PRIVACY POLICY
This policy is provided pursuant to Article 13 of EU Reg. 2016/679 (GDPR) is aimed at users – identified or identifiable natural persons – who access the services of Fullcro also through the website “www.fullcro.org” and contains a description of how personal data are processed.
This information does not concern other sites, pages or web services that can be reached through hypertext links on our site as for them reference should be made to their respective domains.
1 Data Controller
The Controller is Fullcro S.r.l. with registered office in Rome – Via Ignazio Guidi n. 3 (00147 -RM) with email: info@fullcro.org – pec: fullcrosrl@legalmail.it.
2 Data Protection Officer
The Data Protection Officer (DPO) is Daniela Bertés, lawyer, and can be contacted at the same physical address indicated in point 1 and by email at the certified email address: danielabertes@ordineavvocatiroma.org or at the non-certified email address: dpo@fullcro.org.
3 Lawfulness of processing
Fullcro S.r.l. processes data primarily on the basis of consent (art. 6 letter a GDPR) of the data subjects, or when processing is necessary for the performance of a contract (art. 6 letter b GDPR) or, indeed, on the basis of legitimate interest (art. 6 letter f GDPR). In particular, consent is given on the website (www.fullcro.org) by means of a banner placed at the bottom of the page, or through use and consultation of the site, after having read the cookies policy, as a conclusive conduct. By using and consulting the site, visitors approve this policy and consent to the processing of their personal data in the modalities, within the limits and for the purposes described in this policy. Further personal data (name, surname, email address, telephone number) are collected through the communication and/or service/information request forms; in this case, EU Reg. 2016/679 (GDPR) excludes the need to acquire the specific consent of the data subject because the data provision is necessary to fulfil the specific requests of the data subject. Appropriate and specific information will be forwarded by FULLCRO at the first possible subsequent contact so that the applicant can give specific consent.
On the basis of this information notice, in other cases consent is given by signing a specific form by the data subject.
The provision of data is optional, and the user may revoke the consent given at any time, as better specified in paragraph 4 below, without prejudice to the effects that such revocation has on ongoing relationships.
4 Purpose of personal data processing
In accordance with the stated legislation, the Controller guarantees that the processing of personal data is carried out with respect for the fundamental rights and freedoms and the dignity of the person concerned, with particular reference to confidentiality, personal identity and the right to protection of personal data.
4.1 All personal data provided by data subjects are processed for purposes related to the provision of the services requested by the user, that is:
administrative files relating to the services provided to the public or through telematic platforms by Fullcro S.r.l. and the performance of the activities of the same company in order to allow the subject to benefit from personalized services and for the execution of the same.
the insertion in computer records and databases;
performance of the service requested;
to comply with specific requests made by subjects;
The provision of such personal data is not compulsory, but any refusal to supply it prevents us from performing our services, such as, for example, participation in specific services on telematic platforms, in relation to the relationship between the data and the services requested.
4.2 Personal data may also be used (using traditional and automated methods) for purposes related to the promotional activity of Fullcro S.r.l. services, that is:
detection of the degree of satisfaction with the quality of services offered;
purposes of commercial information and promotion, such as the proposal of new initiatives, events, communication of new services;
to conduct information campaigns on ongoing activities;
to receive commercial and promotional communications via email, through the implicit subscription to mailing lists owned by Fullcro S.r.l.;
other direct marketing purposes, such as market research and analysis.
The data acquired will not, however, be transferred to third parties or used for indirect marketing purposes. The provision of the mentioned personal data necessary for the aforementioned purposes is not compulsory and failure to provide it does not affect the services rendered to the subject. If such data are provided, their processing requires the consent of the subject, expressed by means of specific “flags” to be placed in the consent boxes. Consent may be revoked at any time, also limited to the use of automated means only.
5 Provision of data and consequences in the event of failure to consent to processing
The provision of data for the purposes referred to in point 4.1 is necessary to enable the provision and management of the service, any refusal to provide such data will make it impossible to obtain the use of the service offered by the Controller.
With reference to the purposes of the processing referred to in point 4.2, consent to the processing of data is optional and may be given for each distinct purpose expressly indicated in the registration phase. Failure to consent will have no effect on the possibility of receiving the services requested and will only entail the consequences described below:
the inability for Fullcro S.r.l. to proceed with the performance of aggregate and anonymous statistics in order to monitor and improve the service offered;
the inability to receive informative and promotional communications and newsletters from Fullcro S.r.l. in relation to their initiatives.
6 Communication and release of data
The personal data that the subjects concerned have voluntarily communicated to our offices will not be disseminated in any way.
The personal data of the subjects, if necessary, may be communicated:
6.1 to all persons to whom the right of access is recognized by regulatory provisions;
6.2 to our collaborators, employees and suppliers, as part of their duties and/or any contractual obligations with them, relating to commercial and administrative relations with the subjects concerned;
6.3 to all public and/or private subjects, natural and/or legal persons (legal, administrative and fiscal consulting firms, Judicial Offices, Chambers of Commerce, Council of Rome, etc.), when the communication is necessary or functional to the performance of our activity and in the manner and for the purposes mentioned above;
6.4 to banking institutions for the management of collections and payments arising from the execution of contracts. In these cases special precautions will be taken in view of the nature of the data processed.
6.5 Transfer of data to third countries
The Controller does not transfer personal data to Third Countries; however, it reserves the possibility of using cloud services and, in this case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 GDPR 2016/679.
7 Processing methods
The processing concerns common personal identification data.
The processing of personal data is carried out using both paper and computer media, with the observance of all precautionary measures, in order to guarantee security, integrity and confidentiality. The data shall be managed in a lawful, protected and transparent manner for the purposes indicated in the information notice, limited to what is necessary in relation to the purposes for which they were conferred (so-called minimization), updated, corrected or deleted if no longer necessary and/or if requested by the data subject in the exercise of his/her rights.
In particular, all the technical, IT, organizational, logistical and procedural security measures will be adopted so as to guarantee the appropriate level of data protection required by law, allowing access only to persons authorized to process data by the Data Controller or by any Managers designated by the same.
8 Period of data storage
Personal data will be stored for the period of time strictly necessary for the pursuit of the specific purposes of the processing for which the user has given his or her consent and, specifically:
for the purposes indicated in point 4.1 for the time necessary to fulfil contractual obligations and, in any case, not more than 10 years from the time of collection of your data to fulfil legal obligations and, in any case, not more than the terms set by law for the prescription of rights;
for the purposes indicated in point 4.2 (i.e. for the purposes of direct marketing and market research) until the explicit expression of dissent to the use by the user, who will be provided with all the necessary tools to control and manage their own data.
9 Rights of the subject (art. 15 et seq. GDPR)
The user may, at any time, exercise the rights listed here below:
access to personal data: to obtain confirmation of whether or not data relating to him are being processed and, if so, to have access to the following information: the purposes, the categories of data, the recipients, the storage period, the right to lodge a complaint with a supervisory authority, the right to request rectification or erasure or restriction of processing or to object processing, as well as the existence of an automated decision-making process
rectification of data: to request the amendment of data when he/she considers that they are not up-to-date or accurate
deletion of the data or restriction of processing concerning him/her; “restriction” means the marking of the data stored with the aim of limiting their processing in the future;
objecting to processing: objecting on grounds relating to his/her particular situation to the processing of data for the performance of a task carried out in the public interest or in pursuit of a legitimate interest of the Controller;
data portability: in the case of automated processing carried out on the basis of consent or in performance of a contract, to receive in a structured, commonly used and machine-readable format the data concerning him/her; in particular, the data will be provided to him/her by the Controller in .xml or similar format;
revocation of consent to processing for the purposes of direct marketing and market research; the exercise of this right shall in no way affect the lawfulness of processing carried out before revocation;
to lodge a complaint pursuant to Art. 77 of the GDPR with the competent supervisory authority based on your habitual residence, place of work or the place where your rights have been infringed; in Italy, the competent supervisory authority is the “Garante per la protezione dei dati personali”, who can be contacted using the contact details given on the website http://www.garanteprivacy.it.
The above-mentioned rights may be exercised by making a request to the Data Controller at the addresses indicated in this information notice. The data subject’s right to object to the processing of his or her personal data for marketing purposes extends to traditional marketing purposes and, in any case, the data subject may exercise this right in part, i.e., in this case, by objecting, for example, only to the sending of promotional communications by automated means.
Requests relating to the exercise of the user’s rights shall be processed without undue delay and, in any event, within one month of the request; only in cases of particular complexity and number of requests may this period be extended by a further 2 (two) months.