Information Notice on the Processing of Customers’ Personal Data

Pursuant to Articles 13 and 14 of EU Regulation 2016/679

  1. DATA CONTROLLER and CONTACT DETAILS
    The Data Controller of Personal Data is F.C.R. – Filtrazione Condizionamento Riscaldamento S.p.A Registered Office: Corso Vittorio Emanuele II, 15 – Milan (MI) – Administrative Office: Via E. Fermi 3 – Cinisello Balsamo (MI) Company Contacts: e-mail fcr@fcr.it – phone 02.61798.1; Privacy e-mail: privacy@fcr.it

  2. PERSONAL DATA SUBJECT TO PROCESSING
    Within the scope of commercial relationships and activities for managing the relationship with the customer, the Controller may process the following categories of personal data:
    • Customer’s personal and identification data: name, surname or company name, tax code, VAT number, registered office or delivery address, telephone and electronic contacts (e-mail, certified e-mail (PEC)), invoicing data, etc.
    • Data of the customer’s company contact person: name, surname, role, e-mail and telephone contact details, if necessary for managing the commercial relationship
    • Technical data related to the services provided, if relevant for post-sales management and assistance, warranties, and technical support

  3. PURPOSES AND LEGAL BASES
    Personal data will be processed by the Controller for the following purposes, according to the corresponding legal bases provided by Regulation (EU) 2016/679:
    • Execution of the contract
    • Processing necessary for the performance of a contract to which the data subject is party (Art. 6, par. 1, letter b GDPR), specifically to:
      • manage offers/quotes, orders, delivery, and invoicing of the products and services requested by the customer
      • provide post-sales assistance and technical support
    • Compliance with legal obligations
    • Processing necessary for compliance with obligations required by current legislation (Art. 6, par. 1, letter c GDPR), specifically to fulfil fiscal, accounting, and administrative obligations connected to the service rendered
    • Legitimate interest of the Controller
    • Processing necessary for the pursuit of the legitimate interest of the Controller (Art. 6, par. 1, letter f GDPR), including:
      • protection of its rights in case of disputes or claims
      • improvement of the services offered and monitoring of customer satisfaction

  4. SCOPE OF COMMUNICATION AND RECIPIENTS
    The data may be communicated to the minimum extent necessary, based on applicable legislation, to:
    • Internal personnel assigned for administrative, technical, commercial, logistics, and assistance purposes
    • Third-party companies appointed as data processors, who provide services functional to the execution of the contract, such as administrative, tax, technical consultants, IT suppliers, and cloud providers
    • Public authorities, within the limits provided by law or for the exercise and protection of rights in court
    • Banks or insurance institutions involved in managing collections, refunds, warranties, and insurance coverage

  5. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL
    The provision of personal data is necessary for the conclusion and proper execution of the contract. Any refusal to provide the data will make it impossible to establish or continue the commercial relationship

  6. DATA DISSEMINATION
    The data will not be subject to dissemination, except as provided by law. No automated decision-making processes based exclusively on the data provided by the customer are foreseen

  7. SOURCES
    The data subject to processing may be collected directly from the customer or their contacts during offers/quotes, orders, communications, and contractual activities

  8. DATA TRANSFERS TO THIRD COUNTRIES
    The data will be processed and stored on servers located in Italy or within the European Union. Any transfers to Third Countries will be subject to prior information and compliant with the GDPR

  9. DATA RETENTION PERIOD
    The data will be retained for the time necessary for the execution of the contract and regulatory obligations, generally for at least ten years from their collection or the issuance of the relevant documentation

  10. DATA SUBJECT’S RIGHTS
    Within the limits of applicable legislation and pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, the data subject has the right to access their personal data, request their rectification or erasure, object to their processing, request restriction of processing, and obtain the data concerning them in a structured, commonly used, and machine-readable format. Requests can be addressed to the Data Controller at privacy@fcr.it and will receive a response within 30 days of receipt, which may be extended by a further 30 days in case of particular complexity, pursuant to Art. 12, par. 3 of Regulation (EU) 2016/679. In the foreseen cases, the data subject also has the right to lodge a complaint with the Personal Data Protection Authority or to appeal to the competent judicial authorities