- Data Controller
- Type of data, purpose of the processing and legal basis
- Compulsory nature of the provision of data
- Processing methods, data recipients and data processors
- Data transfer outside EU
- Retention period of personal data (Data Retention)
- Your rights
- Security measures
- Amendments to the present legislation
The Company FRANCHI UMBERTO MARMI S.PA., as Data Controller, informs you that, in compliance with art. 13 of the EU Regulation 2016/679 (“Regulation”) and Legislative Decree 196/2003 (“Privacy Code”), as recently amended by Legislative Decree 101/2018 (“Legislation”), the processing of your personal data takes place in an appropriate manner to guarantee security and confidentiality, and is carried out by means of hard copy records, computer and electronic media as detailed in this information.
Personal data: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is an individual who can be identified, directly or indirectly, through an identifier such as a name, an identification number, location data, an online identification number or through one or more characteristic features of his or her physical, physiological, genetic, psychic, economic, cultural or social identity.
Processing: any operation or set of operations, performed on personal data or on sets of personal data, whether or not by automated means, such as collection, registration, organisation, structuring, retention, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or combination, restriction, erasure or destruction.
Categories of personal data: information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data and biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation.
Data Controller: the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of personal data processing.
Data Processor: a natural or legal person, public authority, service or other body, which processes personal data on behalf of the Data Controller.
The processing of your personal data is carried out by FRANCHI UMBERTO MARMI SPA as Data Controller pursuant to and for the purposes of the Regulations, who can be contacted for any need regarding the processing of your data, at the following addresses:
- Company name: FRANCHI UMBERTO MARMI SPA
- Registered office address: 54033 Carrara, Via Del Bravo, n° 14-16
- Telephone number: 0585 70057
- Email contact: firstname.lastname@example.org
The personal data that FRANCHI UMBERTO MARMI SPA processes are only those that are provided by users such as: IP address, personal identification data (such as name, surname, e-mail address) released during navigation and for registration made on our institutional site. They are used by the Controller to manage the site and preferences relating to the products on the site, as well as to follow up on your requests for information. Your specific data are not processed.
Your personal data collected is processed for the following purposes:
A – For marketing activities (newsletters, sending promotional-advertising material relating to news, initiatives and offers concerning FRANCHI UMBERTRO MARMI SPA’s products). The processing put in place for these purposes requires specific consent from the interested party
B – For sending commercial and promotional communications following the purchase of one of our products or in the context of the potential sale of the same through the “preferences” function (so-called soft spam). Following the purchase of one of our products, or in the context of a potential sale, we will send to the e-mail address you provided us with during the purchase phase, communications containing our commercial proposals on products and services similar to those purchased. The legal basis of the processing is the legitimate interest of the Data Controller. In fact, pursuant to art. 130 of the Privacy Code, the processing put in place for this purpose does not require a specific consent from the interested party who, however, at the time of sending any communication made, is informed of the possibility of opposing the processing at any time by exercising the so-called opt-out to stop such communications.
C- For administrative-accounting purposes and for the management of orders. The legal basis of the processing is the execution of the existing contract between the Parties and the legal obligations.
D – To allow for correct navigation on the FRANCHI UMBERTO MARMI SPA website, as well as the correct use of the various functions and pages of the same.
The transfer of your data is:
- Optional for purposes A) referred to in the previous point. In the absence of specific consent for these purposes, no processing can be carried out on your data;
- For purpose B), the data used have already been collected by the Data Controller to pursue the different purposes indicated above. Therefore, the provision of data by you is not expressly requested as the Data Controller already has it;
- Compulsory for purpose C). Failure to provide data makes it impossible to properly fulfil legal obligations and execute the contract.
- Optional for purpose D). Failure to provide data will make it impossible to correctly navigate the site and use the site’s features to the full extent.
The processing can be carried out through the collection, registration, storage and processing of data with both paper and electronic tools. The data will be collected, processed, communicated and stored for the time strictly necessary to pursue the purposes described. The collected data will be stored and kept at the Data Controller’s address.
The data may be disclosed to subsidiaries, parent companies, affiliates or companies otherwise associated with the Company. The communication of data will be carried out within the limits strictly necessary for the execution of the obligations, tasks and purposes described. In no case will the data be disclosed. Your personal data are processed by the systems and staff of FRANCHI UMBERTO MARMI SPA, specifically authorised pursuant to art. 4, paragraph 10 of the EU Regulation, and designated pursuant to art. 2 quaterdecies of Legislative Decree 196/2003, which processes data following precise instructions from the Data Controller.
The Data Controller may also make use of third parties for the execution of some activities that could involve the processing of your personal data, appointing them as Processors pursuant to art. 28 GDPR and providing them with specific instructions. These third parties may belong to the following categories by way of example and not limited to: financial operators, internet providers, companies specialised in IT services, consulting companies. A specific and updated list of these subjects is available at the registered offices of the Data Controller, and can be consulted at the request of the Data Subject.
Finally, your data may be transmitted to the police forces and to the judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, as well as to allow FRANCHI UMBERTO MARMI SPA to exercise or protect your own or third party rights before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others, in compliance with the provisions of art. 2-sexies of legislative Decree 101/2018.
Some of the third parties referred to in the previous paragraph may be based in non-EU States, States that nevertheless offer an adequate level of data protection, as determined by specific decisions of the European Commission should a so-called “decision of adequacy” be made.
The transfer of your personal data to third parties residing or located in countries that do not belong to the European Union and that do not ensure adequate levels of protection will be carried out only with your consent or after a previous conclusion between FRANCHI UMBERTO MARMI SPA. and said subjects of specific agreements, containing safeguard clauses and appropriate guarantees for the protection of your personal data (so-called “standard contractual clauses”), also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of a contract between you and FRANCHI UMBERTO MARMI SPA or for the management of your requests.
We inform you that your data will be kept for a limited period of time, for the purposes indicated in paragraph 4 above, and in any case for a period not exceeding:
- 24 months from collection in relation to marketing purposes;
- 10 years from collection in relation to the administrative-accounting purposes, only in reference to the data necessary for accounting-administrative and tax purposes;
- 1 month from the collection for the activities related to the so-called soft-spam (cf. point 4, lett. B).
It is specified that for the purpose B) above, you can exercise the right to opt-out to no longer receive this type of commercial communications. The Data Controller will therefore remove you from the dedicated mailing list.
At the end of these periods, your data will be permanently deleted automatically
Right to Access and Rectification (Arts 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be corrected, modified or integrated. If you wish, we will provide you with a copy of your data in our possession.
Right to delete data (Art. 17 of the Regulation): in the cases provided for by current legislation, you can request the cancellation of your personal data. Once your request has been received and analysed, we will end the processing and delete your personal data, where found legitimate.
Right to limit processing (Article 18 of the Regulation): you have the right to request the limitation of the processing of your personal data in the case of unlawful processing or dispute of the accuracy of personal data by the interested party.
Right to the portability of data (Article 20 of the Regulation): you have the right to request to obtain your personal data from the Data Controller in order to transmit them to another Data Controller, in the cases provided for in the article referred to.
RIGHT TO LODGE A COMPLAINT (Art. 77 of the Regulation and art. 141 of Legislative Decree 101/2018): you have the right to lodge a complaint with the competent Authority for the protection of Personal Data if you believe that a violation of your rights has occurred, or is in progress, in relation to the processing of your personal data.
Right to withdraw consent given (Art. 13 of the Regulation): for the processing of personal data that find their legal basis exclusively on your consent, you have the right to revoke the consent given at any time by contacting the Data Controller.
You can exercise your rights at any time with reference to the specific processing of your personal data by the Data Controller by sending the same specific request for the exercise of rights to the addresses indicated in point 3.
Further information about the rights of the Data Subject can be obtained by asking the Data Controller for a complete extract of the articles mentioned above. Without prejudice to what has been expressed so far, we remind you that the above rights can also be exercised by anyone who has an interest of their own, or acts for your protection, as your agent, or for family reasons worthy of protection, pursuant to art. 2-terdecies of Legislative Decree 101/2018.
The Data Controller adopts adequate security measures to safeguard the confidentiality, integrity, completeness and availability of the data subject’s personal data. Technical, logistical and organisational measures are developed which aim to prevent damage, even accidental losses, alterations, improper and unauthorised use of the data processed.
We regularly test, assess and evaluate the effectiveness of security measures, in order to guarantee continuous improvement in the security of processing.
The constant evolution of our services may lead to changes in the characteristics of the processing of your personal data described so far. This privacy statement may undergo changes and additions over time, as necessary due to new regulatory interventions regarding the protection of personal data, or the evolution/modification of our services.
We therefore invite you to periodically check the contents of our information where possible; we shall endeavour to promptly inform you of the changes made and their consequences. In any case, should the purposes of the processing change, we will renew the request for specific consent.