This Privacy Statement describes our handling of Personal Information in connection with your use of our websites, mobile apps and the services we provide. By using our websites and services, you hereby consent to these terms.
"Personal Information" refers to information that identifies you as an individual. This Privacy Statement describes how we collect, use, share, and protect, your Personal Information, and choices you have regarding your Personal Information treatment. We encourage you to read this Privacy Statement, drawn in compliance with art. 13 GDPR 2016/679 and with Recommendation n.2/2001 issued by European Autorities on May 17th 2001: personal data protection of users connecting to www.fisonline.it. Is described, with a focus on minimum requirements related to nature of collected data, ways and timing of data collection during web connection, referring to Measures issued by Italian DPA on May 8th 2018.
The Controller of your data is:
FIS S.R.L. Via Magno, 20/B - 25070 Sabbio Chiese (BS) - Italy
A list of External and internal Responsible of data processing is available on request.
General principles of personal data processing
Your personal data will be collected, stored, treated and sent complying with Controller's criteria, law's and regulations in force.
Data treatment is based on following principles:
- Lawfulness, fairness and transparency: Tell the subject what data processing will be done. What is processed must match up with how it has been described. Processing must meet the tests described in GDPR [article 5, clause 1(a)].
- Purpose limitations: Personal data can only be obtained for "specified, explicit and legitimate purposes"[article 5, clause 1(b)]. Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.
- Data minimization: Data collected on a subject should be "adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed" [article 5, clause 1(c)]. In other words, no more than the minimum amount of data should be kept for specific processing.
- Accuracy: Data must be "accurate and where necessary kept up to date" [article 5, clause 1(d)]. Baselining ensures good protection and protection against identity theft. Data holders should build rectification processes into data management / archiving activities for subject data.
- Integrity and confidentiality: Requires processors to handle data "in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage" [article 5, clause 1(f)].
- Storage limitations: Regulator expects personal data is "kept in a form which permits identification of data subjects for no longer than necessary" [article 5, clause 1(e)]. In summary, data no longer required should be removed
Type (nature) of data collected
The computer systems and software procedures used to operate this website acquire, during their normal work, some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error...) and other parameters regarding the operating system and computer environment. These data are used only to obtain anonymous statistical information on the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
The Controller will not treat nor process sensitive data, as described by art. 9 GDPR 679/2016, such as a personal data requiring special precautions on account of its nature. A sensitive data is any data that can disclose a person´s racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, health, sex life or crime sentences (art. 10 GDPR 679/2016).
Unless specifically requested, we kindly ask to users not to submit us, nor to broadcast personal sensitive data, on or through our web site. If we ever will ask such data from users, we will firstly obtain their explicit consent.
Data processing purposes
We collect, store and process your personal data in order to provide you services through our website, in compliance with law prescriptions.
Data will be collected exclusively for the following purposes:
- For an effective management of our web site an services offered therein;
- To comply with law.
Processing procedures and data safety
Your personal data will be collected and processed, electronically or through papers, exclusively for the purposes described herein, and record retention will last no longer than required or, up to when the Controller will receive your request of cancellation for treatment related to optional consent.
Your personal data will be stored in our server or our entrusted provider's server, and will be processed mainly automatically.
Your personal data are processed according to confidentiality principles listed in the measures issued by the Italian DPA. Collected data are processed by authorized personnel. All the personnel accessing to data has been previously authorized through official designation, as foreseen by law. Collected data could be periodically updated with information provided later.
We use controls, technical and managerial measures in order to protect user's personal data from unauthorized access, loss or abuses. Unfortunately, data on the Internet can't be 100% safe. Thus, even if we protect all the personal information, we can't be sure or warranty that this information will be completely protected by hackers or other criminal acts, or in case of fail/damages to software, hardware and web. The Controller will inform users whenever acknowledges security violation (data breach), related to users personal data under his control. If the users are willing to communicate us his/her personal e-mail address, he/she gives express consent to receive electronical warnings in case of security violation.
Personal data communication
Without prejudice to mandatory communication, your data might be communicated to:
a) Third Parties which we rely on for services provision and related activities, designated by the Controller.
b) Delegates in charge for technical maintenance (included web maintenance), designated by the Controller.
Anyhow, just strictly needed data, related to tasks they are in charge for, will be communicated to the abovementioned.
Personal data will not be broadcasted.
The Controller cooperate with Law Enforcement and Authorities to make users respect rules, other users and third parties rights, included intellectual property rights. Therefore your personal data might be communicated to Authorities whenever needed in case of defense, prevention, verification or repression of crimes in compliance with related laws and regulations.
Authorities will have the rights to ask and obtain your personal information also in relation to verification or investigation on swindle, web fraud, rights or intellectual property violation, hacking or other illicit actions which might involve us or our users in legal issues entailing civil or criminal responsibility.
Right and rights exercise
Complying with law in force, at any time you might:
- Be informed regarding your data presence
- Know origin, content, goals and process pattern.
- Logic underlying electronic treatment
- Details of Controller, Processor, Parties whom your data have been communicated to
Moreover you have the right of:
- Update, integrate, correct your data and rights of portability
- Cancellation, anonymization, block of your data processed against law
- Opposition to data processing, for legitimate reason, pertinent to processing
- Opposition to data processing for marketing
According to GDPR 2016/679, you have the rights to complain to Authority.
In order to exercise your right you can contact:
FIS S.R.L. - Via Magno 20/b, 25070 Sabbio Chiese (BS) Italy - Tel. +39 0365 85156 - Fax. +39 0365 85461
In case the user will ask to access to his/her personal information or cancel them from our system and registers, we will to any possible extent, within timing foreseen.
We inform our users that, due to technical limits and to the backup system, their information might be retained in our system for a certain length of time following cancellation.
All rights are due to the Controller for refuse personal data access or cancellation request, if access or cancellation are not foreseen by law. In order to safeguard from illicit requests, all rights are due for collecting sufficient information aimed to verify the identity of the applicant, before correcting or granting access.
Your data will be stored in database on our server or on our entrusted provider's server, in Italy; data transfer to Third Countries is therefore not expected.
What are cookies?
Cookies are small text files that get saved on your computer when you visit certain websites.
While browsing, you can also receive cookies on your terminal, sent from different websites or web servers (later defined as "Third Parties"), on which some elements on the site may reside.
Cookies are not harmful to your devices.
How to disable cookies
Please remember that by deleting cookies or disabling future cookies, you may not access certain web site sections or functions.
All rights are due to the Controller for changing web site and Policy at any time.
User must always refer to on line policy. Changes will be in force from the moment they will be published on the web site. If the user will keep using the web site after any change, this will be considered as an acceptance of such changes.