The company Fope S.p.A., with registered office in 36100 Vicenza, 31 Via Zampieri, VAT Id. no. 00163880248, REA [Economic and Administrative Index] no. VI- 114378 ("Company"), in the person of its pro tempore legal representative, provides the following information in compliance with Art. 13 GDPR and regarding your personal data ("PD").
As regards purchases of products sold online through Fope's Customer Assistance Service, please thoroughly read the relevant Terms of Sale that regulate the terms and conditions applying to purchases made in accordance to that procedure.
1 - Data Controller and person in charge of protecting PD
1.1 The Data controller ("Controller") is Fope S.p.A.
1.2 The Controller has not appointed a DPO, as the conditions that would require the DPO appointment under law are not present.
1.3 The Controller has appointed a few third-party data processors, whose names and details may be requested at the addresses indicated below.
2 - Purposes of the PD processing
2.1 The processing purposes are related in the first place to the management of pre-contractual steps and to the exact and complete performance of the contractual relationship with the Company, in connection with the needs and the consequent fulfilment of contractual legal and fiscal obligations arising from e-commerce transactions. More in detail, the primary purposes ("Primary purposes") of the processing include the following:
• creation and management of a user account;
• preparation of quotes and order confirmations, transport documents, processing of gift cards;
• performance of the agreement, with respect to the contractual obligations related to supply or purchase of goods;
• provision of services requested through the technological and instrumental partner;
• fulfilment of legal obligations related to taxes and accounts, labour law, welfare and social security, insurance;
provision of technical assistance, consulting, even via e-mail or phone, sale of Fope's products or services.
payment of invoices issued and management of online payment tools;
prevention and detection of frauds and abuses to protect the security of our customers;
• compliance with all other statutory obligations imposed on the Company under applicable legislation.
2.2 Your PD, including those referred to your device and access (type of device, browsing, IP addresses and domain names of the terminals used, URI/URL addresses), will also be processed for the additional purposes ("Additional Purposes"), related to the registration process, as described below:
• newsletters relevant to the Fope world, notices of or invitations to events, conventions and meetings and requests for information from users;
• birthday wishes, greeting and celebration cards;
• information on opening / closing hours of Fope's offices and outlets / new products;
• profiling purposes: analysis of data collected at the beginning of and during a business relationship, including with regard to the history of purchases made and services used by a customer and the identification, even through electronic processing, of preferences and of products and services that may be of interest, and consequent product recommendations, even possibly using cookies, as described in the relevant section;
• management of promotional, advertising, business and marketing activities, whether general and/or customized (market analyses and surveys);
• geolocation and display of the position of the device through which the platform is visited, for the purpose of providing services related to the location (indication of nearest outlets) and for fraud prevention;
2.3 You ("data subject") will be free in any event to refuse your consent for the Additional Purposes.
2.4 In the event that the processing of certain specific data is essential for the development of the relationship or the performance of certain services and for compliance with statutory obligations, providing such data will be mandatory and since their processing is only permitted with the prior written consent of the data subject (arts. 9 and 10 GDPR), your consent to their processing is also needed.
2.5 It is possible that the Company may process data of third parties that you have directly provided to the Company (for instance when the person who pays the purchase price is not the same as the person to whom the product is to be shipped and delivered). In these cases, it is advisable to obtain the consent of the person to whom the data refer, before providing such data to the Company. In fact, you will be solely and exclusively liable for the provision of such data. In any event, the Company, to the extent required by applicable laws, will comply with any obligation of information to the third party, requesting this latter's consent, where necessary, for the registration of the third party's personal data in the company's records.
3 - Legal basis of the processing
3.1 The Controller shall process your PD lawfully, where the processing:
• is necessary for the performance of an agreement to which you (or one or more companies or entities of which you are a shareholder, director, manager, local manager or attorney) are a party, or for the performance of pre-contractual steps taken on request;
• is necessary to comply with a statutory obligation imposed on the Controller;
• is based on your express consent, with reference to activities connected with the Additional Purposes.
3.2 Your express consent, moreover, is not required when the processing concerns data taken from public registers, lists, deeds or documents to which anyone has access, always in accordance with the limits and procedures established by laws, regulations and EU rules for access to and publication of data, or data relevant to performance of business activities, processed in accordance with the current legislation on industrial and trade secrets.
3.3 Your express consent is not required, lastly - and if provided it will be intended to confirm the lawful nature of the processing - when the processing concerns the preparation or performance of activities connected with Primary Purposes.
4 - Consequences of failure to provide PD
4.1 As regards PD relevant to the performance of an agreement to which you (or one or more companies or entities of which you are a shareholder, director, manager, local manager or attorney) are a party or to compliance with a statutory obligation (such as requirements regarding keeping of accounting and tax records), failure to provide your PD will prevent the agreement from being stipulated or will suspend or prevent the relevant performance, as the case may be.
4.2 Data that is not required for the performance of the agreement must be qualified and considered as supplementary information and if requested, providing such data is optional.
5 - PD storage
Your PD subject to processing either for Primary and/or for Additional Purposes will be stored for as long as necessary for the mentioned purposes, and therefore throughout the term of the agreement and subsequently for as long as the Controller is subject to obligations to keep documents for tax or other purposes under laws or regulations, until completion of the relevant period of limitation.
Phone calls will only be recorded occasionally or for security, training and development purposes, as well as to prove a pre-contractual or contractual relationship.
6 - Disclosure of PD
6.1 Your PD may be disclosed to:
a) third-party professionals (such as, without limitation: lawyers, chartered accountants, web agencies, data centres and companies that manage online data storage spaces, etc.) that provide services used to achieve Primary and/or Additional Purposes and that - if the legal conditions are met - will take the role of third-party processors;
b) employees, collaborators and assistants of the Controllers acting as persons in charge and/or internal processors and/or system administrators, or the DPO, where appointed;
c) third companies or other recipients not mentioned in the preceding letters (without limitation: carriers and transport contractors, suppliers, credit institutes, professional firms, consultants, insurance companies for the supply of insurance services, factoring, leasing, etc.) that provide services used to achieve the Primary and/or Additional Purposes and that - if the legal conditions are met - will take the role of third-party processors;
d) persons who process data in performance of specific statutory obligations;
e) judicial or administrative authorities, including arbitrators, for compliance with statutory obligations;
f) publishers and editors or magazines or papers for Additional Purposes.
g) technological and instrumental partners used by the Controller for the supply of services requested by users.
6.2 In addition, the Controller may disclose your PD to an address and email management service.
7 - Profiling and diffusion of PD
We also inform you that your PD will not be diffused and communicated, without your express consent, nor will they be subjected to fully automated decision-making processes, including profiling, except for mandatory communications which may imply transfer of your data to public entities, consultants or other recipients for performance of statutory obligations. More in detail, your data may be disclosed to:
a) Public Entities or offices or supervisory authorities in relation to statutory and/or contractual obligations;
b) Banks and/or credit institutes for the management of payments related to the contractual relationship.
8 - Transfer of PD
8.1 Your PD are stored by Fope on servers located at the registered office in Vicenza (Italy).
8.2 Without prejudice to the disclosures and diffusions made in performance of statutory obligations, PD may be transferred abroad whenever this is necessary in relation to Primary Purposes.
8.3 If the PD are transferred to a third Country or an international organisation, you are entitled to be informed on the existence of appropriate safeguards in the meaning of Art. 46 GDPR.
9 - Rights of the data subject
The rights you have under the GDPR include:
• requesting from the Controller access to your PD and to the relevant information, rectification of inaccurate data or integration of incomplete data; erasure of PD concerning you (if any of the conditions under art. 17, paragraph 1 of the GDPR occurs and save for the exceptions under paragraph 3 of the same article); restriction of the processing of your PD (in the cases under art. 18, paragraph 1 of the GDPR);
• requesting and obtaining from the Controller - in the cases in which the legal basis of the processing is a contract or the consent, and the processing takes place by automated means - your PD in a structured, machine-readable format, also to transfer such data to another controller (so-called right to data portability);
• objecting at any time to the processing of your PD on grounds relating to your particular situation;
• withdrawing your consent at any time, limited to cases in which the processing is based on your consent for one or more specific purposes and concerns common personal data (such as (date and place of birth or place of residence), or particular categories of data (such as data revealing your racial or ethnic origin, political opinions, religious beliefs, health or sex life). The lawfulness of processing based on consent before its withdrawal, however, is not affected;
In particular, in order to withdraw your consent to the messaging program related to business communications, just send a specific request to that effect:
a) by following the opt-out instructions at the end of each e-mail message;
b) by sending an e-mail to firstname.lastname@example.org.
• lodging a complaint with a supervisory authority (Italian Data Protection Authority - www.garanteprivacy.it).
10 - Security measures
10.1 The Controller adopts suitable security measures to reduce to the
minimum the risks of destruction or loss, even accidental, of Personal
Data, unauthorised access or unlawful processing or processing outside the
10.2 As regards the best protection or your PD outside the control and management of the Controller, we suggest that you make sure that the computer used be provided with suitable software for the protection of data transmitted online, both incoming and outgoing (such as updated antivirus systems) and that the chosen Internet provider has adopted suitable secure data transmission methods (such as firewalls and antispam filtering).
11 - Procedures for the exercise of your rights
As data subject, you may at any time exercise your rights by sending:
- a registered letter with acknowledgement of receipt to Via Giuseppe Zampieri, 31, 36100 Vicenza, at Fope's registered office;
- an e-mail to the electronic mail address: email@example.com e PEC firstname.lastname@example.org.
12 - Updates
The company Fope S.p.A., with registered office in 36100 Vicenza, 31 Via Zampieri, VAT Id. number 00163880248, REA [Economic and Administrative Index] VI- 114378 (“Company”), provides the following policy to users in compliance with art. 13 of the Privacy Code and with the provisions of the Italian Data Protection Authority Decision no. 229 of 8 May 2014.
"Cookies": are small text files that the websites visited by a user send to the user’s terminal (usually to the browser), where they are stored to be then retransmitted to the same websites the next time they are visited by the same user. When browsing on a website, a user’s terminal may also receive cookies sent by other websites or web servers (“third parties”), containing elements (such as images, maps, sounds, specific links to pages of other domains, etc.) that are present on the website that the user is visiting. Usually, there are several cookies on a user’s browser, sometimes for a rather long period of validity, and they are used for various purposes: computer-based authentication, session tracking, storage of information on specific settings for users who access the server, etc.
"Technical cookies": are used for the only purpose of "carrying out the transmission of a communication on an electronic communication network, or to the extent strictly needed for the provider of an information society service that has been explicitly requested by the subscriber or user to provide such service " (see art. 122, para. 1, and art. 13 on the information obligation, Privacy Code). They are not used for any other purposes and are normally installed directly by the website owner or manager. They may be classified into browsing or session cookies, which ensure the normal browsing and use of a website (for instance by permitting to make a purchase or to log in to access reserved areas); cookie analytics, treated as technical cookies when used to collect information, in aggregate form, on the number of users and on how they visit the website; functionality cookies, which enable a user to navigate according to a series of selected criteria (such as language, products selected for purchase) to improve the service offered to users.
"Profiling cookies": are used to create user profiles and to send advertising messages in line with the preferences expressed by a user when browsing the Internet.
Policy and consent
1 – Intended use
• recognise you (or more precisely, the device you are using) when you log in to use our services;
• enhance and personalise communication and browsing;
• provide the best service;
• ensure a safe and efficient exploration of the website, prevent frauds and improve security.
1.2 Cookies are not harmful to the user’s device.
1.3 it is not possible through cookies to access other information stored on the user’s device.
2 – Cookies used by this website
2.1 The Company informs you that this website uses technical cookies, directly installed by the Company, which are not used for any purposes other than the functional uses described above. Their installation does not require the user’s consent. The user may set his or her browser (intended as any application for the recovery, presentation and browsing of web resources) to automatically refuse even technical cookies. However, the Company points out that if this option is selected, the user’s interaction with this website might be more difficult or impossible.
2.2 The Company informs you that this website uses profiling cookies. To use these cookies, your prior consent is required.
Such cookies are classified as:
- Statistical cookies/analytics: They are used to collect information on how users browse on our website. This information is analysed in aggregate form for statistical purposes only. They are not necessary, but useful to improve the contents and services offered by the Company, based on the indications we receive from the analysis of statistics. To use these cookies, your prior consent is required.
- Profiling cookies: they are used to create user profiles and send advertising messages in line with the preferences expressed by a user when browsing the Internet. To use these cookies, your prior consent is required.
- Third-party cookies: when browsing on this website, you will receive both cookies installed by the Company and third-party cookies.
The Company points out that with reference to cookies directly installed by the Company, if the user does not make a choice and decides to continue browsing this website, this will amount to consent to the use of those cookies.
Third-party cookies enable the Company to obtain more complete surveys on the users’ browsing habits, for example to collect information for advertising purposes, as well as to develop statistics on the use of the website and assess the users’ interest in specific contents or services.
Neither the Company nor Google will associate your IP address with other
data in their possession to identify you directly: Google Analytics
provides information in such manner as to ensure that only part of the IP
address is used for geolocation, rather than the complete address, using a
method known as IP masking.
The information collected is then processed by the Google Analytics systems to produce reports for the Company, used to verify the proper operation of the services and possibly measure the popularity of the contents offered. To disable the statistical cookies and thus prevent Google Analytics from collecting browsing data, users may download the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout .
2.4 in addition, this website uses “Social Plugins” (hereinafter buttons) for social networks such as Facebook and Twitter. These buttons are disabled by default, which means they do not send data to the respective social networks without your consent. To enable the buttons, you just need to click on them. The button will stay active until it is disabled again, or its cookies are deleted. When it is in active status, the button establishes a direct connection to the server of the respective social network. The contents associated with the button are therefore directly transmitted by the social network to your browser and connected by this latter to the webpage.
To learn more on the purpose and entity of the collection and processing/use of data by the social networks, which are entirely outside our control, users may view the privacy information and policy made available on each social network portal.
When enabling a button, the respective social network may collect a series of data regardless of your interaction with the button. If you have logged into a social network, this latter may assign your visit to this webpage to your user profile.
3. Rights of the data subject
3.1 The Company informs you that under art. 7 of the Privacy Code, users have certain rights, including the right of objecting to the processing of their data. If the user consent is required and it has been properly expressed for the purposes indicated above, users have the right at any time to change their choice by accessing this policy.
3.2 Users may at any time:
• set their browser to disable cookies or not use this website. If cookies are disabled though, the website or certain functions thereof might not operate properly.
• change the way in which cookies are used.
3.3 Users may manage the browser cookies through the browser settings: block cookies or remove those that are on their computers. Most browsers give the possibility to accept or reject all cookies or accept some of them (for example, those from specific websites). Although the steps are similar, the cookie setting method is different for each browser. For more details regarding the procedure to be followed, users may visit the website www.aboutcookies.org or view the 'Help' section of their browser.
These are the addresses of a few browsers:
• Internet Explorer: http://windows.microsoft.com/it-IT/windows7/Block-enable-or-allow-cookies ;
• Mozilla Firefox
• Apple Safari: http://www.apple.com/it/privacy/use-of-cookies/ .
To learn more on cookies and manage the preferences regarding third-party cookies, please visit www.youronlinechoices.com.