section at the bottom of this document). However, refusing consent may make it impossible to provide certain services, and the browsing experience on the site may be affected.

Starting from May 25, 2018 (the date the GDPR came into effect), this website will process some data based on the legitimate interests of the Data Controller.

Note: In some jurisdictions, the Data Controller may be authorised to process personal data without the User’s consent or another of the legal basis specified below, until the User objects (“opt-out”) to such processing. However, this does not apply if the processing of personal data is governed by European data protection law;

Collected Data

For the provision of a service (including quotation and consultation activities),we ask you to provide certain data, which may vary depending on the requesting party.

If you are a private individual:

  • address, email, and password
  • other data related to the subject of the requested service
  • first and last name
  • date of birth
  • gender
  • city or municipality of residence
  • telephone number

While using the service, you can use “Contact Us” and “Chat” features to communicate with our Customer Center.

Third Party Data

  • If you provide personal data of third parties, such as those of any service beneficiaries and/or related communications, you must ensure that these individuals have been properly informed and have consented to the processing of their data, or that the processing is strictly necessary for the execution of the service and permitted under applicable data protection laws.

Data of minors under 16 years old

  • If you are under 16 years of age, you cannot provide us with any personal data nor can you register on the website. In any case, we do not assume responsibility for any false statements you may provide. Should we become aware of any untruthful declarations, we will proceed with the immediate deletion of all personal data collected.

If you are a professional:

  • company name, VAT number, contact person, email address, phone number
  • other data: professional category and full address

Access to the company website and related services

Providing such data is entirely optional; however, failure to provide it will make it impossible to access certain online services.

To access the company website and its related services, a unique User identification may be required.

If this occurs, while browsing the website you will be asked to choose and provide your access credentials (‘Username’ and ‘Password’). The username is an email address chosen by the User; the password consists of a secret combination of characters (letters and/or numbers) selected individually by the User.

For security reasons, access credentials must not be shared with anyone. In case of a data deletion request, the access credentials will be permanently deleted; as a result, they could be used by another User with the same combination and may therefore no longer be available if a new service is requested.

Like all websites, this site also uses log files in which information collected automatically during user visits is stored.

The information collected may include:

– Internet Protocol (IP) address;
– type of browser and device parameters used to connect to the site;
– name of the Internet Service Provider (ISP);
– date and time of visit;
– visitor’s referring and exit web pages (referral);
– addresses in URI (Uniform Resource Identifier) notation,

– details regarding the navigation path within the application, with particular reference to the sequence of pages visited, the operating system parameters, and the User’s computing environment

– the number of clicks, if applicable

– the size of the file received in response

– the numeric code indicating the server response status (success, error, etc.).

If you are under 16 years of age, you cannot provide us with any personal data nor can you register on the website. In any case, we do not assume responsibility for any false statements you may provide. Should we become aware of any untruthful declarations, we will proceed with the immediate deletion of all personal data collected.

General processing methods

The Data Controller implements appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of personal data. Processing is carried out using IT and digital tools, with organizational methods and logic strictly linked to the indicated purposes. In addition to the Data Controller, in some cases and to provide the requested service, other parties involved in the organization (administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to data, and when necessary, they may be appointed as Data Processors or Sub-Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Website data processing methods

The aforementioned informations are processed automatically and collected exclusively in aggregated form to verify the correct functioning of the website and for security reasons (from May 25, 2018, this information will be processed based on the legitimate interests of the Data Controller).

For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which may be used, in accordance with applicable laws, to block attempts to damage the website or to harm other Users, or for any other harmful or illegal activities. Such data are never used to identify or profile the User, but only to protect the website and its Users (from May 25, 2018, this information will be processed based on the legitimate interests of the Data Controller).

If the website allows users to post comments or if the user requests specific services, the site automatically collects and records certain identifying data, including the email address. Such data is considered to be voluntarily provided by the user at the time the service is requested. By posting a comment or other information, the user expressly accepts the privacy notice and specifically agrees that the submitted content may be freely shared, including with third parties.

The submitted data will be used exclusively to provide the requested service and only for as long as necessary to deliver it.

Any information that Users choose to make public through the services and tools provided is disclosed consciously and voluntarily by the User, thereby releasing the website owner from any liability for any potential legal violations. It is the User’s responsibility to ensure they have permission to submit third party personal data or content protected by national and international laws.

Purpose of Data Processing

The Organization will process all data provided by the client and potential client, directly or through intermediaries, potentially combined with data collected from third parties, including data available in the company database, and data obtained through phone conversations or as a result of browsing web pages or via other means for the following purposes:

  • for the calculation of an estimate aimed at the possible subsequent signing of a contract and its renewal for the provision of a service or product, either through the standard Quotation procedure or via the web portal; the purpose of Quotation includes the processing of data collected from the data subject as well as from other databases to which the data controller may have access, in order to assess operational feasibility and customer characteristics, to determine the terms of the contract, and to fulfil all legal obligations required in the course of the commissioned activity, including the prevention of fraud and the financing of terrorism.
  • Sending estimates or contracts to the requester via mail, telephone (including mobile), email, or other remote communication methods, or through a social network to which the User belongs, using the contact details voluntarily provided in the service request. The same contact details may also be used to send any expiration notices and/or service-related notifications, along with a proposal for contract renewal and any additional guarantees;
  • management and execution of the contract itself and any other activities strictly related to the conduct of the business for which the Organization is authorized under applicable law;
  • compliance with all legal obligations related to the contract or the aforementioned proposal and to the conduct of the business activity, management of judicial and extrajudicial disputes, as well as, more generally, the exercise and defence of the contracting party’s rights, fraud and counter-terrorism financing prevention and investigations, new market analysis, internal management and control, adaptation of IT systems and client relationship platforms, and statistical/tariff-related activities;
  • if customers or potential customers decide to pay for the services by payment card, data will also include the information relating to their payment card and the banking details necessary for the payment transactions.
  • Processing, monitoring and updating of any request for information, negotiation, pre-contractual and/or contractual relationship with any of the various Companies with which the Organization collaborates, and the management of activities involving operational and commercial intermediaries.
  • Communication, marketing, and sales promotion of products and services in the same category as those for which an estimate was requested, using previously provided contact details, via email, phone (including mobile), text messaging (SMS), instant messaging services, or social networks.
  • Analysis of customer satisfaction regarding products and/or services provided, for contract management and execution, via email, phone (including mobile), text messaging (SMS), instant messaging, or social networks;
  • Processing necessary to perform a task carried out in the public interest or in the exercise of official authority assigned to the Controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by third parties.

For this purpose, the Organization informs you that it will verify and update the data relating to your payment card with the designated credit and banking institutions, in order to manage your file correctly over time.

Additional Purposes of Data Processing

The non-sensitive personal data you provide may be used for additional purposes, in full compliance with the Privacy Policy under Article 13 of Regulation (EU) 2016/679, namely to provide you with and/or send you our newsletter containing informational and promotional communications related to the goods/services offered, by any means, including mail, Internet, telephone, email, MMS, SMS, from Italy or abroad (including countries outside the European Union, in compliance with applicable law), by the Company.

Data Retention Period

The storage of personal data will take place in paper and/or electronic/digital form and for the time strictly necessary to fulfil the purposes, in compliance with your privacy, current regulations, and contractual conditions (e.g., invoices, accounting documents, and data related to transactions are kept for 11 years as required by law, including tax obligations).

For data collected for a quote requested by the data subject that does not result in a contract, the data collected, in the absence of consent, will be retained only for 12 months and 15 days and then immediately deleted. If the estimation does lead to a contract, the data provided will be retained for the period determined according to the following criteria:

  • the retention obligation established by law;
  • the duration of the contractual relationship and the liabilities arising from it;
  • request for deletion by the Data Subject, if submitted.

In the event of exercising the right to be forgotten through an explicit request for the deletion of personal data processed by the Controller, please note that such data will be retained in a protected form with limited access solely for the purposes of crime detection and prevention, for a period not exceeding 12 months from the date of the request, and will thereafter be securely deleted or irreversibly anonymised.

Data collected by the website during its operation are used exclusively for the purposes indicated above and retained only for the time strictly necessary to carry out the specified activities. In any case, data collected by the website will never be provided to third parties for any reason, unless it is a legitimate request from a judicial authority and only in cases provided for by law.

Finally, we remind you that for the same purposes, data relating to electronic traffic, excluding the contents of communications, will be retained for no more than 6 years from the date of the communication, pursuant to Article 24 of Law No. 167/2017, which implemented EU Directive 2017/541 on counter-terrorism.

If you do not perform any active action (such as browsing, searches, or any other use of the service) on our web portal for a period of 27 months, you will be classified as an inactive User and your personal data will be automatically deleted.

Data used for security purposes (blocking attempts to damage the website) are retained for 7 days.

For direct marketing and profiling purposes, we retain your data for a maximum period in accordance with applicable law (24 months and 12 months, respectively).

Data Recipients

Customer and potential customer data may:

  • be accessible within the Organization to employees assigned from time to time to manage your account and the commissioned services, as well as to staff involved in the so-called “production chain.” Your data may also be shared with parties necessary for the provision of the estimation, as well as with third parties duly appointed as Processors, whose list is constantly updated by the Controller. Additionally, your data may be communicated to carry out checks aimed at preventing fraud and terrorism financing;
  • be communicated to any subsidiaries and affiliated companies in order to carry out a complete and centralized management of the relationship with the Data Subject;
  • to other parties in the sector (the so-called “production chain”) acting as counterparties (including companies or firms entrusted with management, providing assistance and legal protection services);
  • to Supervisory and Regulatory Authorities, as well as to other bodies or organisations that maintain databases to which the disclosure of data is mandatory;
  • companies providing IT and digital services, data storage, or services entrusted with management;
  • companies supporting business management activities, including postal services;
  • auditing and consulting firms; legal and tax firms; commercial information companies for the management of financial risks; companies providing services for fraud prevention and control; debt collection agencies.

Place of processing

Data are processed at the Controller’s operational offices and at any other locations where the parties involved in the processing are situated. For further information, contact the Controller.

In the case of using a Datacenter via web hosting services or cloud computing services, the User’s personal data may be transferred to a country different from the one in which the User is located. In such cases, the service provider (e.g., Google, Aruba) is responsible for processing data on behalf of the Controller and operates in accordance with European regulations. As is known, some of these services operate through servers geographically distributed across different locations, making it difficult to determine the exact place where personal data is stored.

The User has the right to obtain information regarding the legal basis for the transfer of data outside the European Union, as well as the security measures adopted by the Controller to protect the data. In case any of the transfers described above take place, the User may refer to the relevant sections of this document or request information from the Controller.

Website functionality, designed to simplify navigation by automating procedures (e.g., login, website language) and to analyse website usage.

Session cookies are essential to distinguish between connected users and help prevent a requested function from being provided to the wrong user. They are also used for security purposes to prevent cyber-attacks on the site. Session cookies do not contain personal data and last only for the current session, meaning until the browser is closed. No consent is required for their use.

The functionality cookies used by the site are strictly necessary for the use of the website. They are specifically linked to a functionality explicitly requested by the user (such as Login), and therefore do not require any consent.

Cookie

As is customary on all websites, this website also uses cookies — small text files that store information about visitors’ preferences to improve the user experience. By using the website, visitors expressly consent to the use of cookies.

Disabling Cookies

Cookies are linked to the browser used and CAN BE DISABLED DIRECTLY FROM THE BROWSER, thus refusing/withdrawing consent to their use. Please note that disabling cookies may prevent the proper functioning of certain features of the website.
Instructions for disabling cookies can be found at the following web pages:

Mozilla FirefoxMicrosoft Internet ExplorerMicrosoft EdgeGoogle ChromeOperaApple Safari

Third party cookies and viewing content from external platforms

This website also acts as an intermediary for third-party cookies, which are used to provide additional services and features to visitors and to improve the site’s usability, such as social media buttons or embedded videos. This site has no control over third-party cookies, as they are entirely managed by those third parties. As a result, information on the use and purposes of these cookies, as well as instructions on how to disable them, is provided directly by the third parties on the pages listed below.

In particular, while browsing our website, you may encounter the use of cookies from the following third parties:

Google Analytics: an analysis tool by Google that, through the use of cookies (performance cookies), collects anonymous browsing data (IPs truncated to the last octet) and exclusively aggregated data for the purpose of examining how users use the site, compiling reports on site activity, and providing other information, including the number of visitors and the pages viewed. Google may also transfer this information to third parties where required by law or where such third parties process the information on Google’s behalf. Google will not associate the IP address with any other data held by Google. The data transmitted to Google is stored on Google’s servers in the United States.
Under a specific agreement with Google, which is designated as the data processor, Google undertakes to process the data according to the instructions given by the Data Controller (see the end of this notice), as specified through the software settings. Under these settings, advertising and data-sharing options are disabled.

Further information about Google Analytics cookies can be found on the Google Analytics Cookie Usage on Websites page.

The User can selectively disable data collection by Google Analytics by installing the dedicated component provided by Google on their browser.

– YouTube: a video-sharing platform owned by Google that uses cookies to collect information about users and their browsing devices. The videos embedded on this site do not transmit cookies upon page access, as the “enhanced privacy mode (no cookies)” option has been enabled. Under this setting, YouTube does not store information about visitors unless they voluntarily play the video.

cookie: test_cookie (doubleclick.net) is not a permanent cookie; it is used to check whether the user’s browser supports cookies.

For further information on how Google uses and processes data, it is recommended to review the details provided on the dedicated Google page, as well as the page titled How Google uses information from sites or apps that use our services.

Social Network Plugin

This website also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on your preferred social networks. These plugins are programmed not to set any cookies when the page is accessed, in order to safeguard Users’ privacy. Cookies are only set, if required by the social networks, when the User actively and voluntarily uses the plugin. Please note that if the User is browsing while logged into the social network, they have already consented to the use of cookies transmitted via this website at the time of registration with the social network.

The collection and use of information obtained through the plugin are governed by the respective privacy policies of the social networks, which should be consulted.

Facebook – (link informativa cookie)
Twitter – (link informativa cookie)
LinkedIn – (link informativa cookie)
Google+ – (link informativa cookie).

With regard to cookies installed by third parties, the User can also manage their settings and withdraw consent using the tools described in the third party’s privacy policy or by contacting the third party directly.

Without prejudice to the above, the User may make use of the information provided by the EDAA (EU), the Network Advertising Initiative (USA), the Digital Advertising Alliance (USA), the DAAC (Canada), the DDAI (Japan), or other similar services. These services allow users to manage their tracking preferences for most advertising tools. The Data Controller therefore recommends that Users make use of these resources in addition to the information provided in this document.

Transfer of data to Non-EU Countries

This website may share some of the collected data with services located outside the European Union, particularly with Google, Facebook, and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized based on specific decisions by the European Union and the Data Protection Authority, in particular decision 1250/2016 (Privacy Shield – see the information page of the Italian Data Protection Authority), and therefore no additional consent is required. The aforementioned companies guarantee their adherence to the Privacy Shield.

Security Measures

This website processes Users data lawfully and correctly, adopting appropriate security measures to prevent unauthorised access, disclosure, alteration, or destruction of data. Processing is carried out using IT and/or digital tools, with organisational methods and logic strictly related to the stated purposes. In addition to the Controller, in some cases, data may be accessed by categories of personnel involved in the organisation of the website (administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies).

User Rights

Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the User may, in accordance with the procedures and within the limits provided by applicable law, exercise the following rights:

-request confirmation of the existence of personal data concerning them (right of access);
-know its origin;

– receive intelligible communication of it;

– obtain information about the logic, methods, and purposes of the processing;

– request their updating, rectification, integration, deletion, anonymisation, or the blocking of data processed in violation of the law, including data no longer necessary for the purposes for which they were collected;

In cases of processing based on consent, the User has the right to receive the data provided to the Controller, at their own expense, in a structured, commonly used, and machine-readable electronic format.

the right to lodge a complaint with the Supervisory Authority (Data Protection Authority – link to the Authority’s page);

– as well as, more generally, exercise all rights granted to them under applicable law.

Requests should be addressed to the Controller.

If the data is processed on the basis of legitimate interests, the rights of the data subjects are still guaranteed (with the exception of the right to data portability, which is not provided for by the regulations). In particular, the data subject retains the right to object to the processing, which may be exercised by submitting a request to the data controller.

To exercise these rights, as described below, please contact the Controller via the Privacy Office in the contacts section.

Data Controller

The data controller, pursuant to applicable laws, is the site administrator, Fulmine Group Servizi Notificazione S.R.L., represented by its current Legal Representative, who can be contacted through the CONTACTS section.

Data Processor

The data controller, pursuant to applicable laws, is the site administrator, Fulmine Group Servizi Notificazione S.R.L., represented by its current Legal Representative, who can be contacted through the CONTACTS section.

CONTACT