Privacy Policy

Dear User, ANFA di Andrea Farotto protects the privacy of its Users.
The data that may be provided by the User through the Website will be handled with the utmost care and with all the tools necessary to ensure its security, in full compliance with the current regulations.
We wish to inform you that the "European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data" (hereinafter "GDPR") provides for the protection of individuals with respect to the processing of personal data as a fundamental right.
Pursuant to Article 13 of the GDPR, we inform you that:

DATA CONTROLLER

The Data Controller is ANFA di Andrea Farotto, an Italian company with its registered office at Via Degli Odescalchi 24, 20148, Milan (MI), Italy, VAT number IT 11008820968, and registered with the Companies Register under REA (Economic and Administrative Index) number MI-2572265.

CATEGORIES OF DATA

The data processed may include:

  1. Automatically collected data.
    The IT systems and applications used to operate this Website collect, during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) that could potentially be associated with identifiable Users. Among the data collected are IP addresses and domain names of the computers used by Users who connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters regarding the User's operating system, browser, and IT environment, the name of the Internet Service Provider (ISP), the date and time of the visit, the web page from which the visitor originated (referral) and the page they exit to.
  2. Data voluntarily provided by the User.
    The voluntary and explicit sending of emails to the addresses indicated in the different access channels of this Website does not require consent and implies the acquisition of the sender’s address and data, necessary to respond to the requests, as well as any other personal data included in the message. Such data is voluntarily provided by the User at the time of requesting the service. By submitting a comment or other information, the User expressly accepts this privacy policy. Conversely, specific concise information will be displayed or shown on the Website pages set up for particular services on request (forms). The User will therefore be required to explicitly consent to the use of the data reported in these forms in order to submit the request.
  3. Cookies.
    The Website uses cookies. The data collected through cookies may be used to access certain parts of the Website, for statistical purposes, or to make the browsing experience more pleasant and efficient in the future, seeking to assess User behavior and modify the content offering based on their behavior.
    For more information, a specific Cookie Policy is available.
PURPOSE OF DATA PROCESSING AND LEGAL BASIS

The processing of your data has the following purposes and legal bases:

  1. For data automatically collected, the legal basis is the legitimate interest of the Data Controller, and the purpose is to ensure and improve the web browsing experience.
  2. For data voluntarily provided by the User, the legal basis is specified in the individual information provided, depending on the various services requested and provided through the Website.
  3. For cookies, please refer to the specific Cookie Policy.
    DATA RECIPIENTS

    Within the limits relevant to the purposes of the processing indicated, your data may be communicated to partners, consulting firms, private companies, third-party technical service providers, hosting providers, IT companies, communication agencies. These entities will be designated as Data Processors.

    TRANSFER OF DATA TO THIRD COUNTRIES

    Your data is not expected to be transferred to a third country. In the case of any processing of personal data outside the European Union, such processing will only take place after adopting adequate safeguards as required by current regulations.

    RETENTION PERIOD

    In accordance with the principle of data retention limitation (Article 5 of the GDPR), the obsolescence of stored data will be periodically checked concerning the purposes for which it was collected. Specifically:

      1. Automatically collected data is processed for the time strictly necessary to obtain statistical information on the use of the Website and to verify its proper functioning, including for security purposes or in line with legal deadlines.
      2. Data voluntarily provided by the User will be retained for a period not exceeding the achievement of the purposes for which it is processed or in accordance with legal deadlines.
      3. For data collected through cookies, please refer to the specific Cookie Policy.
        RIGHTS OF THE DATA SUBJECT

        As a "Data Subject" in the processing, the User has the right to:

        • Access, rectify, delete, restrict, or object to the processing of their data.
        • Obtain, without hindrance from the Data Controller, their data in a commonly used, structured, and machine-readable format to transmit it to another Data Controller.
        • Withdraw consent to the processing without prejudice to the lawfulness of the processing based on consent before its withdrawal.
        • Lodge a complaint with the Data Protection Authority.
          If it is not possible to request the deletion of data, the User may still object to the processing when justified by reasons related to their particular situation.
          The exercise of these rights can be carried out by written communication sent by email to the certified email address (PEC) andrea.farotto@twtcert.it or by registered mail to ANFA di Andrea Farotto, Corso Sempione, 100, 21052, Busto Arsizio (VA), Italy.
        METHODS OF DATA PROCESSING

        The personal data you provide will be subject to processing operations in compliance with the aforementioned regulations and the confidentiality obligations that inspire the Data Controller’s activities. The data will be processed using IT tools, paper supports, or any other suitable means (e.g., cloud systems, digital archiving systems, etc.), in compliance with appropriate technical and organizational security measures required by the GDPR.

        FINAL PROVISIONS

        This policy applies solely to this Website and not to other websites that may be accessed by the User via links contained in this Website. The policy may undergo changes due to the introduction of new regulations; therefore, the User is invited to periodically check this page to stay updated.

        AUTOMATED DECISION-MAKING PROCESSES

        No automated decision-making processes are used.