Our commitment to personal data protection
Dear User, onthis page you will find the information on the management methods used forthe handling of your personal data on our site. Privacy, protection and security of data processed are of particular importance: this is why our company dedicates utmost attention to the protection of personal data.
The security of data and respect for the rights of interested parties form the basis of the trustrelationshipand cooperation with our clients, partners, employees, and in general, all those who come in contact with our Company.
For this reason,we comply with all the law requirements upon gathering, processing and conserving personal data, particularly the provision of the EU Regulations on data protection (General Data Protection Regulation 2016/679 “GDPR”) and all the applicable norms on personal data protection.
Hereunder is a description of the principles and measures for the protection of the rights and liberty of natural persons who come into contact with our Company, in relation to the processing of their personal data.
The Data Controller,that is, the party determining the purposesof the processing, is 4 Flying Srl (hereinafter referred to as "4 Flying Srl" or "Company") with registeredoffice at Viale Edison, 6 - 37059 Campagnola di Zevio (VR), Italy. The updated list on the processing can be consulted upon request via email at the address [email protected].
Personal dataprocessing principles
The principles applied in personal data processing are the following:
Legitimacy: Personal data processing is always performed on a legal basis.
Transparency: Every party involved must be able to understand the processing of their own personal data.
Objectives: The purposes for which the personal data are processed must be clearly identified beforehand and defined at the time of collection.
Processing Minimization: Personal data processing must be limited in the suitable measure, factual, pertinent and necessary for the processing aims. The same holds for the access options.
Accuracy: The personal data should be correctly and completely archived, elaborated and updated sequentially. Suitable measures are taken to cancel, correct, integrate or update data that are imprecise, incomplete and not updated.
Filing time limits: The personal data may be kept only for the time necessary in consideration of the objectives for which they are gathered or for the time allowed by law norms (for example the conservation times established by tax legislations).
Integrity and confidentiality: In data processing, suitable technical and organisational measures should be adopted to protect the data in an appropriate manner, particularly to avoid unauthorised or illicit processing, accidental loss of data, and their accidental destruction or damage.
All processing performed by our Company are carried out in conformity with the aforementioned principles.
Legal grounds for data processing
Any processing of personal data is subject to the principle,"prohibition subject to authorization." Consequently, any processing of personal data is unlawful if there is no legal basis.
Our Company processes personal data on the basis of the following laws:
Special categories of personal data, e.g. those regarding ethnic origin, religious creed or health, may be processed only with the explicit consent or law authorisation.
Rights of the data subjects concerned
The protection of the rights of natural persons in relation to personal data processing is an absolute priority for 4 Flying Srl.
To guarantee this, the interested party has among others, the following rights:
The data subjects will be furnished with all the information relating to the processing of their own personal data in a clear and simple language.
In cases of the violation of personal data, the data subjects shall be informed of such breach in the presence of law requirements if such violation entails risks for their rights and freedoms.
The data subjectsare furthermore free to lodge complaints to the Company, andcontact the data protection officer or the judicial authorities to exercise their own rights and freedom in the processing of personal data. The legal rights and claims of the data subjects are not in any way limited by this policy.
Assignment of Data Processing Tasksand Data Transfer
If the personal data are processed by external processors or partners on behalf of 4 Flying Srl, suitable data protection measuresare taken according to the category, for example:
If the personal data are processed outside the EU or can be viewed outside the EU, this will occur only if guarantees are furnished to ensure the security of the processing, e.g. the undertaking of standard data protection clauses.
Security of data, assessment of the impact and technological design
We adopt suitable technical and organisational measures for the protection of personal data. These include, in particular, measures to guarantee the privacy, integrity and availability of personal data, including the resiliency of systems and services.
The risks for the rights and freedom of the persons concerned are taken into consideration in all the processing operations when the technical and organisational measures are selected. In cases of elevated risks, the processing is subject to a further control of the risks and measures.
Upon processing personal data, the principle observed is the “protection of data by means of pre-set technological designs for data protection" (data privacy by design/default), e.g. by means of pseudonymisation or reduction of personal data to a minimum. The technical and organisational measures are regularly reviewed in terms of efficacy and adopted according to needs, taking the stateoftheart into account. This likewise holds for the technical and organisational measures when suppliers of external services or partners are involved.
Data Protection Responsibility and organisation
4 Flying Srl is responsible for the application of the data protection norms. The company’s management creates the premises necessary for the implementation of the data protection requirement by the employees of the various departments. The principles and characteristics of the data protection management system of 4 Flying Srl are described thoroughly in the data Protection Guidelines.
All the data subjects may address 4 Flying Srlat its headquarters to request clarifications or information, and also to exercise their own rights. The related requests may be addressed to:
c/o 4 Flying Srlwith registered office in Viale Edison, 6 - 37059 Campagnola di Zevio (VR), Italy.
Email: [email protected]
Surfing in the site
The pages visited by the user may be sent to its terminal (usually the browser) by theso-called cookies, that is, small text strings that keep track of the user’s movements. The cookies may be used for various purposes: monitoring the sessions, memorising specific information, etc.
For details regarding the cookies used by 4 FLYING SRL Italia,kindly see the specific Comprehensive Information on Cookies.
Information to the persons concerned
The purposes, processing methods, persons to which the data received are communicated, and any other information useful to the data subject, are given in detail in the circular hereunder, drawn up for the purposes the Company pursues each time, in the framework of the services to which the same is authorised pursuant to the norms in force.
Information concerning personal data protection
The contents of this Circular were drawn up in conformity with the General Data Protection Regulation (EU Regulation 2016/679, hereinafterreferred to as "Privacy Regulation," consultable on the site of the Italian Data Protection Authority (DPA) www.garanteprivacy.it). The objective which 4 Flying Srl (hereinafterreferred to as 4 Flying Srl or the Company) intends to pursue is to ensure the best transparency with regard to how the Company processes Personal Data in such a way that will clarify how such data are collected and used and for what purposes the processing is performed, and that the data you furnish shall be processed with methods for the following purposes:
1. Subject of processing
The Data Controller, for the establishment of the current relationships with you, processes your personal, identification, contact and fiscal data (e.g. name, surname, corporate name, address, telephone, e-mail, bank and payment references, etc.).
b. Only after your specific and clear consent (Art. 7 GDPR), for the following marketing purposes:
3. Nature of data underwriting and consequences of refusal to respond
The underwriting of data for the purposes referred to in point 2.a is obligatory. Without it, we could not guarantee the relevant services.
The underwriting of data for the purpose referred to in point 2.bis instead optional. You may thus decide not to underwrite any data or subsequently deny the possibility to process data for such purposes; in such case you will not receive the newsletter, commercial communications and advertising material regarding the products offered by the Data Controller. However, you will continue to have the right to avail of the services referred to in point 2.a.
4. Processing methods
The processing of your personal data will be done by means of the operations indicated in Art. 4 no. 2 GDPR, and specifically by: collection, registration, organisation, structuring, retaining, adaptation or modification, extraction, consultation, use, communication through transmission, diffusion or any other form of disclosure, comparison or interconnection, limitation, and erasure or destruction of the data.
Your personal data are subjected to both paper, and electronic and/or automated processing.
The processing is performed by assigned operators and collaborators in the field of their respective functions and in conformity with the instructions received, always and solely for the achievement of the specific aims, scrupulously complying with the principles of privacy and security required by applicable norms.
5. Access to data
Your datamay be made accessible for the purposes referred to in point 2:
6. Communication of data
Without needing express consent (Art. 6 GDPR),the Data Controller may communicate your data for the purposes referred to in point 2.a Supervisory Bodiesand /or Judicial Authoritiesas well as all the other subjects to which the communication is obligatory by law for the fulfilment of the aforesaid purposes. Your data shall not be disseminated.
7. Data retention
All personal data given will be treated in compliance with the principles of legitimacy, correctness, pertinence and proportionality, only with the methods, also IT and telematics, strictly necessary for the pursuance of the aforementioned aims. In every case, personal data shall be kept for a period not longer than that strictly needed to achieve the aims indicated. Personal data that do not need to be kept in relation to the indicated scopes shall be cancelled or transformed into anonymous form. We highlight that the IT systems used for the management of information collected are configured, right at the start, in a way as to minimise the use of personal data.
What are the rights of the Data subjects?
The data subjects have the right to exercise at all times the following precise rights:
The data subject has the right to not be subjected to decisions based solely on automated processing, including the profiling, when the decision produces juridical effects which concern him or impact importantly on his/her person. In these cases, one may request human intervention in the decisional process. Such right cannot be applied when the decision is needed for the conclusion or execution of a contract with the Company or is authorised by law or is based on the explicit consent of the data subject.
In all cases of the data subject’s exercise of his/her own rights, the Company verifies beforehand the identity of the applicant so as to guarantee the confidentiality of information to be handled. No payment is foreseen, except in cases where the requests are manifestly ungroundedor excessive. In such cases the Company informs the data subjectbeforehand on the costs to be borne.
The requested fulfilment time, as provided by the Privacy Regulation, shall be at mostone month from the date of receipt. Such term may be extended by two months, if necessary, in consideration of the complexity and the number of requests, after information has been relayed to the data subject.
Right to lodge a complaint to a control authority
Who is the Data Controller?
The Data Controller, that is, the entity determining the purposes of the processing is 4 Flying Srl (hereinafter "4 Flying Srl" or "the Company") with registered office inViale Edison, 6 - 37059 Campagnola di Zevio (VR), Italy, Business Register of Verona F.C./VAT//No.: IT03744120233 - REA.VR-361776 which in its capacity as Data Controller keeps you informed pursuant to Art. 13 EU Regulation n. 2016/679 (hereinafter referred to as “GDPR”)
Who can the Data subject address?
If there is one assigned, the Data Protection Officer can be addressed at the headquarters of 4 Flying Srl, and to whom the requests of the data subject will be transmitted. The Officer can be contacted at 4 Flying Srlat the following address: c/o 4 4 Flying SrlLwith registered office inViale Edison, 6 - 37059 Campagnola di Zevio (VR) email: [email protected] The updated list of officers and persons tasked with processing is kept at the registered office of the Data Controller.
Can complaints be lodged directly to the Data Protection Authority?
The data subjects may present complaints to the Data Protection Authority for issues pertaining to the processingof their Personal Data by the Company. All information to this regard is available on the Authority’s site:www.garanteprivacy.it
Is processing performed for commercial purposes?
The Company may send commercial communications using the mail or mobile phone furnished by the Persons concerned for the purpose of direct sale of its own products or services analogous to those purchased. At any time, the Persons concerned are entitled to oppose the sending of such communications.
For the sending of further commercial communications, market research or surveys on customer satisfaction, the Personal Data may be processed only with the consent of the data subjects, with the option to revoke it any time.
In the presence of communications via mail, the revocation may come about through the specific link present in the mails sent. In any case consent may be revoked by writing directly to the Privacy Service, the addresses of which are given in this office circular.