Our Policy and Circular Letter in Relation to Protection of Personal Data
Circular Letter on Personal Data Protection pursuant to Legislative Decree 30 June 2003 no.196 and of the European Regulation for the protection of personal data no. 679/2016, (GDPR) and subsequent amendments.
Dear User, in this page you will find information related to management procedures of your personal data provided through our site. The confidentiality, protection and security of data processed play a particular importance. It is for this that our company reserves the utmost attention on the protection of your personal data.
Data security and respect for the rights of the data subject is the basis of the trustful relationship of cooperation with our customers, partners and employees and, in general, with all those who come into contact with our Company.
For this reason that when we gather, process and store personal data, we comply with all legal requirements, in particular the provisions of the EU Data Protection Regulation (European Regulations on Personal Data Protection 2016/679 "GDPR") and all directives on the protection of applicable personal data.
Following are the principles and measures described to protect the rights and freedoms of individuals who come into contact with our Company, in relation to the processing of their personal data.
We adopt adequate technical and organizational measures to protect the processing of personal data. These include, in particular, measures to ensure the confidentiality, integrity and availability of personal data including the resilience of systems and services.
Risks to the rights and liberties of the data subjects are taken into account in all processing operations when the technical and organizational measures are selected. In the event of high risks, the data processing is subject to further control of risks and measures.
In the processing of personal data, the principle of "data protection by means of technological planning and preset data protection" (data privacy by design/default) is observed, e.g. by pseudonymization or reduction of personal data to the minimum.
The technical and organizational measures are regularly reviewed in terms of effectiveness and are adapted according to needs, taking the state-of-the-art into account. This also applies to technical and organizational measures when they involve external service providers or partners.
We inform you that this site respects and protects the privacy of guests and users, making every possible and proportionate effort in order not to harm the rights of the users.
1. DATA CONTROLLER AND DATA PROTECTION OFFICER.
The Data Controller using your personal data is 4Flying Srl, with headquarters in Campagnola di Zevio (VR) Italy, Viale Edison n. 6.
You can contact the Data Protection Officer by sending an email to: firstname.lastname@example.org .
2. JURIDICAL BASIS OF THE PROCESSING, METHOD AND SUBJECT OF THE PROCESSING :
This site processes the data based on the performance of a contract, the fulfillment of legal obligations, the legitimate interest of the Data Controller (e.g. Judicial Protection) and with your consent.
The processing of data will be carried out for the purposes referred to in the following point with respect to the privacy rules in force based on the principles of propriety/correctness, lawfulness and transparency. It is carried out in accordance with the principles of relevance, comprehensiveness and non-redundancy and may be performed with or without the aid of electronic, computerized and telematic means.
Processing may consist of the following operations: gathering, registration, organization and storage, consultation and use, development, modification, selection, extraction, comparison, interconnection, transmission and communication, cancellation and destruction, blocking and limitation.
The processing will be carried out by the Data Controller, by the External Processing Managers and by individuals specifically authorized and instructed by the Data Controller for the right data processing. We inform you that, once the relationship has been established, the communication of data by the Data Controller to the subjects referred to in paragraph 5 is obligatory. This does not require your consent whenever it is necessary for compliance as provided by laws, regulations and community legislations.
3. DATA COLLECTED, PURPOSE OF PROCESSING AND STORAGE TIME
Browsing on our site, dates of data navigation will be collected by the use of log files in which information collected are stored automatically during the users’ visits. The information gathered could be the following:
- Internet protocol (IP) address;
- Type of browser and device parameters used to connect to the site;
- Name of the Internet Service Provider (ISP);
- Date and time of visit;
- Web page of origin of the visitor (referral) and of exit;
- Eventual number of clicks;
- Operations carried out within the site;
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may eventually include also personal data such as, IP address which could be used, in accordance with applicable laws, in order to block attempts of damage to the site itself or to harm other users, or in any case, harmful activities or constituting a criminal act.
By inserting data in the “New Registration” and “Subscribe to the Newsletter” sectors and also upon proceeding with the purchases, you can send us your contact identification data (e.g. your name, surname, address, telephone, e-mail, bank data, etc.).
Processing of your data will be made with the following purposes:
Sending of contact data (identification and personal data) by entering in the format for registration in the CRM of the Company, activation of the requested services, management of customer care and contacts (for the execution of a contract or the management of pre-contractual relationship); Storage time : duration of the contract and, after termination, 10 years.
Fulfill the obligations established by law and regulations (to comply with legal obligations); Storage time: 10 years or any other duration required by current legislation;
Exercise a right in court (legitimate interest of the Owner); Storage time: for the entire duration of the judicial litigation;
Purpose of direct marketing: by way of example, sending - with automated methods of contact (such as SMS, MMS, e-mail, social networks, instant messaging apps, push notifications) and traditional (such as telephone calls with operator and traditional mail) - of promotional and commercial communications relative to services/products offered by the Company or recommendation of corporate events, as well as customer satisfaction surveys, market surveys and statistical analysis (with your optional consent, revocable at any time); Storage time: up to the revocation of consent for contact details and personal data, 5 years for data regarding the purchases;
Profiling and retargeting purposes : (revocable consent in every moment) analysis of your preferences, habits, behaviors, interests even through cookie installation in order to send personalized commercial communications/targeted promotional actions /adequate offers and services to your needs / preferences , even on third-party sites (retargeting); Storage time: up to the revocation of consent for contact details and personal data, 5 years for data regarding the purchases.
Once the storage terms indicated above have elapsed, the data will be destroyed, deleted or made anonymous.
4. CONSENT TO THE SUBMISSION OF DATA, TO THEIR USE AND CONSEQUENCES OF THE REFUSAL TO GRANT YOUR CONSENT.
Your personal data are processed:
4.A. Without your expressed consent (Article 6 GDPR) for the following purposes of service:
• To conclude the contracts for the services of the Controller;
- To fulfill the pre-contractual, contractual and fiscal obligations arising from relationships established with you;
- To fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (for example under the Anti-Money Laundering Regulations);
- To exercise the rights of the owner, for example, the right of defense in court;
4 .B. Only upon your specific and distinct consent (Article 7 GDPR), for the following marketing purposes:
- To send you via email, post and/or SMS and/or telephone contacts, newsletters, business communications and/or advertising material, even with automated method of contact, on products or services offered by the Owner and satisfaction survey on the quality of services;
- To perform profiling and retargeting .
The conferment of data for the purposes referred to in paragraph 4 A. is optional. The refusal to the awarding, however, will involve the impossibility of any contact with 4 Flying S.r.l. and we will not be able to guarantee you on the related services.
The submission of data for the purposes referred to in point 4.Bis optional and revocable at any time. You can therefore decide not to provide any data or subsequently deny the possibility of processing for such purposes the data already provided. In such case, you will not receive newsletters, commercial communications and advertising material inherent to the services and products offered by the Data Controller.
To stop receiving the newsletter, you can click on the "unsubscribe" link found in each newsletter or access your personal profile then delete the flag of consent. It is also possible to contact the customer service who will explain how to proceed with the cancellation.
5. DATA COMMUNICATION and RECIPIENTS
We may disclose your personal information if required by law , if you violate our Terms of Service , if it serves to ensure the functioning of the business activity of the Owner to persons appointed and instructed by the same Owner, to External Managers expressly designated to work on behalf of the Owner (e.g. Accountants, Consultants, IT technicians, etc.), to the IT Staff or System Administrators.
The data may furthermore be processed on behalf of the Company, by external parties designated as Managers, who are given appropriate operating instructions. Such individuals are essentially included in the following categories:
- - Companies offering services for sending e-mails or SMS (Mail Up, INX Mail ...);
- - Companies that offer services instrumental to the pursuit of the purposes indicated in this disclosure (media agency, IT suppliers, shippers ...);
- - Companies that offer support in the accomplishment of market studies and profiling (e.g. Mautic.com).
If the personal data are processed by external service providers or partners on behalf of Flying 4 S.r.l., appropriate data protection measures are being taken depending on the category, for example:
Assignment for Processing Personal Data: If, by virtue of the instructions given, the service provider must process personal data, specific agreements are concluded with these suppliers and the task is assigned only to those service providers who adopt appropriate technical and organizational measures to protect them. The same applies when accessing data for maintenance and assistance activities.
Transfer of Functions: If a third-party is entrusted other additional tasks with respect to the processing of personal data for the exercise of which decision-making autonomy is necessary in relation to the use of data, a specific agreement is concluded to that effect which must foresee for adequate technical and organizational measures similar to the provisions of the previous point.
Confidentiality Agreement: If it cannot be excluded in individual cases that personal data should be divulged to a limited extent, a confidentiality agreement is concluded for security reasons with the supplier.
6. TRANSFER OF DATA ABROAD
Personal data collected by browsing in this online site or with the inclusion in the Contacts Format are not transferred to countries outside the EU and are not disseminated.
7. THIRD PARTY SERVICES
In general, the utilized third-party providers collect, use and disclose your information to the extent necessary to let them perform the services that they provide.
However, some third-party service suppliers, like the payment gateway and other processors for payment transactions, have their own data protection norms for the information which we have to furnish for the transactions connected to the purchase.
When you buy products or services through the site www.4-Clip.com, use the payment gateway of PayPal, Inc. which is a company in Delaware with offices located in 2211 North First Street, San Jose, CA 95131 ("PayPal") and is a party to the standard EU contract Clause.
(A) Braintree is established and located in the European economic zone.
(B) The parent company of Braintree, PayPal, and its subcontractors are located in the United States and other countries outside the European economic zone.
(C) The European economic zone and Switzerland limit the transfer of personal data to some other jurisdictions, including the United States.
(D) The personal data related to payment may be transferred by Braintree to the parent company, PayPal and its subcontractors. PayPal has accepted to stipulate the standard EU Contract Clauses in order to guarantee total security of the data and compliance of their processing to European norms in matters of Personal Data Protection (G.D.P.R.).
The pages visited by the user can send C.D. Cookies to his terminal (usually to the browser), that is to say, text strings of small dimension that memorize the passage. Cookies can be used for different purposes such as, session monitoring, memorization of specific information, etc.
Analytical Cookies: We use analytical cookies to better understand how our guests use the site of 4 Flying.com, to understand what works and what does not, to optimize and improve the site and the apps, to measure the effectiveness of marketing and communications and to ensure that the platforms are always interesting and relevant. The data we recover include the visited web pages, the exit and entry pages, the type of platform, which e-mails you have opened and information about the date and time.
This type of cookie allows us also to know how you interact with the site for example, through the number of clicks you make on a particular page, mouse movements, scrolling, words found and texts inserted in the various fields. We use analytical cookies also in the context of our online advertising campaigns to understand how users interact with our site or with the apps after viewing an online advertisement, including advertising on third-party sites. Even our business partners may use analytical cookies to know if their users are taking advantage of the offers integrated into their sites.
4 Flying S.r.l. also uses commercial cookies with which you can memorize the preferences detected during each visit and to create such profiles that allow to send messages that are more in keeping with the preferences and interests of the user. For example, they allow to view faster the products you are looking for or to offer you the most similar item. This site also allows the use of third-party profiling cookies that serve to make you view our commercial proposals even when you visit other sites (retargeting).
For every detail related to the cookies used by 4 FLYING SRL Italia, reference is made to the specific Cookies extended Disclosure.
8.1 Disabling Cookies
8.2 Third-Party Cookies
This site also acts as an intermediary for third-party cookies. These cookies are used to provide additional services and features to guests and to improve the use of the site itself such as buttons for social media or video. This site has no control over the cookies entirely managed by third parties. As a consequence of this, the information on the use of said cookies and their purposes as well as on the method for eventual disabling are provided directly by the third parties.
Pursuant to European Regulation 679/2016 (GDPR) and National Regulations, the User can, according to the procedures and within the limits established by the law, exercise the following rights:
Information: Data subjects will be promptly and transparently informed of the possibility and methods of processing their data. This applies either in the case where personal data are collected directly from the interested subject or in the case of data gathering from other third parties).
Access: Data subjects may at any time request information on personal data archived and/or processed as well as a copy of such data.
Rectification: Data subjects may at any time request correction or completion of false or incomplete personal data, for example, if a name or address is not correct.
Cancellation: Data subjects may request the erasure of their personal data to the extent that there are no conflicting obligations or rights, e.g. storage obligations for tax/business reasons.
The data subject also has the right to be "forgotten" with the consequence that other owners are informed of the request for cancellation, to the extent that 4 Flying S.r.l. has communicated to them their personal data.
Limitation of Processing: Data subjects may request that their personal data be limited, e.g. if they are inaccurate.
Opposition: Data subjects may oppose the processing of their own personal data for advertising purposes at any time. Otherwise, an opposition is possible under certain conditions in consideration of the particular personal circumstances of the person concerned.
Automated Decision-Making Process: In the context of efficient business transactions, interested parties are subject to an automated decision only if this is permissible, e.g. in the context of the performance of the contract. The persons concerned are informed of the corresponding procedures of automated processing
Right to lodge a complaint to the Control Authority (Supervisory Authority -[true address])
As well as, more in general, to exercise all the rights that are recognized by the law provisions in force.
Requests should be directed to the following address: email@example.com
Last revision 6 August 2018