Definitions and legal references
Personal Data (or Data)
Personal data is any information that, directly or indirectly, alone or in connection with any other information, including a personal identification number, identifies or makes identifiable a natural person.
Usage Data
This refers to the information that is collected automatically through this website (including from third party applications integrated into this website), including: IP addresses or domain names of the computers used by the User connecting to this website, addresses in URI (Uniform Resource Identifier) format, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (success, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, various temporal aspects of the visit (e.g., time spent on each page), and details regarding the User’s navigation within the application, with particular reference to the sequence of pages visited, parameters related to the User’s operating system, and computing environment.
User
The individual using this website, unless otherwise specified, is the Data Subject.
Data Subject
The natural person to whom the personal data relate.
Data Processor (or Processor)
The natural or legal person, public authority, or any other entity that processes personal data on behalf of the Data Controller, as described in this privacy policy.
Data Controller (or Controller)
The natural or legal person, public authority, service, or other body that, alone or jointly with others, determines the purposes and means of processing personal data and the tools adopted, including security measures related to the operation and use of this website. Unless otherwise specified, the Data Controller is the owner of this website.
This website (or this application)
The hardware or software tool that collects and processes Users’ personal data.
Service
The Service provided by this website, or more generally, the service provided by the Data Controller, also through this website and its related applications.
European Union (EU)
Unless otherwise specified, any reference to the European Union in this document is intended to include all current member states of the European Union and the European Economic Area.
Cookie
A small amount of data stored on the User’s device.
PRIVACY POLICY
In compliance with the obligations arising from national legislation (Legislative Decree No. 196 of 30 June 2003, personal data Protection Code) and EU law (European Regulation on the protection of personal data No. 679/2016, GDPR) and subsequent amendments, this website respects and safeguards the privacy of visitors and Users, making every reasonable and proportionate effort not to infringe the rights of Users.
This privacy policy applies exclusively to the online activities of this website and is valid for the visitors/Users of the website. It does not apply to information collected through channels other than this website. The purpose of the privacy policy is to provide maximum transparency regarding the information the website collects and how it is used. This policy has also been prepared taking into account the planned evolution and structural changes aimed at improving the website’s communication with Users.
Legal basis for processing
This website processes data based on consent. By using or consulting this document, Users/visitors and Data Subjects in general explicitly approve this privacy policy and consent to the processing of their personal data in accordance with the methods and purposes described below, including, where necessary, disclosure to third parties for the provision of a service.
Providing data and therefore giving consent for the collection and processing of data is optional; the User may refuse consent and may withdraw any previously given consent at any time (by contacting the representatives indicated in the “Contacts” section at the bottom of this document). However, refusing consent may result in the inability to provide certain services (including the browsing experience on the website).
Starting from May 25, 2018 (the date the GDPR came into effect), this website will process some data based on the legitimate interests of the Data Controller.
Note: In some jurisdictions, the Data Controller may be authorised to process personal data without the User’s consent or another of the legal basis specified below, until the User objects (“opt-out”) to such processing. However, this does not apply if the processing of personal data is governed by European data protection law;
Collected data
For the provision of a service (including quotation and consultation activities), we ask you to provide certain data, which may vary depending on the requesting party.
If you are an individual:
- address, email, and password
- other data related to the subject of the requested service
- first and last name
- date of birth
- gender
- city or municipality of residence
- telephone number
While using the service, you can use “Contact Us” and “Chat” features to communicate with our Customer Center.
Third Party Data
- If you provide personal data of third parties, such as those of any service beneficiaries and/or related communications, you must ensure that these individuals have been properly informed and have consented to the processing of their data, or that the processing is strictly necessary for the execution of the service and permitted under applicable data protection laws.
Data of minors under 16 years old
- If you are under 16 years old you may not provide us with any personal data or register on the website, and in any case, we do not assume responsibility for any false statements you may provide. If we become aware of any false statements, we will immediately delete all personal data collected.
If you are a professional
- company name, VAT number, contact person, email address, phone number
- other data: professional category and full address
Access to the company website and related services
Providing such data is entirely optional; however, failure to provide it will make it impossible to access certain online services.
To access the company website and its related services, a unique User identification may be required.
If this occurs, while browsing the website you will be asked to choose and provide your access credentials (‘Username’ and ‘Password’). The username is an email address chosen by the User; the password consists of a secret combination of characters (letters and/or numbers) selected individually by the User.
For security reasons, access credentials must not be shared with anyone. In case of a data deletion request, the access credentials will be permanently deleted; as a result, they could be used by another User with the same combination and may therefore no longer be available if a new service is requested.
Like all websites, this website also automatically records information in log files during users’ visits.
The information collected may include:
– Internet Protocol (IP) address;
– type of browser and device parameters used to connect to the site;
– name of the Internet Service Provider (ISP);
– date and time of visit;
– visitor’s referring and exit web pages (referral);
– addresses in URI (Uniform Resource Identifier) notation,
– details regarding the navigation path within the application, with particular reference to the sequence of pages visited, the operating system parameters, and the User’s computing environment
– the number of clicks, if applicable
– the size of the file received in response
– the numeric code indicating the server response status (success, error, etc.).
If you are under 16 years old you may not provide us with any personal data or register on the website, and in any case, we do not assume responsibility for any false statements you may provide. If we become aware of any false statements, we will immediately delete all personal data collected.
General processing methods
The Data Controller implements appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of personal data. Processing is carried out using IT and digital tools, with organizational methods and logic strictly linked to the indicated purposes. In addition to the Data Controller, in some cases and to provide the requested service, other parties involved in the organization (administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to data, and when necessary, they may be appointed as Data Processors or Sub-Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.
Website data processing methods
The aforementioned informations are processed automatically and collected exclusively in aggregated form to verify the correct functioning of the website and for security reasons (from May 25, 2018, this information will be processed based on the legitimate interests of the Data Controller).
For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which may be used, in accordance with applicable laws, to block attempts to damage the website or to harm other Users, or for any other harmful or illegal activities. Such data are never used to identify or profile the User, but only to protect the website and its Users (from May 25, 2018, this information will be processed based on the legitimate interests of the Data Controller).
If the website allows comments, or in the case of specific services requested by the User, the website automatically detects and records certain User identification data, including email address. Such data are considered to be voluntarily provided by the User at the time of the service request. By submitting a comment or other information, the User expressly accepts the privacy policy and specifically agrees that the submitted content may be freely shared with third parties.
The submitted data will be used exclusively to provide the requested service and only for as long as necessary to deliver it.
Any information that Users choose to make public through the services and tools provided is disclosed consciously and voluntarily by the User, thereby releasing the website owner from any liability for any potential legal violations. It is the User’s responsibility to ensure they have permission to submit third party personal data or content protected by national and international laws.
Purpose of Data Processing
The Organization will process all data provided by the client and potential client, directly or through intermediaries, potentially combined with data collected from third parties, including data available in the company database, and data obtained through phone conversations or as a result of browsing web pages or via other means for the following purposes:
- to calculate an estimate aimed at the possible subsequent signing of a contract and its renewal for the provision of a service or product, through the standard estimation procedure or via the web portal; the purpose of estimation includes the processing of data collected from the Data Subject and also from other databases accessible to the Controller, for the assessment of operational feasibility and client characteristics, for contract quantification, and to fulfill all legal obligations required in the course of the commissioned activity, including fraud prevention and counter-terrorism financing.
- Sending estimates or contracts to the requester via mail, telephone (including mobile), email, or other remote communication methods, or through a social network to which the User belongs, using the contact details voluntarily provided in the service request. The same contact details may also be used to send any expiration notices and/or service-related notifications, along with a proposal for contract renewal and any additional guarantees;
- management and execution of the contract itself and any other activities strictly related to the conduct of the business for which the Organization is authorized under applicable law;
- compliance with all legal obligations related to the contract or the aforementioned proposal and to the conduct of the business activity, management of judicial and extrajudicial disputes, as well as, more generally, the exercise and defence of the contracting party’s rights, fraud and counter-terrorism financing prevention and investigations, new market analysis, internal management and control, adaptation of IT systems and client relationship platforms, and statistical/tariff-related activities;
- if customers or potential customers decide to pay for the services by payment card, the data will also include the information relating to their payment card and the banking details necessary for the payment transactions.
- Processing, monitoring and updating of any request for information, negotiation, pre-contractual and/or contractual relationship with any of the various Companies with which the Organization collaborates, and the management of activities involving operational and commercial intermediaries.
- Communication, marketing, and sales promotion of products and services in the same category as those for which an estimate was requested, using previously provided contact details, via email, phone (including mobile), text messaging (SMS), instant messaging services, or social networks.
- Analysis of customer satisfaction regarding products and/or services provided, for contract management and execution, via email, phone (including mobile), text messaging (SMS), instant messaging, or social networks;
- Processing necessary to perform a task carried out in the public interest or in the exercise of official authority assigned to the Controller;
- processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by third parties.
For this purpose, the Organization informs you that it will verify and update the data relating to your payment card with the designated credit and banking institutions, in order to manage your file correctly over time.
Additional Purposes of Data Processing
The non-sensitive personal data you provide may be used for additional purposes, in full compliance with the Privacy Policy under Article 13 of Regulation (EU) 2016/679, namely to provide you with and/or send you our newsletter containing informational and promotional communications related to the goods/services offered, by any means, including mail, Internet, telephone, email, MMS, SMS, from Italy or abroad (including countries outside the European Union, in compliance with applicable law), by the Company.
Data Retention Period
Personal data will be stored in paper and/or electronic form only for the time strictly necessary to achieve the purposes, in compliance with your privacy, applicable laws, and the contractual conditions (e.g., invoices, accounting documents, and transaction data are retained for 11 years in accordance with the law, including tax obligations).
For data collected for a quote requested by the data subject that does not result in a contract, the data collected, in the absence of consent, will be retained only for 12 months and 15 days and then immediately deleted. If the estimation does lead to a contract, the data provided will be retained for the period determined according to the following criteria:
- the retention obligation established by law;
- the duration of the contractual relationship and the liabilities arising from it;
- request for deletion by the Data Subject, if submitted.
In the event of exercising the right to be forgotten through an explicit request for the deletion of personal data processed by the Controller, please note that such data will be retained in a protected form with limited access solely for the purposes of crime detection and prevention, for a period not exceeding 12 months from the date of the request, and will thereafter be securely deleted or irreversibly anonymised.
Data collected by the website during its operation are used exclusively for the purposes indicated above and retained only for the time strictly necessary to carry out the specified activities. In any case, data collected by the website will never be provided to third parties for any reason, unless it is a legitimate request from a judicial authority and only in cases provided for by law.
Finally, we remind you that for the same purposes, data relating to electronic traffic, excluding the contents of communications, will be retained for no more than 6 years from the date of the communication, pursuant to Article 24 of Law No. 167/2017, which implemented EU Directive 2017/541 on counter-terrorism.
If you do not perform any active action (such as browsing, searches, or any other use of the service) on our web portal for a period of 27 months, you will be classified as an inactive User and your personal data will be automatically deleted.
Data used for security purposes (blocking attempts to damage the website) are retained for 7 days.
For direct marketing and profiling purposes, we retain your data for a maximum period in accordance with applicable law (24 months and 12 months, respectively).
Data Recipients
Customer and potential customer data may:
- be accessible within the Organization to employees assigned from time to time to manage your account and the commissioned services, as well as to staff involved in the so-called “production chain.” Your data may also be shared with parties necessary for the provision of the estimation, as well as with third parties duly appointed as Processors, whose list is constantly updated by the Controller. Additionally, your data may be communicated to carry out checks aimed at preventing fraud and terrorism financing;
- be communicated to any subsidiaries and affiliated companies in order to carry out a complete and centralized management of the relationship with the Data Subject;
- to other parties in the sector (the so-called “production chain”) acting as counterparties (including companies or firms entrusted with management, providing assistance and legal protection services);
- to Supervisory and Regulatory Authorities, as well as to other bodies or organisations that maintain databases to which the disclosure of data is mandatory;
- companies providing IT and digital services, data storage, or services entrusted with management;
- companies supporting business management activities, including postal services;
- auditing and consulting firms; legal and tax firms; commercial information companies for the management of financial risks; companies providing services for fraud prevention and control; debt collection agencies.
Place of processing
Data are processed at the Controller’s operational offices and at any other locations where the parties involved in the processing are situated. For further information, contact the Controller.
In the case of using a Datacenter via web hosting services or cloud computing services, the User’s personal data may be transferred to a country different from the one in which the User is located. In such cases, the service provider (e.g., Google, Aruba) is responsible for processing data on behalf of the Controller and operates in accordance with European regulations. As is known, some of these services operate through servers geographically distributed across different locations, making it difficult to determine the exact place where personal data is stored.
The User has the right to obtain information regarding the legal basis for the transfer of data outside the European Union, as well as the security measures adopted by the Controller to protect data. In case any of the transfers described above take place, the User may refer to the relevant sections of this document or request information from the Controller.
Website functionality, designed to simplify navigation by automating procedures (e.g., login, website language) and to analyse website usage.
I Session cookies are essential to distinguish connected Users and are useful to prevent a requested function from being delivered to the wrong User, as well as for security purposes to prevent cyber-attacks on the website. Session cookies do not contain personal data and last only for the current session, i.e., until the browser is closed. Consent is not required for them.
The functionality cookies used by the website are strictly necessary for its operation. In particular, they are linked to an explicit request for functionality by the User (such as login), for which no consent is required.
Cookie
As is customary on all websites, this website also uses cookies — small text files that store information about visitors’ preferences to improve the user experience. By using the website, visitors expressly consent to the use of cookies.
Disabling Cookies
Cookies are linked to the browser used and CAN BE DISABLED DIRECTLY FROM THE BROWSER, thereby refusing or revoking consent for the use of cookies. Please note that disabling cookies may prevent certain functions of the website from working correctly. Instructions for disabling cookies can be found at the following web pages:
Mozilla Firefox – Microsoft Internet Explorer – Microsoft Edge – Google Chrome – Opera –Apple Safari
Third party cookies and viewing content from external platforms
This website also acts as an intermediary for third party cookies, used to provide additional services and functionalities to visitors and to enhance the use of the website, such as social media buttons or videos. This website has no control over third party cookies, which are entirely managed by third parties. Consequently, information regarding the use of these cookies, their purposes, and the methods for disabling them, is provided directly by third parties on the pages listed below.
In particular, while browsing our website, you may encounter the use of cookies from the following third parties:
– Google Analytics: a tool that uses performance cookies to collect anonymous browsing data (IP addresses are anonymised by truncating the last octet.) in aggregated form only. It examines Users’ activity on the website, compiles reports, and provides information such as visitor numbers and pages visited. Google may also transfer this information to third parties where required by law or where such third parties process the information on Google’s behalf. Google will not associate the IP address with any other data held by Google. Data transmitted to Google are stored on Google servers in the United States. Under a specific agreement with Google, which is designated as the Data Processor, Google commits to processing data in accordance with the Controller’s instructions (see the end of this privacy notice), as configured through the software settings. According to these settings, advertising and data-sharing options are disabled.
Further information about Google Analytics cookies can be found on the page Google Analytics Cookie Usage on Websites.
The User can selectively disable data collection by Google Analytics by installing the dedicated component provided by Google on their browser.
– YouTube: a Google-owned platform for video sharing, which uses cookies to collect information about Users and browsing devices. Videos on the website do not set cookies when the page is accessed, as the “enhanced privacy (no cookie)” option has been enabled, meaning YouTube does not store visitor information unless they voluntarily play the video.
cookie: test_cookie .doubleclick.net is not a permanent cookie, but is used to check whether the User’s browser supports cookies.
For further information on the use and processing of data by Google, it is recommended to consult the dedicated page provided by Google, and the page on How Google uses data when using partner websites or apps.
Social Network Plugins
This website also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on your preferred social networks. These plugins are programmed not to set any cookies when the page is accessed, in order to safeguard Users’ privacy. Cookies are only set, if required by the social networks, when the User actively and voluntarily uses the plugin. Please note that if the User is browsing while logged into the social network, they have already consented to the use of cookies transmitted via this website at the time of registration with the social network.
The collection and use of information obtained through the plugin are governed by the respective privacy policies of the social networks, which should be consulted.
– Facebook – (cookie policy link)
– Twitter – (cookie policy link)
– LinkedIn – (cookie policy link)
– Google+ – (cookie policy link).
With regard to cookies installed by third parties, the User can also manage their settings and withdraw consent using the tools described in the third party’s privacy policy or by contacting the third party directly.
Without prejudice to the foregoing, the User may use the information provided by EDAA (EU), Network Advertising Initiative (USA) and Digital Advertising Alliance (USA), DAAC (Canada), DDAI (Japan) or other similar services. These services allow Users to manage tracking preferences for most advertising tools. Therefore, the Controller recommends that users consult these resources in addition to the information provided in this document.
Transfer of data to Non-EU Countries
This website may share some of the data collected with services located outside the European Union. In particular, with Google, Facebook, and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorised based on specific decisions of the European Union and the Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield — here is the Italian Data Protection Authority information page), and therefore no further consent is required. The above-mentioned companies guarantee their participation in the Privacy Shield.
Security Measures
This website processes Users data lawfully and correctly, adopting appropriate security measures to prevent unauthorised access, disclosure, alteration, or destruction of data. Processing is carried out using IT and/or digital tools, with organisational methods and logic strictly related to the stated purposes. In addition to the Controller, in some cases, data may be accessed by categories of personnel involved in the organisation of the website (administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies).
User Rights
Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the User may, in accordance with the procedures and within the limits provided by applicable law, exercise the following rights:
-request confirmation of the existence of personal data concerning them (right of access);
-know its origin
– receive intelligible communication of it;
– obtain information about the logic, methods, and purposes of the processing;
– request their updating, rectification, integration, deletion, anonymisation, or the blocking of data processed in violation of the law, including data no longer necessary for the purposes for which they were collected;
In cases of processing based on consent, the User has the right to receive the data provided to the Controller, at their own expense, in a structured, commonly used, and machine-readable electronic format.
– the right to lodge a complaint with the Supervisory Authority (Data Protection Authority – link to the Authority’s page);
– as well as, more generally, exercise all rights granted to them under applicable law.
Requests should be addressed to the Controller.
In cases where data is processed based on legitimate interests , the rights of Data Subjects are still guaranteed (except for the right to data portability, which is not provided by law), in particular the right to object to processing, which may be exercised by submitting a request to the Controller.
To exercise these rights, as described below, please contact the Controller via the Privacy Office in the contacts section.
Data Controller
The Data Controller under applicable law is the website administrator, FG LOGISTIC, represented by the pro tempore Legal Representative, contactable via the CONTACTS section.
Data Processor
The Data Controller under applicable law is the website administrator, FG LOGISTIC, represented by the pro tempore Legal Representative, contactable via the CONTACTS section.
CONTACT
Fulmine Group S.p.A. – PEC: fulminegroup@open.legalmail.it