In compliance with art. 13 of European Regulation 2016/679 (the “Data Protection Regulation”), LA FABBRICA S.p.A. wishes to inform all users and/or visitors of the web site www.lafabbrica.it (the “Users” and the “Site”, respectively) of how it will use personal data, log files and cookies collected through the Site.
- Data Controller and Data Protection Officer
The Data Controller of personal data is LA FABBRICA S.p.A. (tax code 04662671009, VAT no. 01275570396), with registered offices at Via Emilia Ponente, 2070, 48014 – Castel Bolognese (RA), certified e-mail address email@example.com (hereinafter referred to as the “Data Controller”).
- Information is collected through the Site:
- a) automatically
- Browsing data:
The computer systems and software procedures that operate the Site acquire a number of items of personal data during ordinary operation, the transmission of which is implicit in use of internet communication protocols.
These data, which are necessary for use of web services, are also processed for the purpose of:
- obtaining statistical information on use of services
- checking that the services offered are functioning properly.
Browsing data are not kept for more than 26 months (unless required for criminal investigations by judicial authorities).
- b) provided by the user
– Data provided by the user:
Optional, explicit, voluntary submission of data by filling in various forms present on the Site involving acquisition of the sender’s contact information, necessary for fulfilling requests for contact, services, or assignment of access credentials for restricted areas on the Site.
- c) in the form of cookies
3) Type of personal data, purposes, legal basis and storage time
The personal data requested and supplied is needed to permit access to the Site and use of the following services:
Type of service: Contact Us area for products
Type of personal data collected: identifying information, contact information (such as e-mail, telephone numbers…)
Purposes: acquiring information on Site users by filling in appropriate forms in order to respond to requests to be contacted for information or sales purposes (Contact Us area)
Legal basis: consent/execution of contract
Storage time: 24 months from acquisition or from renewal of contact
Type of service: newsletter service;
Type of personal data collected: identifying information, e-mail contact information.
Purposes: to contact subscribers and send them a periodic newsletter on the company’s activities (NEWSLETTER)
Legal basis: consent
Storage time: 24 months or until consent is revoked
Data is processed for the purposes listed above in compliance with the Data Protection Regulation and all specific legislation governing the sector.
The data supplied will be processed primarily by computer under the Data Controller’s authority, by specifically appointed persons who are authorised and instructed in data processing under articles 28 and 29 of the Data Protection Regulation. Note that appropriate security measures are taken in compliance with art.5 and 32 of the Data Protection Regulation to prevent data loss, unlawful or improper use or unauthorised access.
4) Obligatory or optional nature of consent for providing data
Providing your data is optional, but you will not be able to use some of the services offered on our Site if you do not provide it.
5) In what circumstances your data may be disclosed
Data may be disclosed to the following parties, within the EU and in compliance with the Data Protection Regulation:
(1) financial authorities and/or other public authorities, where required by law or requested by them;
(2) to external organisations, parties and companies whose services the Data Controller uses for activities connected to, instrumental for or consequent upon execution of services on the Site
Information collected automatically by the Site may also be transferred to a Third Party’s cloud server outside the EU, if this type of processing is necessary to provide services on the Site. The legal basis of this processing is therefore art. 49, paragraph 1, letter b of the Data Protection Regulation.
6) Security measures
Data is processed through the Site in compliance with the applicable legislation and using appropriate security measures in compliance with current legislation, also under art. 5 and 32 of the Data Protection Regulation.
In this regard, appropriate security measures are taken to prevent unauthorised access, theft, dissemination, modification or unauthorised destruction of the data processed.
Note that you may exercise your rights under art. 15 et seq. of the Data Protection Regulation at any time by sending a written request to the Data Controller at the addresses specified, with the goal of obtaining:
- confirmation whether your personal data is held or not, identifying its origin, checking its accuracy or requesting its updating, correction or integration;
- access to or deletion of your data, or limitation of the processing thereof;
- conversion into anonymous form or freezing of data processed in violation of the law.
You may also object to processing of personal data already supplied.
With reference to the Newsletter, note that you may request cancellation of your subscription through a link or button provided for the purpose.
8) Changes to the Personal Data Protection Notice
The Data Controller reserves the right to make changes to this Personal Data Protection Notice, replacing the previous versions. This Personal Data Protection Notice was issued in January 2021.