GDPR PRIVACY NOTICE
1. GENERAL INFORMATION
This is to inform you that relationships established with Florim Ceramiche S.p.A. and/or with other companies in the FinFloor Group and/or associated companies (Data Controllers) may involve the processing of personal data in accordance with the following general principles:
• all data are processed lawfully, fairly and in a transparent manner in relation to the Data subject, in accordance with the general principles laid down in Article 5 of the GDPR;
• specific security measures are observed to prevent loss of data, unlawful or incorrect use of them, modification of the data and unauthorized access.
Companies with registered and/or administrative office in Via Canaletto 24, 41042 Fiorano Modenese (MO):
FLORIM CERAMICHE S.P.A A SOCIO UNICO MILANO 4 S.R.L
FINFLOOR S.P.A UBERSETTO 2000 S.R.L.
FIN TWIN S.P.A. MORDANO 4 S.R.L.
EDILFLOOR S.R.L. A SOCIO UNICO IMMOBILIARE SAN BIAGIO S.R.L. A SOCIO UNICO
FABBRICA DELLE MATERIE S.R.L A SOCIO UNICO MARANELLO 51 S.R.L. A SOCIO UNICO
FONDAZIONE ING. GIOVANNI LUCCHESE
Companies with registered office in Largo Garibaldi 2, Modena (MO):
Email address: [email protected]
2. SUBJECT OF THE PROCESSING
The Data Controller may collect the following types of data:
2.1. Personal data processed
The Data Controller processes personal data of contacts, visitors, clients, suppliers, candidates, employees, holders of corporate offices, website users and third parties, acquired and used in the context of the business activity carried out by the Data Controller.
The data collected relate to, for example: first name, family name, company name, personal/financial details, profession, address, telephone, email, and bank and payment references.
2.2. Cookies and browsing data
Among the browsing data collected are IP addresses or the domain names of computers used by users who connect to the website, the addresses of the resources requested, the time of the request, the method used to make the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
2.3. Images and videos
Florim Ceramiche S.p.a. is authorized to use, edit, reproduce and publish images and/or audio and video recordings of the Data Subject, and those of his or her children who are minors, taken during events organized by Florim (also in the case of events managed by third parties) in which the Data Subject takes part.
These images/recordings are the property of Florim Ceramiche S.p.a. who is entitled to modify them and correct them, without prejudice to the safeguarding of the decency and dignity of the Data Subject.
Recordings and photographs taken may be disseminated by means of internal communication tools (e.g. intranet, etc.) or external ones: sustainability report, Florim website or group sites, social media (Instagram, Facebook, Youtube etc.), trade-fair events (either in Italy or abroad), competitions, exhibitions, publications, films and company communications.
The Data Subject releases Florim Ceramiche S.p.a. and the other companies that are Data Controllers from any liability concerning any unlawful, illegitimate or incorrect use of images and audio and video recordings by third parties.
The use of images and audio and video recordings is granted free of charge by the Data Subject.
Florim Ceramiche S.p.a. is not obliged to mention the name of the Data Subject recorded and/or photographed.
2.4 Specific information: CCTV systems
There is a CCTV system in operation in certain areas of the company premises; this has been installed and is used for the purposes of securing and safeguarding assets (legitimate interest of Controller). The areas subject to recording are suitably signed with specific signs saying “AREA VIDEOSORVEGLIATA” (“CCTV IN OPERATION”). The recordings will be kept for periods of time compatible with the limits laid down by prevailing legislation. Only internal officials, regularly authorized and instructed, may access the recordings, as well as external subjects appointed for possible maintenance activities on the system and/or surveillance services.
3. PURPOSES AND LEGAL BASIS FOR THE PROCESSING
The personal data is processed to:
• comply with the obligations laid down by the law, by a regulation, by EU rules or by an order from the authorities;
• marketing purposes (including sales communications, promotions and invitations to events, newsletters and communications for company initiatives);
• profiling purposes, for marketing activities;
• exercise a legitimate interest as well as a Controller’s right (for example: the right to a defence in a court of law, the safeguarding of credit positions, ordinary internal operational, management and accounting requirements);
• conclude contractual relationships and grant professional appointments;
• evaluate/hire new personnel and manage the work relationship;
• fulfill pre-contractual, contractual, administrative and fiscal obligations deriving from existing relationships, as well as manage the necessary communications connected with these and safeguard the rights generated by the relationship.
The above purposes represent suitable legal bases for the lawfulness of the processing according to Article 6, subparagraph 1, points (b), (c) and (f) of the GDPR. If it is intended to carry out processing for different purposes the appropriate consent will be requested from the data subjects.
Lack of consent to the processing of personal data will render it impossible to establish a relationship with the Data Controller.
4. METHODS OF PROCESSING
Personal data are subject to processing as referred to in Article 4 paragraph 2 of the GDPR, either in paper or in electronic and/or automated form. The Data Controller will process the personal data for the time necessary to fulfill the purposes for which they were collected and the relative legal obligations.
5. SCOPE OF THE PROCESSING
The data are processed by regularly authorized and instructed internal persons in accordance with Article 29 of the GDPR. The Data Subject may request the scope of communication of his or her personal data, obtaining information on the external persons who operate as independent Data Processors or Controllers (consultants, technicians, banks, hauliers, etc.). We would also inform you that the personal data may be subject to communication between the Group’s companies and/or dissemination and/or transfer to non-EU countries. The Florim group uses Microsoft cloud services and outsourcing companies to manage and store data, and these bodies undertake to guarantee compliance with the GDPR.
If it should be necessary, in the context of bids/tenders or in complying with regulatory obligations (e.g. joint and several liability, laws against bribery, organized crime, money laundering, etc.) to acquire from clients/suppliers the personal data of their employees, it is agreed between the parties that Florim and/or the other companies who are Data Controllers will be legally authorized for the processing as external Processor (Article 28 GDPR) or as an authorized person (Article 29 GDPR). In the context of this relationship Florim and/or the other companies who are Data Controllers undertake to process these data in accordance with the requirements for compliance laid down by the GDPR, guaranteeing their possible communication to further subjects exclusively in the context of specific legal obligations.
6. RECIPIENTS OF THE DATA
The personal data may be communicated to external subjects operating as data controllers, for example, supervisory and monitoring authorities and bodies and in general public or private subjects legally authorized to request the data, such as, for example:
• Financial Administrators and other agencies and public service corporations in fulfillment of regulatory obligations.
• Financial Administrators and other agencies and public service corporations upon request of the same.
The data may be processed, on behalf of the Controller, by external subjects appointed as data processors, who carry out specific activities on behalf of the Controller, such as:
• Agents and brokers for our company.
• Shipping agents for dispatching products ordered.
• Banks for managing payments.
• Agencies, or other bodies, appointed to provide commercial information or send publicity or information material.
• Business information companies.
• Companies and legal offices for protecting rights arising from the contract.
• Florim group information systems and outsourcing companies for data management and storage.
7. RIGHTS OF THE DATA SUBJECT
Florim Ceramiche S.p.a and/or the other companies who are Data Controllers guarantee that you can exercise at any time the rights laid down in Article 12 of the GDPR. In particular, you have the right:
• to know if the Controller holds and/or processes personal data relating to the you and to access them fully, and also to obtain a copy (Article 15 Right of access);
• to rectify inaccurate personal data or to supplement incomplete personal data (Article 16 Right to rectification);
• to erase personal data in the Controller’s possession if one or more of the grounds laid down in the GDPR applies (Article 17 Right to erasure);
• to ask the Controller to restrict the processing only of some of the personal data, if one of the reasons laid down in the GDPR applies (Article 18 Right to restriction of processing);
• to request and receive all the personal data processed by the controller, in a structured, commonly used and machine-readable format or to request that those data are transmitted to another Controller without hindrance (Article 20, Right to data portability);
• to object, wholly or in part, to the processing of personal data for purposes of sending publicity materials and market research (Article 21 Right to object);
• to object, wholly or in part, to the processing of personal data by automated or semi-automated means for profiling purposes.
• to lodge a complaint with the competent supervisory authority of the Member State in which the data subject resides or works or of the State in which the presumed infringement has taken place.
These rights may be exercised by notifying the Data Controller at the following email address: [email protected].