Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF WEBSITE USERS

The owner of this website, FG Art and Design srl, in compliance with the obligations deriving from the national[1] and Community legislation (hereinafter GDPR[2] or Regulation) and subsequent amendments, respects and protects the confidentiality of users/visitors, putting in place appropriate and proportionate security measures so as not to infringe their rights.

This information applies exclusively to the online activities of this site in particular to the compilation of forms, requests for information or any other form of interaction with the site that involves the communication by the user of personal data. With it, the owner aims to provide maximum transparency regarding the information that the site collects and how it uses it.

The treatment will be based on principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability.

Pursuant to Articles 13 and 14 of the GDPR and current legislation, the following information is provided regarding the processing that entity/company will perform with personal data:

Translated with www.DeepL.com/Translator (free version)

  1. Subjects of the treatment

The Data Controller is FG Art and Design srl, with registered office in Via Luigi Borghi, 821023, Gallarate, C.F./P.IVA 03108550124, who can be contacted using the e-mail address info@fgartanddesign.com, or the certified e-mail address fginterior@legalmail.it.

  1. Methods of treatment and type of data collected

The Owner adopts all the technical and organizational measures appropriate to secure the personal data processed. In particular, these measures are designed to prevent unauthorized access, disclosure, modification or destruction of data, which will be collected, processed and stored in the archives, both paper and electronic, of the Owner and / or authorized internal subjects and external managers for this purpose expressly authorized. The treatment will be carried out with the aid of both paper and computer media or electronic tools with logic of organization and processing of personal data in order to ensure the security and confidentiality.

The Owner may process some personal data of the users who interact with the web services of the site, in particular:

  • navigation data: the IP address, the addresses in URI[3] notation, the type of browser and the parameters of the device used to connect to the site, the name of the Internet Service Provider (ISP), the visitor’s origin[4] and exit web page, as well as the details relating to the date and time of the visit, the requests sent to the site server and which make it possible to navigate, may be acquired automatically by the computer systems during the use of the site. Navigation data may also be used to compile anonymous statistics that allow us to understand the use of the site and to improve its structure. Surfing data may possibly be used to ascertain illegal activities, such as computer crimes, to the detriment of the site;
  • dati anagrafici di contatto (nome e cognome, indirizzo mail, denominazione azienda e recapito telefonico), eventualmente di natura economica e fiscale (nel caso in cui, ad esempio, venga richiesta fattura), necessari per lo svolgimento dei rapporti contrattuali, in essere o futuri, con gli utenti.

Are not collected and processed in any way “special categories” of personal data, or data classified as sensitive [5].

  1. Purpose of treatment

The data provided by the user or communicated by third parties will be processed for the following purposes:

  1. registration to the website, to the services developed or made available by the Owner, use of the related information services, management of contact or information requests;
  2. Establishment of contractual relationships and consequent administrative, legal and fiscal fulfilments, as well as to allow an effective management of financial and commercial relationships;
  3. fulfilment of obligations provided for by EU and national regulations;
  4. direct marketing, i.e. sending of advertising material, promotional activities, commercial communication of products and/or services offered by the company; this activity may be performed by sending advertising/informative/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding users/customers, carried out by means of “automated” contact systems[6];
  5. verification of the correct functioning of the site and for security reasons, in order to block attempts to damage the site itself or to cause damage to other users and in any case to ascertain and repress damaging or criminal activities.

By accessing the “Contacts” section, the site allows the visitor/user to enter messages and other information. The voluntary and explicit forwarding of such information does not require the request of consent and the eventual compilation of forms specifically prepared involves the subsequent acquisition of the address and data of the visitor/user, necessary to respond to requests made and/or to provide the requested service.

The information that users of the site will make public through the services and tools made available to them are provided by the user knowingly and voluntarily, going the owner free from any liability with regard to possible violations that may be committed for the effect. It is in fact up to the user to obtain any permission to enter personal data of third parties or content protected by national and international standards.

  1. Legal basis of personal data processing

The provision of personal data for the purposes referred to in points 3-1) and 3-2) is compulsory, as the processing is related to a pre-contractual and/or contractual phase or functional to a request of the interested party or required by a specific regulation. Failure by the interested party to provide certain personal data in relation to the above-mentioned purposes could prevent the Data Controller from providing its services.

With regard to point 3-4), personal data are entered voluntarily by the interested party. The consent must be expressed through an unequivocal positive act, moreover it must be free, specific, optional and always revocable without consequences on the usability of the services, except for the impossibility for the Owner to provide some of them. In any case, the user may exercise at any time the right to object (see paragraph 9. “Rights of the interested party”).

The data collected and processed for the purposes of site security and prevention of abuse and illegal activities referred to in paragraph 3-5), as well as data for the analysis of site traffic (statistics) in aggregate form, are processed on the basis of the legitimate interest of the Owner to protect the proper functioning of the site, as well as to protect the users themselves. In such cases, the user may exercise the right to object at any time (see paragraph 9. “Rights of the interested party”).

  1. Use of Cookies

Cookies are small text files that the site sends to users’ terminals and are used to perform computer authentication, session tracking, storing information about specific configurations, storing preferences and more. This site uses cookies primarily to improve the browsing experience by measuring and analyzing aggregated and anonymized browsing data.

For information on the cookies used, as well as on the management, setting and deactivation of cookies, users can consult the relevant section of the site and follow the procedures provided for this purpose.

  1. Recipients of personal data

The data will not be disseminated by the Owner, giving knowledge to undetermined subjects in any way, even by making them available or consultation.

The data will be stored by the Owner and may instead be communicated to specific subjects defined as follows:

  • authorized subjects involved in the organization of the site[7];
  • external subject [8] delegated for this purpose to specific processing activities and duly appointed as Data Processors pursuant to art. 28 of the Regulation, in accordance with applicable legislation and limited to the purposes of the professional services required and necessary;
  • subjects whose right to access the data is recognized by provisions of law or orders of the authorities;
  • any third countries or international organizations, if for technical and/or operational reasons it is necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the European Union[9]. In this case, the processing will be regulated in accordance with the provisions of Chapter V of the GDPR and authorized according to specific decisions of the European Union and the Italian Data Protection Authority.

The complete list of all the persons in charge and authorized to process personal data can be requested by writing to the e-mail address info@fgartanddesign.com, or by regular mail at Via Luigi Borghi, 821023, Gallarate.

  1. Place of treatment

The data collected from the site are processed at the headquarters of the data controller and at the datacenter of Web Hosting. The Web Hosting (Serverplam srl unipersonal company), as Data Processor, processes personal data on behalf of the Data Controller in accordance with European standards.

  1. Period of conservation of personal data

The data collected will be processed exclusively for the purposes indicated above and stored for the time strictly necessary to provide the requested service. In any case, this period of time will not exceed 10 years, at the end of which the Owner will proceed to the automatic cancellation of the personal data collected.

  1. Rights of the interested party

The Regulations reserve specific rights to users/interested parties. In particular, the interested party may exercise at any time the right to:

  • access their personal data, obtaining confirmation as to whether or not personal data concerning them are being processed and, if so, to be informed as to the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable storage period, the existence of automated decision-making processes;
  • to obtain the rectification of inaccurate personal data concerning him/her without undue delay;
  • obtain, in the cases provided for, the cancellation of personal data concerning him without undue delay;
  • obtain, in the cases provided for, the limitation of processing;
  • to request the portability of the data he has provided to the Data Controller, i.e. to receive them in a structured, commonly used and machine-readable format, also to transmit such data to another Data Controller without hindrance from the Data Controller to whom he has provided them within the limits established by art. 20 of the Regulation;
  • to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him, in the cases provided for by the Regulation;
  • revoke his consent at any time, with the same ease with which it was granted;
  • propose a complaint to the Guarantor Authority for the Protection of Personal Data;
  • Obtain all available information on the origin of personal data, if these have not been collected from the data subject himself;
  • to be informed without undue delay in the event of a “data breach”, i.e. in the event that the violation of one’s personal data presents a high risk for one’s rights and freedoms;
  • to be informed of the existence of adequate safeguards, should personal data be transferred to a third country or to international organizations.

All of the above rights may be exercised at the request of the interested party by writing directly to info@fgartanddesign.com.

This information notice may be subject to periodic updates.

Holder of personal data treatment
FG Art and Design srl

__________________

[1] D. Legislative Decree No. 196/2003, Code on the protection of personal data, as novated by Legislative Decree 101/2018;
[2] European Regulation for the Protection of Personal Data No. 2016/679
[3] Uniform Resource Identifier;
[4] referral;
[5] pursuant to Article 4 of the Code and Article 9 of the GDPR;
[6] e.g. SMS and/or MMS, email, interactive applications;
[7] e.g., employees of the Data Controller and, if applicable, of the Data Processor, including administrative staff, sales staff, system administrators;
[8] e.g. third party technical service providers, lawyers, hosting providers, IT companies, communication agencies;es. fornitori di servizi tecnici terzi, legali, hosting provider, società informatiche, agenzie di comunicazione;
[9] in particular with Google, Facebook, Twitter, Microsoft, LinkedIn, through social plugins and the Google Analytics service.