This Privacy Statement describes our handling of Personal Information in connection with your use of our websites, mobile apps and the services we provide. By using our websites and services, you hereby consent to these terms.
"Personal Information" refers to information that identifies you as an individual. This Privacy Statement describes how we collect, use, share, and protect, your Personal Information, and choices you have regarding your Personal Information treatment. We encourage you to read this Privacy Statement, drawn in compliance with art. 13 GDPR 2016/679 and with Recommendation n.2/2001 issued by European Autorities on May 17th 2001: personal data protection of users connecting to www.fisdesign.it. Is described, with a focus on minimum requirements related to nature of collected data, ways and timing of data collection during web connection, referring to Measures issued by Italian DPA on May 8th 2018.
The Controller of your data is:
FIS Srl S.R.L.
Via Magno, 20 - 25070 Sabbio Chiese (BS) - Italy
A list of External and internal Responsible of data processing is available on request.
General principles of personal data processing
Your personal data will be collected, stored, treated and sent complying with Controller's criteria, law's and regulations in force.
Data treatment is based on following principles:
- Lawfulness, fairness and transparency: Tell the subject what data processing will be done. What is processed must match up with how it has been described. Processing must meet the tests described in GDPR [article 5, clause 1(a)].
- Purpose limitations: Personal data can only be obtained for "specified, explicit and legitimate purposes"[article 5, clause 1(b)]. Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.
- Data minimization: Data collected on a subject should be "adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed" [article 5, clause 1(c)]. In other words, no more than the minimum amount of data should be kept for specific processing.
- Accuracy: Data must be "accurate and where necessary kept up to date" [article 5, clause 1(d)]. Baselining ensures good protection and protection against identity theft. Data holders should build rectification processes into data management / archiving activities for subject data.
- Integrity and confidentiality: Requires processors to handle data "in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage" [article 5, clause 1(f)].
- Storage limitations: Regulator expects personal data is "kept in a form which permits identification of data subjects for no longer than necessary" [article 5, clause 1(e)]. In summary, data no longer required should be removed
Type (nature) of data collected
When you access to our web site, different information may be collected.
Any information concerning natural persons that are or can be identified also by way of other items of information. For instance, personal data is one's first or last name, billing and shipping address, telephone and fax number, e-mail address, purchase history and information, a combination of username and password, Tax ID, accounting or financial information relating to that person.
The computer systems and software procedures used to operate this website acquire, during their normal work, some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error...) and other parameters regarding the operating system and computer environment. These data are used only to obtain anonymous statistical information on the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
The Controller will not treat nor process sensitive data, as described by art. 9 GDPR 679/2016, such as a personal data requiring special precautions on account of its nature. A sensitive data is any data that can disclose a person's racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, health, sex life or crime sentences (art. 10 GDPR 679/2016).
Unless specifically requested, we kindly ask to users not to submit us, nor to broadcast personal sensitive data, on or through our web site. If we ever will ask such data from users, we will firstly obtain their explicit consent.
Data processing purposes
We collect, store and process your personal data in order to provide you services through our website, in compliance with law prescriptions.
Data will be collected exclusively for the following purposes:
- For an effective management of our web site an services offered therein;
- To comply with law;
- To allow users to perform registration procedures to access particular sections of the Site;
- Contact users directly (for example, by e-mail) following requests received through the website;
- To verify that the information provided for the transaction is valid, complete and not fraudulent;
- To provide customer support services;
- To contact the customer for any problem relating to the management of the order or subsequent requests relating to the order;
- Provide users with requested or purchased offers;
- Process orders and payments made through the Website
- To manage the operations necessary for the provision of the requested service (including the post-sale guarantees, assistance and similar).
Apart from what described above, referring to web surfing data, you are free to provide your personal data possibly required to fill different forms (related to registration and enquiries on products information or their availability). Please keep in mind that lack of data conferral will make impossible to signing in or answer to your enquiries.
Processing procedures and data safety
Your personal data will be collected and processed, electronically or through papers, exclusively for the purposes described herein, and record retention will last no longer than required or, up to when the Controller will receive your request of cancellation for treatment related to optional consent.
Your personal data will be stored in our server or our entrusted provider's server, and will be processed mainly automatically.
Your personal data are processed according to confidentiality principles listed in the measures issued by the Italian DPA. Collected data are processed by authorized personnel. All the personnel accessing to data has been previously authorized through official designation, as foreseen by law. Collected data could be periodically updated with information provided later.
We use controls, technical and managerial measures in order to protect user's personal data from unauthorized access, loss or abuses. Unfortunately, data on the Internet can't be 100% safe. Thus, even if we protect all the personal information, we can't be sure or warranty that these information will be completely protected by hackers or other criminal acts, or in case of fail/damages to software, hardware and web. The Controller will inform users whenever acknowledges security violation (data breach), related to users personal data under his control. If the users is willing to communicate us his/her personal e-mail address, he/she gives express consent to receive electronical warnings in case of security violation.
When you register on our web site, you choose an Id, which will allow you to access the website; the password will be communicated to you later by sending an email to the address indicated. You are invited to change the password received upon first access. In creating your password, we suggest you to pay attention to some simple rules, in order to make it harder to hacker: a safe password should be made at least of 8 figures, mixed letters and numbers, better if capital and lower case, inclusive of special key (like #, ^,! etc.). Moreover, we recommend to change your password on regular base, without communicating it to others. You are responsible for each single act mad through your account, if you should loose your password you might loose control on your personal information, and binding actions might be take place for and on behalf of you. Therefore, if for any reason your password might be compromised, change it immediately.
Personal data communication
Without prejudice to mandatory communication, your data might be communicated to:
a) Third Parties which we rely on for services provision and related activities, designated by the Controller.
b) Delegates in charge for technical maintenance (included web maintenance), designated by the Controller.
Anyhow, just strictly needed data, related to tasks they are in charge for, will be communicated to the abovementioned.
Personal data will not be broadcasted.
The Controller cooperate with Law Enforcement and Authorities to make users respect rules, other users and third parties rights, included intellectual property rights. Therefore your personal data might be communicated to Authorities whenever needed in case of defense, prevention, verification or repression of crimes in compliance with related laws and regulations.
Authorities will have the rights to ask and obtain your personal information also in relation to verification or investigation on swindle, web fraud, rights or intellectual property violation, hacking or other illicit actions which might involve us or our users in legal issues entailing civil or criminal responsibility.
Right and rights exercise
Complying with law in force, at any time you might:
- Be informed regarding your data presence
- Know origin, content, goals and process pattern.
- Logic underlying electronic treatment
- Details of Controller, Processor, Parties whom your data have been communicated to
Moreover you have the right of:
- Update, integrate, correct your data and rights of portability
- Cancellation, anonymization, block of your data processed against law
- Opposition to data processing, for legitimate reason, pertinent to processing
- Opposition to data processing for marketing
According to GDPR 2016/679, you have the rights to complain to Authority.
In order to exercise your right you can contact:
FIS Srl S.R.L. - Via Magno 20, 25070 Sabbio Chiese (BS) Italy - Tel. +39 0365 85156 - Fax. +39 0365 85461
In case the user will ask to access to his/her personal information or cancel them from our system and registers, we will to any possible extent, within timing foreseen.
We inform our users that, due to technical limits and to the back up system, their information might be retained in our system for a certain length of time following cancellation.
All rights are due to the Controller for refuse personal data access or cancellation request, if access or cancellation are not foreseen by law. In order to safeguard from illicit requests, all rights are due for collecting sufficient information aimed to verify the identity of the applicant, before correcting or granting access.
If you are registered, if personal data changes, we invite you to modify them online in the personal area "My profile".
You can register on the site and create a personal account for the purchase of our products.
Account creation is not mandatory and once created, you can delete it at any time.
To create an account it is necessary to provide identification and contact data; the data marked as mandatory are essential to complete the registration and, in the absence of such, it will be impossible to complete the request.
If you are registered, if personal data changes, we invite you to modify them online in the personal area.
By purchasing online you provide your addresses, telephone contacts, electronic contacts, identification data and financial payment. If you do not provide all the necessary data, the purchase process will not be successful.
During the purchase process the mandatory and optional data will be clearly indicated, and you can choose not to provide the optional data and continue to use the website and make purchases on it.
If the data provided should change, we ask you to change them in the reserved area, if you are registered.
Your data will be stored in database on our server or on our entrusted provider's server, in Italy; data transfer to Third Countries is therefore not expected.
What are cookies?
Cookies are not harmful to your devices.
Our site uses the following cookies:
||Privacy / Deactivation
||It allows to recognize the user's browsing session.
||It allows to draw the cart when you visit the site.
|_ga, _gat, _gid
||It allows to analyze the use of the site by users.
||Statistic cookie (Google Analytics)
||Privacy / Deactivation
How to disable cookies
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Please remember that by deleting cookies or disabling future cookies, you may not access certain web site sections or functions.
All rights are due to the Controller for changing web site and Policy at any time.
User must always refer to on line policy. Changes will be in force from the moment they will be published on the web site. If the user will keep using the web site after any change, this will be considered as an acceptance of such changes.