The FMTS Group, a corporate group of companies subject to the management and coordination of the parent company Formamentis S.p.A. pursuant to and for the purposes of Article 2359 of the Italian Civil Code (hereinafter the ‘FMTS Group’), has for years considered the protection of the personal data of its current and/or potential customers and users to be of fundamental importance and intends to ensure that the processing of personal data – carried out by any means, whether automated or manual – is carried out in full compliance with the protections and rights recognised by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and by the further applicable rules on the protection of personal data.
In particular, the FMTS Group, in pursuit of all its purposes, may become aware of or request personal data from you, such as your name and surname, e-mail address, telephone and postal addresses, tax code or VAT number, date of birth and other data that could make you identifiable. This information notice has therefore been prepared on the basis of the principle of transparency in order to contain all the elements required by Articles 13 and 14 of the Regulation and is divided into individual sections, each of which deals with a specific topic, in order to make reading quicker, easier and more intuitive.
1. DATA CONTROLLERS
The companies of the FMTS Group that will process your Personal Data autonomously or jointly, for one or more of the purposes as set out in the information notice provided during the collection of Personal Data, are the following:
- Formamentis S.p.A. Benefit Corporation, with registered office in Rome (RM), at via Barberini 67, 00187, VAT no. 04009110653;
- FMTS Experience S.r.l., with registered office in Pontecagnano Faiano (SA) at Via L. da Vinci 15, 84098, VAT no. 04044560656;
- FMTS Formazione S.r.l.,with registered office in Pontecagnano Faiano (SA) at Via L. da Vinci 15, 84098, VAT no. 04927890659;
- FMTS Lavoro S.r.l., with registered office in Pontecagnano Faiano (SA) at Via L. da Vinci 15, 84098, VAT no. 05731800651;
- Euformed S.r.l., with registered office in Tito (PZ) at Contrada Serra SNC – fraction at Tito Scalo, 85050, VAT no. 01904740766;
- Copi S.r.l., with registered office in Pontecagnano Faiano (SA) at Via L. da Vinci 15, 84098, VAT no. 01306850593;
- Literalia Formazione S.r.l., with registered office in Formia (LT) at Via O. Spaventola Snc, 04025, VAT no. 02568220590;
- Consulman S.r.l., with registered office in Torino (TO) at Corso Orbassano 336 – Torre C, VAT no. 06068820015;
- Consulservice S.r.l., with registered office in Torino (TO) at corso Orbassano 336, VAT no. 08077920018;
The aforementioned companies may act independently as data controllers as defined in Article 4(7) of the Regulation, or act as external data processors under specific agreements pursuant to Article 28 of the Regulation.
The data controller can be contacted via the following channels:
- by writing to the FMTS Group Privacy Office at the head office Company Formamentis S.p.A., at Via L. Da Vinci 15, Pontecagnano Faiano (SA) – 84098;
- by sending an e-mail to the e-mail box firstname.lastname@example.org to the kind attention of the FMTS Group Privacy Office;
- by phoning at the number 0828/370305 and asking at the Privacy Office of the FMTS Group.
2. PURPOSE OF PROCESSING AND LEGAL BASIS RELATED
The data processed are those provided by the data subject when signing pre-contractual and contractual documentation, visits or telephone calls, direct contacts for participation in events, meetings, mee- tings, conventions, etc., or those entered in forms or requests for information sent by e-mail.
Each Data Controller may process your Personal Data for the following Processing Purposes:
A) request of information:
the Data Controller, in order to fulfil your request for information made to it via the website, needs to process some of your Personal Data, as requested in the collection form and/or as spontaneously provided by you.
Processed data: name, surname, e-mail address, telephone number.
Legal basis and lawfulness of processing: pre-contractual legal basis pursuant to article 6 letter b) of the Regulation – the Processing of your Personal Data will be conducted by the Data Controller to respond to your request for information and will be legally based on the pre-contractual relationship between you and the Data Controller.
B) access to corporate offices:
the Data Controller, in order to allow you to access to the corporate offices, needs to process some of your Personal Data, as requested by the visitors’ identification officers and/or by the dedicated “Welcome App”.
Processed data: name, surname, e-mail.
Legal basis and lawfulness of processing: legitimate interest pursuant to Article 6 (c) and (f) of the Regulation – the Processing of your Personal Data will be conducted by Data Controller in order to protect its offices, business assets, employees and collab-orators.
C) purchase of products and/or services:
the Data Controller, in order to allow you to purchase its products and/or services, needs to collect some of your Personal Data, as requested in the subscription or purchase form.
Processed data: name, surname, address, telephone number, e-mail, bank details (credit card/PayPal).
Legal basis and lawfulness of processing: contractual legal basis pursuant to Article 6(b) of the Regulation – the Processing of your Personal Data will be conducted by Data Controller in order to enable you to receive the requested and purchased goods and will therefore be legally based on the contractual relationship between you and the Data Controller.
D) participation in events:
the Data Controller, in order to allow you to participate in the events it organises, needs to collect some of your Personal Data, as requested in the event registration form.
Processed data: name, surname, address, telephone number, e-mail.
Legal basis and lawfulness of processing: contractual legal basis pursuant to Article 6(b) of the Regulation – the Processing of your Personal Data will be carried out by the Controller in order to register you for the event and to guarantee your participation, and will therefore be legally based on the contractual relationship between you and the Controller.
E) participation in prize competitions, prize events or contests:
the Data Controller, in order to allow you to participate in a prize competition, a prize event or a contest organised by the Data Controller, needs to collect some of your Personal Data, as requested in the participation form.
Processed data: name, surname, address, telephone number, e-mail.
Legal basis and lawfulness of processing: contractual legal basis under Article 6(b) of the Regulation – the Processing of your Personal Data shall be carried out by the Controller in order to allow your participation in the competition, prize competition or contest and shall therefore be legally based on the contractual relationship between you and the Controller following your acceptance of the rules of the initiative.
F) execution of contractual documentation:
the Data Controller, in order to implement the contractual relationship between you and it, as well as the related fulfilments, needs to collect and process some of your Personal Data as requested within the individual contractual document.
Legal basis and lawfulness of processing: contractual legal basis pursuant to Article 6 b) of the Regulation – The Processing of your Personal Data will be carried out by the Controller in order to follow up the signing of the individual contractual document and will be legally based on the contractual relationship between you and the Controller.
G) Administrative and accounting tasks:
the Data Controller may process your data for the management of the accounts, as well as for invoicing in accordance with the requirements of the applicable legislation, or for the performance of other obligations laid down by laws, regulations and EU legislation.
Processed data: personal and fiscal data.
Legal basis and lawfulness of processing: the legal basis legitimising the processing of Data for this purpose is Article 6(c) of the Regulation and, therefore, a legal obligation to which the Data Controller is subject.
H) Exercise and/or defence of a right in court:
the controller may process your data to assert and/or defend its rights in court.
Processed data: contractual data.
Legal basis and lawfulness of processing: the legal basis legitimising the processing of the Data for that purpose is Article 6(f) of the Regulation, i.e. a legitimate interest of the controller.
I) direct marketing activities:
the Data Controller needs to collect some of your Personal Data in order to carry out its own promotional and/or marketing activities towards you. This category includes all activities performed to promote products and services sold and/or provided by the Data Controller.
Processed data: name, surname, e-mail, telephone number.
Legal basis and lawfulness of processing: consent of the data subject pursuant to Art. 6(a) of the Regulation – the Processing of your Personal Data will be carried out by the Data Controller and will be legally based on your free, express and unequivocal consent.
J) profiling activities:
in order to carry out profiling activities, i.e. the assessment of your tastes, preferences and consumption habits, also in connection with market surveys and statistical analyses, the Data Controller needs to process some of your Personal Data. This includes any form of automated processing of Personal Data for the purpose of evaluating certain Personal Data, such as, but not limited to, your professional performance, economic situation, personal preferences, interests, reliability, behaviour, location or movements.
Processed data: name, surname, e-mail, telephone number, interests and preferences.
Legal basis and lawfulness of processing: consent of the data subject pursuant to Article 6(a) of the Regulation – The processing of your Personal Data shall be carried out by the Controller and shall be based on your free, express and unambiguous consent, as a matter of law.
K) communication activities to third parties for marketing purposes:
the Data Controller has the right to disclose your Personal Data to third parties specifically identified and indicated in the notice provided, where necessary and required, so that such parties can process them for their own commercial and marketing purposes.
Processed data: name, surname, e-mail, telephone number.
Legal basis and lawfulness of processing: consent of the data subject under Article 6(a) of the Regulation – the Processing of your Personal Data will be conducted by the Data Controller and will be legally based on your free, express and unambiguous consent.
The contact methods used for direct, indirect and referral marketing activities may be either automated (e-mail) or traditional (telephone calls with operator). In any event, and as further specified below, you may object to the processing and/or revoke your consent, even partially, for example by consenting only to traditional contact methods.
With regard to the contact methods involving the use of your telephone contacts, we would like to remind you that marketing activities by companies will be carried out subject to verification of your possible registration in the Register of Objections, as established pursuant to and for the purposes of Presidential Decree no. 178 of 7 September 2010, as amended.
3. EXTERNAL DATA CONTROLLER
With a view to making specific processing activities more functional to its own interests and those of its customers/users, with regard to the management of the common database present on the CRM (Customer Relationship Management) platform of the FMTS Group, each company of the FMTS Group has appointed the parent company Formamentis S.p.A. Benefit Corporation as the data controller, with a specific written agreement in accordance with the provisions of Article 28 of the Regulation, which, for the common purposes of direct marketing and profiling, is called upon to manage the stages of recording, organising, storing, processing, selecting and extracting personal data of customers/prospects.
Your Personal Data may be disclosed to specific persons who are considered to be the recipients of such Personal Data, including natural or legal persons, public authorities, departments or other bodies receiving personal data, whether or not they are third parties.
4. SUBJECTS TO WHOM YOUR DATA MAY BE DISCLOSED
With this in mind, in order to properly carry out all the Processing activities necessary to pursue the purposes set out in this Policy, the Recipients who may be in a position to process your Personal Data are as follows:
- third parties carrying out part of the Processing activities and/or activities related and instrumental thereto on behalf of the Controller. Such parties have been appointed as data controllers, meaning the natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Data Controller;
- individuals, employees and/or contractors of the Controller, who have been entrusted with specific acts of Processing of Your Personal Data. Such individuals have been given specific instructions on the security and proper use of Personal Data and are defined as the persons authorised to process Personal Data under the direct authority of the Controller or Processor”;
- third parties carrying out processing and/or related and instrumental activities as autonomous data controllers, including – e.g. but not limited to – consulting companies, freelancers, credit institutions, insurance companies, third-party companies and/or members of the Group;
- companies with which the Controller has established collaborations by virtue of a contractual relationship.
Where required by law to prevent or suppress the commission of a criminal offence, your personal data may be disclosed to public bodies or judicial authorities, without these being defined as recipients. In fact, the regulation states that public authorities receiving communication of Personal Data in the context of a specific investigation conducted in accordance with the law of the European Union or of the Member States are not considered recipients.
The processing and storage of your personal data shall be carried out, in accordance with the provisions of the relevant legislation in force, for a period of time not exceeding that necessary to achieve the purposes for which they are processed, without prejudice to the ten-year period for the storage of civil law data only and the fulfilment of any other legal obligations. The data you provide for marketing and profiling purposes, on the other hand, will be stored for no longer than 2 years. Thereafter, your data will be deleted or anonymised and processed for aggregate and anonymous statistical analysis.
6. RIGHTS OF THE DATA SUBJECT
As provided for in the Regulation, you may exercise, at any time, towards the Data Controller the following rights:
Right of Access: you may obtain confirmation of the existence or non-existence of your personal data, even if not yet recorded, and request that such data be made available to you in a clear and comprehensible manner. It is your right to request information and, if applicable, a copy of your personal data:
a) the origin and category of your personal data;
b) the logic of use, if your information is processed by electronic means;
c) the purposes and methods of processing;
d) the identification details of the holder and the persons responsible;
e) the persons or categories of persons to whom your personal data may be disclosed or who may become aware of them;
f) the period for which your data are retained or the criteria used to determine that period, where possible;
g) the existence of an automated decision-making process, also with regard to profiling. In this case, you may request the logic used, the importance and the consequences for you;
h) the existence of adequate safeguards in the event of the transfer of your data to a non-EU country or an international organisation;
Right of Rectification: may obtain, without justifiable delay, the updating, amendment, rectification of your incorrect data or the supplementation of incomplete data, should you have an interest in doing so;
Right of Cancellation: you have the right to have your data deleted, blocked or, if possible, made anonymous:
a) if unlawfully processed;
b) if no longer necessary in relation to the purposes for which they were collected or subsequently processed;
c) where the consent on which the processing is based is withdrawn and no other legal basis exists;
d) if you have objected to the processing and there are no further legitimate reasons for continuing to use your data;
e) where required by law;
f) where they relate to minors. The Controller may refuse to delete your data in the event of:
a) exercise of the right to freedom of expression and information;
b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority;
c) reasons of public health interest;
d) archiving in the public interest, for scientific or statistical research purposes;
e) establishment, exercise or defence of a right in court;
Right to Limitation: may obtain the restriction of processing in the case of:
a) challenge the accuracy of the personal data, if he/she has not preferred to request its amendment, updating or rectification;
b) unlawful processing by the Controller to prevent its deletion;
c) exercise of your right in court;
d) verification of whether the legitimate motives of the Controller prevail over those of the data subject;
Right to Portability: has the right to receive, where the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format, the personal data concerning him/her that he/she has provided to us with his/her consent or under contract, in order to transmit them to another Controller or – if technically feasible – to obtain the direct transmission by the Controller to another Controller;
Right of Opposition: has the right to object at any time, in whole or in part:
a) the processing of personal data concerning you, for legitimate and compelling reasons relating to your particular situation;
b) the processing for marketing and/or profiling purposes, if carried out, of personal data relating to you (e.g. you may object to the sending of publicity material, direct sales, the carrying out of market research or commercial communications, through the use of automated communication systems without the intervention of a worker, by e-mail and through traditional marketing methods, by telephone and by post).
For all the cases mentioned above, if necessary, the data controller shall inform the third parties to whom your personal data are disclosed of the possible exercise of your rights, except in specific cases (e.g. when such fulfilment proves impossible or involves a manifestly disproportionate effort compared to the right protected).
The data subject has the right to lodge a complaint with the supervisory authority of the state of residence.
7. DATA TRANSFER
Data may be transferred outside the European Union, in particular to and from the United Kingdom, for reasons exclusively related to the provision of the service (e.g. work experience and job shadowing etc.). In this case, the FMTS Group will adopt appropriate safeguards, including the adequacy decisions and standard contractual clauses approved by the European Commission. In particular, transfers to and from the company TEEP LTD, which is part of the FMTS Group, will be made in accordance with the European Commission’s Adequacy Decision of 28 June 2021.
In order to facilitate relations between you and any Data Controller, the FMTS Group has decided to adopt and appoint a Data Protection Officer (DPO), as provided for in Articles 37-39 of the Regulation. The FMTS Group has, therefore, identified this figure in the person of Pietro Montella, lawyer, and may contact him at the following address email@example.com.
An up-to-date list of our data processors is available at the head office in Pontecagnano Faiano (SA) alla Via Leonardo Da Vinci 15.