Information pursuant to art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council
Foster S.p.A. wishes to inform you that, pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data (hereafter "European Regulation"), needs to proceed to the processing of some personal data collected automatically or provided by browsing or using the website http://www.masons.it/ (hereinafter referred to as the "Website").
Therefore, this Privacy Notice refers exclusively to the Website and does not concern other websites, pages or online services accessible via hypertext links possibly published within it.
- DATA CONTROLLER
The Data Controller is Foster S.p.A. in person of the legal representative, domiciled at the registered office of Via Via Provinciale Nazzano, 24 54031 AVENZA-CARRARA (MS) (hereinafter "Foster S.p.A." or "Data Controller").
- DATA PROTECTION OFFICER
Foster S.p.A. considering the protection of personal data as primary importance, has appointed a Data Protection Officer (DPO) who can be contacted by writing to the e-mail address firstname.lastname@example.org for any issue concerning the protection of personal data
- DEFINITION AND TYPE OF PERSONAL DATA PROCESSED
To allow the use of the Website and its services, the Data Controller needs to know and process some of your personal data. In particular, when browsing or purchasing on the Website, Foster S.p.A. deals with the following personal data (hereinafter, collectively, "Services"):
- to purchase the products on the Website: the email address, name, surname, address, telephone number, gender, date of birth, billing address.
- to subscribe to the newsletter: the email address, name, surname, gender, date of birth.
- to use the Call Center support services: personal data that will be communicated to provide the requested assistance
- to register in the personal area "my account": name, surname, email, password, gender, date of birth.
For the simple navigation of the Website, instead, below are specified the types of data processed and the related specific information for "cookies".
The IT systems and software procedures used to operate Foster S.p.A. acquire, during their normal operation, some personal data whose transmission is implicit in the use of communication protocols of the Internet.
This category of data includes: IP addresses or domain names of the computers used by users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used in submitting the request to the server the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.
These data, necessary for the use of the Website, are processed for the sole purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors per hour or daily time band, geographical areas of origin, etc.) and to check the proper functioning of the services offered. Navigation data do not persist for more than seven days and are deleted immediately after their aggregation, except for the need to assessment criminal offenses by the judicial authorities.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mail messages, as well as the compilation and forwarding of the forms on the Website and / or the sending of your curriculum vitae entail the acquisition of the sender's e-mail address, necessary to respond to your requests, as well as any other personal data included in the email, in the forms or in your curriculum vitae, if attached.
In particular, users wishing to submit their candidacy and curriculum vitae via the Website are invited to pay maximum attention to its content, not including for any reason any kind of personal data belonging to particular categories, that is personal data suitable for revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as data on health or sexual life or sexual orientation.
The Website uses the following types of cookies.
Technical and session cookies are used, i.e. small text files containing a certain amount of information exchanged between the Website and the terminal (or better with the browser used) that allow the correct operation and use of the same. C.d. persistent cookies of any kind are not used.
Profiling cookies are used. These cookies are not essential, but they help us to customize and improve your experience on the Website. For example, they help us to know and to remember preferences and to show relevant and personalized advertisements. They also allow us to limit the number of times each ad is shown, measure the effectiveness of the advertising campaign, remember the visit and share the data collected with third parties, such as advertisers. The elimination of these cookies, therefore, as long as it does not compromise the general usability of the Website, could in any case result in a limitation of some features.
Third parties can also install cookies on their device. We do not control the use of third-party cookies and, therefore, we are not responsible for their use. The third parties have their own privacy information and data collection methods. Below is a list of third-party cookies used:
- Contact Lab
To withdraw consent to these cookies you can refer to the following sites: http://www.youronlinechoices.com/uk/your-ad-choices or http://www.allaboutcookies.org/manage-cookies/index.html
The supply of all cookies is however deactivatable by intervening on the settings of your browser. It should be noted, however, how to intervene on these settings could make the Web site unusable if you block cookies essential for the supply of our services. However, each browser has different settings for deactivating cookies. The links to the instructions for the most common browsers are here Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
Possible telephone calls to the Call Center numbers indicated on the Website may entail the processing of the personal data of the caller, in order to provide the services requested by him, such as, personal data useful for handling returns or post sale assistance requests. Foster S.p.A. can also use third-party call centers that operate, always in full compliance with privacy regulations, with a specific service contract on behalf of the Data Controller, as Data Processors in accordance with Article 28 of the European Regulation.
- PURPOSE OF THE TREATMENT AND LEGAL BASIS
The personal data in possession of the Data Controller are exclusively those provided when browsing the Website and during the use of its services.
Personal data are processed for the following purposes:
- Conclude and execute the contract for the purchase of goods offered through the Website. The provision of your personal data for this purpose is mandatory, as, in case missed conferment, Foster S.p.A. would not be able to process your order and therefore you could not buy any of our products The legal basis on which the processing is based is the need to implement a contract of which you are a part and the need to fulfill legal obligations.
- Allow registration in the personal area "my account" on the Website and the use of services reserved for registered users. The provision of your personal data for this purpose is optional. However, in case of missed consent, it will not be possible to enjoy the convenience and all the services offered to you through the personal area. The legal basis on which the processing is based is its explicit consent to the processing of personal data.
- Manage requests forwarded to the Call Center. The provision of your personal data for this purpose is optional. However, in case of missed consent, it will not be possible for Foster S.p.A. process the requests that you place at our call center The legal basis on which the processing is based is its explicit consent to the processing of personal data.
- Send commercial and promotional communications containing commercial offers of products and services similar to what you have already purchased ("soft spam") using the email address provided at the time of the previous purchase. The provision of your personal data for this purpose is nonetheless optional and may be withdrawn at any time. The legal basis on which the processing is based is the legitimate interest of the Company to develop relationships with its customers and increase the volume of sales of products for which you have already expressed interest.
- With your express consent, use your email address to send commercial communications about our products and services, updating you on news, new arrivals, exclusive products, our offers and promotions. The provision of your personal data for this purpose is optional. However, in case of missed consent, it will be not possible for Foster S.p.A. to keep you constantly updated on offers and promotions reserved for our customers The legal basis on which the processing is based is its explicit consent to the processing of personal data.
- With your express consent, use your email address to offer you previews and commercial offers in line with your tastes and your purchase preferences. This personalization will be carried out by analyzing the previous purchases and other information described in the previous paragraph "Definition and type of personal data processed".The provision of your personal data for this purpose is optional. However, in the absence of such consent, it will not be possible for Foster S.p.A. send them offers in line with their tastes and preferences.
The legal basis on which the processing is based is its explicit consent to the processing of personal data.
Personal data may be processed either through IT tools or paper.
- PERIOD OF CONSERVATION OF PERSONAL DATA
The Data Controller intends to keep personal data for a period of time no longer than necessary to achieve the purposes for which it was collected and processed. With this in mind, in compliance with current regulatory provisions, including accounting, Foster S.p.A. will retain your personal data acquired through the sale of its products for a period not exceeding 10 years. Subsequently, we will provide for their cancellation, or their transformation into an anonymous form in a permanent and non-reversible manner. Regarding the processing of your personal data for the purposes of direct marketing, if it was explicitly authorized by you, in compliance with the regulatory requirements and the General Provision of the Guarantor for the protection of personal data adopted on 24 February 2015, Foster S.p.A. has decided to provide for the deletion of your personal data processed for direct marketing purposes within 24 months of their registration. Personal data processed for the purposes of profiling, however, will be deleted after 12 months from registration. The data collected by you for personnel selection activities will be kept for a period not exceeding 24 months.
With regard to other personal data, since the Data Controller cannot accurately determine the retention period of his personal data, he / she undertakes from now on to inspire the processing of his personal data to the principles of adequacy, relevance and data minimization, so as required by the European Regulations, annually verifying the need for their conservation. Therefore, once reached the purposes for which they were collected and processed, we will remove them from our systems and records and / or take appropriate measures to make them anonymous, so as to prevent you from being identified. This, except for the case in which we will need to maintain such data to comply with regulatory obligations, or to ascertain, exercise or defend our right in court.
- CATEGORIES OF ADDRESSED DATA PERSONS
The personal data processed will not be disclosed to third parties. In any case, they may be aware of your personal data in relation to the treatment purposes previously exposed:
- The subjects that can access the data in force of disposition of law foreseen by the law of the European Union or from that of the Member State to which the Data Controller is subject.
- The subjects that carry out, within the borders of the European Union, in total autonomy, as separate Data Controllers, or as Data Processors specifically appointed by Foster S.p.A., purposes auxiliary to the activities and services referred to in paragraph 4., ie banking operators, internet providers, couriers and shippers, companies carrying out marketing activities, companies providing IT infrastructures and IT assistance and consultancy services as well as designing and implementing software and Internet sites, law firms, companies that offer services useful for customizing and optimizing our services, companies that offer data analysis and development services (including those relating to user interactions with our services), service centers, companies or consultants responsible for providing additional services to the Data Controller, within the limits of the purposes for which they were collected.
- Your credit card company, the providers of anti-fraud control services connected to the payment process and (where necessary) for the activation of the anti-fraud control procedure.
Furthermore, our employees may also be aware of your personal data, provided that it is previously designated as a subject acting under the authority of the Data Controller pursuant to art. 29 of the European Regulations or as System Administrator. Any communication of your personal data will take place in full compliance with the provisions of law provided for by the European Regulations and the technical and organizational measures prepared by the Data Controller to ensure an adequate level of security.
- TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
For the provision of its services, the Data Controller may transfer personal data to third countries. In this case, we are committed to:
- ensure that the country in which your personal data will be sent guarantees an adequate level of protection, as required by article 45 of the General Data Protection Regulation ("GDPR"); or
- use the standard personal data protection clauses approved by the European Commission for the transfer of personal information outside the EEA (these are the clauses approved pursuant to Article 46.2 of the GDPR); or
- make sure, if we transfer personal data to the United States, that the third party is registered in the Privacy Shield.
For more information on the rules for transferring data to third countries, click here.
- EVENTUAL AUTOMATED DECISION MAKING PROCESSES
The Data Controller does not use automated decision-making processes, including the profiling referred to in Article 22, paragraphs 1 and 4 of the European Regulation, without his / her consent. If you consent to the profiling, the data you provide will be used to analyze or predict preferences and behavior, as well as to detect its GPS location, in order to customize the content of commercial communications and offer only products and offers dedicated to you and in line with its tastes and preferences.
In particular, they could be detected and analyzed:
- the number and type of requests for information on the products on the Website over the last 12 months;
- the number and type of costs incurred for products on the Website over a period of 12 months;
- number and type of visits to the Website in a predetermined time frame, also through profiling cookies
- RIGHTS OF THE INTERESTED PARTY
In relation to the processing of your personal data, in accordance with the European Regulation, the data subject has the right to:
- Withdraw consent to treatment at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation, as provided for by art. 7, paragraph 3, of the European Regulation.
- Ask the Data Controller for access to personal data, as provided for by art. 15 of the European Regulation.
- Obtain from the Data Controller the correction and integration of personal data deemed inaccurate, also by providing a simple supplementary statement, as provided for by art. 16 of the European Regulations.
- Obtain from the Data Controller the deletion of personal data if there is even one of the reasons provided for by art. 17 of the European Regulation.
- Obtain from the Data Controller the limitation of the processing of personal data if one of the hypotheses provided for by art. 18 of the European Regulations.
- Receive from the Data Controller personal data concerning him in a structured format, commonly used and readable by automatic device, as well as the right to transmit such data to another data controller without impediments, as provided for by art. 20 of the European Regulations.
- Oppose at any time, for reasons connected to your particular situation, to the processing of personal data carried out pursuant to art. 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions, as provided for by art. 21 of the European Regulation.
- Not be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that affect it, if it has not previously and explicitly consented, as provided for by art. 22 of the European Regulation. By way of example and not exhaustive, this category includes any form of automated processing of personal data aimed at analyzing or predicting aspects regarding consumption and purchase choices, the economic situation, interests, reliability, behavior.
- Propose a complaint to a supervisory authority (Article 77) or take appropriate judicial offices (Article 79) if it considers that the treatment that concerns you is in violation of the European Regulation. The complaint may be lodged in the Member State in which he normally resides, works or in the place where the alleged violation has occurred.
- To exercise each of your rights, you can contact the Data Controller, in the person of the legal representative, by sending a communication to email@example.com, or you can contact the Data Protection Officer, by writing to the email firstname.lastname@example.org, providing the following personal data
- Name, surname and postal address;
- Request details;
- Purchase code;
- Photocopy of a valid identity document.
- CONSENT OF MINORS IN RELATION TO THE SERVICES OF THE INFORMATION SOCIETY
It is explicitly forbidden for minors 16 years (16) to use the services provided through the Website. In consideration of the available technologies and the services provided, Foster S.p.A. has provided for systems of personal data verification to establish that consent to the processing of personal data of the minor is provided or authorized by the person exercising parental authority.By registering or purchasing on the Website, you confirm that you have reached the age of majority in your country of residence.
11. DATA BREACH POLICY
In the event that a personal data breach occurs, Foster S.p.A. has set up a crisis team and provided specific intervention procedures, in order to quickly solve the problem and give the user an appropriate communication so as to enable him to adopt appropriate precautions, aimed at minimizing the potential damage deriving from the violation itself.
In the communication of the violation, the user will be informed about:
- the name and contact details of the Data Protection Officer or other contact point where you can get more information
- the possible consequences of the violation of personal data
- the measures adopted or proposed to be adopted by the Legal Representative to remedy the violation of personal data and also, if necessary, to mitigate its possible negative effects.
- Foster S.p.A. will proceed to a public communication, or similar measure, and will not be obliged to inform you if appropriate technical and organizational measures are put in place to protect the data subject to the violation, when measures are subsequently taken to avoid new risks to users' rights, as the communication would require disproportionate efforts. In any case, it will evaluate the opportunity, even if not strictly mandatory, to keep the user updated.
Foster S.p.A. it will also communicate, within 72 hours and where necessary, the violation to the Privacy Guarantor.
For this reason, if an external manager or a sub-manager has become aware of the violation, they are required to report the violation, the first within 24 hours, the second within 12 hours of the discovery of the fact.
Any violation of personal data can be communicated by writing to email@example.com, with the necessary data to verify the identity of the holder:
- Name, surname and postal address;
- Details of the request;
- Purchase code;
- Photocopy of a valid identity document.
- CONSENT OF MINORS IN RELATION TO THE SERVICES OF THE INFORMATION SOCIETY
It is explicitly forbidden for minors 16 years (16) to use the services provided through the Website. In consideration of the available technologies and the services provided, Giglio Group s.p.a. has provided systems of personal data verification to establish that consent to the processing of personal data of the minor is provided or authorized by the person exercising parental authority. By registering or purchasing on the Website, you confirm that you have reached the age of majority in your country of residence.