• Italiano
  • Deutsche
  • English

automotive

certification

inspection

product

Information on the processing of personal data
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 – “GDPR”

Privacy policy of this website

This page describes how the website is managed with regard to the processing of personal data of users who consult it.

This notice is also provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) to those who interact with the web services of FAKT S.r.l., accessible online from the address www.fakt.it and/or any related domains, corresponding to the home page of the site and its sub-sections.

This notice applies only to the website of FAKT S.r.l. and not to any other websites that may be consulted by the user via links or connections.

1. Data controller

The controller of the processing of personal data is:

FAKT S.r.l.
Registered office: Via Lithos, 53 – 25086 Rezzato (BS) – Italy
Website: www.fakt.it
E-mail: datsec@fakt.it

(hereinafter also referred to as “FAKT” or the “Controller”).

The data subject may contact the Controller at any time for any questions or suggestions regarding the protection of personal data.

2. Types of data processed

Browsing data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified data subjects, but, by its very nature, could, through processing and association with data held by third parties, make it possible to identify users.

This category of data includes, by way of example, the IP addresses or domain names of the computers used by users who connect to the site, the URI/URL addresses of the requested resources, the time of the request, the method used when submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site, checking that it is functioning correctly and ensuring the security of the systems. The data is retained for a period no longer than necessary to achieve these purposes and may be used to ascertain liability in the event of alleged cyber offences against the site or third parties.

Data voluntarily provided by the user

The optional, explicit and voluntary sending of data via the forms provided on the site or by e-mail to the addresses of FAKT S.r.l. entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the communication.

Such data will be processed confidentially and used exclusively to:

  • manage requests for information, contact, and technical or commercial support;
  • provide the services requested by the user;
  • send the requested informational material and documentation;
  • manage any pre-contractual and/or contractual relationship that may arise.

Specific information notices pursuant to Article 13 of Regulation (EU) 2016/679 may be displayed on the pages of the site prepared for particular services.

3. Purposes and legal basis of the processing

The personal data collected through the site are processed by the Controller for the following purposes:

  • to ensure correct browsing on the site, its technical operation and the security of IT systems;
  • to respond to requests for information, contact, assistance or quotations sent by the user;
  • to comply with legal obligations, regulations or EU legislation, as well as orders issued by competent Authorities;
  • to establish, exercise or defend a right of the Controller in judicial or extrajudicial proceedings.

The legal bases for the processing are, as applicable:

  • the performance of pre-contractual or contractual measures adopted at the request of the data subject (Art. 6, para. 1, letter b, GDPR);
  • compliance with legal obligations to which the Controller is subject (Art. 6, para. 1, letter c, GDPR);
  • the legitimate interest of the Controller (Art. 6, para. 1, letter f, GDPR) in managing the site, ensuring network and information security and protecting its own rights.

4. Nature of the provision of data

Apart from what has been specified for browsing data (which are necessary for the use of web communication protocols), the provision of personal data by the user is optional.

However, failure to provide data marked as mandatory in the forms, or otherwise necessary to handle requests, may make it impossible for the Controller to provide a reply or the requested service.

5. Methods of processing

Personal data are processed using manual, IT and telematic tools, according to logics strictly related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data, in compliance with the principles set out in Article 5 of the GDPR.

Specific technical and organisational security measures are adopted to prevent data loss, unlawful or incorrect use and unauthorised access.

6. Data recipients

Personal data may be made accessible, within the limits of the purposes indicated above, to:

  • employees and collaborators of the Controller, expressly authorised and instructed to process the data;
  • third parties that provide technical, IT, management or consultancy services related to the management of the site and/or the provision of services (such as hosting companies, IT system maintenance providers, IT consultants), appointed, where necessary, as Data Processors pursuant to Article 28 GDPR;
  • entities, bodies or Authorities to whom the disclosure of data is mandatory by law or by order of an Authority.

The updated list of Data Processors can be obtained from the Controller by sending a request to the e-mail address indicated in this notice.

7. Transfer of data to third countries

Personal data are mainly processed within the European Economic Area (EEA). If, for technical or organisational reasons, it becomes necessary to transfer the data to countries outside the EEA, the Controller will ensure that such transfers are carried out in compliance with Articles 44 et seq. of the GDPR, adopting appropriate safeguards (such as, for example, adequacy decisions of the European Commission or Standard Contractual Clauses).

8. Data retention period

Personal data will be retained for no longer than is necessary to achieve the purposes for which they were collected, in accordance with the applicable legal time limits.
In particular:

  • browsing data are retained for a limited period, normally no longer than a few days, except where data are needed to ascertain offences by the judicial Authority;
  • data voluntarily provided by the user via forms or e-mail are retained for the time necessary to respond to requests and, subsequently, for the period necessary to comply with legal obligations and to protect the rights of the Controller, in accordance with the rules of the Controller’s quality management system.

Once the relevant retention period has expired, or when the purposes of the processing or the legal obligations that justify the retention no longer apply, the personal data will be deleted or anonymised. If immediate deletion is not technically or operationally possible, the data will be appropriately blocked and excluded from any further active processing until they are effectively deleted.

9. Processing of candidates’ data

Personal data provided by candidates (for example by sending a curriculum vitae by e-mail or via any dedicated forms on the site) are processed by FAKT S.r.l. solely for the purpose of managing the selection procedure and assessing the application, pursuant to Article 6, para. 1, letters b) and f) of the GDPR.

The data will be retained for the time strictly necessary to evaluate the application and, in any event, for no longer than 6 months from the end of the selection process, unless different periods are provided for by law or required for the defence of rights in legal proceedings. Once this period has elapsed, the data will be deleted or anonymised, unless the data subject has expressly consented to the retention of their curriculum for future positions.

10. Cookies

Technical and session cookies

The site may use technical session cookies, strictly limited to what is necessary to allow secure and efficient navigation of the site itself.

No cookies are used for the transmission of personal information, nor are persistent profiling or tracking cookies used, unless otherwise specified in a separate, updated cookie policy.

Any session cookies used on this site avoid the use of other IT techniques that may compromise the confidentiality of user navigation and do not allow the acquisition of personal data identifying the user. They are automatically deleted at the end of the browsing session.

Users can manage their cookie preferences at any time through their browser settings, it being understood that disabling certain technical cookies may affect the correct functioning of the site.

11. Rights of data subjects

Pursuant to Articles 15–22 of Regulation (EU) 2016/679, each data subject has the right to:

  • obtain confirmation as to whether or not personal data concerning them are being processed and, if so, access such data and related information (“right of access”);
  • obtain the rectification of inaccurate personal data and the completion of incomplete data (“right to rectification”);
  • obtain the erasure of personal data in the cases provided for by Article 17 GDPR (“right to erasure” or “right to be forgotten”);
  • obtain restriction of processing in the cases provided for by Article 18 GDPR (“right to restriction of processing”);
  • receive the personal data concerning them in a structured, commonly used and machine-readable format and transmit those data to another controller (“right to data portability”);
  • object at any time, on grounds relating to their particular situation, to the processing of personal data based on the legitimate interest of the Controller (“right to object”);
  • withdraw consent at any time, where given, without affecting the lawfulness of processing based on consent before its withdrawal.

The data subject also has the right to lodge a complaint with the competent supervisory Authority, in particular with the Italian Data Protection Authority (Garante per la protezione dei dati personali, www.garanteprivacy.it). The updated addresses and contact details of the Authority are available at www.garanteprivacy.it.

FAKT S.r.l. does not adopt decision-making processes based solely on automated processing that produce legal effects concerning the data subject or similarly significantly affect them, including profiling, within the meaning of Article 22 of the GDPR.

12. How to exercise your rights

The rights listed above may be exercised at any time with respect to the Controller by sending a request to the following contact details:

E-mail: datsec@fakt.it
Postal address: FAKT S.r.l. – Via Lithos 53 – 25086 Rezzato (BS) – Italy

The Controller will respond to requests from the data subject within the time limits laid down in Article 12 of the GDPR.

13. Updates and amendments

This notice may be subject to changes and updates over time, also in light of any regulatory developments or changes in the services offered by the site. Updated versions will be made available on this same page.

Users are therefore invited to consult this section periodically.

Via Lithos 53    IT-25086 Rezzato (BS)    Tel: +39 030 2592700    Fax: +39 030 2590395