PRIVACY & COOKIE
This information is provided to stakeholders, as natural persons, to natural persons operating in the name and on behalf of clients, and to legal entities of FIAB Onlus, pursuant to Art. 13 of Legislative Decree 196/2003 – “Code regarding the protection of personal data” and Art. 13 GDPR EU 2016/679 – “European regulation on the protection of personal data”.
DATA CONTROLLER INFORMATION
The Data Controller for data of natural persons or of natural persons operating in the name and on behalf of legal entities, is FIAB Onlus with registered office in Via Enrico Caviglia 3/A, 20139, Milano, Italy.
Personal data processed are those provided by the concerned party:
- during professional meetings, fairs and similar events
- while filling out the forms on the aidainbici.it website;
- when information is requested by any means of communication;
- when stakeholders visit the Company’s offices
- when Company personnel or personnel appointed by the Company visit stakeholders’ premises
- previous commercial relations
PURPOSE OF PROCESSIING
Personal data of natural persons are processed by the Data Controller for purposes strictly connected and instrumental to the management of business relationships, for administrative and accounting purposes and for purposes connected to legal requirements. In particular, personal data are processed without the express consent of the concerned party when directly provided [Art. 24, lett. a), b), c) of the Privacy Code, and Art. 6 lett. b), e) of the GDPR] for the following purposes:
- enter into agreements concerning the Data Controller’s services
- fulfil pre-contractual, contractual and tax obligations deriving from the relations existing with the concerned party;
- fulfil administrative, accounting, civil law and tax obligations required by the law, statutory provisions, EU legislation or order issued by the Authority
- carry out operations necessary for processing requests of the concerned party;
Personal data of natural persons operating in the name and on behalf of legal entities are processed by the Data Controller in order to:
- submit or fulfil requests received by all possible means of communication;
- exchange information for the implementation of contractual relationship, including pre- and post-contractual activities;
- carry out operations necessary for processing orders and other requests.
Personal data may also be processed to periodically deliver commercial information, only and exclusively if the concerned party has provided his/her consent by subscribing to the Newsletter service on the website of the Data Controller.
Personal data already held by the Data Controller may be processed for commercial communications relating to services and products of the Data Controller that are similar to those that the concerned party has previously received, unless his/her specific consent is this regard not granted (Article 130, paragraph 4 of the Privacy Code).
METHOD OF PROCESSING
The processing of personal data is carried out by means of the operations set forth in Art. 4 of the Privacy Code and Art. 4 n. 2) of the GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data can be processed on paper, as well as by electronic and/or automated means.
ACCESS TO DATA AND TRANSFER TO THIRED PARTIES
The personal data processed by the Data Controller will not be disclosed, made available to or shared with indeterminate subjects, in any possible form and for any reason whatsoever. However, they may be shared with employees of the Data Controller for the purpose of processing requests and/or fulfil contractual obligations. In particular, based on the roles and tasks performed, some employees have been entitled to process personal data, within the limits of their purview and in accordance with the instructions provided to them by the Data Controller.The personal data may also be disclosed to parties who, for purposes of processing orders or other requests or services related to the transaction or the contractual relationship between Data Controller and Data Subject, must provide goods and services on behalf of the Data Controller (by way of example: Company agents, banking institutions, tax advisors, companies operating in the transport sector, etc.).Finally, the Data Controller may share personal data with persons entitled to access them in accordance with the provisions of the law, as well as statutory provisions and EU regulations. These subjects will process data in their capacity as independent data controllers.
Personal data are stored within the European Union. The Data Controller reserves the right to use cloud services for data storage and processing, in which case the service providers are selected among those who provide adequate guarantees, as required by Art. 46 of GDPR 2016/679.
The Data Controller retains and processes personal data for the time necessary to fulfil the purpose at hand, and, in any case, until the conclusion of the business relationship. Subsequently, personal data will be kept for the time established by the current provisions on civil and tax matters.
RIGHTS OF THE CONCERNED PARTY
Pursuant to and within the limitations of Art. 7 of the Privacy Code and Articles from 15 to 22 of GDPR 2016/679, the concerned party may exercise, at any time, exercise the right to:
- request confirmation of the existence, or not, of personal data;
- receive information on purposes of processing, categories of personal data, recipients or categories of recipients with which whom the personal data was or will be shared, and, where possible, data retention timeframe;
- obtain the correction and deletion of data;
- ensure limited processing;
- receive data portability, namely, receive data from a data controller, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without hindrance;
- object to processing at any time, including in the case of processing for direct marketing purposes;
- request the Data Controller to access personal data and amend or cancel them or limit their processing or to object to their processing, in addition to the right to data portability;
- revoke the previously granted consent at any time without prejudice to lawful processing;
- submit a complaint to a supervisory authority.
HOW TO EXERCISE RIGHTS
The concerned party may exercise the aforementioned rights by sending written communication via registered mail to the Data Controller at the address above, or by email to firstname.lastname@example.org, specifying request subject and right being exercised, and attaching a photocopy of an identity document certifying the legitimacy of the request.
With reference to Art. 23 of Legislative Decree 196/2003 and Art. 6 of GDPR 2016/679, the concerned party may revoke his/her consent at any time. However, the processing of data of the concerned party is lawful and permitted, even without consent, if necessary to execute a contract of which the Data Subject is party (for the supply of products or services) or to process his/her requests.
RIGHT TO SUBMIT COMPLAINTS
The Data Subject has the right to lodge a complaint with the supervisory authority having jurisdiction over his/her country of residence.
REFUSAL TO PROVIDE DATA
Clients who are natural persons can not refuse to provide the Data Controller with personal data necessary to comply with the laws that regulate commercial transactions and taxation.The provision of additional personal data may be necessary to improve the quality and efficiency of the transaction.Therefore, refusal to provide data required by law will prevent the fulfilment of orders, while the refusal to provide additional data may compromise in whole or in part the processing of other requests and the quality and efficiency of the transaction.Persons operating in the name and on behalf of clients who are legal entities may refuse to provide their personal data to the Data Controller.However, the provision of personal data is necessary for the correct and efficient management of the contractual relationship. Therefore, any refusal to provide data may compromise the contractual relationship in whole or in part.
AUTOMATED DECISION – MAKING PROCESSES
The Data Controller does not perform automated decision-making processes on data of natural persons clients, or of natural persons operating in the name and on behalf of clients that are legal entities.
GENERAL INFORMATION ABOUT COOKIES
Total or partial disabling of cookies may affect the use of Website functions.
TYPES OF COOKIE USED
This type of cookie is strictly necessary for the correct functioning of some sections of the Website. They are divided into two categories: persistent and session.
- Persistent cookies: after closing the browser, they are not destroyed but remain until a pre-set expiry date.
- Session cookies: they are destroyed every time the browser is closed.
These cookies, always sent by our domain, are required in order to view the Website properly. Depending on the technical services offered, they will always be used and sent unless the User changes the settings in the browser (thus affecting the viewing of the pages of the Website).
The cookies in this category are used to collect information on the use of the Website. Our website will use this information for anonymous statistical analysis in order to improve the use of the Website and to make the contents more interesting and relevant to the wishes of Users. This type of cookie collects data in anonymous form about the User’s activities and how the User came upon the Website. Analytical cookies are sent from the same Website or from third-party domains.
Analysis cookies of third-party services
These cookies are used to gather information on Website use by Users in anonymous form such as pages visited, time spent, traffic sources of origin, geographic origin, age, gender and interests for the purpose of marketing campaigns. These cookies are sent from third-party domains external to the Website.
Cookies to integrate third-party software products and functions
This type of cookie integrates functions developed by third parties on the pages of the Website such as icons and preferences expressed through social networks in order to share Website contents or for using third-party software services. These cookies are sent by third-party domains and by partner websites that offer their functions on the Website pages.
On its pages, our Website integrates third-party services that might set and use their own cookies and/or similar technologies. The use of such cookies and similar technologies by such companies is governed by the privacy statement of these companies, and not by this privacy statement, since our Website is totally separate from the management of such tools and to the processing of data derived from them.
cookies are required in order to create User profiles for sending advertising
messages, in line with the preferences the User specifies on our Website pages.
WE DO NOT USE PROFILING COOKIES ON OUR WEBSITE
MANAGEMENT OF COOKIES IN YOUR BROWSER
The User can decide whether to accept the cookies or not by using the browser settings. Total or partial disabling of technical cookies may impair the use of Website functions. The User can change these settings to block cookies or to receive notification that cookies are sent to the User’s device.
browser has different procedures for managing settings, cookies and the data of
websites. Further information is available at the links given below:
Last updated: October 19, 2019