Privacy

Mod. IS01-18

Information on the processing of personal data.
(Articles 13 and 14 of EUROPEAN REGULATION N. 679/2016)

Premise.
The following information is intended for all individuals who visit and interact with this e-commerce website of Ferrino SpA by Calicantus Srl, the so-called web store ("e-shop"), where products can be purchased online. The e-shop is managed by Calicantus Srl on behalf of Ferrino SpA, which is responsible for managing sales and transactions carried out within the Ferrino SpA e-shop (for example, order management, product sales and delivery, returns and warranty management, and other activities necessary for the sale of products through the e-shop) as an external data controller formally appointed and accountable by the undersigned company.
Please note that Ferrino SpA and Calicantus Srl have entered into a contract defining their respective responsibilities regarding compliance with the obligations arising from the European Regulation. Adequate information on the essential content of the contract will be available to you by contacting the Data Controller, whose contact details are provided below.

Dear Navigator,
The undersigned Ferrino SpA by Calicantus Srl, with registered office in Via L. Mazzon 30 - 30020 Quarto D'Altino - (VE), Fiscal Code and VAT number 03757590272, as “Data Controller”, informs you, pursuant to Articles 13 and 14 of European Regulation no. 679/2016 (hereinafter “EU Regulation”), that your data will be processed as indicated below:

1. Object of the Processing
The Data Controller informs you that your personal identification data (e.g., first name, last name, company name, address, telephone number, email address, bank and/or payment details, etc.), hereinafter referred to as "personal data" or simply "data," whether collected verbally, directly or through third parties in the past, or collected in the future, may be processed in full compliance with the EU Regulation. The Data Controller processes your data lawfully, specifically for the performance of a contract to which you are a party or for the implementation of pre-contractual measures (e.g., preparing a quote, etc.) requested by you (Article 6 of the EU Regulation).

Data processing means any operation or set of operations concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, or destruction of data.

2. Legal basis and purpose of the processing
Legal basis: EU Regulation No. 679/2016
A) without your express consent (art. 6 letters b), c), e) of the EU Regulation), for the following purposes:
- to manage access to the e-shop services and facilitate the purchase of products online, as well as to allow your registration on the e-shop and the possible conclusion of the purchase contract via the e-shop;
- fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you;
- allow you to access the e-shop, even as a non-logged-in user, and to browse the e-shop;
- allow you to register on the Site by creating an account and to use the services reserved for registered users, including, in particular, the ability to purchase through the e-shop; - allow you to access the e-shop and browse the e-shop as a logged-in user;
- maintain and manage your account;
- store data and information in your account, such as, for example, your personal data, your order history and any returns, your preferred delivery and/or billing addresses;
- allow you to add products to your cart and complete the purchase agreement via the e-shop.
- to fulfill the obligations arising from the purchase contract concluded through the e-shop, such as, for example, the delivery of the products sold;
- to enable you to fulfill your obligations arising from the purchase contract concluded through the e-shop, such as, for example, payment, including online, for the products purchased;
- for general assistance and customer care activities and therefore to respond to requests for information from users or to respond to complaints, reports, and disputes;
- fulfill obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for example in anti-money laundering matters);
- exercise the rights of the Data Controller, for example the right to defense in court;
- for general accounting purposes;
- for management purposes (invoicing, possible document management, etc.);
- for credit management;
- for statistical analysis and quality control;
- for insurance management;
- for technical assistance.
In particular, your data will be processed for purposes related to the implementation of the following obligations, relating to legislative or contractual obligations:
- Technical and functional access to the site, no data is retained after the browser is closed;
- Advanced browsing purposes or personalized content management;
- Statistical and navigation and user analysis purposes.

B) Only with your specific and separate consent (Article 7 of the EU Regulation), for the following commercial and/or marketing and/or profiling purposes:
- sending newsletters, commercial communications, and/or advertising material about products or services offered by the Data Controller via email, post, and/or text message and/or telephone contact and/or surveying your level of satisfaction with the quality of services provided at your request;
- sending commercial and/or promotional communications from third parties (for example, business partners) via email, post, and/or text message and/or telephone contact.

3. Processing methods
Your personal data is processed using the operations indicated in Article 4(2) of the EU Regulation, specifically: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, and blocking. Your personal data is processed both on paper and electronically and/or automatically (in any case, using methods suitable to ensure data security and confidentiality).

4. Data retention periods and other information.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no longer than the legal deadlines from the termination of the relationship for the Purposes of the existing relationship (e.g., the data necessary for the execution of the purchase contract until delivery of the product or, in the event of non-delivery, until the contract is terminated).
With reference to personal data processed for marketing purposes or for profiling purposes, they will be retained in compliance with the principle of proportionality and in any case until the purposes of the processing have been achieved or until the data subject withdraws their specific consent.
Specifically, the Data Controller will process the data for no longer than 2 years from the date of data collection for Marketing Purposes and one year for data collected for Profiling Purposes.
The personal data you provide will be processed "lawfully, fairly, and transparently," protecting your privacy and your rights.
A periodic annual review of the data processed is expected, as well as the possibility of deleting it if it is no longer necessary for the intended purposes.

5. Access to data
Your data may be made accessible for the purposes referred to in the previous points 2.A) and 2.B):
- to members, employees, and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators;
- to third-party companies or other entities that perform outsourced activities on behalf of the Data Controller, in their capacity as external data processors (for example: partnerships, lawyers, data processing companies, certification bodies, accounting/tax consultants, and generally to all bodies responsible for audits and controls regarding the proper fulfillment of the purposes indicated above, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, financial offices, municipal authorities and/or municipal offices, consultants and service companies and for workplace safety, who may in turn disclose the data, or grant access to it within their member companies, users, and their assignees for specific market research purposes. The data collected and processed may also be disclosed, in Italy and abroad, to subcontractors, suppliers, IT systems management companies, carriers, freight forwarders, and customs agents).
For the sake of brevity, a detailed list of these figures is available at our office and is at your disposal.

6. Communication of data
Without the need for express consent (Article 6, letters b) and c) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in point 2.A) above to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those parties to whom communication is required by law for the fulfillment of the purposes indicated above.
These entities will process the data in their capacity as independent data controllers.
During and after browsing, your data may be communicated to third parties, in particular to:
- Google: Advertising Service, Advertising Targeting, Analytics/Measurement, Content Personalization, Optimization;
- Google AdWords: Advertising Service, Advertising Targeting, Analytics/Measurement, Content Personalization, Optimization;
- Google Analytics: Advertising Targeting, Analytics/Measurement, Optimization.

Your data will not be disclosed.

7. Data transfer
Personal data is stored on devices located at the Data Controller's headquarters or with providers within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to transfer data to countries outside the EU. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will be carried out in compliance with applicable laws, subject to the stipulation of contractual clauses and standard checks required by the European Commission.
The Data Controller has implemented appropriate technical and organizational measures to ensure an adequate level of security for both the data stored on its devices and any data stored at providers, in full compliance with Article 32 of the EU Regulation.
Browsing: Your browsing data may also be transferred, limited to the purposes indicated above, to the following countries: - EU countries, - United States.
Cookie management: If you have any doubts or concerns about the use of cookies, you can always intervene to prevent them from being set and read, for example by changing the privacy settings in your browser to block certain types of cookies.
Since each browser, and often different versions of the same browser, also differ significantly from each other, if you prefer to act independently through your browser preferences you can find detailed information on the necessary procedure in your browser's guide.

8. Nature of the provision of data and consequences of refusal to respond
Providing data for the purposes set out in point 2.A) above is mandatory. Without it, we will not be able to guarantee the Services indicated in point 2.A) (for example, failure to provide the data will make it impossible for the user to conclude this contract and therefore make purchases through the e-shop).

Providing data for the purposes referred to in point 2.B) above is optional. You can therefore decide not to provide any data or to subsequently object to the processing of data already provided. In this case, you will not receive newsletters, commercial communications, advertising materials, and/or anything else related to the Services offered by the Data Controller.
You will still be entitled to the Services referred to in point 2.A).

9. Rights of the interested party
As a data subject, you have the rights set forth in Article 15 of the EU Regulation below, specifically:
1. You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right of the data subject to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning him or her or to object to such processing;
f) the right to lodge a complaint with a supervisory authority (the Data Protection Authority);
(g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, pursuant to Article 22, paragraphs 1 and 4 of the EU Regulation, and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
2. If your personal data is transferred to a third country or to an international organization, you have the right to be informed of the existence of adequate safeguards pursuant to art. 46 of the EU Regulation relating to the transfer.
3. The Data Controller will provide you with a copy of your personal data undergoing processing if you request it.
If you request additional copies, the Data Controller may charge a reasonable fee based on administrative costs. If you submit the request electronically, and unless you indicate otherwise, the information will be provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Furthermore, where applicable, you can enjoy the rights set out in Articles 16 to 22 of the EU Regulation and specifically you have:
- the right to rectification of personal data;
- the right to be forgotten (right to erasure);
- the right to restriction of processing;
- the right to data portability;
- the right to object;
- the right to lodge a complaint with the Guarantor Authority.
You also have the right to withdraw any consent you have already given at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

10. How to exercise your rights
You may exercise your rights at any time by sending:
- a registered letter with return receipt to the undersigned (see the address indicated on the letterhead);
- an email to ferrino@help.calicant.us

11. Minors
The Data Controller's services and the basis of the existing relationship with you do not involve the intentional acquisition of personal information relating to minors. If information on minors is inadvertently collected, the Data Controller will delete it promptly, upon request of the interested party.

12. Personal data not obtained from the data subject
It may happen that we are not the data controller to whom you provided your personal data, but are a joint data controller or external data processor, and therefore your data may have been disclosed to us as a result of a contract between the parties. In this case, we will do everything possible to ensure that you have been informed and have consented to the processing. You may ask us at any time to determine the source of your data.

13. Owner and managers
Below, we provide you with some information you need to know, not only to comply with legal obligations, but also because transparency and fairness towards our customers are a fundamental part of our business.
Data Controller. The Data Controller of your personal data is Ferrino SpA by Calicantus Srl, acting on behalf of its legal representative. The legal representative is responsible for the legitimate and proper use of your personal data and you can contact him for any information or requests at the following numbers: telephone +39 02 92853584, email: ferrino@help.calicant.us.
Data Processors. The updated list of data processors is kept at the Data Controller's headquarters.