Policy for the personal data processing of website users pursuant to the provisions of Art. 13 of EU Regulation no. 679/2016 (“GDPR”)
Foscarini S.p.A. cares deeply about the safety and confidentiality of the personal data of users (hereinafter, “Users” or “User” singular) of the website: www.foscarini.com (hereinafter, the “Site”) and wishes to provide them with information about the processing of their personal data.
- Data controller
The Data Controller is FOSCARINI S.p.A., headquartered in Via delle Industrie, 27 – 30020 Marcon (Venice), (hereinafter, “Foscarini” or the “Company”).
For any requests concerning personal data processing, and to exercise the rights acknowledged by the GDPR and described in more detail in point 7, you may contact the Company at the e-mail address: privacy@foscarini.com or on +39 041 5953811
- Purposes for which Foscarini processes personal data
On its website, Foscarini collects some personal data referring to Users, provided voluntarily by the latter or collected during the normal operation of the same, which are processed for the purposes set out below.
The website, additionally, uses cookies and other tracking tools. Refer to the cookie policy available at the following link as well as to the related control panel available at the following link, for further related information as well as to manage one’s own preferences in this regard at any time.
| Numero | Purpose of processing | Types of data processed | Legal basis and provision |
|---|---|---|---|
| 1 | Provide access to the restricted access area of the website To create a profile granting access to the restricted access area provided on the website, Foscarini collects some personal data required to identify the User. | Nome e cognome o Denominazione Indirizzo (Nazione, Città, Via, CAP) Username Password Professione Azienda |
Performance of a contract the User is party to (art. 6 (1) (b) GDPR). Provision of the data is necessary as without them the Company will be unable to grant access to the restricted access area of the website. |
| 2 | Respond to a request made by the User The Company can process the personal data of the Users in order to provide assistance to the same in relation to the services and products offered or to respond to any specific requests. | First name and surname E-mail and/or Telephone number /td> | Execution of pre-contractual measures adopted at the request of the User (art. 6 (1) (b) GDPR). Provision of the data is necessary, as without them the Company will be unable to provide the expected assistance. |
| 3 | Carry out “Customer Satisfaction” surveys and ensure the correct operation of the website The Company may process the personal data of Users to carry out analysis with the aim of improving performance and/or ensuring an improved User experience, greater security and operation of the website, of the networks and of the information. | First name and surname E-mail address | Legitimate interest of the Company (art. 6 (1) (f) GDPR). The conferment of the data is necessary to allow the Company to meet its Legitimate Interest of improvement of its online performance. |
| 4 | Carrying out Marketing activities The Company, after the User has given his or her consent to the same, processes the personal data for purposes of marketing and advertising communication, targeted at informing the User about sales and promotions in course, done through electronic Carrying out Marketing activities The Company, after the User has given his or her consent to the same, processes the personal data for purposes of marketing and advertising communication, targeted at informing the User about sales and promotions in course, done through electronic mail, or for market research and statistical surveys. | First name and surname E-mail address | Consent (art. 6 (1) (a) GDPR). Consent can be revoked at any time by clicking on the following link. |
| 5 | Defending its rights The Company may process the personal data to defend its rights during legal, administrative or out-of-court proceedings and as part of disputes which may arise in relation to the Services. | Depending on the circumstances, the personal data collected for purposes from 1 to 4 will be processed. | Legitimate interest of Foscarini in protecting its rights (art. 6 (1) (f) GDPR). New and specific provision is not required since the Company will pursue this additional further purpose, where necessary, processing the data collected for the above-mentioned purposes. |
| 3 | Fulfil legal obligations Foscarini may process the personal data to fulfil the obligations it is bound to as envisaged by laws, regulations or by the European Commission regulations, by provisions/requests of authorities entitled to do so by law and/or by supervisory and control bodies. | Depending on the circumstances, the personal data collected for purposes from 1 to 4 will be processed. | Fulfilment of a legal obligation (art. 6 (1) (c) GDPR). Provision of the personal data for this purpose is compulsory since without them the Company will be unable to fulfil specific legal obligations |
- How we keep personal data safe
The Company implements appropriate security measures to guarantee the protection, safety, integrity and accessibility of the Users’ personal data. The appropriate security measures are designed to prevent the unauthorised access, disclosure, modification or destruction of the Personal Data.
All personal data are stored on the Company’s protected computerised devices (or in properly stored hard-copy form) or on those of our suppliers, and will be accessible for use according to our standards and our security policies (or equivalent standards for our suppliers).
- How long we store personal data
The Company stores the User’s personal data only for the amount of time necessary to achieve the purposes for which they were collected or for any related legitimate purpose. Consequently, if the personal data are processed for two different purposes, Foscarini will store these data until the longest purpose storage deadline expires; nevertheless, the Company will not process the personal data for the purpose whose storage period has expired.
Any personal data that are no longer necessary, or for which there is no longer any legal basis to store, will be rendered irreversibly anonymous (and they can be stored this way) or destroyed safely.
For greater clarity, below are the storage periods relating to the main purposes:
Fulfilment of (pre)contractual obligations (purpose set out herein above at nos. 1-2): the personal data processed to fulfil any (pre)contractual obligation with the User may be stored for the full term of the contract, as well as for the subsequent 10 years to deal with any ascertainment and/or dispute, including of a fiscal nature. Specifically, the data processed to manage access to the website will be stored until the related profile is shut down or remains inactive for 10 years.
Responding to a request of the User (purpose set out herein above at no. 2): the personal data provided by the User to the Company in the context of his or her request will be stored for a maximum time of 3 months.
Carrying out “Customer Satisfaction” surveys and ensuring the correct operation of the website (purposes set out herein above at no. 3): the personal data of the User processed for “Customer Satisfaction” surveys and to ensure the correct operation of the website will be stored for 12 months.
Marketing activities (purpose set out herein above at nos. 3-4): the personal data of the User processed for purposes of marketing and advertising communication, the carrying out of market research and statistical surveys will be stored for 24 months from collection.
Defending rights and fulfilment of legal obligations (purposes set out herein above no. 5-6): with reference to protection in a court of law of the Company’s rights or in the event of requests from the authorities, the personal data processed will be stored for the amount of time necessary to pursue the said request or to achieve the protection of the right.
- Who we can share the personal data with
The personal data may be accessed by duly authorised employees of the Company, as well as by any external suppliers, who have been appointed, if necessary, as data processors, who provide support for the provision of services, including those necessary for the operation of the website.
The Company may be contacted at the following e-mail address: privacy@foscarini.com to apply to view the list of data processors and other subjects to whom we may communicate data.
- Transfers to third-party countries
The Company hereby informs you that the personal data will be processed, for the purposes set out in the Policy herein, solely within the countries which are part of the European Union (EU) or the European Economic Area (EEA).
- Rights on the subject of personal data protection and the right to lodge complaints with the Supervisory Authority
Each User is entitled to ask the Company, provided there is a legal basis backing the request, to:
- access their personal data, as envisaged by Art. 15 of the GDPR;
- amend or supplement the personal data the Company has that is deemed incorrect, as envisaged by Art. 16 of the GDPR;
- delete the personal data for which the Company no longer has any legal basis to process, as envisaged by Art. 17 of the GDPR;
- limit the way the personal data are processed, if one of the circumstances envisaged by Art. 18 of the GDPR apply;
- copy the personal data provided to the Company in a structured, commonly used format that is legible from any automatic device and the transmission of the said data to another Data Controller (referred to as portability), as envisaged by Art. 20 of the GDPR;
- withdraw consent, where processing is founded on this legal basis.
Right to object to processing: in addition to the rights listed herein above, the User always has the right to object at any time to the processing of the personal data carried out by the Company to pursue its own legitimate interest. Additionally, the User always has the right to object at any time if the personal data are processed for marketing purposes.
The exercising of the said rights, which may be effected at the contact details of the Company specified in paragraph 1, is free of charge and is not subject to any form constraints. The Company will be responsible for checking whether the User is legitimately entitled to exercise the related right and to reply, usually, within one month.
If the User believes the processing of their personal data is being effected in breach of the provisions of the GDPR, they are entitled to lodge a complaint with the Supervisory Authority using the reference details available on the website: www.garanteprivacy.it, or to take the appropriate legal action.
Date of last update: April 2024
