FFM - Privacy

Fimap S.p.A., a company subject to the Italian law, with registered office at Via Invalidi del Lavoro n. 1, 37059 Santa Maria di Zevio, Verona-Italy, VAT code 02520310232 / fiscal code 09224090150 (“Fimap”), defines here below its privacy policy pursuant to articles 13 and 14 of EU Regulation 2016/679 (the “Regulation” or “GDPR”), as processing owner of personal data of users (the “Users”) of its fleet management platform (the “Application”).

1. Types of data processed and purposes of processing

The access to the application platform may involve the subsequent acquisition of personal data, such as email addresses, place of residence, tax/VAT code, names, qualifications and any other information relating to an identified or identifiable natural person, sent for the following purposes:

- to allow User to register to the Application in accordance with the related terms and conditions of use, and to provide the services offered on the Application from time to time (article 6, par. 1 letter b of the Regulation);

- to respond to the Users’ requests regarding the Application and/or the services (article 6, par. 1, letter b of the Regulation);

- where required, to comply with legal obligations, including taxes, in accordance with terms and conditions of Application use (article 6, par. 1, letter c of the Regulation);

- if necessary to allow Fimap to pursue its legitimate interest to ensure the security and integrity of the Application (art. 6, par. 1, letter f of the Regulation);

Failure to provide personal data may make it impossible to be registered to the Application and to obtain the services and/or information requested.

The processing of Users’ personal data will be carried out by means of manual and computerized instruments in such a way as to guarantee the security and confidentiality of data.

The optional, explicit and voluntary dispatch of electronic mails to the addresses indicated on the Application or the use of the forms on the Application, which Users do on the basis of free, explicit and voluntary choice, entails the subsequent acquisition of the sender’s address, as necessary to reply to requests, as well as of any other personal data included in the message.

The computer systems and software procedures used to operate the Application, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified interested parties, but by its very nature it could allow Users to be identified, through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by Users connecting to the Application, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the operating system and computer environment.
This data is used only to obtain anonymous statistical information on the use of the Application and to check its proper functioning and it is deleted immediately after processing. Data could be used to ascertain liability in the event of computer crimes against the Application.

2. Processing modalities

The processing of personal data mainly takes place with the help of electronic or automated instruments, according to methods and means suitable to ensure the security and confidentiality of the data, in accordance with the provisions of the Regulation. In particular, Fimap uses technical, IT, organizational, logistical and procedural security measures in order to guarantee the minimum level of data protection required by law, allowing access only to those appointed.

3. Scope of data dissemination

The personal data may be communicated to the following entities:

i. Fimap employees and/or collaborators, for the performance of administration, accounting, IT and service support activities;

ii. entities carrying out User assistance activities and providing services also for the benefit of Fimap;

iii. companies or consultants responsible for the installation, maintenance and management of Fimap hardware and software (including the application platform);

iv. external companies or consultants providing banking, financial, insurance, legal services;

v. company of the group controlled by Comac S.p.A. to which Fimap belongs;

vi. supervisory and control authorities and bodies and, in general, public or private persons acting as public officials or persons in charge of public service.

With reference to personal data communicated to them, the parties that belong to the above-mentioned categories can operate, depending on the case, as processors or persons in charge of processing, or as separate data controllers.

Personal data shall not be in any way disseminated or communicated to other external entities, except where disclosure is required by law or necessary.

4. Data Retention

Registered Users’ personal data will be collected and stored as long as their account is active. Personal data collected in relation to services purchased will be retained for the time required by tax law.

Navigation data will be delated immediately after being processed for operational or statistical purposes; in any case, such data may be used to verify any liability in the event of computer crimes against the Application. Beyond this case, navigation data will be retained for the least required period, without prejudice to any further period of data retention set out in the law.

5. Users’ Rights

This section lists the rights of the Users that can be exercised at any time by writing to fimapspa@postecert.it.

The User shall have the right to:

- obtain from Fimap confirmation as to whether or not his/her personal data are being processed and, if so, access to the information referred to in article 15 of the Regulation;

- obtain the rectification of the collected personal data, or taking into account the purposes of processing, the integration of incomplete personal data;

- obtain the erasure of his/her personal data if one of the reasons referred to in article 17 of the Regulation applies;

- obtain the limitation of the processing of his/her personal data in cases provided for by the applicable law;

- object to the processing of his/her personal data for reasons connected with his/her particular position;

- receive in a structured, commonly-used and legible electronic forma, any persona data relating to him/her and transmit the data to another controller without impediment by Fimap, if technically possible, in the cases and within the limits referred to in article 20 of the Regulation.

Depending on the amount or complexity of the requested information, an appropriate fee may be charged.

The User shall also have the right to lodge a complaint with a supervisory authority (for Italy, “Garante per la protezione dei dati personali” – www.garanteprivacy.it ), if he or she considers that the processing of his/her personal data is carried out in violation of the Regulation.

In any case, the User is invited to contact Fimap which undertakes to process the matter with the utmost courtesy, seriousness and discretion.

Fimap’s services are primarily intended for an adult audience. Fimap does not knowingly solicit or collect personal data or about persons under the age of 16 without the consent of a parent or guardian. Should Fimap learn that personal data relating to children have been sent without the consent of a parent or guardian, Fimap shall make every reasonable effort to do so:

- delete such personal data from your files as soon as possible; and

- ensure that these personal data are not further used for any purpose and are not further disclosed to third parties.

7. Amendments and updates to this Policy

Fimap reserves the right to modify, update and change this privacy policy, with any effect from its publication on this website.

For any information regarding this privacy policy or our services, please contact fimapspa@postecert.it.