PRIVACY POLICY – COOKIE POLICY
Drafted pursuant to Article 13 of Regulation (EU) 2016/679
WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation” or “GDPR”), this notice describes the methods of processing personal data of users who consult the website www.fintyre.it (hereinafter the “Website”).
This information does not apply to other websites, pages, or online services accessible via hyperlinks that may be published on the Website but refer to resources outside the fintyre.it domain.
DATA CONTROLLER
FINTYRE S.P.A. (hereinafter the “Controller”) with registered office at Via Cascina Bruciata 2/4 – 24068 Seriate (BG).
Contact email: privacy@fintyre.it
DATA PROTECTION OFFICER (DPO)
The Controller is not required to appoint a Data Protection Officer pursuant to Article 37 of the Regulation.
TYPES OF DATA PROCESSED
1. Browsing data
The computer systems and software procedures used to operate this Website acquire, during their normal functioning, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This data includes, by way of example: IP addresses, domain names of the computers used by users who connect to the Website, URI (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, and other parameters relating to the user’s operating system and IT environment.
Such data is used solely for the purpose of checking the proper functioning of the Website and is deleted immediately after processing, unless required for the investigation of offences by judicial authorities.
2. Data provided voluntarily by the user
The optional, explicit, and voluntary sending of messages to the contact addresses on the Website entails the acquisition of the sender’s contact details, necessary to reply, as well as any personal data included in the communications.
3. Data collected through contact forms
Completing the contact form available on the Website entails the acquisition of the personal data entered by the user, including first and last name, company name, VAT number, type of business, city, province, email address, phone number, and message content.
This data is processed by the Controller exclusively to:
• respond to requests for information or assistance;
• provide quotes or commercial proposals;
• manage any pre-contractual or contractual relationships with the requesting party.
Providing the data marked with an asterisk (*) is mandatory in order to process the request.
The legal basis of the processing is the performance of pre-contractual measures adopted at the data subject’s request (Art. 6, para. 1, letter b of the GDPR).
Data is stored for the time strictly necessary to fulfil the request and, in any case, no longer than 12 months from the last relevant contact, unless the relationship results in a contract or a longer retention period required by law.
4. Data relating to the reseller reserved area
The reserved area of the Website is accessible only to contracted resellers, to whom the Controller provides login credentials directly.
Authentication and usage data relating to the reserved area are processed solely for administrative purposes and for managing the ongoing commercial relationship, on the basis of Art. 6, para. 1, letter b of the GDPR (performance of contractual obligations).
5. Cookies and other tracking systems
The Website does not use profiling, analytics, or marketing cookies, either proprietary or third-party.
Only technical cookies are used, necessary for the correct operation of the pages and, residually, for authentication of system administrators or resellers in the reserved area.
Such cookies do not collect personal data and do not require user consent.
PURPOSES AND LEGAL BASES OF PROCESSING
Personal data collected through the Website is processed for the following purposes:
• ensuring the technical functioning of the Website;
• managing communications with users and responding to requests received via forms or contact addresses;
• allowing access to and use of the reseller reserved area;
• complying with legal obligations and requests from competent authorities.
The legal bases for the processing are:
• performance of contractual or pre-contractual obligations (Art. 6, para. 1, letter b GDPR);
• compliance with legal obligations (Art. 6, para. 1, letter c GDPR);
• the Controller’s legitimate interest in proper functioning and security of the Website (Art. 6, para. 1, letter f GDPR).
METHODS OF PROCESSING AND SECURITY
Data is processed using IT and telematic tools, adopting appropriate technical and organizational measures to ensure a level of security proportionate to the risk.
The IT systems used to manage the Website are located within the territory of the European Union.
No data transfers to third countries are envisaged.
RETENTION PERIOD
• Browsing data: deleted after 7 days, unless required for judicial purposes.
• Contact form data: retained for up to 12 months from the last relevant contact.
• Reseller reserved area data: retained for the duration of the contractual relationship and according to legal obligations.
DATA RECIPIENTS
Data may be processed by personnel of the Controller expressly authorized and by IT service providers appointed as Data Processors pursuant to Art. 28 of the GDPR.
The updated list of processors is available at the Controller’s registered office.
DATA SUBJECTS’ RIGHTS
Data subjects have the right, in the cases provided for, to obtain access to their personal data and its rectification or erasure, restriction of processing, data portability, and to object to the processing (Arts. 15–22 GDPR).
Requests should be sent to privacy@fintyre.it.
RIGHT TO LODGE A COMPLAINT
Data subjects who believe that the processing of their personal data violates the Regulation have the right to lodge a complaint with the Italian Data Protection Authority, as provided for by Art. 77 of the GDPR, or to seek judicial remedy (Art. 79 GDPR).
UPDATES
This notice is subject to periodic updates. The updated version is always available on this page.