Definitions and legal references

Personal Data (or Data)

Personal data is any information that, directly or indirectly, alone or in connection with any other information, including a personal identification number, identifies or makes identifiable a natural person.

Usage Data

This refers to the information that is collected automatically through this website (including from third party applications integrated into this website), including: IP addresses or domain names of the computers used by the User connecting to this website, addresses in URI (Uniform Resource Identifier) format, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (success, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, various temporal aspects of the visit (e.g., time spent on each page), and details regarding the User’s navigation within the application, with particular reference to the sequence of pages visited, parameters related to the User’s operating system, and computing environment.

User

The individual using this website, unless otherwise specified, is the Data Subject.

Data Subject

The natural person to whom the personal data relate.

Data Processor (or Processor)

The natural or legal person, public authority, or any other entity that processes personal data on behalf of the Data Controller, as described in this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, service, or other body that, alone or jointly with others, determines the purposes and means of processing personal data and the tools adopted, including security measures related to the operation and use of this website. Unless otherwise specified, the Data Controller is the owner of this website.

This website (or this application)

The hardware or software tool that collects and processes Users’ personal data.

Service

The Service provided by this website, or more generally, the service provided by the Data Controller, also through this website and its related applications.

European Union (EU)

Unless otherwise specified, any reference to the European Union in this document is intended to include all current member states of the European Union and the European Economic Area.

Cookie

A small amount of data stored on the User’s device.

Privacy Policy

In compliance with the obligations arising from national legislation (Legislative Decree No. 196 of 30 June 2003, personal data Protection Code) and EU law (European Regulation on the protection of personal data No. 679/2016, GDPR) and subsequent amendments, this website respects and safeguards the privacy of visitors and Users, making every reasonable and proportionate effort not to infringe the rights of Users.

This privacy policy applies exclusively to the online activities of this website and is valid for the visitors/Users of the website. It does not apply to information collected through channels other than this website. The purpose of the privacy policy is to provide maximum transparency regarding the information the website collects and how it is used.

Legal basis for processing

By using or consulting this document, Users/visitors and Data Subjects in general explicitly approve this privacy policy and consent to the processing of their personal data in accordance with the methods and purposes described below, including, where necessary, disclosure to third parties for the provision of a service.

Providing data and therefore giving consent for the collection and processing of data is optional; the User may refuse consent and may withdraw any previously given consent at any time (by contacting the representatives indicated in the “Contact” section at the bottom of this document). However, refusing consent may result in the inability to provide certain services (including the browsing experience on the website).

Starting from May 25, 2018 (the date the GDPR came into effect), this website will process some data based on the legitimate interests of the Data Controller.

Note: In some jurisdictions, the Data Controller may be authorised to process personal data without the User’s consent or another of the legal basis specified below, until the User objects (“opt-out”) to such processing. However, this does not apply if the processing of personal data is governed by European data protection law;

Contact

For any question or request regarding privacy, it is possible to contact the responsible of the data processing through the details provided in the dedicated website section

Collected data

For the provision of a service (including quotation and consultation activities), we ask you to provide certain data, which may vary depending on the requesting party.

If you are an individual:

• address, email, and password
• other data related to the subject of the requested service
• first and last name
• date of birth
• gender
• city or municipality of residence
• telephone number

While using the service, you can use “Contact Us” and “Chat” features to communicate with our Customer Center.

Third Party Data

• If you provide personal data of third parties, such as those of any service beneficiaries and/or related communications, you must ensure that these individuals have been properly informed and have consented to the processing of their data, or that the processing is strictly necessary for the execution of the service and permitted under applicable data protection laws.

Data of minors under 16 years old

• If you are under 16 years old you may not provide us with any personal data or register on the website, and in any case, we do not assume responsibility for any false statements you may provide. If we become aware of any false statements, we will immediately delete all personal data collected.

If you are a professional

• company name, VAT number, contact person, email address, phone number
• other data: professional category and full address

Access to the company website and its related services

Providing such data is entirely optional; however, failure to provide it will make it impossible to access certain online services. To access the company website and its related services, a unique User identification may be required. If this occurs, while browsing the website you will be asked to choose and provide your access credentials (‘Username’ and ‘Password’). The username is an email address chosen by the User; the password consists of a secret combination of characters (letters and/or numbers) selected individually by the User.

For security reasons, access credentials must not be shared with anyone. In case of a data deletion request, the access credentials will be permanently deleted; as a result, they could be used by another User with the same combination and may therefore no longer be available if a new service is requested.

Use of Log Files and Data processing

Like all websites, this website also automatically records information in log files during users’ visits.

Collected information

The information collected may include:

• Internet Protocol (IP) address;
• type of browser and device parameters used to connect to the site;
• name of the Internet Service Provider (ISP);
• date and time of visit;
• visitor’s referring and exit web pages (referral);
• addresses in URI (Uniform Resource Identifier) notation,
• details regarding the navigation path within the application, with particular reference to the sequence of pages visited, the operating system parameters, and the User’s computing environment
• the number of clicks, if applicable
• the size of the file received in response
• the numeric code indicating the server response status (success, error, etc.).

If you are under 16 years old you may not provide us with any personal data or register on the website, and in any case, we do not assume responsibility for any false statements you may provide. If we become aware of any false statements, we will immediately delete all personal data collected.

General processing methods

The Data Controller implements appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of personal data. Processing is carried out using IT and digital tools, with organizational methods and logic strictly linked to the indicated purposes. In addition to the Data Controller, in some cases and to provide the requested service, other parties involved in the organization (administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to data, and when necessary, they may be appointed as Data Processors or Sub-Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Website data processing methods

The aforementioned information are processed automatically and collected exclusively in aggregated form to verify the correct functioning of the website and for security reasons (from May 25, 2018, this information will be processed based on the legitimate interests of the Data Controller). For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which may be used, in accordance with applicable laws, to block attempts to damage the website or to harm other Users, or for any other harmful or illegal activities. Such data are never used to identify or profile the User, but only to protect the website and its Users (from May 25, 2018, this information will be processed based on the legitimate interests of the Data Controller).

If the website allows comments, or in the case of specific services requested by the User, the website automatically detects and records certain User identification data, including email address. Such data are considered to be voluntarily provided by the User at the time of the service request. By submitting a comment or other information, the User expressly accepts the privacy policy and specifically agrees that the submitted content may be freely shared with third parties.

The submitted data will be used exclusively to provide the requested service and only for as long as necessary to deliver it.

Any information that Users choose to make public through the services and tools provided is disclosed consciously and voluntarily by the User, thereby releasing the website owner from any liability for any potential legal violations. It is the User’s responsibility to ensure they have permission to submit third party personal data or content protected by national and international laws.

Purpose of Data Processing

The Organization will process all data provided by the client and potential client, directly or through intermediaries, potentially combined with data collected from third parties, including data available in the company database, and data obtained through phone conversations or as a result of browsing web pages or via other means for the following purposes:

• to calculate an estimate aimed at the possible subsequent signing of a contract and its renewal for the provision of a service or product, through the standard estimation procedure or via the web portal; the purpose of estimation includes the processing of data collected from the Data Subject and also from other databases accessible to the Controller, for the assessment of operational feasibility and client characteristics, for contract quantification, and to fulfill all legal obligations required in the course of the commissioned activity, including fraud prevention and counter-terrorism financing.
• Sending estimates or contracts to the requester via mail, telephone (including mobile), email, or other remote communication methods, or through a social network to which the User belongs, using the contact details voluntarily provided in the service request. The same contact details may also be used to send any expiration notices and/or service-related notifications, along with a proposal for contract renewal and any additional guarantees;
• management and execution of the contract itself and any other activities strictly related to the conduct of the business for which the Organization is authorized under applicable law;
• compliance with all legal obligations related to the contract or the aforementioned proposal and to the conduct of the business activity, management of judicial and extrajudicial disputes, as well as, more generally, the exercise and defence of the contracting party’s rights, fraud and counter-terrorism financing prevention and investigations, new market analysis, internal management and control, adaptation of IT systems and client relationship platforms, and statistical/tariff-related activities;
• if customers or potential customers decide to pay for the services by payment card, the data will also include the information relating to their payment card and the banking details necessary for the payment transactions.
• Processing, monitoring and updating of any request for information, negotiation, pre-contractual and/or contractual relationship with any of the various Companies with which the Organization collaborates, and the management of activities involving operational and commercial intermediaries.
• Communication, marketing, and sales promotion of products and services in the same category as those for which an estimate was requested, using previously provided contact details, via email, phone (including mobile), text messaging (SMS), instant messaging services, or social networks.
• Analysis of customer satisfaction regarding products and/or services provided, for contract management and execution, via email, phone (including mobile), text messaging (SMS), instant messaging, or social networks;
• Processing necessary to perform a task carried out in the public interest or in the exercise of official authority assigned to the Controller;
• processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by third parties. For this purpose, the Organization informs you that it will verify and update the data relating to your payment card with the designated credit and banking institutions, in order to manage your file correctly over time.

Additional Purposes of Data Processing

The non-sensitive personal data you provide may be used for additional purposes, in full compliance with the Privacy Policy under Article 13 of Regulation (EU) 2016/679, namely to provide you with and/or send you our newsletter containing informational and promotional communications related to the goods/services offered, by any means, including mail, Internet, telephone, email, MMS, SMS, from Italy or abroad (including countries outside the European Union, in compliance with applicable law), by the Company.

Data Retention Period

Personal data will be stored in paper and/or electronic form only for the time strictly necessary to achieve the purposes, in compliance with your privacy, applicable laws, and the contractual conditions (e.g., invoices, accounting documents, and transaction data are retained for 11 years in accordance with the law, including tax obligations).

For data collected for a quote requested by the data subject that does not result in a contract, the data collected, in the absence of consent, will be retained only for 12 months and 15 days and then immediately deleted. If the estimation does lead to a contract, the data provided will be retained for the period determined according to the following criteria:

• the retention obligation established by law;
• the duration of the contractual relationship and the liabilities arising from it;
• request for deletion by the Data Subject, if submitted.

In the event of exercising the right to be forgotten through an explicit request for the deletion of personal data processed by the Controller, please note that such data will be retained in a protected form with limited access solely for the purposes of crime detection and prevention, for a period not exceeding 12 months from the date of the request, and will thereafter be securely deleted or irreversibly anonymised.

Data collected by the website during its operation are used exclusively for the purposes indicated above and retained only for the time strictly necessary to carry out the specified activities. In any case, data collected by the website will never be provided to third parties for any reason, unless it is a legitimate request from a judicial authority and only in cases provided for by law.

Finally, we remind you that for the same purposes, data relating to electronic traffic, excluding the contents of communications, will be retained for no more than 6 years from the date of the communication, pursuant to Article 24 of Law No. 167/2017, which implemented EU Directive 2017/541 on counter-terrorism.

If you do not perform any active action (such as browsing, searches, or any other use of the service) on our web portal for a period of 27 months, you will be classified as an inactive User and your personal data will be automatically deleted.

Data used for security purposes (blocking attempts to damage the website) are retained for 7 days.

For direct marketing and profiling purposes, we retain your data for a maximum period in accordance with applicable law (24 months and 12 months, respectively).

Data Recipients

Customer and potential customer data may:

• be accessible within the Organization to employees assigned from time to time to manage your account and the commissioned services, as well as to staff involved in the so-called “production chain.” Your data may also be shared with parties necessary for the provision of the estimation, as well as with third parties duly appointed as Processors, whose list is constantly updated by the Controller. Additionally, your data may be communicated to carry out checks aimed at preventing fraud and terrorism financing;
• be communicated to any subsidiaries and affiliated companies in order to carry out a complete and centralized management of the relationship with the Data Subject;
• to other parties in the sector (the so-called “production chain”) acting as counterparties (including companies or firms entrusted with management, providing assistance and legal protection services);
• to Supervisory and Regulatory Authorities, as well as to other bodies or organisations that maintain databases to which the disclosure of data is mandatory;
• companies providing IT and digital services, data storage, or services entrusted with management;
• companies supporting business management activities, including postal services;
• auditing and consulting firms; legal and tax firms; commercial information companies for the management of financial risks; companies providing services for fraud prevention and control; debt collection agencies.

Place of processing

Data are processed at the Controller’s operational offices and at any other locations where the parties involved in the processing are situated. For further information, contact the Controller.

In the case of using a Datacenter via web hosting services or cloud computing services, the User’s personal data may be transferred to a country different from the one in which the User is located. In such cases, the service provider (e.g., Google, Aruba) is responsible for processing data on behalf of the Controller and operates in accordance with European regulations. As is known, some of these services operate through servers geographically distributed across different locations, making it difficult to determine the exact place where personal data is stored. The User has the right to obtain information regarding the legal basis for the transfer of data outside the European Union, as well as the security measures adopted by the Controller to protect data. In case any of the transfers described above take place, the User may refer to the relevant sections of this document or request information from the Controller.

Website functionality and Cookie

Session cookies and functionality cookies are used to simplify navigation by automating certain functions (e.g., login and language preferences) and to support the analysis of website usage.

Session cookies are essential to distinguish connected Users and are useful to prevent a requested function from being delivered to the wrong User, as well as for security purposes to prevent cyber-attacks on the website. Session cookies do not contain personal data and last only for the current session, i.e., until the browser is closed. Consent is not required for them.

The functionality cookies used by the website are strictly necessary for its operation. In particular, they are linked to an explicit request for functionality by the User (such as login), for which no consent is required.

Cookie

As is customary on all websites, this website also uses cookies – small text files that store information about visitors’ preferences to improve the user experience. By using the website, visitors expressly consent to the use of cookies.

Disabling Cookies

Cookies are linked to the browser used and CAN BE DISABLED DIRECTLY FROM THE BROWSER, thereby refusing or revoking consent for the use of cookies. Please note that disabling cookies may prevent certain functions of the website from working correctly. Instructions for disabling cookies can be found at the following web pages:

The guide to disable cookies can be found in the following websites:

• Mozilla Firefox
• Microsoft Internet Explorer
• Microsoft Edge
• Google Chrome
• Opera
• Apple Safari

Third party cookies and viewing content from external platforms

This website also acts as an intermediary for third party cookies, used to provide additional services and functionalities to visitors and to enhance the use of the website, such as social media buttons or videos. This website has no control over third party cookies, which are entirely managed by third parties.

Cookies and Third parties involved

• Google Analytics: used to analyse the website, collects data in anonymous and aggregated form.
• Youtube: to share videos, set not to send cookies when opening the page
• DoubleClick: test_cookie is not a persistent cookie, but checks whether the browser supports cookies.

To disable Google Analytics cookies: browser add-on for disabling Google Analytics.

Social network plugins

This website also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on your preferred social networks. The use of such plugins is governed by the privacy policies of the respective social networks.

• Facebook cookie policy link
• Twitter cookie policy link
• Linkedin cookie policy link
• Google + cookie policy link

Management of third parties cookies

With regard to cookies installed by third parties, the User can also manage their settings and withdraw consent using the tools described in the third party’s privacy policy or by contacting the third party directly. In addition, it is possible to use services such as EDAA (EU), Network Advertising Initiative (USA), Digital Advertising Alliance (USA), DAAC (Canada), and DDAI (Japan) to manage advertising-tracking preferences.

Transfer of data to Non-EU Countries

This website may share some of the data collected with services located outside the European Union. In particular, with Google, Facebook, and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The aforementioned companies guarantee their adherence to the Privacy Shield framework as approved by the EU

Security measures

The website adopts security measures to prevent unauthorised access, disclosure, unauthorised alteration or destruction of data, processing the data lawfully and correctly using IT and electronic tools.

Users rights

Users have the right, based on GDPR and national legislation, of:

• Request confirmation of the existence of personal data concerning them (right of access).
• Know the origin.
• Receive intelligible communication of data.
• Obtain information about the logic, methods, and purposes of the processing;
• Request their updating, rectification, integration, deletion, anonymisation, or the blocking of data processed in violation of the law, including data no longer necessary for the purposes for which they were collected;
• In cases of processing based on consent, the User has the right to receive the data provided to the Controller, at their own expense, in a structured, commonly used, and machine-readable electronic format.
• – the right to lodge a complaint with the Supervisory Authority (Data Protection Authority –link to the Authority’s page);
• – as well as, more generally, exercise all rights granted to them under applicable law.

Requests should be addressed to the Controller.

In cases where data is processed based on legitimate interests, the rights of Data Subjects are still guaranteed (except for the right to data portability, which is not provided by law), in particular the right to object to processing, which may be exercised by submitting a request to the Controller.

To exercise these rights, as described below, please contact the Controller via the Privacy Office in the contacts section.

Data Controller

The Data Controller under applicable law is the website administrator, FULMINE GROUP SOCIETA’ CONSORTILE, represented by the pro tempore Legal Representative, contactable via the CONTACT section.

Data Processor

The Data Controller under applicable law is the website administrator, FULMINE GROUP SOCIETA’ CONSORTILE, represented by the pro tempore Legal Representative, contactable via the CONTACT section.

CONTACT

• Data Controller: Fulmine Group S.r.l. Società Consortile di Recapiti e Servizi Postali – Tax Code and VAT No. 05590500822 – Registered Office: Via Re Federico, 16a/b, 90141 Palermo – IT – Tel. +39 091 675 90 60 – Website: www.fulminegroup.it – Email: privacy@fulminegroup.it
• Data Processor: Fulmine Group S.r.l. Consortile di Recapiti e Servizi Postali (privacy@fulminegroup.it)
• Data Protection Officer (DPO) contacts: dpofulminegroup@fulminegroup.it