1. Definitions
For the purposes of this Privacy Policy, the terms in capital letters have the same meaning attributed to them in the Conditions of Sale on the Site. Further definitions may be contained in this Privacy Policy.
2. Scope of application
- This Privacy Policy binds any person who in any way accesses the Site, even if it is a Consumer (hereinafter referred to as “User”), or in the event that the User simply navigates within the Site itself and use the services without purchasing any Product, whether it purchases the Products.
- FRU.IT SRL respects the User’s rights in relation to all the information that identifies or identifies the User himself, and that can provide details on his habits, his lifestyle, his personal relationships, etc. (hereinafter the “Personal Data”).
3. Data Controllers, Managers and Trustees
- Pursuant to Legislative Decree 30 June 2003, n. 196 (“Privacy Code”), FRU.IT SRL, as indicated in the Conditions of Sale, is the holder of the processing of Personal Data (hereinafter jointly also referred to as “Holders”).
- The Owner has the power and responsibility to decide the methods and purposes of processing, also in terms of security.
- Furthermore, due to organizational and functional requirements, the Data Controller, in accordance with the Privacy and SIM Code, may appoint data controllers (hereinafter, the “Managers”) and data processors (hereinafter, the “Appointees”), or personnel specifically authorized by the Owner.
- The User, if interested, will be able to obtain the list of Managers and Distributors by writing to the following e-mail address: info@fru.it.
4. Collection of Personal Data and purpose
- As a result of this Privacy Policy, Personal Data may be collected and processed in the manner and for the purposes indicated below.
- Certain Personal Data (such as the User’s e-mail address, personal data, password, etc.) are collected when the User registers on the Site by completing the relevant form contact registration; this collection is intended to allow the User access to reserved areas and services of the Site, assistance services (Customer Care) and communications services for technical/organizational reasons.
- Some Personal Data (such as the postal address, credit card details and bank details, telephone number, etc.) are collected when the User registers on the Site or proceeds to the purchase of the Products by filling in the relevant order form; this collection is intended to allow the conclusion of the sale and delivery of the Products and to give the User access to after-sales assistance and/or warranty services. The consent to the processing of data for purposes a) and b) is necessary for the performance of the services to which the FRU.IT is obliged and can be lawfully expressed by ticking (flagging) the box located next to the window from which it is. You can read this information during the data entry procedure.
- In addition to the provisions of the previous point, the Personal Data may be sent by the Owner to subsidiaries and / or affiliates, or to physical or legal entities that collaborate with the Owner.
- In any case, even once authorized to send the User advertising communications via e-mail, the Owner guarantees Users the right to exercise, at any time, their right not to receive communications in the future.
5. Transfer of Personal Data abroad and the storage period
- The Data Controller does not transfer data to countries outside the EU.
- The provision of Personal Data for any of the above purposes is limited in time to three years from the provision of consent.
6. Treatment modalities
- The Personal Data are mainly processed in electronic format and some cases also in paper format. The Personal Data will be kept for the time strictly necessary for the purpose for which they were collected and, in any case, within limits set out in point 5.2. It may happen that the Data Controller is dealing with Personal Data of third parties communicated directly by its Users, for example in the event that the User has purchased a product to be delivered to a friend, or when the person who pays the price for the purchase of a Product is different from the subject for whom the Product is intended. In all these cases the User must make sure that he has obtained the consent of the person who owns the Personal Data provided before communicating them to the Owner, and informing that person of the contents of this Privacy Policy; The User will be the one and only responsible for the communication of information and Personal Data relating to third parties without their consent and for the incorrect use or contrary to the law of such Personal Data.
- The Owner reserves the right to delete the registered Users’ accounts and all related Personal Data, in the event that illicit content is detected, damaging the image of FRU.IT SRL or the products of the latter or third parties, or otherwise contained offensive or that promote illegal or reprehensible activities.
7. Communication of Personal Data
- Without prejudice to the communications made in compliance with the applicable laws, the Personal Data may be communicated to physical and / or legal persons of which the Owner uses to allow the Site to function and the Products to be sold and delivered.
- By way of example, the Data Controller may communicate Personal Data to third parties belonging, among others, to the following categories:
- persons who carry out tasks of a technical and organizational nature on behalf of the Data Controller;
- entities that perform acquisition, processing, and data processing services necessary for the supply of the Products;
- subjects that provide services for the management of the Website and the IT system of the Owner;
- subjects that carry out archiving and data entry activities;
- banks or other parties involved in payment procedures;
- entities that operate in the field of assistance and consultancy relationships, including inter alia legal and / or accounting;
- couriers and freight forwarders;
- public authorities and supervisory and control bodies.
- The subjects indicated above operate, as the case may be, as distinct data controllers, Managers, or Appointees (authorized) appointed for this purpose. The Personal Data may also be known by the Owner’s employees and consultants if specifically appointed as Managers or Appointees (authorized).
- The Personal Data will not be used or communicated to third parties for purposes other than those described in this Privacy Policy, without prior notice to the User and without having obtained his consent, where required by law.
8. Security
- Pursuant to the Privacy Code, the Data Controllers take appropriate security measures to minimize the risk of destruction or loss of Personal Data, unauthorized access or processing that is not permitted or does not comply with this Privacy Policy.
- However, the Owner cannot guarantee that the security measures adopted will adequately limit or exclude any risk of unauthorized access or loss of Personal Data. Users are therefore advised to ensure that their computer and internet connection are equipped with adequate devices for the protection of Personal Data transmission on the network.
9. Other User rights
- In addition to the provisions of this Privacy Policy, the User (interested) may always exercise the rights attributed to it by the Privacy Code, as adequate to the GDPR (EU Reg. 679/2016) which for completeness are reported in full with reference to the articles of reference of the GDPR:
- Art. 15 – the right of access: the interested party has the right to obtain from the controller the confirmation that the processing of personal data concerning him is being carried out and in this case, to obtain access to personal data and the following information:
- Purpose of the processing;
- The category of personal data processed;
- The recipient or categories of recipients to whom the personal data have been or will be communicated, in particular, if they are recipients of third countries or international organizations;
- The period of storage of personal data provided or, if this is not possible, the criteria used to determine this period;
- The existence of the data subject’s right to request the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their processing;
- The right to lodge a complaint with a supervisory authority;
- The existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used as well as the importance and expected consequences of this treatment for the data subject.
- Art. 16 – the right of rectification: The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
- Art. 17 – the right to cancellation: The interested party has the right to obtain from the data controller the deletion of personal data concerning him without unjustified delay, and the Data Controller is obliged to delete personal data without delay if one of the following reasons exists:
- Personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- The interested party withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1, lett. a), or in art. p paragraph 2, lett. a) if there is no other legal basis for the processing;
- The interested party opposes the treatment according to the art. 21, paragraph 1, and there is no legitimate prevailing reason to proceed with the processing or is opposed to the processing pursuant to art. 21, paragraph 2;
- Personal data have been processed illegally;
- Personal data must be deleted in order to fulfill a legal obligation established by the law of the Union or the Member State to which the data controller is subject;
- Personal data has been collected regarding the offer of information society services pursuant to Article 8, paragraph 1 of EU Regulation 2016/679.
- Art. 18 – the right to limit the treatment: The interested party has the right to obtain the treatment limitation from the data controller when one of the following hypotheses occurs:
- The interested party disputes the accuracy of the personal data, for the period necessary to the data controller to verify the accuracy of such personal data;
- The processing is illegal and the person concerned is opposed to the deletion of personal data and instead requests that its use be limited;
- Although the data controller no longer needs it for the purposes of the processing, personal data is necessary for the data subject to ascertain, exercise or defend a right in court;
- The interested party objected to the processing pursuant to art. 21, paragraph 1, EU Reg. 2016/679 pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
- Art. 20 – the right to data portability: The interested party has the right to receive in a structured format, commonly used and readable by automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediment by of the data controller to whom it has supplied them if:
- The treatment is based on the consent of the art. 6, paragraph 1, lett. Ao of art. 9, paragraph 2, lett. a), or on a contract pursuant to art. 6, paragraph 1 letter. b) e
- The processing is carried out by automated means.
- n exercising their rights with respect to data portability pursuant to the previous paragraph, the data subject has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible. The exercise of the right referred to in paragraph 1 of this article is without prejudice to the art. 17 (right to cancellation). This right does not apply to the processing necessary for the execution of a task of public interest or connected to the exercise of public authority vested in the data controller. The right referred to in paragraph 1 must not affect the rights and freedoms of others.
- Art. 21 – the right of opposition: The interested party has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to art. 6 paragraph 1 letter. e) of), including profiling. If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him for these purposes, including profiling to the extent to which it is connected to such direct marketing.
- Art. 15 – the right of access: the interested party has the right to obtain from the controller the confirmation that the processing of personal data concerning him is being carried out and in this case, to obtain access to personal data and the following information:
- The User may freely and at any time exercise his rights, in the manner indicated in art. 13 of this document.
10. Links to other websites
- The Site contains links to other websites that may have no connection with FRU.IT SRL
- The Owner does not control or monitor such websites and their contents. The Owner cannot be held responsible for the content of these sites and the rules adopted by them also with regard to the privacy and the processing of personal data. The User must therefore pay attention when connecting to these websites through the links on the Site and must carefully read their terms of use and privacy regulations. This Privacy Policy does not apply to third party websites, and the Owner is in no way responsible for the privacy rules applied by said websites.
- The activation of the links does not imply any recommendation or notification by the Data Controller for accessing and browsing these websites, nor any guarantee as to their contents, services or goods supplied by them and sold to Internet users.
11. Cookies
The cookie policy can be viewed by clicking on the link at the end of the page (footer)
12. Changes and updates to this Privacy Policy
The Data Controller may modify or simply update this Privacy Policy, in whole or in part, also in consideration of changes in current legislation. Changes and updates to this Privacy Policy will be notified by publication on the Website and will be binding as soon as they are published.
13. Contacts
You may, at any time, modify or revoke your consent or oppose the processing and exercise any other right by writing to FRU.IT SRL – Via della Cooperazione, 25, 63018 Porto Sant’Elpidio FM, or by e-mail at info@fru.it
Document updated 24 May 2018