GDPR PRIVACY NOTICE
1. GENERAL INFORMATION
Please be informed that relationships established with FLORIM S.P.A. SB and/or other companies of the FinFloor Group and/or related companies (Data Controllers) may involve the processing of personal data, in accordance with the following general principles:
• all data is processed lawfully, fairly, and transparently in relation to the Data Subject, in compliance with the general principles set out in Art.5 of the GDPR;
• specific security measures are observed to prevent data loss, unlawful or incorrect use of data, alteration of data, and unauthorized access.
Companies with registered and/or administrative offices at Via Canaletto 24, 41042 Fiorano Modenese (MO):
• FLORIM CERAMICHE S.P.A SB A SOCIO UNICO
• MILANO 4 S.R.L
• FINFLOOR S.P.A
• UBERSETTO 2000 S.R.L.
• FIN TWIN S.P.A.
• MORDANO 4 S.R.L.
• FONDAZIONE ING. GIOVANNI LUCCHESE
• MARANELLO 51 S.R.L.
• LITHOS S.R.L.
• IMMOBILIARE SAN BIAGIO S.R.L.
Email address: [email protected]
2. SUBJECT OF PROCESSING
The Data Controller may collect the following types of data:
2.1. Personal data processed
The Data Controller processes personal data of contacts, visitors, clients, suppliers, applicants, employees, company officials, website users, and third parties, acquired and used in the course of the Data Controller’s business activities.
The collected data includes, for example: name, surname, company name, identification/tax data, profession, address, telephone, email, banking and payment details.
2.2. Cookies and browsing data
The collected browsing data includes IP addresses or domain names of computers used by users connecting to the site, addresses of requested resources, time of request, method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
2.3. Images and videos
FLORIM S.P.A. SB is authorized to use, edit, reproduce, and publish images and/or audio-video recordings of the Data Subject, and of their minor children, taken during events organized by Florim (including events managed by third parties) in which the Data Subject participates.
These images/recordings are owned by FLORIM S.P.A. SB, which also has the right to modify and correct them, subject to the protection of the Data Subject’s honor and dignity.
The recordings and photos taken may be disseminated through internal communication tools (e.g., intranet, etc.) or external ones: sustainability report, Florim’s website or group sites, social media (Instagram, Facebook, Youtube, etc.), trade fair events (both in Italy and abroad), competitions, exhibitions, publications, films, and corporate communications.
The Data Subject releases FLORIM S.P.A. SB and other Data Controller companies from any liability for any illicit, illegitimate, or incorrect use of images and audio-video recordings by third parties.
The use of image and audio-video recordings is granted by the Data Subject free of charge.
FLORIM S.P.A. SB is under no obligation to mention the name of the photographed and/or filmed Data Subject.
2.4. Specific information: video surveillance system
At some areas of the company’s premises, a video surveillance system is operational, installed and used for security purposes and the protection of assets (legitimate interest of the Data Controller). The areas under surveillance are appropriately marked with specific signs “AREA VIDEOSORVEGLIATA”. Recordings will be kept for periods compatible with the limits set by current regulations. Only internally authorized and trained personnel, as well as external subjects assigned to possible maintenance activities on the system and/or surveillance services, may access the recordings.
2.5 Specific information: sending of commercial information
The interested party authorizes Florim Ceramiche S.P.A. SB to use the Personal Data provided for promotional purposes (sending newsletters, invitations to trade fairs, exhibitions, sending catalogs and other promotional objects), marketing (including sending price lists, commercial offers, sending laying plans , metric calculations, meetings and seminars, services offered by Florim Ceramiche or other subsidiaries).
These categories of data indicated above, and collected for the purposes described, may be processed only with specific consent requested in an optional form.
3. PURPOSES AND LEGAL BASIS OF PROCESSING
Personal data are processed for:
• compliance with obligations under the law, a regulation, community legislation, or an order from the Authority;
• marketing purposes (including commercial communications, promotions and invitations to events, newsletters, and communications for company initiatives);
• profiling purposes, for marketing activities.
• exercise of a legitimate interest and a right of the Data Controller (for example: the right to legal defense, the protection of credit positions; the ordinary internal operational, administrative and accounting needs).
• conclusion of contractual relations and assignment of professional tasks;
• evaluation/hiring of new personnel and management of the employment relationship;
• fulfillment of pre-contractual, contractual, administrative, and tax obligations arising from existing relationships, as well as management of necessary communications connected to them and the protection of rights arising from the relationship;
These purposes represent, pursuant to Art.6, paragraphs b,c,f GDPR, suitable legal bases for the lawfulness of the processing. If it is intended to carry out processing for different purposes, specific consent will be requested from the Data Subjects.
Failure to consent to the processing of personal data will make it impossible to establish a relationship with the Data Controller.
4. METHODS OF PROCESSING
Personal data are subject to processing as defined in Art. 4 no. 2) GDPR, in both paper and electronic and/or automated formats. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.
5. SCOPE OF PROCESSING
• Data are processed by internally authorized and trained subjects in accordance with Art.29 of the GDPR. The Data Subject may request information on the scope of communication of their personal data, obtaining details on external subjects who operate as Processors or Independent Controllers of processing (consultants, technicians, banks, carriers, etc.). It is also informed that personal data may be subject to communication between companies of the Group and/or dissemination and/or transfer to countries outside the EU. The Florim group uses Microsoft cloud services and outsourcing companies for data management and storage, which commit to ensuring compliance with the GDPR.
Where necessary, in the context of tenders/contracts or in the fulfillment of regulatory obligations (e.g., joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.) to acquire personal data of employees from clients/suppliers, it is agreed between the parties that Florim and/or other Data Controller companies will be legitimized to process as an external Processor (Art.28 GDPR) or authorized subject (Art.29 GDPR). In this context, Florim and/or other Data Controller companies commit to processing such data in compliance with the GDPR requirements, ensuring any communication to further subjects exclusively within the framework of specific legal obligations.
6. RECIPIENTS OF DATA
Personal data may be communicated to external subjects operating as data controllers, for example, supervisory and control authorities and bodies, and in general, subjects, public or private, authorized to request data, such as:
• Financial Administrations and other public entities and companies in compliance with regulatory obligations.
• Financial Administrations and other public entities and companies upon their request.
The data may be processed, on behalf of the Data Controller, by external subjects designated as data processors, who carry out specific activities on behalf of the Data Controller, such as:
• Agents, brokers of our company.
• Couriers for the delivery of ordered items.
• Banking institutions for payment management.
• Agencies, or other entities, tasked with carrying out commercial information or sending advertising or informational material.
• Commercial information companies.
• Law firms and companies for the protection of rights arising from the contract.
• Florim Group’s Information Systems and outsourcing companies for data management and storage
7. RIGHTS OF THE DATA SUBJECT
FLORIM S.P.A. SB and/or other Data Controller companies guarantee the exercise of the rights provided for in Art. 12 of the GDPR at any time. In particular, one has the right:
• to know if the Data Controller holds and/or processes personal data relating to the individual and to access them fully, also obtaining a copy (Art. 15 Right of access),
• to correct inaccurate personal data or supplement incomplete personal data (Art. 16 Right to rectification);
• to delete personal data held by the Data Controller if one of the reasons provided for by the GDPR exists (Art. 17 Right to Erasure);
• to request the Data Controller to limit the processing to certain personal data only if one of the reasons provided for by the Regulation exists (Art. 18 Right to restriction of processing);
• to request and receive all personal data processed by the controller, in a structured, commonly used, and machine-readable format or to request transmission to another Controller without hindrance (Art. 20, Right to Portability);
• to object in whole or in part to the processing of data for the purpose of sending advertising material and market research (Art. 21 Right to object)
• to object in whole or in part to the processing of data in automated or semi-automated ways for profiling purposes.
• to lodge a complaint with the competent supervisory authority in the Member State where the Data Subject resides or works or in the State where the alleged violation occurred.
These rights can be exercised by communicating with the Data Controller at the following email address: [email protected].