Custombone/CustomizedBone portal privacy
Pursuant to EU Regulation 2016/679 “General Data Protection Regulation” (GDPR), we inform users that the personal data entered on the website are processed in the manner and for the purposes described below.
The processing of personal data in accordance with the law is intended as any operation or set of operations performed with or without the aid of electronic or automated means, and concerning the collection, recording, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, disclosure, deletion and distribution of data.
In compliance with the provisions of the new personal data protection Regulation, we inform you of the following:
1. Data Controller
The controller of the data processing in terms of identified or identifiable persons who have consulted this website and/or sent an information request is FIN-CERAMICA FAENZA SPA, with registered office in: Via Granarolo 177/3 - 48018 Faenza (RA). Tel. +39 0546 607311 - Fax +39 0546 607312
2. Data subject to processing
The personal data (first name, last name, email address, contact data) collected by us are submitted by the user during the registration phase on the portal after sending a registration request. Log files for access to the portal are also stored.
3. Purposes of processing
Personal data are processed for purposes related to the activities of FIN-CERAMICA FAENZA SPA to provide the data necessary to perform the requested services. The legal bases of the processing, depending on the case, can either be performing a contract where you are a party or the fulfilment of the Company’s legal obligations.
Personal data are processed in order to create and thereafter maintain and develop business relationships with potential customers, partners and other business contacts (including for example consultants, potential investors and suppliers), to evaluate the degree of satisfaction on our Services and Products and to improve the usability and content of our Web Platform. The processing is necessary to fulfil our legitimate interest of creating and thereafter maintaining and developing business relationships with you or the hospital/clinic/company you represent.
4. Methods of processing
Personal data are processed in accordance with the principles of fairness, lawfulness and transparency. The company ensures that the processing of data performed with or without the aid of electronic or automated means will take place using instruments that guarantee the security and confidentiality of the data subject through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination, in accordance with the limitations and conditions described in EU Regulation 2016/679.
Personal data are processed both on paper and through electronic and/or automated means.
The data are processed by our employees, who are committed to the implementation of the mandate given to us.
5. Access to data
The entities who may receive the user's personal data in their role as processors or authorized entity (pursuant to Article 13(1) of the GDPR) are:
- -The Data Controller
- -The employees of the Controller, so to fulfil the user’s requests (registration on the portal, processing of the data submitted)
The personal data that we collect may be shared with our distributors and other third parties in order for us to provide our services. The types of third parties with whom we may share your personal data are the following:.
- -Service providers: We use third party service providers to manage some aspects of our business operations. We share personal data with such third parties with regard to IT infrastructure, operating and hosting services and communications and other IT services such as IT support, maintenance and development.
- -Subcontractors: We may share your personal data with subcontractors that we use for the production of our products.
- -Authorities: We may share your personal data with public authorities such as the police or tax authorities in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
6. OPTIONAL NATURE OF DATA PROVISION
The user is free to submit the personal data requested. Failure to provide the data signifies the impossibility to obtain the requested service.
7. Disclosure of data
The data may be disclosed to supervisory bodies, judicial authorities and other third parties which require statutory disclosure, including the scope of prevention/repression of any illegal activity related to access to the website and/or upon sending a request.
8. Transfer of data
The management and storage of personal data will take place on servers located in Italy owned by the Controller and/or third companies who are appointed as Processors.
We may transfer your personal data to service providers who, either themselves or through hired sub-contractors, are located in or have business activities in a country outside the EU or EEA. In the event of such transfer, it will be made in accordance with applicable data protection legislation, for example, by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission or by use of standard contractual clauses that the European Commission has issued ensuring suitable measures to safeguard your rights and freedoms.
9. Period for which the personal data will be stored
The data collected for the activities concerning registration on the portal will be included in the company database and stored for the duration of the service. At the end of the service, the data will be deleted or rendered anonymous within the statutory time frame.
Should the data subject revoke his/her consent to specific processing, the data will be deleted or rendered anonymous within 72 hours of receipt of the revocation notification.
Pursuant to Art. 13, paragraph 2, point (f) of the Regulation, we inform you that all data collected will not be subject to any automated decision-making process, including profiling.
10. Rights of the Data Subject
Pursuant to Articles 15 to 23 of the GDPR EU Regulation 2016/679, we inform you that, as data subject, you are entitled to the rights described below. You may exercise these rights by addressing a specific request to the Data Controller and/or the processor, in addition to the right to file a complaint with a supervisory authority:
Art. 15 - Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information concerning processing.
Art. 16 - Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Art. 17 - Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
Art. 18 - Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Art. 20 - Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Art. 21 - Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
Art. 22- Right of not being submitted to an automated decision-making process, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
In order to exercise his/her rights, the data subject may contact FIN-CERAMICA FAENZA SPA, via Granarolo 177/3 - 48018 Faenza (RA), Italy. Tel. +39 0546 607311 - Fax +39 0546 607312
Rev. 01 – 20/03/2020
