Privacy policy

Information pursuant to and for the purposes of Article 13 of EU Regulation 2016/679 (GDPR) concerning the protection of personal data processing
The undersigned Company informs you that, for the establishment and management of the contractual relationship currently in place with you, it is the data controller of your information, classified as personal data pursuant to the Code regarding the protection of personal data.

Data Controller
The Data Controller, whom you may contact, is Fabbroni Campani srl, Via Benozzo Gozzoli, 60 – 00142 Rome – VAT no. 05509431002.

Purpose and Legal Basis of Processing
Pursuant to Article 6(1)(b) of EU Regulation 2016/679, the collection and processing of personal data are carried out:
to comply with legal, regulatory, and EU obligations;
to fulfill specific client requests prior to entering into the contract;
to perform obligations arising from the concluded contract;
for customer administration;
for management of orders, shipping, and invoicing;
for fulfillment of tax and/or accounting obligations;
for dispute management, including debt collection.
Data will be processed in accordance with principles of fairness, lawfulness, transparency, and the protection of your privacy and rights. Your personal data will be processed for the entire duration of the contractual relationship and thereafter, as required to comply with legal obligations.
In relation to the contractual relationship, the company may process data defined by law as “personal” (e.g., company name, registered office, name, surname, address, VAT number, Tax Code, etc.), but not data classified as “special categories” (e.g., health status, religious beliefs, etc.).

Methods of Processing
Data processing for the aforementioned purposes is carried out both by automated means (electronic or magnetic support) and non-automated means (paper-based), in compliance with confidentiality and security rules provided by law, related regulations, and internal provisions.

Place of Processing
Data is currently processed and stored at the data controller’s headquarters. It is also processed, on behalf of the Controller, by professionals and/or companies engaged to perform technical, development, management, and administrative-accounting activities.

Mandatory or Optional Nature of Data Provision and Consequences of Refusal
Providing data is mandatory for all legal and contractual obligations. Therefore, any refusal to provide such data, in whole or in part, may result in the inability of the Company to fulfill the contract or to properly perform related obligations, such as those of a tax nature.

Data Disclosure
Without prejudice to disclosures made in compliance with legal and contractual obligations, all collected and processed data may be disclosed within Italy exclusively for the purposes indicated above to:
service companies (accountants, shipping/transport companies, credit recovery professionals or firms, etc.) pursuant to Article 28 of EU Regulation 2016/679;
credit institutions.
Moreover, the following categories of individuals may become aware of the data during processing (pursuant to Article 29 of EU Regulation 2016/679) and/or as data processors (pursuant to Article 28 of the Regulation), duly appointed in writing and provided with specific written instructions:
Employees;
Professionals or service companies managing administration and business operations on behalf of our company.
The complete and updated list of data recipients may be requested from the Data Controller at the contact details provided in the “Data Subject Rights” section.

Data Transfer Abroad
The Data Controller does not transfer personal data to third countries or international organizations.
However, it reserves the right to use cloud services; in such cases, service providers will be selected among those offering adequate guarantees, as provided by Article 46 of GDPR 679/16.

Existence of Automated Decision-Making
There is no automated decision-making system in place.

Data Retention Period
Your personal data will be stored only for the time strictly necessary for the purposes for which it was collected, in compliance with the data minimization principle under Article 5(1)(c) of EU Regulation 2016/679.
Data will be retained in our archives based on the following parameters:
For administration, accounting, contractual activities, and management of any disputes: 10 years as provided by Article 2220 of the Civil Code, without prejudice to any delayed payments that justify extended retention.
Data Subject Rights
You may exercise your rights as set forth in EU Regulation 2016/679 of the European Parliament and Council of 27 April 2016, by contacting the data controller at +39 0575-22349 or by emailing info@autorimessapiazzazucchi.it
Please note that if the access request is made by electronic means, the information will be provided in a commonly used electronic format.
Pursuant to Articles 13(2) and 15 to 22 of the Regulation, we inform you that regarding the processing of your personal data, you may exercise the following rights:

Right to access personal data and the following information:
confirmation of whether or not your personal data is being processed;
purposes of the processing;
categories of personal data;
recipients or categories of recipients to whom the personal data has been or will be disclosed;
if the data is not collected from the data subject, all available information about its origin;
existence of automated decision-making, including profiling;
a copy of the personal data being processed.

Right to rectification and completion of personal data;
Right to erasure (“right to be forgotten”) if one of the following conditions applies:
the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
the data subject withdraws consent and there is no other legal basis for the processing;
the data subject objects to the processing and there are no overriding legitimate grounds;
the personal data has been unlawfully processed;
the personal data must be erased to comply with a legal obligation under Union or Member State law.
If the controller has made the data public and is obliged to erase it, they must inform other controllers processing that data of the erasure request, including any links, copies, or replications.

Right to restriction of processing, where:
the data subject contests the accuracy of personal data, for a period enabling the controller to verify its accuracy;
the processing is unlawful, and the data subject opposes erasure and requests restriction instead;
the controller no longer needs the data for processing, but it is required by the data subject for legal claims;
the data subject has objected to processing pending verification of whether the controller’s legitimate grounds override those of the data subject.
Right to lodge a complaint with the Data Protection Authority, following the procedures and instructions published on the official website of the Authority: www.garanteprivacy.it.

Right to data portability, i.e., the right to receive personal data provided to a controller in a structured, commonly used, and machine-readable format and to transmit that data to another controller where processing is based on consent or a contract and is carried out by automated means. Where technically feasible, the data subject also has the right to have the personal data transmitted directly from one controller to another.

Right to object at any time to the processing of personal data, including profiling, particularly where:
processing is based on the legitimate interest of the controller, subject to the data subject’s reasons for objection;
personal data is processed for direct marketing purposes.

Right not to be subject to a decision based solely on automated processing, including profiling, except where:
the decision is necessary for entering into or performing a contract;
it is authorized by Union or Member State law;
it is based on the data subject’s explicit consent.

Right to withdraw consent at any time.

The exercise of rights is free of charge and not subject to any formal constraint.