European Regulation EU/2016/679 (hereafter “Regulation”) lays down rules relating to the protection of personal persons with regard to the processing of personal data, as well as rules relating to the free circulation of such data. In compliance with the principle of transparency provided for in art. 5 of the Rules of Procedure, the Fi.Fa. Security Srl, as Data Controller, and the companies of the Corporate Network Group called Fi.Fa. Security Network, as Joint Controllers of The Processing by virtue of a Business Network Contract to pursuant to art. 4-ter of the D.L. 10 February 2009, converted into Law No. 33 of 9 April 2009. What agreement of group synergy with the same purposes of use and processing of the data provided as well as the services provided, the
provide the information required by Art. 13 and 14 of the Rules of Procedure with reference to your Personal Data requested through the “Contact Form for the request for information”, that such processing will be based on the principles of fairness, lawfulness and transparency and the protection of your confidentiality and rights. In this regard. Please read this Policy carefully. The information is made only for the site in question and not also for other websites that may be consulted by the user via link. The information is also inspired by Resolution No. 13 of 1 March 2007 “on the Internet and e-mail” privacy guarantor, in order to identify some minimum requirements for the collection of personal data online, and, in particular, the modalities, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purposes of the link. The processing of personal information about you will be based on the principles of correctness, lawfulness
transparency and the protection of your confidentiality and rights. The legislation in question provides first of all for that anyone who carries out personal data processing is required to inform the data subject about what data
they are processed and for what purpose, therefore, in accordance with the provisions of Art. 13 of the RGDP 2016/679, we provide the following information:
IDENTIFICATION DETAILS OF THE OWNER, THE MANAGER AND THE
REPRESENTATIVE OF THE HOLDER IN THE TERRITORY OF THE STATE.
Following the consultation of this site, data may be processed relating to persons identified or
Identifiable. We would like to point out to you that the Data Controller is Fi.Fa Security Srl with its registered office in Via
Pasubio n. 57 – 63074 – San Benedetto del Tronto (AP), in the person of his legal representative pro tempore,
The joint controllers of the Processing are the following companies that are part of the Business Network Group
called Fi.Fa. Security Network Via Pasubio 57 (35.55 km) – 63074 – San Benedetto del Tronto (AP),
or: SIGLOB Cooperative Society; TARGET Commercial Team Soc. Coop; HENDAL Srl;
HENDAL Security Management Srl; SECURCOD Soc. Coop; SICREW Soc. Coop, to whom, according to
the criterion of Contitolarity, may apply without distinction for the exercise of the rights referred to in art. 15 to 23
679/2016 by registered letter, PEC or e-mail.
PLACE OF DATA PROCESSING.
The processing connected to the web services of this site takes place at the registered office of the writer and are only by technical personnel in charge of the processing, or by any persons in charge of occasional maintenance operations.
The hosting servers are located at Register.it S.p.A. Privacy Information:
No data deriving from the web service is communicated or disseminated. The personal data provided by users who request requests for information or to register for the mailing list of the site, are used for the purpose of the requested service or service.
TYPE AND NATURE OF THE DATA PROCESSED.
The IT systems and software procedures responsible for the operation of this website acquire, in the normal exercise, certain personal data whose transmission is implied in the use of the communication of the Internet.
This is information that is not collected to be associated with identified data subjects, but that for them the same nature could, through processing and associations with data held by third parties, allow identify users. this category of data includes IP addresses or domain names of computers used by users who connect to the site, addresses in Uniform Resource Identifier (URI) notation
of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response the numeric code indicating the status of the response given by the server (good end, error, etc.) and other parameters related to the user’s operating system and it environment.
This data is used for the purpose of obtaining anonymous statistical information on the use of the site and for correct operation and are deleted immediately after processing. The data could be used to establish liability in the event of hypothetical cybercrimes against of the site: save this eventuality, at present the data on web contacts do not persist for more than six months.
Data provided voluntarily by the user.
We only process/process your personal data, and will be used for the sole purpose of performing service or the required service.
Limited to the information released on this site during the preventive request phase, it may be processed personal data that can be qualified as ex-sensitive “Particulars”, i.e. data suitable to reveal the state of health.
The optional, explicit and voluntary sending of e-mail to the addresses indicated on this site involves the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data entered in the letter. Specific summary information will gradually be displayed or displayed on the pages of the site prepared for particular services on request.
DATA OF USERS UNDER THE AGE OF
In the case of the processing of child data, consent must be acquired from parents or operators of the authority if the person concerned is under the age of 18.
LEGAL BASIS AND PURPOSE OF PROCESSING
The Data is collected by us for the sole purpose of following up requests for information in related to the performance of our activity, namely:
a. provision of services based on web interface (registration of users);
b. provision of information relating to your specific request on the services of the writer;
c. purposes related to the obligations provided for by laws, regulations, Community legislation and provisions given by authorities legitimized by law;
The processing of personal data for the purposes mentioned above, does not require your express consent (art. 24, lit.
(a) and (b) of the Code and Art. 6(.b) and (c) of the GDPR).
The legal basis of the processing for common data is Art. 6 lit. b) of the GDPR or the treatment is necessary for the performance of a contract to which the person concerned is a party or for the execution of pre-contractual measures adopted at its request.
You will always have the right to object easily and free of charge, in whole or even only in part to the processing of your data for these purposes, excluding, for example, automated methods of contact and expressing its willingness to receive communications from the writer exclusively through traditional modes of contact.
OBLIGATION OR POWER TO PROVIDE THE DATA AND CONSEQUENCES OF ANY
Apart from what is specified for navigation data, the user is free to provide the personal data reported in the application forms or in any case indicated to have information about the services from the writer, or for the sending of information required.
The data required for the purposes referred to in (a), (b) and (c) above must be provided for the execution of the requested services or information. Therefore, your possible refusal, even in part, to provide such data would make it impossible to establish and manage the relationship itself and to provide the requested service.
DURATION OF PROCESSING AND RETENTION PERIOD OF PERSONAL DATA
We retain your personal data only for as long as is necessary to achieve the purposes for which collected or for any other legitimate related purpose.
We also limit access to your personal data only to those who need to use it for
Your personal data that is no longer necessary, or for which there is no longer a legal basis for the conservation, are irreversibly anonymized (and in this way can be stored) or destroyed safely, unless there are additional purposes for the conservation of the same (e.g. obligations), or to ascertain, exercise or defend a right in court.
1. Operational management and purposes closely related to this for access to the website: they may be stored for 24 months from the date on which we obtained your last consent for this purpose (for example, objection to receiving further communications) after which they will be destroyed or anonymized unless there are additional purposes for the conservation of the same (e.g. obligations tax or social security), or to ascertain, exercise or defend a right in court;
2. Operational management and strictly related purposes for requesting information: they may be stored for 24 months from the date on which we obtained your last consent for this purpose (for example,
objection to receiving further communications) once they have been destroyed or anonymized unless there are additional purposes for the conservation of the same (e.g. obligations tax or social security), or to ascertain, exercise or defend a right in court;
3. Disputes: in the event that it is defending us or acting or even making claims against you or third parties, we may retain the personal data that we deem reasonably necessary to process for those purposes, for as long as such a claim can be pursued.
METHODS OF TREATMENT
The processing of data takes place/will take place through the use of electronic tools by means of us. System computer science, and in this case they will be recorded on protected computer media, i.e. manually and the paper documentation will be properly maintained and protected by us for as long as necessary processing through appropriate procedures to ensure their security and confidentiality to prevent the loss of data in compliance with the security measures referred to in art. 32 of G.D.P.R. 2016/679, from illegal or incorrect uses unauthorized access and can be carried out both by means of paper media and through the help of automated electronic tools for the time strictly necessary to achieve the purposes for which they have been Collected.
In order to protect your information, the Data Controller makes available servers and technology adequate level of security, with encrypted transactions using the ‘SSH’ security protocol to telecommunications (Secure Shell) that allows you to establish an encrypted remote session (https).
COMMUNICATION AND DISSEMINATION
Your data will not be “disseminated” by us, by this term meaning to give knowledge to subjects indeterminate in any way, including by making them available or consulting them, unless specific consent granted by the data subject with a single act.
Your data may instead be “communicated” by us, by this term meaning to give knowledge to one or more determined subjects, in the following terms:
• persons appointed within our Company to process your data, and in particular to employees to the Administrative Office;
• to subjects who can access the data by virtue of legal provisions, regulations or regulations community law, within the limits laid down by those rules;
• to subjects who need to access your data for purposes ancillary to the relationship between you and us, within the limits strictly necessary to carry out the auxiliary tasks entrusted to them;
• our consultants, to the extent necessary to carry out their duties at our Company, or in an Outsourcing regime, as external Data Controllers after our
letter of assignment that imposes the duty of confidentiality and security in the processing of your data.
• To the companies that are the owners of the Processing, i.e. companies that are part of the Fi.Fa Group. Security Network through network contract and by virtue of a group accounting and synergy agreement with same purposes of use and processing of the data provided as well as the services provided, namely:
➢ SIGLOB Cooperative Society;
➢ TARGET Commercial Team Soc. Coop;
➢ HENDAL Srl;
➢ HENDAL Security Management Srl;
➢ SECURCOD Soc. Coop;
➢ SICREW Soc. Coop
to which, according to the criterion of contitolarity, you can apply without distinction for the exercise of the rights
In the present case, it is for the national court to determine whether, in the light of the 15 to 23 of GDPR 679/2016.
The management and storage of data will take place on servers located within the European Union of companies third parties appointed and duly appointed as Data Processors. The data will not be subject to outside the European Union. In any case, it is understood that, if necessary, we will have
the location of servers in Italy and/or the European Union and/or non-EU countries. In this case, the holder already ensures that the transfer of data outside the EU will take place in accordance with the provisions of the applicable by concluding, if necessary, agreements that ensure an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.
RIGHTS OF THE PERSONS CONCERNED.
We inform you that in your capacity as an interested party, you have pursuant to Articles 15 to 23 of the RGDP 2016/679, the rights listed below that you can assert by making a specific request to the Data Controller and/or the responsible for processing, in addition to the right to lodge a complaint with a supervisory authority:
Art. 15-Right of access
The data subject has the right to obtain confirmation from the data controller whether or not a
processing of personal data concerning him and in this case, to obtain access to personal data and information regarding the processing.
Art. 16 – Right of rectification
The data subject has the right to obtain from the data controller the rectification of inaccurate personal data that without undue delay. Taking into account the purposes of the processing, the data subject has the right to integration of incomplete personal data, including by providing a supplementary declaration.
Art. 17 – Right to cancellation (right to be forgotten)
The data subject has the right to obtain from the data controller the deletion of personal data that without undue delay and the data controller is obliged to cancel without undue personal data.
Art. 18 – Right to restrict processing
The data subject has the right to obtain from the data controller the limitation of the processing when it occurs one of the following hypotheses:
a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to
verify the accuracy of such personal data;
b) the processing is unlawful and the data subject opposes the deletion of personal data and instead asks for use is limited;
(c) although the data controller no longer needs it for the purposes of processing, personal data are necessary for the person concerned to establish, exercise or defend a right in court;
(d) the person concerned has objected to treatment under Article 21(1) pending verification of the
the possible prevalence of the legitimate reasons of the data controller over those of the data subject.
Art. 20 – Right to data portability
The data subject has the right to receive in a structured format, common use and readable by device personal data concerning him provided to a data controller and has the right to transmit data to another data controller without hindrance by the data controller to whom he has provided.
In exercising his rights with regard to data portability in accordance with paragraph 1, the data subject shall have the right to obtain the direct transmission of personal data from one data controller to another, if
Art. 21 – Right of objection
The person concerned shall have the right to object at any time, for reasons connected with his particular situation, processing of personal data concerning him within the meaning of Article 6(1)(c) or (f), including profiling on the basis of those provisions.
Art. 22 – Right not to be subjected to automated decision-making, including profiling.
The data subject has the right not to be subject to a decision based solely on the
automated, including profiling, which produces legal effects that affect it or that
similar significantly on his person.
Procedures for exercising rights
You may at any time exercise your rights or withdraw your consent by sending a communication to the addresses and in the manner indicated below,
Data of contact of the Data Controller
Fi.Fa Security Srl Company Network Manager called Fi.Fa. Security Network –
Via Pasubio 57/B in San Benedetto del Tronto (Ap) Tel. 0735.657401 – Fax +39.0735.4431143
DPO Contact Details: e-mail: email@example.com Tel. 0735/657401