Lanificio FAISA | Prato ITALY

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

LANIFICIO FAISA SRL, located at VIA LORENZO MENABUONI 14, 59100 PRATO, tax code and VAT number 01926190974, in its capacity as Data Controller, informs you pursuant to Article 13 of EU Regulation No. 2016/679 – GDPR – that your data will be processed in the following ways and for the following purposes:

  1. Types of Data Processed The Data Controller processes personal data, known as “identification data” – such as name, surname, tax code, address, telephone number, email, etc. – provided by you when filling out the contact form or in subsequent interactions with the Data Controller. The obtained data will be used solely for the provision of the requested service. The Data Controller also processes personal data collected automatically from the website, such as cookies and usage data, including:
    • Internet protocol (IP) address;
    • Browser type;
    • Parameters of the device used to connect to the site;
    • Name of the internet service provider (ISP);
    • Date and time of visit;
    • Referring and exit web pages;
    • Possibly, the number of clicks. These data are used exclusively for statistical and analytical purposes in an aggregated form. The IP address is used solely for security purposes and is not cross-referenced with other data. No cookies are used for user profiling, nor are other tracking methods employed. Instead, session cookies (non-persistent) are used strictly as necessary for the secure and efficient navigation of the website. The storage of session cookies on user devices or browsers is under the user’s control, while on servers, session-related cookie information is recorded in service logs, with retention periods not exceeding seven days, similar to other browsing data.
  2. Purpose of Data Processing Identification personal data are processed without your explicit consent to allow the execution of the contract between you and the Company and all related activities (registration, invoicing, etc.), or pre-contractual activities such as information requested via the contact form.
  3. Processing Methods Personal data processing is carried out through the operations indicated in Article 4, No. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, extraction, communication, deletion, and destruction. The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case no longer than 10 years from the termination of the relationship. Processing is carried out using electronic and manual systems, following principles of fairness, lawfulness, and transparency, and through technical and organizational security measures to ensure an adequate level of protection.
  4. Access to Data Personal data may be made accessible for the purposes referred to in Article 2:
    • To employees and collaborators of the Data Controller, in their capacity as authorized personnel;
    • To third-party companies or other subjects – such as IT service providers, website management service providers, professionals for assistance and consultancy purposes, and private entities directly involved in the provision of the service or legally authorized to access data as External Data Processors.
  5. Data Communication Collected data will not be disseminated. Without the need for explicit consent (Article 6, letters b) and c) GDPR), the Data Controller may communicate personal data for the purposes outlined in Article 2 to regulatory authorities, judicial authorities, and other entities where data communication is mandatory by law and/or for the execution of the mandate. These subjects will process data as independent Data Controllers.
  6. Data Transfer Personal data are stored in paper archives at the Company headquarters and on servers within the European Union. For some services, it is necessary to share certain collected data with services located outside the European Union. In particular, with Google and services such as Google Analytics, Google Fonts, and Google Tag Manager, data transfer is authorized based on specific European Commission decisions or the standard contractual clauses of individual services. If necessary, the Data Controller reserves the right to relocate servers outside the EU, ensuring that any data transfer complies with applicable legal provisions, including contractual clauses established by the European Commission and adequacy decisions.
  7. Nature of Data Provision and Consequences of Refusal Providing identification personal data is mandatory and essential. Without it, we cannot guarantee the requested service.
  8. Data Subject Rights Regarding personal data processing, you have the right:
    • To be informed about the Data Controller’s details and location, processing purposes and methods, and the location of the Data Processor;
    • To obtain, from the Data Controller or Processor, without delay:
      1. Confirmation of the existence of processing of your personal data and their communication in an intelligible form;
      2. The deletion of your personal data when: I) They are no longer necessary for the purposes they were collected for, II) Consent has been withdrawn and no other legal basis for processing exists, III) Data has been unlawfully processed, IV) You have objected to the processing with no overriding legitimate reason, V) The Data Controller is legally required to delete personal data;
      3. The updating, rectification, or, if interested, integration of data;
      4. Certification that the operations in points 2) and 3) have been notified to those to whom data were communicated or disclosed, except where compliance is impossible or disproportionate to the right protected;
    • To object, for reasons related to your particular situation, to the processing of personal data under Article 6, paragraph 1, letters e) or f);
    • To object to the processing of personal data for direct marketing purposes;
    • To lodge a complaint with a supervisory authority;
    • To receive personal data in a structured, machine-readable format and transmit them to another Data Controller without impediment from the original Data Controller. When exercising data portability rights, you can request direct transmission from one Data Controller to another, if technically feasible;
    • Not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you similarly;
    • To withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal. The Data Controller provides a copy of the processed personal data. For additional copies requested, the Data Controller may charge a fee based on administrative costs.
  9. Exercising Your Rights You may exercise your rights at any time by contacting the Data Controller via:
    • Registered letter with acknowledgment of receipt to LANIFICIO FAISA SRL, VIA LORENZO MENABUONI 14, 59100 PRATO.
    • Email to: lanificiofaisa@pec.it
  10. Data Controller, Processor, and Authorized Personnel The Data Controller is LANIFICIO FAISA SRL, VIA LORENZO MENABUONI 14, 59100 PRATO. The updated list of Processors and Authorized Personnel is kept at the Data Controller’s headquarters.
btt