Privacy

A) PRIVACY POLICY INFORMATION

We are reporting below the key information pursuant to Article 13 of the Legislative Decree no. 196 date June 30th 2003 (hereinafter, “Privacy Code”) and article 13 of the EC Regulation no. 2016/679 (hereinafter, “GDPR”) regarding your personal data processing by FBK SRL – owner of the handling – Viale del Ghisallo 20 , 20151 Milano (MI) ITALIA (hereinafter the Controller), fiscal code and VAT number 11817860155, when you:

• visit our Website fbk.it and use the services offered
• to execute your request and for any related commercial activities
• became a Customer and share with us some information and data

B) DATA PROCESSING

1. Subject matter of the processing

The Controller processes the personal data, identification and non-sensitive data (such as, but not limited to, name, surname, corporate name, address, telephone, e-mail – hereinafter referred to as “personal data” or simply “data”) you supply during your registration on the www.fbk.it Website of the Controller (hereinafter , “Website”), when taking part in opinion polls and satisfaction surveys, when you fill in any forms through the Website to register at any events or webinars organized by the Controller, when you ask for on-line clarifications or make any request of support or newsletter request, when you became a Customer and start to share information and data related to a Controller application solutions.

2. Purpose of the processing

Your personal data is processed:

A) without your express consent (art. 24 a), b), c) of the Privacy Code and art. 6 b), e) of the GDPR), for the following Service Purposes:

• Website management and maintenance;
• to allow any use of the Services that may be requested by users;
• to take part –through the Website– in any initiatives organized by the Controller (such as events);
• to process a contact request;
• to fulfil any obligations according to the law, to any regulation, to any European Community standards or to any Authorities’ orders;
• to prevent or find out any frauds or abuses harmful to the Website;
• to exercise any rights of the Controller, such as to represent one's interests in front of the court.

In the above-mentioned cases, the legal basis of your personal data processing consists in performing a contract with you or rendering the service you specifically requested or fulfil a legal obligation or protect our legitimate interest.

B) only upon your specific consent (articles 23 and 130 of the Privacy Code and art. 7 of the GDPR), for the following Other Purposes:

• to send you by e-mail any opinion polls and satisfaction surveys, newsletters and/or invitations to events, or register at any events organized by the Controller or which the latter is part of.

3. Modes of processing

Processing of your personal data is made according to the operations specified at article 4 of the Privacy Code and article 4 no. 2) of the GDPR, namely: collection, recording, organization, storage, interrogation, processing, editing, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data is subject to both hardcopy and electronic/automated processing.

4. Data retention time

The Controller shall process your personal data for the time required to fulfil the above-mentioned purposes and in any case no more than 10 years from termination of the relationship for Service Purposes.

5. Safety measures

The Controller has adopted various safety measures to protect your data against any risks of loss, abuse or alteration. In particular, the Controller has adopted the measures specified in articles 32-34 of the Privacy Code and article 32 of the GDPR; the Controller

6. Data Access

Your data may be made accessible for the purposes specified in articles 2.A) and 2.B):

• to employees and co-operators of the Controller, acting as persons in charge and /or internal representatives of the processing;
• to third-party companies or other entities that perform any outsourcing activities on behalf of the Controller acting as persons in charge of the processing.

7. Data communication

Without your express consent (according to art. 24 a), b), d) of the Privacy Code and art. 6 b) and c) of the GDPR), the Controller shall be allowed to communicate your data for the purposes specified in article 2.A) to any Surveillance institutions, Judicial Authorities as well as to any other entities communication to which is required by the Law to fulfil the mentioned purposes. Your data will not be disclosed.

8. Data Transfer

Processing and retention of the personal data will occur in Europe, on servers placed in Italy or in any other countries of the European Union, which are owned by and exclusively used by the Controller and/or third-party companies entrusted with the task and duly appointed for this purpose.

9. Nature of the data supply and consequences of the refusal to respond

Data supply for the purposes specified in article 2.A) is compulsory. Failing this, we will not be able to guarantee registration to the Website or any Services mentioned in article 2.A). Data supply for the purposes specified in article 2.B) is optional. Therefore you may decide not to supply any data or deny, at a later step, the possibility to process the data already supplied: in such case, you will not be able to receive by e-mail any invitations to events, newsletters and opinion polls or satisfaction surveys. In any case you will continue to be entitled to the Service specified in article 2.A).

10. Rights of the person involved

As the person involved, you will have the rights specified in article 7 of the Privacy Code and art. 15 of the GDPR, namely the rights to:

• i. get confirmation of the existence or non-existence of your personal data, even though not yet recorded, and their communication in a comprehensible form;
• ii. get indication of: a) the personal data origin; b) the processing purposes and modes; c) the logic applied in case of processing carried out with the help of electronic devices; d) identification data of the Controller, of the persons in charge and of the representatives appointed pursuant to article 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, of the GDPR; e) of the entities or categories of entities to which the personal data can be disclosed or that can be made aware of as representatives appointed in the area of the Country, by persons in charge or representatives;
• iii. get: a) updating, amendment or, if you have any interest in, supplement of data; b) deletion, change to anonymous status or blocking of the data processed in breach of the law, including any data for which retention is not required with regard to the purposes for which such data has been collected or subsequently processed ; c) confirmation that the operations mentioned at a) and b) above have been disclosed, along with their content, to those people to which data has been communicated to or disclosed, except in case such fulfilment turns out to be impossible or implies a use of means that is clearly disproportionate compared to the right protected;
• iv. take position, in whole or in part: a) for legitimate reasons against processing of your personal data, even though in line with data collection purposes; b) against processing of your personal data for the purposes of sending any advertisements or direct sales or carrying out market researches or commercial communications, through the use of automated calling systems without the action of an operator, by e-mail and/or by traditional marketing means such as telephone calls and/or standard mail. The above-mentioned right of the involved person to take such position against direct marketing by automated systems extends to the traditional means, but the involved person preserves the right to object even in part. Therefore, the involved person may decide to receive exclusively communications by traditional means or by automated means, or neither.

Where applicable, you also have the right mentioned in articles 16-21 GDPR (Right of response, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right of complaint to the Authorities.

11. How to exercise your rights

At any moment you will be able to exercise your rights mentioned at point 10) above, by sending:

• a registered letter with acknowledgement of receipt to FBK SRL, Viale del Ghigsallo n. 20, 20151 Milano (MI);
• an e-mail to privacy@fbk.it

12. Minors

This Website and Services of the Controller are not destined for persons under 18 years of age and the Controller shall not intentionally collect any personal information related to minors. In case any information about minors is involuntarily recorded, the Controller shall promptly delete it, on the user’s request.

13. Controller, person in charge and representatives

The Processing Controller is FBKI SRL, having registered office in 20124 Milano (MI), via Benedetto Marcello, 6, Fiscal Code 11817860155 (hereinafter “Controller”), e-mail privacy@fbk.it

The updated list of the persons in charge and representatives of the processing is available at the Controller’s premises.

14. Changes to this Information Form

This Information Form may be subject to changes. Therefore you are recommended to check this Information Form regularly, and to make reference to the most up-to-date version. In any case the updated version of the policy privacy is published in this page, with indication of the last modification date.

Last modified on May 24th 2018.