PRIVACY NOTE IN ACCORDANCE WITH ARTICLE 13 OF REGULATION (EU) 2016/679
With specific reference to your personal data as defined under Article 4(1)(1) of Regulation (EU) 2016/679 (“General Data Protection Regulation – GDPR”) in your capacity as “Data Subject”, the enterprise, FREGOLI S.R.L., (VAT and Tax Identification Number 02777280351 ), acting through its pro tempore legal representative, based in Correggio (RE), via Per Carpi, 26/B, in its capacity as “Controller” under Article 4(1)(7) of the GDPR, hereby provides you with this notice to inform you of its privacy policy and so you can understand how it manages your personal data when you use its services on www.fregoli.net (“Website”)
1. Who is the Data Controller?
1.1. The “Controller” of the processing of your personal data, as specified in Article 4(1)(7) of the GDPR is the enterprise, FREGOLI S.R.L., (VAT and Tax Identification Number 02777280351 ), acting through its pro tempore legal representative, based in Correggio (RE), via Per Carpi, 26/B; you can contact the Controller by email at privacy@spal.it
1.2. The “Data Protection Officer”, as specified in Article 37 of the GDPR is BALDI & PARTNERS, who you can contact by email at dpo@spal.it
1.3. Please note that any changes or updates to the data of the above specified Data Protection Officer will be duly published on the website of the undersigned Controller.
2. Nature and type of data that we collect and process.
We may collect your Personal Data because you voluntarily submitted it (e.g. when you set up a personal account in order to receive the services provided by the Controller) or simply by analysing your site browsing behaviour.
We process the following Personal Data collected via the website:
2.1. Name, contact details and other Personal Data
In different sections of the site, particularly the section where you set up your personal account, you will be asked to enter information such as your name, surname, telephone number, email address, country of residence, address etc.
2.2 : Browsing data
The IT systems and software procedures utilised to run this Website acquire some user-generated Personal Data as part of their normal functioning; the transmission of such data is implicit in internet communication protocols. These data are not collected to be associated with any identified data subjects; however, by their very nature, they may make users identifiable after being processed and matched with data held by third parties. This data category includes IP addresses or domain names of the computers used to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used to submit the request to the server, the size of the returned file, the numerical code of the server response status (completed, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data are used only to collect anonymous statistical data about use of the Website, and to make sure it is working properly, as well as to identify any abnormalities and/or misuse, and are deleted as soon as they are processed. The data may be used to investigate culpability in the event of hypothetical cybercrime against the Website or third parties: except for this possibility, the data on web contacts do not persist for more than 60 days.
3. Purposes of data processing.
3.1. In accordance with Article 5(1)(b) of the GDPR, we hereby inform you that the Controller will process your personal data collected via the Website to:
• provide Services, such asrequests for after-sales services for all the Fregoli products (“Provision of Service“);
• comply with legal obligations that require Data Controllers to collect and/or further process certain types of Personal Data (“Compliance”);
• prevent or detect any misuse of the Website, or any fraudulent activity and therefore enable the Data Controller to protect themselves before the courts (“Misuse/Fraud”).
4. Legal basis and mandatory and/or optional nature of processing
According to the purposes specified in paragraph 3 above, the Controller processes your Personal Data according to the following legal basis:
Provision of Service: processing for this purpose is necessary to be able to deliver the Services you request and, therefore, to perform the contract that you are a party to. You are not required to give your Personal Data to the Controller for this purpose, but failure to do so means we will not be able to provide you with the Service.
Compliance: processing in this case is necessary for the purposes of carrying out legal obligations, where applicable. When you give your Personal Data to the Controller, they must be processed according to the applicable law, which means they may be stored and disclosed to the Authorities for accounting, taxation or other kinds of legal obligations.
Misuse/Fraud:the data collected for this purpose will only be used to prevent and/or detect any fraudulent activity or misuse of the Website and therefore enable the Controller to protect themselves before the courts.
5. Recipients of your Personal Data
In order to pursue any of the purposes described in paragraph 3 above, the Controller will disclose your Personal Data to its collaborators, who will act as persons authorized to process personal data.
Furthermore, for the purposes described in paragraph 3 above, your Personal Data will be processed by third parties belonging, by way of example, to the following categories:
a) a) any subsidiary, parent or associated company of the Controller, including: SPAL s.r.l., via per Carpi 26/b – 42015 Correggio (RE) Italy – VAT number 01361210352 / SPAL AUTOMOTIVE S.R.L., via per Carpi 26/b – 42015 Correggio (RE) (C. f. e P. IVA 01755790357
b) entities providing IT system management services, including server hosting and backup services;
c) entities that provide the Controller with tax, legal, judicial and compliance advice;
The entities listed above operate, in some cases, independently as separate data controllers, and in other cases, as data processors specifically appointed by the Data Controller in accordance with Article 28 of the GDPR.
Disclosure of your data to the above categories does not require your consent, as it is based on the legitimate overriding interest of the Data Controller, given that such disclosure is necessary for the purposes mentioned in paragraph 3 above.
You can ask the Controller for the complete, updated list of the entities to which your Personal Data may be disclosed.
Moreover, with regard to the Provision of the Italian Data Protection Authority (Garante) made on 27 November 2008 “Misure e accorgimenti prescritti ai titolari dei trattamenti effettuati con strumenti elettronici relativamente alle attribuzioni delle funzioni di Amministratori di sistema” (Measures and mechanisms required by data processing controllers using electronic media with regard to attributing the functions of system administrator), as Data Subject you may also ask the Controller the names of the System Administrators of the operating systems containing the personal data collected.
The personal data processed by the Controller are not disclosed.
Transferring personal data outside the European Union
Fregoli does not intend to transfer your personal data to any non-EU countries. However, if, in execution of the purposes listed above, Fregoli should transfer your data outside the European Union, the Controller will proceed to carry out such transfer only after establishing that one of the conditions laid down in Articles 44 et seq. of the GDPR is met, in order to ensure an adequate level of protection of your personal data.
6. Period of storage of collected and processed personal data.
The Controller will store Personal Data collected for the purposes of Provision of Services for as long as strictly necessary to provide the services requested. In any case, since those Personal Data are processed to provide the Services, the Controller may store them for longer, particularly if this is necessary in order to protect the interests of the Controller from any complaints that may be made about the Services.
The Controller will store Personal Data collected for the purposes of Compliance for the period required by specific legal obligations or by applicable law.
The Controller will store Personal Data collected for the purposes of avoiding Misuse/Fraud for as long as strictly necessary for that purpose and, therefore, for the time the Controller is required to store them to protect themselves before the courts by disclosing those data to the competent Authorities.
7.How will your Personal Data be processed?
Your data will be processed in both paper form and/or using electronic and/or computerised and/or telecommunications media and instruments; the logic involved and the procedures used are strictly connected to the purposes specified and, in any case, adopting methods that ensure the security and confidentiality of the data in compliance with the provisions of Article 32 of the GDPR.
8. Rights of the Data Subject.
8.1. With regard to your Personal Data that are processed by the Controller FREGOLI S.r.l. We hereby inform you that you are entitled to exercise the following rights under Articles 15 to 21 of the GDPR and, in particular:
• Right of access – Article 15 of the GDPR: the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data – including a copy of them – and the following information:
1. the purposes of the processing
2. the categories of personal data processed
3. the recipients to whom the personal data have been or will be disclosed
4. the envisaged period for which the personal data will be stored or the criteria applied
5. the existence of the Data Subject’s right to request from the controller rectification or erasure of personal data or restriction of processing
6. the right to lodge a complaint
7. where your personal data are not collected from you, any available information as to their source
8. the existence of automated decision-making, including profiling;
• Right to rectification – Article 16 of the GDPR: the right to obtain without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed;
• Right to erasure (‘right to be forgotten’) – Article 17 of the GDPR: the right to obtain the erasure of personal data concerning you without undue delay, where one of the following grounds applies:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• you withdrew your consent and there is no other legal ground for the processing;
• you successfully objected to the processing of your personal data;
• your personal data have been unlawfully processed;
• your personal data have to be erased for compliance with a legal obligation;
• your personal data were collected in relation to the offer of services referred to in Article 8(1) of the GDPR.
The right to erasure shall not apply to the extent that processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.
• Right to restriction of processing – Article 18 of the GDPR: the right to obtain restriction of processing where one of the following applies:
• the accuracy of the personal data is contested by the data subject;
• the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the personal data are required by the data subject for the establishment, exercise or defence of legal claims;
• Right to object : Article 21 of the GDPR: the right to object to the processing of your personal data unless the controller demonstrates compelling legitimate grounds for the processing;
• Right to data portability – Article 20 of the GDPR: the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, where the processing is based on consent and the processing is carried out by automated means. In exercising your right to data portability, you also have the right to have the personal data transmitted directly from the Controller to another, where technically feasible;
• Right to lodge a complaint with the Italian Data Protection Authority (Garante), Piazza Venezia 11, 00187, Rome (RM).
8.2. In accordance with Article 12(1) of the GDPR, FREGOLI S.r.l. undertakes to provide the communication under Articles 15 to 22 of the GDPR in a concise, transparent, intelligible and easily accessible form. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
8.3. In accordance with Article 12(3) of the GDPR, the Controller informs you that it undertakes to provide information on action taken on a request under Articles 15 to 22 to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
8.4. If you, the Data Subject want to exercise your rights as specified in more detail in this Article, you can use the contact information specified in Article 1 of this “Notice”.
8.5. Any action you take as Data Subject is provided free of charge, pursuant to Article 12 of the GDPR. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
Lastly, please note that the Controller may request the provision of additional information necessary to confirm the identity of the Data Subject.
Fregoli S.r.l. a socio unico
(In its capacity as Data Controller)
COOKIE POLICY
Fregoli s.r.l a socio unico, (Tax Code and Vat Number: 02777280351) (hereinafter “FREGOLI”), represented by its legal representative pro tempore, with registered office in Correggio (RE), via per Carpi 26/B, in its capacity as the Data Controller pursuant to art. 4 n. 7) and 24 of the EU Regulation no. 2016/679 (GDPR), illustrates, below, the cookie policy (“Policy”) referring to this website www..fregoli.net (“Site”).
1. Legal framework.
1.1. The Policy is inspired by the following EU and/or national (first and/or second level) legislative measures: (i) Directive no. 2002/58/EC of 12.7.2012 (the so-called ePrivacy Directive), as amended by Directive no. 2009/136/EC; (ii) art. 122 of the new Legislative Decree no. n. 196/2003 (Privacy Code), which transposed the ePrivacy Directive into the national legal system; (iii) GDPR: articles 4 no. 11), 7, 12, 13, 25 and 95 (in addition, in particular, to Recitals no. 30, 32 and 173); (iv) Guidelines no. 5/2020 adopted on 4 May 2020 by the EDPB, replacing the Guidelines of 10.4.2018 signed by WP Art. 29; (v) Measure No. 231 of 10.6.2021 [web doc. no. 9677876] signed by the Italian Authority for the protection of personal Data (Data Protection Authority); (vi) Recommendation No. 2/2001 of the WP Art. 29; (vii) Opinion No. 2/2010 of the WP Art. 29; (viii) Opinion No. 4/2012 of the WP Art. 29; (ix) Guidelines No. 8/2020 of the EDPB
2. Cookies and other tracking tools: definition and classification.
2.1. “Cookies” are, as a rule, strings of text that a website (“publisher” or “first party”) visited by the user or a different website (“of a third party”) places and stores, directly (in the case of the first party website) or indirectly (through the latter, in the case of a third party website), in a terminal device available to the user: in this regard, the Data Protection Authority has specified the fact that the information, encoded in the cookies, can include both personal data ex art. 4 n. 1) of the GDPR (e.g. IP address; user name; email address; unique identifier) and non-personal data ex art. 3 n. 1) of EU Regulation n. 1807/2018 (e.g. language; type of device used).
Next to (or in addition to) them, “ther tracking tools” may exist (and therefore be used), which can be divided into “active” (which have almost the same characteristics as cookies) and “passive” (e.g. finger printing).
2.2. Beyond the described intrinsic characteristics, cookies (and other tracking tools) can have different peculiarities from a temporal point of view (and, therefore, be considered “session” or “permanent” , due to their duration), from a subjective point of view (depending on whether the publisher acts autonomously or on behalf of a “third party”) as well as, finally (but especially), from the point of view of their duration. depending on their duration), from a subjective point of view (depending on whether the publisher acts autonomously or on behalf of a “third party”) and, finally (but especially), on the basis of the processing purpose pursued, so that they can be divided into two different (macro) categories:
i. “technical“, used for the sole purpose of “carrying out the transmission of a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service” (art. 122 paragraph 1) of the Privacy Code).
In this regard, the Data Protection Authority has highlighted, within the Measure no. 231 of 10.6. 2021 (in line of continuity with the previous Provision on the matter of 2014), that the “analytics cookies” may well be included within the alveo of cookies (or other tracking tools) of a “technical” nature (and, therefore, may be used in the absence of the prior acquisition of consent by the person concerned), at the occurrence of certain conditions, aimed at precluding the possibility that it is reached, through their use, the direct identification of the person concerned (single out).
ii. “profiling”/”marketing” (the so called non-technical), used to trace specific actions or behavioral patterns recurring in the use of features offered (pattern) to specific subjects, identified or identifiable, in order to group the different profiles within homogeneous clusters of different sizes, so that it is possible for the Data Controller, among other things, also modulate the provision of the service in an increasingly personalized beyond what is strictly necessary to provide the service, as well as send targeted advertising messages (ie, in line with the preferences expressed by the user during navigation on the network).
3. Cookies installed on the Site.
3.1. Within the Site, the following types of cookies have been installed:
Name |
Type |
First Party / Third Party |
Durata |
_icl_current_language |
Technical |
First party shop.fregoli.net |
Until the end of the browsing session |
_icl_current_admin_language |
Technical |
First party shop.fregoli.net |
Until the end of the browsing session |
_icl_visitor_lang_js |
Technical |
First party shop.fregoli.net |
Until the end of the browsing session |
wpml_browser_redirect_test |
Technical |
First party shop.fregoli.net |
Until the end of the browsing session |
wpml_referer_url |
Technical |
First party shop.fregoli.net |
Until the end of the browsing session |
wpml_admin_referer_url |
Technical |
First party shop.fregoli.net |
Until the end of the browsing session |
_gat |
Technical/Analytical |
Third party www.google-analytics.com |
10 minutes |
_gid |
Technical/Analytical |
Third party www.google-analytics.com |
24 hours |
_ga |
Technical/Analytical |
Third party www.google-analytics.com |
2 years |
gac |
Technical/Analytical |
Third party www.google-analytics.com |
90 days |
Google Analytics cookies: The site uses Google Analytics analysis cookies to collect aggregate statistical information on user behavior. These cookies can not be used to identify specific individuals. More information on the use of Google Analytics cookies can be found at https://www.google.com/policies/privacy Google provides a browser plugin to prevent the collection and use of its data to visitors to sites on which the statistical service is active. For more information, visit https://tools.google.com/dlpage/gaoptout.
4. Responsibility for the operation of third party cookies.
4.1. In this regard, it is recalled, faithfully, what it is provided by the Provision of 8.5.2014 signed by the Data Protection Authority: ” There are several reasons why it would appear impossible to require a publisher to provide information on and obtain consent for the installation of cookies on his own website also with regard to those installed by “third parties”. In the first place, a publisher would be required to always be equipped with the tools and the legal and business skills to take upon himself the obligations of third parties – thus, the publisher would be required to check, from time to time, that what is declared by the third parties corresponds to the purposes they are actually aiming at via their cookies. This is a daunting task because a publisher often has no direct contacts with all the third parties installing cookies via his website, nor does he know the logic underlying the respective processing. Furthermore, it is not seldom the case that licensees step in between a publisher and the said third parties, which makes it ultimately highly difficult for the publisher to keep track of the activities of all the stakeholders. Secondly, third parties´ cookies might be modified by the third parties with time, and it would prove rather dysfunctional to require publishers to keep track also of these subsequent changes”.
5. Browser Settings.
5.1. FREGOLI highlights the possibility for the user to delete and block the operation of the cookies described in art. 3) above at any time by using the appropriate settings in the browser used: in this regard, FREGOLI adds that if the user decides to disable the technical cookies referred to in art. 2.1. point i), the quality and speed of services and features offered and made available on the Site may deteriorate.
5.2. Enabling or disabling cookies.
By changing the browser settings (i.e. the navigation program used), you can change the settings on your browser to accept or reject cookies, or to decide which cookies categories to accept or reject, or to decide whether or not to receive a warning message before accepting a cookie from the websites you visit.
You can also delete all the cookies set in the cookies folder of your browser.
Remember that if you decide to completely disable the cookies in your browser you may not be able to use all our interactive functions.
If you use a number of different devices, make sure you have set your preferences on every browser. Every browser has slightly different procedures to manage the settings.
Below are some brief instructions and links to specific instructions on how to change your browser’s cookie settings, referring in particular to the four most common browsers:
Microsoft Internet Explorer
click on the “Tools” button at the top-right, and then select “Internet options”. Select the “Privacy” tab. Here you can change the settings of your cookies, and you can block all or some cookies.
https://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
Google Chrome
Open Chrome, at the top-right, click on “More” and then select “Settings”. At the bottom, click “Show advanced settings”. Under “Privacy and Security”, click “Content settings”. Click “Cookies” to manage your preferences and allow or block all or some cookies.
https://support.google.com/chrome/answer/95647?hl=en&p=cpn_cookies
Mozilla Firefox
Click the menu button in the top-left corner of the page and choose “Options”. Select the “Privacy & Security” panel. Go to the Cookies and Site Data section where you can manage your cookies settings.
https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Safari
Click the menu button in the top-right corner of the page and choose “Preferences”. Click “Privacy” and here you can manage your cookies settings.[PO2] We will store your cookies preferences using a special technical cookie with the functions specified in the table above.
https://support.apple.com/en-us/HT201265
If you use a different browser from the ones listed above, select “cookies” in the help section of your browser to find out where you can manage your cookie settings.
6. Rights of the Data Subject
6.1. With regard to your Personal Data that are processed by the Controller FREGOLI, We hereby inform you, as Data Subjects pursuant to art. 4 n. 1) of the GDPR, that you are entitled to exercise the following rights possibly subject to the limitations provided for by art. 2 undecies and 2 duodecies of the Privacy Code: Right of access – Article 15 of the GDPR: the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data – including a copy of them – and the following information( the purposes of the processing,);right to rectification – Article 16 of the GDPR: the right to obtain without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed; right to erasure (‘right to be forgotten’) – Article 17 of the GDPR: the right to obtain the erasure or destruction or anonymization of personal data, however, where the conditions listed in the same article are met; right to restriction of processing – Article 18 of the GDPR: the right to obtain restriction, right with a markedly precautionary connotation, aimed at obtaining the limitation of processing where the hypotheses governed by the same art. 18 of processing where one of the following applies: right to object – Article 21 of the GDPR: the right to object to the processing of your personal data unless the controller demonstrates compelling legitimate grounds for the processing;right to data portability – Article 20 of the GDPR: the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, where the processing is based on consent and the processing is carried out by automated means; right to lodge a complaint with the Italian Data Protection Authority (Garante), Piazza Venezia 11, 00187 Rome (RM)- ex. Article 77 of the GDPR, where it is believed that the processing under analysis violates national and EU legislation on the protection of personal data.
6.2. In addition to the rights described in the previous art. 6.1.), FREGOLI specifies that, in relation to the personal data of the data subject, there is, where possible and conferring, the right to exercise, on the one hand, the (sub) right provided for by art. 19 of the GDPR (“The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.”), to be considered connected and connected to the exercise of one or more rights regulated by art. 16, 17 and 18 of the GDPR; on the other hand, FREGOLI specifies that, in relation to the personal data of the data subject, there is, where possible and conferring, the right to exercise the right provided for by art. 22 paragraph 1) of the GDPR (“The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.”) , subject to the exceptions provided for in paragraph 2 below).
6.3. In accordance with Article 12(1) of the GDPR, FREGOLI undertakes to provide the communication under Articles 15 to 22 of the GDPR in a concise, transparent, intelligible and easily accessible form. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
6.4. In accordance with Article 12(3) of the GDPR, the Controller informs you that it undertakes to provide information on action taken on a request under Articles 15 to 22 to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
6.5. . The data subject can exercise, at any time, the aforementioned rights (except for the right pursuant to art. 77 of the GDPR) by using the contact details illustrated in art. 7. of this “Notice”.
7. Data Controller’s contact details.
7.1 The Controller FREGOLI can be contacted at the following email address: privacy@spal.it
7.2 The “Data Protection Officer”, as specified in Article 37 of the GDPR is the lawyer Sara Mandelli of BALDI & PARTNERS, who can be contacted at the following email address: dpo@spal.it
8. Recipients of your Personal Data
The Controller will disclose your Personal Data to its collaborators, who will act as persons authorised to process personal data.
Furthermore your Personal Data will be processed by third parties belonging, by way of example, to the following categories:
a) any subsidiary, parent or associated company of the Controller, including:
b) entities providing IT system management services, including server hosting and backup services;
c) entities that provide the Controller with tax, legal, judicial and compliance advice;
The entities listed above operate, in some cases, independently as separate data controllers, and in other cases, as data processors specifically appointed by the Data Controller in accordance with Article 28 of the GDPR.
Moreover, with regard to the Provision of the Italian Data Protection Authority (Garante) made on 27 November 2008 “Misure e accorgimenti prescritti ai titolari dei trattamenti effettuati con strumenti elettronici relativamente alle attribuzioni delle funzioni di Amministratori di sistema” (Measures and mechanisms required by data processing controllers using electronic media with regard to attributing the functions of system administrator), as Data Subject you may also ask the Controller the names of the System Administrators of the operating systems containing the personal data collected.
The personal data processed by the Controller are not disclosed.
FREGOLI does not intend to transfer your personal data to any non-EU countries. However, if, in execution of the purposes listed above, FREGOLI should transfer your data outside the European Union, the Controller will proceed to carry out such transfer only after establishing that one of the conditions laid down in Articles 44 et seq. of the GDPR is met, in order to ensure an adequate level of protection of your personal data.
Correggio (RE), date 1 September 2021
Fregoli s.r.l. a socio unico
(In its capacity as Data Controller)