Logo Fiapp
Contact us
scroll_to_top.svg

Privacy Policy

INFORMATION NOTICE ON THE PROCESSING OF CUSTOMERS’ PERSONAL DATA
pursuant to Articles 12, 13 and 14 of Regulation (EU) 2016/679

 

Fiapp International srl (hereinafter referred to as the “Data Controller”) Tax Code and VAT No. 02038930166, represented by its legal representative Mr. Giovanni Quarenghi, with registered office in San Paolo d’Argon – Bergamo – Via A. Volta 10, in its capacity as “Data Controller”, informs you that your personal data will be collected for the purpose of establishing the “professional relationship between the company and the customer” relating to the activity of producing custom furniture and related services requested by you, and will be processed in compliance with Articles 12, 13 and 14 of Regulation (EU) 2016/679, in order to guarantee the rights, fundamental freedoms, and dignity of natural persons, with particular reference to privacy and personal identity.

We inform you that, if the activities provided to you involve the processing of personal data of third parties under your responsibility, it will be your responsibility to ensure compliance with the applicable regulations regarding the data subjects, in order to make their processing by us legitimate.

 

 

Origin, purpose, legal basis and nature of the processed data
 
The processing of your personal data, directly provided by you, is carried out by Fiapp International srl to fulfil obligations arising from laws, regulations, EU provisions, as well as from what is contractually agreed with the assignment you have entrusted to us and concerns:
 
a) Personal data, bank details, tax and accounting data, browsing data, photographs, PEC address, CNS and SPID code, yours or your company’s, as communicated by you, processed in order to fulfil regulatory obligations regarding invoicing and administration in compliance with current legislation, regulations, EU provisions and instructions issued by authorities legally entitled by law;
 
b) Personal data, bank details, tax data, browsing data, photographs and PEC address, yours or your company’s, as communicated by you, processed in order to fulfil the contract of which you are a party and all related pre-contractual and contractual, commercial, accounting and tax activities entrusted to us, for purposes strictly connected and instrumental to the execution of the contract itself or to any of your requests;
 
c) Data related to communication methods, including interactive ones, used to exchange information with Fiapp International srl such as email addresses, landline and mobile phone numbers, and accounts for PC, tablet, smartphone communication tools that use a data or internet connection, in order to enable communication between the company and the client.
 
Your personal data collected from third parties may also be processed, always for the purposes listed above and in compliance with applicable law as well as within the limits of legal obligations and under the instruction of the competent judicial authority, or for express statutory obligations of Fiapp International srl.

 

 

Disclosure of data to third parties
 
Your personal data may be disclosed as required by law, to fulfil your requests or inherent to the assignment received, as well as any powers of attorney granted by you.
For these purposes, your personal data may be disclosed, when necessary, to:
 
– External entities acting as Data Controllers; for example, authorities and supervisory and control bodies, law enforcement or the judiciary and, in general, public or private entities entitled to request or access data under legal, regulatory or EU provisions, within the limits set by law;
 
– Employees and collaborators of the Data Controller appointed to process the data for the purposes indicated in this notice;
 
– External entities appointed as “External Data Processors” performing specific activities on behalf of the Data Controller; for example: activities carried out by external consultants and/or professionals, even in associated form, for the performance of tax and accounting, insurance and regulatory obligations, collections and payments, IT systems and software maintenance and support, goods transport, shipping companies, transport companies, audit and control firms and, more generally, companies that perform outsourced activities on behalf of the Data Controller;
 
– External entities or offices for performing required obligations such as, for example, the Revenue Agency, Social Security Institutes, Labour Inspectorates, public or private offices;
 
– Subsidiaries, affiliates or associated companies of the Data Controller, in order to perform the services entrusted by you.

These entities, whether processors or controllers, act as recipients of the processing or are themselves Data Controllers of the personal data transmitted to them, and Fiapp International srl provides them with adequate operational instructions, particularly regarding the adoption and compliance with security measures, in order to ensure data confidentiality and security.
 
If your personal data or personal data of third parties under your responsibility need to be communicated to external companies identified from time to time, Fiapp International srl, as Data Controller, will inform you in writing of the recipients, to whom, in any case, only the data necessary for the activities requested will be transmitted.
With regard to data protection, the Client is invited, pursuant to Article 33 of Regulation (EU) 2016/679, to report to Fiapp International srl, as Data Controller, any circumstances or events that may give rise to a potential “personal data breach” in order to allow an immediate evaluation and the adoption of any measures to counter such an event.
Such reports may be sent to Fiapp International srl by email at fiapp@fiapp.com.
The obligation of Fiapp International srl, as Data Controller, to communicate data to Public Authorities upon specific request remains unaffected.

 

Data transfer abroad
 
The Data Controller does not transfer personal data to third countries or international organisations. The transfer of your personal data may take place if necessary for the management of the assignment received and, in such case, data will be transferred to third countries or international organisations that provide adequate guarantees on privacy and data protection, as required by Article 46 of Regulation (EU) 679/16. For the processing of information and data that may be communicated to these entities, equivalent levels of protection adopted for the processing of personal data of its employees will be required. In any case, only the data necessary for the achievement of the intended purposes will be communicated, and the regulatory instruments provided for in Chapter V of the GDPR will be applied.
If the Data Controller uses cloud storage systems with servers located outside the EU, these rely not only on a wide range of legal mechanisms for the international transfer of personal data from the EU to the United States, including the well-known EU-US Privacy Shield agreement (concluded between the European Commission and the U.S. Department of Commerce to protect the privacy of EU citizens’ personal data in case of overseas transfer), but also on EU standard contractual clauses for the international transfer of data and internationally recognised guidelines for cloud data protection, such as the ISO/IEC 27018:2014 certification alongside the previous ISO/IEC 27001 and ISO/IEC 27002 standards.

 

Logical processing methods and storage times
 
Your data is collected lawfully and fairly for the purposes indicated above in compliance with the principles and provisions of Article 11 of the Code and Article 1 of the GDPR.
Personal data processing is carried out, both on paper and electronically, using manual, IT and telematic tools with logics related to the purposes themselves and, in any case, in a way that guarantees their security and confidentiality through operations of collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and distribution of the data.
 
Personal data will be processed by Fiapp International srl as Data Controller for the entire duration of the assignment and also afterwards to assert or protect its rights or for administrative purposes and/or to comply with obligations deriving from the applicable regulatory framework and in compliance with specific legal obligations on data retention. Such data may be stored for as long as necessary to provide the service and to achieve the purposes for which it was collected, and to manage similar requests in the future and, in any case, in compliance with the principles of lawfulness, fairness, non-excessiveness and operation required by the applicable privacy regulations.

 

Nature of data provision
 
With regard to the purposes indicated in points a), b), c) of this notice, the provision of your data is essential for the execution of the work relationship between you and Fiapp International srl and to allow the latter to fulfil the obligations provided for by applicable regulations: without such personal data, it is impossible to establish and maintain the assignment between you and Fiapp International srl.
For this reason, consent to data processing is not required pursuant to Article 6 of Regulation (EU) 2016/679 as personal data processing is based on the provisions of Article 6(1)(b) of Regulation (EU) 2016/679.

 

Data Subject’s Rights
 
In accordance with, and within the limits and conditions provided for by data protection regulations regarding the exercise of data subjects’ rights (Chapter III of Regulation (EU) 2016/679) in relation to the processing covered by this notice, you have the right to:
 
– Request confirmation as to whether or not your personal data is being processed;
 
– Access your personal data;
 
– With regard to your personal data, request its rectification, erasure, and notification of rectifications and erasures to those to whom the data has been transmitted;
 
– Request restriction of processing in the cases provided for by law;
 
– Obtain portability of the personal data you have provided, i.e., receive it from one Data Controller in a structured, commonly used, and machine-readable format, and transmit it to another Data Controller without hindrance;
 
– Object at any time to the processing of your data and, specifically, object to decisions concerning you if based solely on automated processing of your data, including profiling;
 
– Lodge a complaint with the supervisory authority pursuant to Article 77 of Regulation (EU) 2016/679 if you believe that the processing concerning you violates the rules on processing.

 

The data subject may exercise their rights regarding Privacy and Data Protection by sending their request by email to fiapp@fiapp.com or by registered letter with return receipt to the Data Controller’s registered office.
 
Yours faithfully
 
Fiapp International srl