Dear User,
Pursuant to Article 13 of Regulation (EU) No. 2016/679 of the European Parliament and of the Council dated 27/04/2016, hereinafter GDPR, FIVEN S.P.A. informs you of the following:
A) Purpose of Data Processing and Legal Basis
Your personal data is processed for the following service purposes:
A1) For the purpose of navigating the company website www.fiven.eu in order to ensure the security of the Site and the information exchanged on it, i.e., the ability of the Site to resist, to a certain level of security, unforeseen events or unlawful or fraudulent acts that compromise the availability, authenticity, integrity, and confidentiality of personal data stored or transmitted and the security of related services offered or made accessible;
A2) Possible acquisition of personal data (name, surname, and email address) in the event of a contact request throughthe "Contact Us" section;
A3) To fulfill administrative, accounting, and tax obligations required by law, regulations, community law, or an orderfrom the Authority (such as anti-money laundering regulations);
A4) To exercise the rights of the Data Controller (e.g., right of defense, Article 24 of the Constitution).
B) Nature of Data Provision
Your personal data subject to processing is collected directly by the Data Controller or by a subject expressly authorizedby them.
The legal basis for processing the data for the purposes of point A2) above is Article 6, paragraph 1, letter b of the Regulation (processing necessary for the performance of a contract or pre-contractual measures), as the processing isnecessary to provide services or respond to requests from the data subject. Providing Personal Data for these purposes isoptional, but failure to provide it would prevent the activation of requested services or responses to your requests.The legal basis for processing the data for the purposes of points A1), A3), and A4) is the legitimate interest pursuant to Article 6, paragraph 1, letter c of the Regulation (processing necessary to comply with a legal obligation to which the data controller is subject) and does not require your consent.
C) Data Processing Methods
The data concerning you will be processed (collection, registration, organization, storage, consultation, processing, use, interconnection, blocking, communication, erasure, and destruction) in accordance with Article 32 of the Regulation. In particular, we inform you that your personal data will be processed using manual, computer, and/or telematic tools suitable for ensuring security, storage, and confidentiality.
D) Categories of Data and Their Source
The subject of the processing consists of personal data concerning you, provided by the data subject, as well as those thatmay be transmitted later in other ways. Therefore, it is stated that the personal data being processed is collected directlyfrom the data subject.
E) Scope of Communication
Within the limits relevant to the purposes of the data processing indicated, only the authorized collaborators of the data controller, belonging to the organizational structure of the Data Controller, may become aware of the data.
It is specified that your data may be transmitted to the following recipients:
- Internal authorized persons for processing
- IT companies
- Web Master
- The list is available at the Data Controller's office.
F) Retention Period
In accordance with the "storage limitation" principle under Article 5 of Regulation (EU) No. 679/2016 (GDPR), the collected data subject to processing for the above-mentioned purposes will be stored according to the deadlines set by the law and, subsequently, for the period during which the company is subject to retention obligations for purposes requiredby law or regulations. Periodic checks are conducted on the obsolescence of stored data in relation to the purposes for which it was collected.
In any case, the data will be stored for a maximum period of:
- 5 years
G) Profiling and Data Dissemination
No profiling is foreseen.
H) Rights of the Data Subject
As the data subject, you have the rights outlined in Article 15 of the GDPR, specifically the rights to:
1. Obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and to receive this data in an intelligible form;
2. Obtain the following information: a) the source of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic tools; d) the identifying details of the controller, processors, and the representative designated under Article 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as designated representatives in the territory of the state, controllers, or authorized persons;
3. Obtain: a) the updating, rectification, or, when relevant, the supplementation of the data; b) the erasure, anonymization, or blocking of data processed in violation of the law, including data that no longer needs to be retained in relation to the purposes for which it was collected or further processed; c) confirmation that the actions referred to in letters a) and b) have been communicated, including their content, to those to whom the data was disclosed or made available, except in cases where such fulfillment proves impossible or involves a manifestly disproportionate effort compared to the right protected;
4. Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of collection; b) to the processing of personal data concerning you for the purposes of sending advertising material, direct sales, or market research or commercial communication, using automated calling systems without operator intervention, by email, and/or by traditional marketing methods such as telephone and/or postal mail. It is noted that the data subject's right to object as set out in the previous point b) for direct marketing purposes through automated methods extends to traditional methods and that the data subject still has the option to exercise the right of objection partially. Therefore, the data subject can decide to receive only communications through traditional methods, only automated communications, or neither type of communication.
5. Right to rectification of personal data when they are modified and do not correspond to those previously acquired or communicated (Article 16).
6. Right to erasure of data ("right to be forgotten," Article 17). FIVEN S.P.A. will proceed with the erasure of the data from all databases and archives where it is stored if one of the following conditions applies:
a) personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
b) the data subject withdraws consent, and there is no other legal basis for processing;
c) the data subject objects to processing under Article 21, paragraph 1, and there is no overriding legitimate reason for processing, or objects to processing under Article 21, paragraph 2;
d) personal data has been processed unlawfully;
e) personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the controller;
f) personal data was collected for offering information society services as referred to in Article 8, paragraph 1.
7. Right to restriction of processing (Article 18). The data subject has the right to obtain from the controller the restriction of processing when one of the following applies: a) the data subject contests the accuracy of personal data, for the period necessary for the controller to verify the accuracy of such data; b) processing is unlawful, and the data subject opposes the erasure of personal data and requests instead its restriction; c) although the controller no longer needs the data for processing, personal data is required by the data subject for the establishment, exercise, or defense of a legal claim; d) the data subject has objected to processing under Article 21, paragraph 1, pending verification of whether the legitimate grounds of the controller override those of the data subject.
8. Right to object (Articles 21-22): The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them under Article 6, paragraph 1, letters e) or f), including profiling based on these provisions. FIVEN S.P.A. does not subject data to decisions based solely on automated processing.
You may file a complaint with a supervisory authority (Italian Data Protection Authority – located in Rome, Piazza Venezia no. 11 - www.garanteprivacy.it).
I) Data Controller and Data Protection Officer
The Data Controller is FIVEN S.P.A., with its registered office at Via Belvedere No. 101 – 80127 Naples (Na) and operationaloffice at Via G. Porzio No. 4, Centro Direzionale di Napoli Isola E2 – 80143 Naples (Na), VAT number 05794871219.The Data Controller can be contacted at the following email address: info@fiven.eu.A Data Protection Officer (DPO) has been appointed, Emanuela Franco, who can be contacted at the following email address: emanuela@itadvice.it.
