Last Updated July 30, 2019
Dear user, we want to give you some information on how we manage the data of the people with whom we come into contact in various capacities and this is in compliance with EU Regulation 2016/679 known as GDPR (and its predecessor PRIVACY CODE Legislative Decree 196/2003) , that of Legislative Decree 70/03 "Implementation of Directive 2000/31 / EC relating to certain legal aspects of information society services in the internal market, with particular reference to electronic commerce" but above all to ensure you that we really care about your privacy and data protection. In compliance with what is confirmed by the EU Regulation, we will give you the essential information in a clear, concise and understandable way, for each information you can find one or more further levels of clarification (placed below the initial pages and reachable by clicking on the highlighted words) where we will give them further and more detailed information should you wish to investigate some aspects that are not fully clear and comprehensible to you.
Fluentis group comprehends various companies, and for each of these please refer to the specific addresses and managers. For any clarification, do not hesitate to contact the data controller of the company to which it refers:
Fluentis S.r.l. with registered office in Via Mezzomonte , 24 – 33077, Sacile (PN), P.IVA: IT01720550936, Rea: PN-99105 through its appointees:
e-mail: Privacy@fluentis.com Tel.: +39 0434 1696346
Arti Informatiche S.r.l. with registered office in Via Mezzomonte, 24 – 33077 – Sacile (PN) Partita IVA: IT through its appointees: e-mail: Privacy@fluentis.com Tel.: +39 0434 1696346
FLUENTIS CONSULTING ITALIA S.r.l. Unipersonale with registered office in Piazzale IV novembre, 7 – 20124 Milano e Operational headquarters in Via Mezzomonte, 24 – 33077 Sacile (PN), partita iva: through its appointees: e-mail: Privacy@fluentis.com Tel.: +39 0434 1696346
SC ARTINFO SRL with registered office in str. Teodor Rascanu, nr. 3-5, bloc Alfa – 700010 Iasi ROMANIA Partita IVA: RO through its appointees: Privacy@fluentis.com Tel.: +39 0434 1696346
SC FLUENTIS S.r.l. with registered office in bv.regina maria nr.19 , sector4 – 040122 Bucurest ROMANIA Partita IVA: RO through its appointees: Privacy@fluentis.com Tel.: +39 0434 1696346
FLUENTIS d.o.o. with registered office in Rapska 46B – 10000 ZAGABRIA (Croazia) Partita IVA: HR through its appointees: Privacy@fluentis.com Tel.: +39 0434 1696346
Your personal and contact data (e-mail, telephone, mobile phone, address) may have been collected from sources in the public domain (for example: telephone directories or public databases), from social networks (for example: Facebook, LinkedIn, Twitter , Instagram, etc.) or through the internet (for example: your websites, third party websites authorized by you, public forums, etc.): in this case your data will be used only to ask for your explicit consent to the processing of your data, indicating clearly, also verbally and / or by telephone, the modality and the purpose of such treatment, and they will be immediately marked as "Limited to the treatment" in case of your refusal to the treatment. This is to avoid that we can contact you again if you refuse.
The personal data collected through our site, or through sites linked to us, are used only to respond to your requests; If you give us explicit consent, they can be used for statistical profiling purposes.
The data acquired as indicated above will be treated in accordance with the regulation for the following reasons:
a) Satisfy legal obligations (e.g. accounting, billing, financial management);
b) The execution of services requested by you provided through the Site and the Cloud;
c) Satisfy your requests (eg: Estimates, offers, technical and commercial assistance);
d) Fulfill any contractual obligations arising from agreements entered into with you or the organization you represent;
e) Keep a database of frequently asked questions, proposals, communications;
f) For the technical management of navigation on our sites
g) If you give us active and explicit consent to keep in touch with you (e.g. newsletters, commercial offers, updates, etc.);
h) Pursue the legitimate interests of the owner or third parties (provided for in Article 6 of the regulation that we report below) that we will take care, where possible and lawful, to indicate from time to time before the treatment itself.
With regard to points a), b) and c) the lack of communication and processing of the necessary data will prevent us from being able to follow up on your requests, without of course that this can be attributed to us and can be considered based on any request on your part for default or cause of damage.
Personal data are subjected to both paper and electronic and / or automated processing, through the use of websites hosted on cloud, managed by our company and located within the European community. Your data will be processed only within our organization and only by trained, appointed and authorized personnel. They may only be transferred to third parties due to a legal obligation (for example, Minister of Finance as lists of transactions carried out) to fulfill operations required by law (for example consultants and accounting firms for financial statements and declarations etc.) or to fulfill our obligations in ypur comparisons (for example couriers for deliveries, postal services, banks for the management of collections and payments, etc.). They may also be transferred to our Partners on the territory or to other companies connected to us only if this is necessary to satisfy your requests or to fulfill contractual obligations. These companies, which have a regular and legal contract with us as Data Processors , will treat them in full compliance with what is indicated in this statement and we will take care of their use and management, your data will be destroyed by these companies immediately after the fulfillment of the purpose for which they were entrusted.
In no case will your data be transferred to others, except as previously reported, without having asked for explicit and active consent or you having made an explicit request for it.
In no case will your data, unless collected outside the European community, be transferred outside the countries of the European community.
Your data will be kept for the period necessary to fulfill the purpose for which they were collected, or for the period determined by law;
In the event of spontaneous assignment (e-mail requests, applications, proposals, etc.) they will be kept for no more than 12 months from the date of the last communication; Personal data processed for marketing purposes will be kept until the consent given by the interested party is revoked.
At any time, as also established by EU regulation 2016/679, you can exercise your rights as provided for in Article 15 of the regulation that we report below, and request, through the contacts indicated above, to know, modify, block, cancel or transfer your data processed by us.
The Data Controller will provide the interested party with the information requested and any actions taken within one month of receiving the request. This deadline may be extended by two months, if necessary, taking into account the complexity and the number of requests. The Data Controller will inform the interested party of this extension and of the reasons for the delay, within one month of receiving the request.
If you have given explicit, aware and active consent for the processing of your data, you can withdraw this consent at any time through the contacts listed above, without of course that this could affect the processing by law (for example, the conservation of documents and accounting records) or the treatments that have already taken place with your consent.
If you believe that your rights have been violated, and that we have not responded to your requests in this sense, you can always propose a complaint to the guarantor of privacy through the forms prepared by the same and present at the following link: https://www.garanteprivacy.it/home_en.
This information does NOT apply when we process personal data on behalf of another Data Controller (for example data of our customers who use our ERP systems both with local and cloud installation). In this case, we act as Data Processor and these treatments are governed by a specific contract with the Data Controller.
We take the security of your personal information very seriously. To protect personal information provided by the interested party from unauthorized access, destruction, loss or accidental and / or unlawful alteration, we use adequate and constantly updated technical and organizational security measures.
We have implemented strict security checks, intrusion detection software and warning procedures in the event of a potential or actual intrusion into our IT systems. We have set up a data breach notification policy and an incident response team that will react immediately and implement a remedy plan in response to any unauthorized access to our computer systems or databases. We have implemented strict security checks, intrusion detection software and warning procedures in the event of a potential or actual intrusion into our IT systems.
Our website uses technical cookies for better operation and to guarantee services provided by third parties.
Technical cookies are those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service. They are not used for other purposes, and are installed with normal navigation on our pages. They can be divided into navigation or session cookies, which guarantee the normal navigation and use of the website (allowing you to make a purchase or authenticate yourself to access restricted areas); functionality cookies, which allow the user to navigate according to a series of selected criteria (for example, the language, the products selected for purchase, etc.) in order to improve the service rendered to the same. For the installation of these cookies, the prior consent of users is not required, while the obligation to provide this information pursuant to art. 13 of EU Regulation 679/16 on the protection of personal data.
While browsing a site, the user can also receive cookies from different sites or web servers on his terminal (so-called "third party" cookies); this happens because on the visited website there may be elements such as, for example, images, maps, sounds, specific links to web pages of other domains that reside on servers other than the one on which the requested page is located. Fluentis S.r.l. uses third-party cookies, in particular cookies issued by Google Analytics services (used by Google to collect and then provide information, in aggregate form, on the number of users and how they visit the site). The information generated by the cookie about the use of the website is communicated to Google Inc. (for information on the use and possible disabling, see https://marketingplatform.google.com/intl/en_uk/about/).
Third-party cookies from Facebook, Twitter and Youtube that are not present on the website's servers may also be used on the website, therefore they are not sent by this to the user's terminal. These cookies are activated if the user clicks on the FB, TW or YT icon, or enters their respective social sites, or uses related services in the API. For any information and to disable their saving on the user's terminal, please refer to www.facebook.com/help/cookies twitter. com / privacy support.google.com/youtube.
Due to the particular invasiveness that these devices may have in the private sphere of users, we have asked for your prior consent to the use of the same, with a special form on the homepage of our site.
Texts, images and any other multimedia content on the site is owned by the OWNER or licensed to the same.
All the distinctive signs used within the site belong to the OWNER or to their respective owners or licensees, who have granted the OWNER the right of use, limited to the publication of the same on the site.
No part of the site (including texts, images and any other multimedia content) can be reproduced or retransmitted without specific written authorization from the OWNER, except for personal non-transferable use. Use for any unauthorized purpose is expressly prohibited by law.
We, unless otherwise required by law, cannot be held liable in any way for damages of any nature caused directly or indirectly by accessing your website, by the inability or impossibility of accessing it, by relying on the information contained therein or from their use. We reserve the right to modify its contents at any time and without notice. We do not take any responsibility for services offered by third parties with which our sites have activated a link, and for any other content, information or anything else contrary to the laws of the Italian and European state present in it. Furthermore, the indication of links does not imply any type of approval or sharing of responsibility by the Company in relation to the completeness and correctness of the information contained on the indicated sites.
For your knowledge, we report Article 6 of the GDPR Regulation which explains the lawful reasons for data processing, Article 7 governing consent and Articles 15 to 22 which govern the exercise of your rights.
Lawfulness of processing
1. The treatment is lawful only if and to the extent that at least one of the following conditions occurs:
a) the interested party has given consent to the processing of their personal data for one or more specific purposes;
b) the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same;
c) processing is necessary to fulfill a legal obligation to which the data controller is subject;
d) the processing is necessary for the protection of the vital interests of the interested party or of another natural person;
e) the processing is necessary for the execution of a task of public interest or connected to the exercise of public powers with which the data controller is invested;
f) processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that interests or rights do not prevail
and the fundamental freedoms of the data subject that require the protection of personal data, in particular if the data subject is a minor.
Letter f) of the first paragraph does not apply to the processing of data carried out by public authorities in the execution of their tasks.
2. Member States may maintain or introduce more specific provisions to adapt the application of the rules of this Regulation with regard to treatment, in accordance with points (c) and (e) of paragraph 1, determining more precisely specific requirements for processing and other measures aimed at guaranteeing lawful and correct treatment also for the other specific treatment situations referred to in Chapter IX.
3. The basis on which the data processing referred to in paragraph 1, letters c) and e) is based, must be established:
a) by Union law; or
b) by the law of the Member State to which the data controller is subject.
The purpose of the processing is determined in this legal basis or, as regards the processing referred to in paragraph 1, letter e), it is necessary for the execution of a task carried out in the public interest or connected to the exercise of public powers of which the data controller is invested. This legal basis may contain specific provisions to adapt the application of the rules of this regulation, including: the general conditions relating to the lawfulness of the processing by the data controller; the types of data being processed; interested parties; the subjects to whom personal data may be communicated and the purposes for which they are communicated; the limitations of the purpose, the retention periods and the processing operations and procedures, including the measures to guarantee a lawful and correct treatment, such as those for other specific treatment situations referred to in Chapter IX. Union or Member State law pursues a public interest objective and is proportionate to the legitimate objective pursued.
4. Where the processing for a purpose other than that for which the personal data was collected is not based on the consent of the interested party or on a legislative act of the Union or of the Member States which constitutes a necessary and proportionate measure in a democratic society for safeguarding the objectives referred to in Article 23, paragraph 1, in order to verify whether the processing for another purpose is compatible with the purpose for which the personal data were initially collected, the data controller takes into account, between the other:
a) any connection between the purposes for which the personal data were collected and the purposes of the further processing envisaged;
b) of the context in which the personal data were collected, in particular in relation to the relationship between the interested party and the data controller;
c) the nature of personal data, especially if particular categories of personal data are processed pursuant to Article 9, or if data relating to criminal convictions and crimes pursuant to Article 10 are processed;
d) of the possible consequences of the further treatment provided for the interested parties;
e) of the existence of adequate guarantees, which may include encryption or pseudonymisation.
Conditions for consent
1. If the treatment is based on consent, the data controller must be able to demonstrate that the interested party has given his consent to the processing of his personal data.
2. If the consent of the interested party is given in the context of a written declaration that also concerns other issues, the request for consent is presented in a clearly distinguishable manner from the other subjects, in an understandable and easily accessible form, using simple and clear language. No part of such a statement constituting a violation of this regulation is binding.
3. The interested party has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the treatment based on consent before the revocation. Before expressing his consent, the interested party is informed of this. Consent is revoked with the same ease with which it is granted.
4. In assessing whether the consent has been freely given, the utmost consideration is taken of the possibility, among others, that the execution of a contract, including the provision of a service, is conditioned by the provision of consent to the processing of personal data not necessary for the execution of this contract.
For your knowledge, we report the articles of the GDPR Regulation governing access to your rights.
Right of access of the interested party
1. The interested party has the right to obtain from the data controller confirmation that personal data concerning him or her is being processed and in this case, to obtain access to personal data and to the following information:
a) the purposes of the treatment;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
d) when possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
f) the right to lodge a complaint with a supervisory authority;
g) if the data are not collected from the data subject, all information available on their origin;
h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the 'interested.
2. If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to article 46 relating to the transfer.
3. The data controller provides a copy of the personal data being processed. In the event of further copies requested by the interested party, the data controller can charge a reasonable expense contribution based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 must not infringe the rights and freedoms of others.
Right to rectification
The interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
Right to erasure ("right to be forgotten")
1. The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller has the obligation to delete personal data without undue delay, if one of the following reasons exists:
a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
b) the interested party revokes the consent on which the treatment is based in accordance with article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), and if there is no other legal basis for the treatment;
c) the interested party opposes the treatment pursuant to Article 21, paragraph 1, and there is no prevailing legitimate reason to proceed with the treatment, or he opposes the treatment pursuant to Article 21, paragraph 2;
d) personal data have been unlawfully processed;
e) personal data must be erased to fulfill a legal obligation under Union or Member State law to which the data controller is subject;
f)personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1.
2. The data controller, if he has made personal data public and is obliged, pursuant to paragraph 1, to delete it, taking into account the available technology and implementation costs, adopts reasonable measures, including technical, to inform the data controllers that they are by processing the personal data of the request of the interested party to delete any link, copy or reproduction of his personal data.
3. Paragraphs 1 and 2 do not apply to the extent that processing is necessary:
a) for the exercise of the right to freedom of expression and information;
b) for the fulfillment of a legal obligation that requires the treatment provided for by Union or Member State law to which the data controller is subject or for the execution of a task carried out in the public interest or in the exercise of public powers of which the data controller is invested;
c) for reasons of public interest in the public health sector in accordance with article 9, paragraph 2, letters h) and i), and article 9, paragraph 3;
d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of its objectives treatment;
e) for the assessment, exercise or defense of a right in court.
Right to limitation of treatment
1. The interested party has the right to obtain the limitation of the processing from the data controller when one of the following hypotheses occurs:
a) the interested party disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is illegal and the interested party opposes the cancellation of personal data and instead requests that their use be limited;
c) although the data controller no longer needs it for processing purposes, personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
d)the interested party opposed the treatment pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
2. If the processing is limited pursuant to paragraph 1, these personal data are processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or for protect the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State.
3. The interested party who obtained the limitation of treatment pursuant to paragraph 1 is informed by the data controller before said limitation is lifted.
Obligation to notify in case of rectification or cancellation of personal data or limitation of treatment
The data controller informs each of the recipients to whom the personal data have been transmitted of any corrections or cancellations or limitations of the processing carried out pursuant to Article 16, Article 17, paragraph 1, and Article 18, unless this proves impossible or involves a disproportionate effort. The data controller communicates these recipients to the interested party if the interested party requests it.
Right to data portability
1. The interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit these data to another data controller without impediments from part of the data controller to whom you provided them if:
a) the processing is based on consent pursuant to article 6, paragraph 1, letter a), or to article 9, paragraph 2, letter a), or on a contract pursuant to article 6, paragraph 1, letter b) ;
b) the treatment is carried out by automated means.
2. In exercising their rights relating to data portability pursuant to paragraph 1, the interested party has the right to obtain the direct transmission of personal data from one controller to the other, if technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article is without prejudice to article 17. This right does not apply to the processing necessary for the performance of a task in the public interest or connected with the exercise of public powers with which it is invested the data controller.
4. The right referred to in paragraph 1 must not infringe the rights and freedoms of others.
Right to object
1. The interested party has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to Article 6, paragraph 1, letters e) of), including profiling on the basis of those provisions. The data controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or the defense of a right in court.
2. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to such direct marketing.
3. If the interested party objects to the processing for direct marketing purposes, personal data are no longer processed for these purposes.
4. The right referred to in paragraphs 1 and 2 is explicitly brought to the attention of the interested party and is presented clearly and separately from any other information at the latest at the time of the first communication with the interested party.
5. In the context of the use of information society services and without prejudice to Directive 2002/58 / EC, the interested party can exercise his right of opposition with automated means that use technical specifications.
6. If personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to article 89, paragraph 1, the interested party, for reasons related to his particular situation, has the right to object to the processing of personal data which concerns, except if the processing is necessary for the performance of a public interest task.
Automated decision-making process relating to natural persons, including profiling
1. The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which similarly significantly affects his person.
2. Paragraph 1 does not apply if the decision:
a) is necessary for the conclusion or execution of a contract between the interested party and a data controller;
b) is authorized by Union or Member State law to which the data controller is subject, which also specifies adequate measures to protect the data subject's rights, freedoms and legitimate interests;
c) is based on the explicit consent of the interested party.
3. In the cases referred to in paragraph 2, letters a) and c), the data controller shall implement appropriate measures to protect the data subject's rights, freedoms and legitimate interests, at least the right to obtain human intervention by the data controller , to express their opinion and contest the decision.
4. The decisions referred to in paragraph 2 are not based on the particular categories of personal data referred to in Article 9 (1), unless Article 9 (2) (a) or (g) applies, and does not adequate measures are in place to protect the data subject's rights, freedoms and legitimate interests.