Personal data (“Data”) can be defined as any information concerning an identified or identifiable natural person (e.g. personal data, telephone number and e-mail address, location data and any data relating to physical, physiological, genetic, psychic, economic, cultural or social identity).
Data will be processed only with the express consent of the user of the Website (“User”), only when deliberately transmitted and exclusively for the purposes set out in this Policy in an adequate, lawful, correct and transparent manner and in any case in compliance with the Italian and European standards in force.
1. Data Controller
The data controller (“Controller”) is FLIM LABS S.r.l., in the person of its legal representative, with its registered office based in Via della Farnesina 3, 00135 – Roma. The Controller, without prejudice to its full responsibility towards the User, reserves the right to appoint one or more managers to process User Data on its behalf. The Controller may appoint a person who provides sufficient guarantees to implement technical and organizational measures as data manager to ensure the protection of the User’s rights.
2. Data collected and purpose of the processing
We do not automatically collect any Data.
The User Data will be processed exclusively for the following purposes:
1. Managing online requests for information relating to the products marketed and the services offered;
2. Allowing the User to subscribe to the newsletter.
In all the cases listed above, the User Data processed consists of non- particular personal data such as, for example, name, surname, residential address, email and telephone number.
In the case under point 2.1 above, Data will not be used for marketing campaigns, telemarketing, mailing lists or for purposes other than those indicated above. In the case under point 2.4 above, Data will only be used to make the User receiving the newsletter.
In any case, the data processing takes place through the use of electronic tools.
3. Storage and security: where and how we store your Data
Any Data that may be processed and collected through the Website will be stored on a private and protected server located in Italy. The processing is carried out using IT and/or telematic tools, with organizational methods strictly related to the purposes indicated under point 2.
Data are processed to ensure adequate security and we adopt, for the purposes of their protection, technical and organizational measures capable of preventing unauthorized or illegal processing, loss, destruction or accidental damage.
4. Retention period and duration of processing
Data collected and processed under point 2 will be kept for the period necessary to guarantee the requested service, and for a period of time not exceeding the achievement of the purposes for which they are processed and provided that these purposes do not cease to be lawful according to the applicable law, without prejudice to a retention for a longer period if provided for by sector laws (e.g. tax legislation) and in any case for the period deemed necessary to demonstrate the correct fulfillment of the service (legitimate interest).
5. Disclosure, transmission and transfer of data to third parties
Data collected and processed under point 2 will not be transferred to third parties, except to those subjects/entities strictly necessary to perform the service and exclusively for these purposes. In particular, with regard to Data collected for the purpose under point 2.4 (newsletter), those may be communicated to Mailchimp (https://mailchimp.com/it/) which is the service provider used. In any case Mailchimp will not process the Data for purposes different from those under point 2.4. and ensures to possess adequate technologies to safely store the Data.
The recipients of the Data will be appointed by the Controller, pursuant to art. 28 GDPR, and will therefore be obliged to respect confidentiality and data protection, pursuant to the relevant legislation.
6. Data disclosure for security reasons
We reserve the right to decrypt, store and disclose all information that we can reasonably deem necessary to (i) satisfy requests from the Public Authority (ii) demonstrate the correct implementation of this Policy (iii) fight and prevent fraud or technical problems (iv) respond to requests for assistance sent by the User.
7. Change of ownership
In the event of termination of the Controller’s company or bankruptcy, transfer to third parties, change of shareholder structure and/or ownership, Data will be saved and protected in compliance with the terms established by this Policy or deleted.
8. User rights
8.1. Knowledge of Data
The User has the right, at any time, to obtain confirmation of the existence or not of data concerning him/her, even if not yet registered, and their communication in an intelligible form.
The User also has the right to obtain the updating, rectification or, when interested, integration of the Data and to verify its accuracy and to know its content, origin and duration of the data retention period.
8.2. Withdrawal of consent and deletion of data
The User has, at any time, the right to request and obtain the deletion of the Data and possibly to revoke the consent previously given to their processing, without prejudice, in the latter case, to the lawfulness of the processing based on the consent given before the withdrawal. The requests for cancellation and withdrawal must be addressed to the Controller and should be carried out with the same ease and with the same means with which the consent was given and the data were communicated.
8.3. Data portability
The User has the right to receive in a structured format, commonly used and readable by an automatic device, his/her personal data that have been provided to the Controller, in accordance with this Policy.
The User has always the right to lodge a complaint with a supervisory authority if he/she identifies violations by the Controller of this Policy or the laws governing data protection.
9. Data Breach
In the event of a Data breach, the Controller notifies the competent supervisory authority without delay and in any case within 72 hours of becoming aware of the breach.
Likewise, if a manager has been appointed and the latter becomes aware of a data breach, he must inform the Controller without delay within 72 hours of becoming aware of the breach.
Controller must inform the User of any infringement in the event of a high risk for the rights and freedoms of the individuals.
We may make unilateral changes to this Policy at any time. In any case, should this happen, the User will be promptly informed of any changes.
11. Reference legislation
This Policy complies with the provisions of Italian and European laws on data protection (EU Regulation no. 679/2016 and in particular articles 13 and 14).
For any questions or concerns regarding this Policy or its implementation or if you wish to request changes to the collection and/or deletion of data, you can contact us at the following e-mail address: firstname.lastname@example.org
Who we are
FLIM LABS S.r.l. based in Rome – ITALY
Our website address is: www.flimlabs.com.