Information on the Processing of Customer Personal Data

Pursuant to Articles 13 and 14 of EU Regulation 2016/679

  1. DATA CONTROLLER and CONTACT DETAILS
    The Data Controller is F.C.R. Industrie S.r.l. Registered Office: Corso Vittorio Emanuele II, 15 – Milan (MI) – Administrative Office: Via Tonale 18 – Vittuone (MI) Company contacts: email fcrindustrie@fcr.it – telephone +39 02 9031 0245; Privacy Officer: privacy.ind@fcr.it

  2. PERSONAL DATA SUBJECT TO PROCESSING
    As part of commercial relationships and customer relationship management activities, the Data Controller may process the following categories of personal data:
    • Customer personal and identification data: name, surname or company name, tax code, VAT number, registered office or postal address, telephone and electronic contact details (email, certified email), billing information, etc
    • Data of the company representative or customer contact person: name, surname, role, email and telephone numbers, if necessary for managing the commercial relationship
    • Technical data relating to the services provided, if relevant for management and after-sales assistance, warranties, and technical support

  3. PURPOSES AND LEGAL BASIS
    Personal data will be processed by the Data Controller for the following purposes, in accordance with the corresponding legal bases established by Regulation (EU) 2016/679
    • Performance of the contract
      • processing necessary for the performance of a contract to which the data subject is party (Article 6, paragraph 1, letter b) of the GDPR), in particular to:
        • manage the order, delivery, and invoicing of products and services requested by the customer
        • provide after-sales assistance and technical support.
    • Compliance with legal obligations
      • processing necessary to fulfill obligations under applicable regulations (Article 6, paragraph 1, letter c) of the GDPR), in particular to fulfill tax, accounting, and administrative obligations related to the service provided
    • Legitimate interest of the Data Controller
      • Processing necessary for the pursuit of the legitimate interests of the Data Controller (Article 6, paragraph 1, letter f) of the GDPR), including:
      • protection of its rights in the event of litigation or complaints;
      • improvement of services offered and monitoring customer satisfaction

  4. SCOPE OF COMMUNICATION AND RECIPIENTS
    The data may be communicated to the minimum extent necessary, pursuant to applicable law, to:
    • internal personnel assigned for administrative, technical, commercial, logistics, and support purposes
    • third-party companies appointed as data processors, who provide services essential to the performance of the contract, such as administrative, tax, and technical consultants, IT suppliers, and cloud providers
    • public authorities, within the limits established by law or for the exercise and defense of rights in court
    • banking institutions or insurance companies involved in the management of collections, reimbursements, guarantees, and insurance coverage

  5. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL
    The provision of personal data is necessary for the conclusion and proper execution of the contract. Any refusal to provide data will make it impossible to establish or continue the business relationship

  6. DISSEMINATION OF DATA
    The data will not be disseminated, except as required by law. Automated decision-making processes based exclusively on the data provided by the customer are not envisaged

  7. SOURCES
    The data subject to processing may be collected directly from the customer or their representatives during orders, communications, and contractual activities

  8. DATA TRANSFERS TO THIRD COUNTRIES
    The data will be processed and stored on servers located in Italy or within the European Union. Any transfers to third countries will be subject to prior notice and compliant with the GDPR

  9. DATA RETENTION PERIOD
    The data will be retained for the time necessary to perform the contract and comply with regulatory obligations, generally for at least ten years from the date of collection or issuance of the relevant documentation

  10. DATA SUBJECT RIGHTS
    Within the limits of applicable law and pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, the data subject has the right to access his or her personal data, request rectification or erasure, object to processing, request restriction of processing, and obtain the data concerning him or her in a structured, commonly used, and machine-readable format. Requests may be addressed to the Data Controller at privacy.ind@fcr.it and will receive a response within 30 days of receipt, which may be extended by an additional 30 days in cases of particular complexity, pursuant to Art. 12, paragraph 3, of Regulation (EU) 2016/679. Where applicable, the data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or to take legal action.