Information on the processing of personal data
pursuant to the European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data (in short, “GDPR”)
Femea Milano, in person of its pro-tempore legal representative, as owner of the personal data collected directly from the person concerned, provides this information pursuant to article 13, GDPR (in short, “Information”).
In any case, security will be guaranteed logical and physical data and, in general, the confidentiality of personal data processed, implementing all the necessary technical and organizational measures to guarantee their security.
A) Identity and contact details of the Owner
Lucia Fabiana Scrudato
largo Ettore De Ruggiero 19
00162 Roma
P .IVA 1139112100
B)Purpose of the processing to which the personal data and relative legal basis are intended.
Your personal data will be processed:
(i) without consent for the following purposes:
online account registration, newsletter subscription, order management, product purchases, sales and deliveries and related monitoring, customer service management, payment management, returns and repairs management, contact management with the customer, management of vouchers and discounts,
administrative and accounting management and related fulfillments (issuing of receipts, invoices, preparation of payments) any protection of credit positions and defense in court,
internal statistics, analysis and business management, as well as, in relation to to the contact data provided during the contract, to send advertising of similar products with the right to immediate cancellation upon request;
The above treatments respond to the following legal bases respectively:
fulfillment of a contract or pre-contractual measures, satisfaction of a request of the concerned – condition of lawfulness of article 6, letter b) GDPR;
igo of law to which the Data Controller is subjected – condition of lawfulness of article 6, letter c) GDPR – or for ascertaining, exercising or defending a right in judicial proceedings;
pursuit of a legitimate interest of the Data Controller – condition of lawfulness of article 6, letter f) GDPR – relating to the improvement of company operations and market surveys, to the improvement of services provided to its customers,
direct marketing and customer loyalty. data, marked in the form with (*), for the purposes referred to in the previous section (i) is mandatory and the lack of data and / or the possible refusal to treat will make it impossible for the Owner to execute the contract or to the pre-contractual measures, to the fulfillment of the obligation with eventual non-fulfillment and responsibility of the interested party also to sanctions contemplated by the legal system.
(ii) with your consent (article 7, GDPR), for the following purposes:
marketing activities of various types, including the promotion of products and services, the distribution of posters and material of an informative and promotional nature on paper and / or digital, sending newsletters and commercial communications via e-mail, invitations,
profiling activities of various kinds, including analysis of behavior for promotional purposes, creation of lists for promotional purposes, commercial communication and dispatch of newsletters, processing profiles for the provision of targeted and customized services for the client’s needs.
The provision of data for the purposes referred to in section (ii) above is optional, with the consequence that you may decide not to provide your consent, or to withdraw it at any time. For these treatments, automated processes are used through the use of software that in any case provide for human decision-making aimed at avoiding unintended consequences for the data subject, always limited in any case to the receipt of communications from the Data Controller.
C) Categories of recipients of personal data
For the purposes referred to in the previous paragraph the personal data you provide may be communicated or made accessible:
to employees and collaborators of the Data Controller,in their capacity as authorized data processing personnel (or so-called “data processors”),
to third parties who carry out outsourced activities on behalf of the Data Controller, in their capacity as Data Processors, including:
service providers for management of the information system and of the telecommunications networks and to the company in charge of managing e-commerce, service providers for managing the archiving of paper and / or computerized documentation, service providers for the management of customer assistance activities , also through internet sites (eg call centers, help desks, etc.), service providers for the management of commercial communication activities, freelancers, studios or companies in the field of assistance and consultancy relationships, also for control of corporate organizational management;
banks and credit and insurance institutions for carrying out economic activities (payments / incas yes) and insurance companies,
subjects that carry out operations of control, revision and certification of the activities carried out by Femea also in the interest of customers,
to judicial or supervisory authorities, administrations, public bodies and organizations (national and foreign); Femea legal entities.
The complete and up-to-date list of Data Processors is available on written request at info@femea.it.
D) Storage and transfer of personal data abroad
The management and storage of personal data takes place in the cloud and on servers located within and outside the European Union owned and / or available to the Data Controller and / or third party companies, duly appointed as Data Processors.
Your personal data will not be disclosed.
E) Period of storage of personal dataThe personal data collected for the purposes indicated in the previous paragraph (B), section (i) will be year processed and stored for the entire duration of the established contractual relationship.
Starting from the date of termination of this relationship, for any reason or cause, the data will be kept for the duration of the applicable statutory terms, 10 years.
Personal data collected for the purposes indicated in the previous paragraph (B), section (ii) will be processed and stored for the time necessary for the fulfillment of these purposes and in any case for a period not exceeding 24 months for marketing and 12 months for profiling from the date on which we receive your consent.
conservation, the data will be destroyed or made anonymous.
F) Rights exercisable
In accordance with the provisions of Chapter III, Section I, GDPR, you can exercise by simply sending a request by e-mail to the address of the owner info @ femea. it the rights therein indicated and in particular:
Access right – Obtain confirmation that your personal data is being processed and whether or not, receive information r elative, in particular, to: purposes of processing, categories of personal data processed and storage period, recipients to whom these may be communicated (article 15, GDPR),
right of rectification – Obtaining, without unjustified delay, the correction of inaccurate personal data that concern you and the integration of incomplete personal data (article 16, GDPR),
Right to cancellation – Obtain, without unjustified delay, the deletion of personal data concerning you, in the cases provided for by the GDPR (article 17, GDPR),
Right of limitation – Obtain the limitation of the processing, in the cases provided for by the GDPR (article 18, GDPR)
Right to portability – Receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you, and obtain that the same are transmitted to another holder without impediment, in the cases provided for by the GDPR (article 20, GDPR)
Opposition right – Oppose the treatment of the personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing (Article 21, GDPR)
The right to lodge a complaint with the supervisory authority – Propose a complaint to the Guarantor Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).