Information pursuant to art. 13, EU Regulation no. 2016/679 on the protection of individuals with regard to the processing of personal data

With this document, Fonda S.r.l. wishes to inform you that European Regulation no. 679 of April 27, 2016, and subsequent implementing provisions, provide for the protection of individuals (hereinafter referred to as “data subjects”) regarding the processing of their personal data, i.e., data that can directly or indirectly identify an individual.

Fonda protects the personal data of its customers, suppliers, and individuals from whom it receives personal data during its business activities in accordance with the provisions of EU Reg. 679/16 and the relevant implementing regulations.

Pursuant to Article 13 of the same Regulation, we particularly want to provide you with the following information.

  1. Identification details of the Data Controller

The Data Controller is the company Fonda S.r.l., VAT and tax code 02087650996, with registered office in Genoa, Corso Andrea Podestà, 1, and email address privacy@fondavision.com.

2. Types of data processed and purposes of processing

In general, the Controller processes common personal data for the purpose of performing services, including healthcare services, requested by the contractor or end user within the scope of its business activities. The Controller may also process health data necessary for the execution of the requested service or product (e.g., glasses, for which it is necessary to know the customer’s visual impairments and their severity).

The processing is carried out for the purpose of the Controller’s business activities, including, for example, the conclusion and execution of contracts, the supply of tools, materials, and services, administrative, accounting, and tax activities carried out within the production activity, and the acquisition, management, and better organization of human resources, for administrative, accounting, and tax activities carried out within the Controller’s activity to enable the data subject to enjoy tax benefits or other legal obligations, for the evaluation of the quality of the service provided, and, if the data subject has given their consent, for the promotion of the Controller’s commercial activities or the promotion and dissemination of commercial initiatives.

Legal basis for processing

The legal basis for processing is, alternatively and predominantly:

3. Processing methods

In relation to the above purposes, the personal data collected—possibly including photographic or video material—are subject to electronic and paper processing and will be processed by personnel specifically designated and instructed by the Controller, and then stored in suitable and specifically designated places.

The personal data collected by Fonda are not transferred to third countries, territories, international organizations, or entities outside the European Union, unless adequate protection measures are adopted in accordance with articles 25, 32, and 46 of EU Regulation 679/16 or unless the transfer is necessary in relation to a contract, pre-contractual activities, or legal action, or in other cases indicated by Article 49 of EU Regulation 679/16.

The collected personal data may be processed and organized using automated procedures and operational, analytical, or collaborative CRM applications. For the purpose of better managing its business activities, the Controller may use automated decision-making processes, excluding any profiling activities, as defined by EU Regulation 679/16.

Personal data—including video or photographic material—provided to Fonda by the data subject and any reviews made by the customer through social networks and other means of communication may be republished, even on analog media, or disseminated on social networks or other mass communication means for the purpose of promoting initiatives or activities carried out by the Controller.

4. Data retention period

If the reason for collecting the data is a contract or pre-contractual activities, or more generally, relationships with the customer or supplier, the provided data will be retained until the expiration of all rights exercised or potentially exercisable by the parties. Therefore, for 10 years after the conclusion of the service object of the contract or, in the case of disputes or communications after this period, for 10 years after the last communication between the Controller and the data subject.

If, on the other hand, the data is processed for the fulfillment of legal obligations or for legitimate interests of the Controller, it will be kept until the final fulfillment of the obligation or the final satisfaction of the legitimate interest.

If the legal basis for processing is exclusively the consent of the data subject (e.g., commercial newsletters), the data will be retained, taking into account the healthcare service performed and the end user’s interest in receiving updates on the service received, for no more than 5 (five) years from the date of giving consent.

The Controller periodically verifies the strict relevance and non-excessiveness of the data concerning the relationship, performance, or assignment to which they refer. Data that, as a result of the checks, are found to be excessive, irrelevant, or unnecessary are destroyed by deletion and subsequent physical destruction or wiping, except for any conservation, as required by law, of the act or document containing them.

5. Scope of communication and dissemination of data

The data is not subject to public disclosure. The data may be communicated to all subjects for whom the right of access to such data is recognized by regulatory provisions, to collaborators and employees, within the scope and limits of their respective duties, appointed to process the data, and to all individuals and/or legal entities, public and/or private, for whom communication is necessary to fulfill explicit legal, contractual, and non-contractual obligations. Additionally, the data may be communicated to the following prevailing categories of recipients:

Our employees are subject to specific confidentiality obligations regarding the processed data and are required to comply with the internal regulations specifically issued for this purpose. External collaborators processing personal data on our behalf, including companies and professionals whose advice and services we use, are subject to the obligations indicated in the appointment given to them under Article 28 of EU Regulation no. 679/16.

6. Rights under Articles 7, 15, 16, 17, 18, 20, 21, and 22 of Regulation (EU) 2016/679

We inform you that as a data subject, you have the right:

Prenota un appuntamento