Privacy Policy

PRIVACY POLICY RELATING TO THE PROCESSING OF PERSONAL DATA PROVIDED TO USERS OF THE WEBSITE IN ACCORDANCE WITH EUROPEAN REGULATION 2016/679 (GDPR)

1. Introduction

Dear User, pursuant to the current legislation on data protection (European Regulation 2016/679 (hereinafter GDPR), Privacy Code harmonized by Legislative Decree 101/2018; Provisions of the Guarantor for the Protection of Personal Data) and subsequent amendments and additions, CFI GROUP ITALIA SRL, provides you with the following information regarding the processing of personal data

Please note that this information is provided to users in relation to the website available at https://www.cfigroup.it/privacy-policy/. Please note that the information is not to be considered valid for other websites that may be consulted via links on the websites in the domain of the Owner, who is not to be considered in any way responsible for third-party websites.

In detail, please note that the use of cookies by these companies refers to the information provided by the aforementioned third-party companies. This Privacy Policy is also provided pursuant to the GDPR. The information is also inspired by Recommendation no. 2/2001 that the European Authorities for the protection of personal data adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, times and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purposes of the connection, as well as the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on Cookies, as well as the provisions of the Guidelines on cookies and other tracking tools of the Authority for the Protection of Personal Data of 10 June 2021.

2. Contact details of the Data Controller and DPO:

The Data Controller is

CFI Group Italy

Via G.Cavalcanti 5

20127 Milan (MI),

CF E Pi 09805450153

Any requests for information and/or clarifications can be communicated to the Data Controller and/or the DPO by sending an email to the following addressprivacy@cfigroup.it

3. Type of data processed:

Personal and identification data

  • Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Identification data, personal data that allow the direct identification of the interested party (such as, for example, name, surname, e-mail address, address, telephone number, IP code, etc.).

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) ​​addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.

Defense in court

The User’s personal data may be used by the Owner for defense in court or in the preparatory stages to its possible establishment, inherent to abuses in the use of the same or related services by the User. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

Maintenance

The User’s personal data may be processed with additional methods and purposes related to system maintenance.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site or the compilation of data collection forms, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.

Specific information

Specific information is present on the pages of the Site in relation to particular services and/or processing of Data provided by the User or the Interested Party.

Cookies

The use of cookies by this website is regulated by the cookie policy to which reference is made.

4. Purpose of the processing

The personal data voluntarily provided will be processed for the following purposes:

  • browsing this website;
  • possible contact request, with the sending of information requested by you. In fact, the user can contact CFI using the telephone and email addresses shown on the various pages. The receipt of spontaneous communications from users necessarily entails the acquisition of the user’s email address and/or name by the Data Controller. The purpose of this collection is linked to the provision of information about the performance of the services provided
  • possible subscription to the newsletter; the user who wishes to stay updated on the activities can enter the requested data in the relevant form (mandatory data are marked with an asterisk). The requested information is processed for the sole purpose of providing the requested service. Failure to provide it does not allow the Data Controller to fulfill the user’s request. The processing involves the use of IT tools. For details, see also the relevant information at the bottom of the registration form.
  • possible compilation of data collection forms in dedicated areas for the provision of what is requested by the user.

5. Legal bases of the processing

The treatments described in the previous point are lawfully carried out according to the following legal bases:

– For sending communications to the user who spontaneously fills out the information request form, the legal basis is represented by the execution of pre-contractual and contractual measures.

– For sending the update newsletter, the legal basis is represented by the user’s consent to be expressed through a specific flag to be placed at the bottom of the registration form. The consent can be revoked at any time and its lack or revocation does not in any way prevent the user from being able to request CFI. the provision of its services but only the receipt of communications of an informative and/or promotional nature.

At the bottom of each contact form there is a link that refers to the specific information on data processing and the user is invited to express their acknowledgment or consent by checking the specific box. The absence of such active action by the user does not allow the correct sending of their request.

6. Nature of the provision of data and refusal

As regards navigation on this site, the provision of data is linked to the user’s will to navigate on the aforementioned site after having read the information present in the banner shown on the homepage. Please remember that to avoid the installation of cookies, the user can use the appropriate functions offered by the browser used for navigation as also described in the Cookie Policy.

7. Methods of processing

The treatments carried out with the aid of paper/computer tools with methods and tools aimed at guaranteeing maximum security and confidentiality, do not involve the use of automated decision-making processes. The treatments are carried out by subjects specifically appointed for this purpose (as authorized subjects and/or managers). The data will be stored for a period not exceeding the purposes for which the data were collected and subsequently processed and to respond to your data recovery needs.

8. Storage times

The data retention periods are reported below:

– Data necessary for the correct functioning of the website and for the purchase of our services: Personal data is stored for the time necessary to provide what is requested by the user. With regard to the purchase of services through the appropriate section of the website, CFI will store such data for a period of 10 years starting from the date of conclusion of the contractual relationship in compliance with contractual and fiscal requirements. Any further legal obligations are reserved, including but not limited to defense in court.

– Data received through the compilation of forms for the request of information: the data will be stored for the time necessary to contact the user for the communication of the information requested by the user. Such data will be stored for 1 year.

9. Communication of data to third parties:

Your data may be communicated to third parties belonging to the following categories:

  • service providers for the management of the information system used and telecommunications networks, including e-mail, newsletters and website management;
  • competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.

The subjects belonging to the above categories perform the function of Data Controller, or operate in complete autonomy as separate Data Controllers. The list of data controllers is constantly updated and available at the Data Controller’s headquarters.

10. Scope of dissemination

No personal data is disclosed.

11. Data transfers to countries located outside the European Economic Area

The data processing described in this Policy involves the transfer of data outside the European Economic Area, being connected with social networks, in which case it is noted that the appropriate technical and organizational measures are respected in order to make this activity lawful in compliance with legal obligations (use of standard contractual clauses, use of binding corporate rules, derogations provided for by the legislation where applicable).

12. Rights of interested parties

The user may exercise the rights provided for by Articles 15-22 of the GDPR listed below by contacting the Data Controller by sending an email to the address privacy@cfigroup.it

The rights mentioned above are the following: right of access to your data and information concerning the interested party; right to rectification of inaccurate data or integration of incomplete data; deletion of personal data concerning you (in the cases provided for by the legislation); right to limit the processing of your personal data (always in the cases provided for by the legislation); right to data portability; right to object to the processing of your personal data in the event of particular situations concerning you.

Furthermore, the Data Controller will interrupt the processing when the communication of revocation of the previously expressed consent is received from you where the consent represents the legal basis of the processing.

If you contact the owner, please provide your email address, name, address and/or telephone numbers, in order to allow the request to be handled correctly.

13. Complaint to the supervisory authority

The interested party has the right to lodge a complaint with the Supervisory Authority in the event that his/her requests for information addressed to the Data Controller have not resulted in satisfactory responses.

The reference Authority is the Guarantor for the Protection of Personal Data

http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524

 

Last update date: 07/27/2023