2) Identificaiton details of the Data Controller and Processor, Fipe System srl via guido Rossa 6 20815 Cogliate (MB) - Tel: 0296469109 Fax: 0296469889 mail: email@example.com
3) Type of data processed
Visiting and browsing of the website typically do not involve collecting and processing of the user's personal data except for the browsing data and cookies as specified below. In addition to the so-called “browsing data” (see below), personal data provided voluntarily by the user when interacting with the website or when asking to take advantage of the services offered on the website may be subject to processing. In compliance with the Privacy Code, Fipe System srl may also collect personal data concerning the user from third parties in the conduct of its activities.
4) Cookies and browsing data
_ “Session” cookies, which are deleted immediately upon closing of the browser;
_ "Persistent" cookies, which remain within the browser for a period of time. For example, these are used to recognize the device that connects to a website thus facilitating user authentication processes;
_ "Own" cookies, generated and managed directly by the operator of the website on which the user is browsing;
_ "Third-party" cookies generated and maintained by parties other than the operator of the website on which the user is browsing.
5) Cookies used on the website
The website uses the following types of cookie:
1) Own, session and persistent cookies that are needed to allow browsing of the website, for internal security and system administration purposes;
2) Third-party, session and persistent cookies needed to enable the user to use multimedia elements present on the website, such as images and video;
3) Third-party and persistent cookies used by the website to send statistical information to the Google Analytics System, through which Fipe System srl may perform statistical analysis of website accesses/visits.
The cookies used pursue exclusively statistical purposes and collect information in aggregate form. Through a couple of cookies, one of which is persistent and the other being a session cookie (expiring when browser is closed), Google Analytics also saves a log with the start and end times of the visit the website. You can prevent Google from tracking data using cookies and the subsequent processing of the data by downloading and installing the browser plug‐in from the following address:
4) Third-party and persistent cookies used by the website to include the buttons of some social networks (Facebook, Twitter, and Google+) on its pages. By selecting one of these buttons, the user can post contents of the website's pages being visited on his or her personal social-network page.
The following table shows a breakdown of the cookies on the website
6) How to disable cookies in your browser: see Cookies policy published on the website www.fipesystem.com
7) Retention of personal data
Personal data is stored and processed through computer systems owned by Fipe System srl and managed by Fipe System srl technical service providers or third parties; for more details please refer to the "scope of accessibility of personal information" section below. Personal data is processed exclusively by specifically authorized personnel, including staff carrying out extraordinary maintenance operations.
8) Data processing purposes and methods
Fipe System srl may process the user’s personal and sensitive data for the following purposes: use of the services and functionalities provided on the website by the users, management of requests and complaints from users, the sending of newsletters, management of the applications received through the website, etc. Also, with the additional and specific consent, which is optional for the user, Fipe System srl may process the personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications related to the Company's services, at the addresses indicated, through methods and/or means that may be either traditional (snail mail, phone calls with operator, etc.) or automated (internet communications, fax, emails, sms, applications for mobile devices such as smartphones and tablets ‐ so-called APPS -, social network accounts - e.g. Facebook or Twitter - telephone calls with automated operators, etc.). Personal data is processed both on paper and electronic form and entered into the information system in full respect of EU Regulation 2016/679, including security and confidentiality profiles, and inspired by the principles of correctness and lawfulness of the processing. According to EU Regulation 2016/679, the data is kept and stored until further notice.
9) Security and quality of personal data
Fipe System srl is committed to protecting the security of user's personal data and complies with the safety provisions required by the applicable regulations in order to avoid loss of data, illicit or illegal use of data and unauthorized access to data, with particular reference to the Technical Specifications regarding minimum security measures. Moreover, information systems and computer programs used by Fipe System srl are configured to minimize the use of personal and identification data; this data is processed only for meeting the specific purposes pursued from time to time. Fipe System srl uses several advanced security technologies and procedures to help protect personal data; for example, personal data is stored on secure servers located in secure and controlled-access sites. The user can help Fipe System srl to update and maintain his or her personal data correct by communicating any changes to his or her address, job title, contact information, etc.
10) Scope of communication and data access
The user's personal data may be disclosed to:
- All those whose right of access to such data is recognized by legislative measures;
- Our collaborators, employees, within their duties;
- To all those natural and/or legal, public and/or private people when the communication is needed or functional to the carrying out of our activity and in the manner and for the purposes described above;
11) The nature of provision of personal data
The provision of some personal data by the user is mandatory to allow the Company to manage the communications, requests received from the user, or to contact the user to respond to his or her request. This type of data is marked by the asterisk symbol [*] and, in this case, provision of this data is required to enable the Company to comply with the request that, lacking this provision, cannot be dealt with. Instead, the collection of other data not marked with an asterisk is optional: failure to provide this data does not have any consequences for the user. The conferment of personal data by the user for marketing purposes, as specified in the “Processing purposes and methods" is optional, and refusal to provide this data will not have any consequences. The consent granted for marketing is extended to the sending of communications through automated and/or traditional means of contact, as exemplified above.
12) Rights of the data subject
1. Article 15 (the right to access), 16 (the right to make changes) of EU Regulation 2016/679
The data subject has the right to obtain from the data controller confirmation as to whether or not his or her personal data is processed, and, in this case, to obtain access to his or her personal data and the following information:
a) The purpose of the processing;
b) The categories of personal data concerned;
c) The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or international organisations;
d) The period of retention of personal data provided or, if not possible, the criteria used to determine this period;
e) The right to ask the data controller to correct or delete his or her personal data, to restrict the processing of his or her personal data, or to oppose to processing;
f) The right to lodge a complaint with a supervisory authority;
h) The existence of an automated decision-making process, including the profiling, at least in such cases, meaningful information on the logic used, as well as the importance and the predicted consequences of such processing for the data subject.
2. Rights referred to in Article 17 of EU Regulation 2016/679 ‐ the right to deletion («the right to be forgotten»)
The data subject has the right to obtain from the data controller the deletion of his or her personal data without undue delay and the data controller has the obligation to delete, without undue delay, the personal data, in the presence of any of the following reasons:
a) The personal data that is no longer needed for the purposes for which they were collected or otherwise processed;
b) The data subject who revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing;
c) The data subject opposes to the processing according to Article 21, paragraph 1, and there is no legitimate reason to proceed with the processing, or if the data subject opposes to the processing of the data according to Article 21, paragraph 2;
d) The personal data has been unlawfully processed;
e) Personal data must be deleted in order to fulfil a legal obligation provided for by EU law or the law of the Member State governing the controller;
f) Personal data has been collected in relation to the provisions of the IT company's offer of services referred to in Article 8, paragraph 1 of EU Regulation 2016/679
3. The right referred to in Article 18 the right to the limitation of processing
The data subject has the right to obtain the limitation of processing from the data controller when one of the following cases occurs:
a) The data subject disputes the accuracy of the personal data, for the period of time required for the data controller to verify the accuracy of such personal data;
b) The processing is unlawful and the data subject opposes the deletion of the personal data and instead asks that its use is limited;
c) Although the data controller no longer needs the data for processing purposes, the personal data is needed by the data subject to ascertain, exercise or defend a legal claim;
d) The data subject has opposed to the processing according to Article 21, paragraph 1 of EU regulation 2016/679 pending the verification as ether legitimate reasons of the data controller exist with respect to that of the data subject.
4. Rights referred to in Article 20 The right to data portability
The data subject has the right to receive, in a structured, commonly used and automatically readable form, the personal data concerning him/her provided to a data controller and has the right to transmit such data to another data controller without impediments by the data controller.
13) Withdrawal of consent to the processing
The data subject has the right to withdraw consent to the processing of his/her personal data by sending a registered letter to the following address: Fipe System srl via Guido Rossa 6 20815 Cogliate (MB) accompanied by a photocopy of his/her identity document, with the following wording: <>. After that, the personal data will be removed from the archives in the shortest time possible.
If you would like more information on the processing of your personal data, or to exercise the rights referred to in paragraph 7 above, you can send a registered letter with acknowledgment of receipt to the following address: Fipe System srl via Guido Rossa 6 20815 Cogliate (MB). Before providing or editing any information to you, we may need to verify your identity by answering some questions. We will respond as soon as possible.
25 May 2018