Privacy Policy

WHEREAS

Are you R is a trademark that was born from an idea of 4 companies: Fimic, Filtec, Gamma Meccanica and Tecnofer with the aim of raising awareness and informing on the recycling of plastic. The 4 companies are responsible for the choice of the contents that are disseminated and the activities that carried out by the trademark.
Are you R is a registered trademark owned by FIMIC SRL. FIMIC SRL is the therefore the data controller of the data as described below

FIMIC SRL, with registered office in Via Ospitale, 54 – 35010 Carmignano di Brenta – (PD) ITALY, Italian Tax Code and VAT number 04785520281, duly represented by the legal representative, as Data Controller (hereinafter, “Controller”), hereby informs you, pursuant to arts. 13 and 14 of EU Regulation 2016/679 (hereinafter, “GDPR”) and in compliance with Italian Legislative Decree 196/03 (hereinafter, “Data Protection Code” as amended by Italian Legislative Decree 101/18), that your data will be processed using the following methods and for the following purposes:

1) Purpose of the processing
Having regard to the purpose of the site www.areyour.org proposed by our organisation, the Controller processes personal data that is able to identify an individual, but not in a detailed way, for example: name, surname, tax code, email, phone number (hereinafter, “personal data” or also “data”) communicated by yourself when requesting information and/or for communication initiatives and to raise awareness for the purposes indicated below. In general it DOES NOT process particular data, i.e. personal data able to reveal a person’s racial and ethnic origin, religious convictions, philosophical or other beliefs, political opinions, membership in political parties, trade unions, associations or organisations of a religious, philosophical, political or trade union nature, or the individual’s health status or sex life. (hereinafter, specific data).

2) Purpose and legal basis of the processing
Your personal data is processed:
A) Without your express consent, when the same arise from legal and/or contractual obligations (art. 6, lett. b, GDPR and as set out in Italian Legislative Decree 196/03), for the following purposes:
• To manage and maintain the services requested by the data subject and to contact the data subject to organise the requested services;
• Fulfil obligations envisaged by the law, a regulation, EC legislation or by an order from and Authority, including for Accounting and Tax purposes;
• Prevent or identify fraudulent activities or malicious use and/or for the purposes envisaged by current anti-money laundering legislation.
• Exercise the Controllers’ rights, e.g. the right to defence before courts.
• Availability of the data subject for information relating to information requests and to their management;
• Allow to subscribe to the services and to allow the sending of information requested by the data subject;
• For legitimate interests related to the commercial communications updating on the initiatives of our organisation.
• Allow registration with the website and/or Allow to respond to your queries through the contact page of the website;
• Manage and maintain the website;
• Prevent or discover fraudulent activities or malicious use of the website; For needs related to operation and maintenance, third party services used by the same may collect system logs, which are files that record interactions and that may also contain Personal Data, such as the IP address of the user.

B) Only subsequent to your specific and distinct consent (Article 7 of the GDPR and pursuant to Italian Legislative Decree 196/03), for the following Purposes
B.1 Data processing to improve services and not necessary for carrying out the operations indicated in point 2A, but aimed at improving the services requested, and in any case always obtained directly from the data subject. Requirements for the development of processes and services required by management systems and organisational models implemented, but not mandatory and not related to specific standards. The data will be used to speed up subsequent requests for services sent to our company.
B.2 Marketing and/or commercial nature: Send, via e-mail, newsletters, commercial communications and/or advertising material relevant to products or services offered by the company. Please note that if you are already a customer, we can send you commercial communications relating to services and products similar to those you have already used, unless you do not consent (Privacy Code). In order to send information, promotional, advertising and marketing material,

For other purposes, the Controller will be responsible to define specific information and relevant requirements for consent and/or integrations for the processing.

This policy does not include any processing by other parties that can be reached through any links on the website and for which it is necessary to refer to the specific policy.

3) Method and duration of processing
The processing of your personal data will take place through the operations indicated in the Italian Legislative Decree 196/03 and art. 4 n. 2) of the GDPR and, precisely: collection, registration, organisation, storage, consultation, elaboration, amendment, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of the data. Your personal data is subjected to paper, electronic and automated processing.

The Controller will process personal data for the time necessary to fulfil the aforementioned purposes and, in any case, for no more than 10 years from the termination of the relationship for the Purposes set out in point 2.A (except for other legislative requirements). For the purposes referred to in point 2B, instead, the Controller will process the data until your consent is revoked or after 5 years from the interruption of relations/communications with the data subject starting from the first collection of data.

Profiling: no data profiling will be carried out

4) Access to data
You can access your data at any time, simply by forwarding a request to the addresses indicated herein.

5) Communication of data
Your data may be made accessible and/or disclosed for the purposes referred to in art. 2.A) and 2.B):
Without prejudice to communications and dissemination carried out in compliance with legal obligations, the Controller may communicate your data, in Italy and/or abroad (as indicated in the following points) to:
• Employees and collaborators of the Controller, in their capacity of persons in charge of the processing and/or Data Processors and/or system administrators;
• Only for statistical purposes may the data be communicated to companies participating in the project referred to by the trademark “areyour”; but
• Technicians and/or collaborators for administrative, fiscal and accounting management and/or to fulfil specific legal obligations or for which external suppliers have been identified.
• Our network of agents; factoring companies; credit institutions; debt collection companies; credit insurance companies; commercial information companies for the services requested; professionals and consultants; companies operating in the transport sector; technicians and collaborators appointed to provide the requested services/products, to Supervisory Bodies, judicial authorities as well as to all the other subjects to whom communication is mandatory by law for the accomplishment of said purposes. Legal entities entrusted with the services referred to herein.
• Companies or other legal entities, qualified and appointed pursuant to art. 28 of Regulation 679/16, for support activities including: communication management and development, management and development of business processes and projects, communication and promotion systems, for storage of personal data. Access may be granted to third parties and associated companies, which provide services deemed necessary and/or useful by the Controller for the management of company activities and related support processes or that you have requested. Among the suppliers are IT system maintenance companies; credit institutions, professional firms, companies that provide services on IT systems/platforms deemed useful by the Controller, to companies that carry out outsourcing activities for the Controller, as External Data Processors.

6) Transfer of data
Your personal data will be managed and stored on servers located within the European Union belonging to the Controller and/or third parties duly appointed and nominated as Data Processors. Currently our internal servers are located in Europe. The data will not be transferred outside of the European Union. It is understood, in any case, that the Controller, where necessary, will have the right to move the server location to non-EU countries. In this case, the Controller hereby ensures that the transfer of data outside of the EU will take place in compliance with the applicable provisions of the law, executing, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses envisaged by the European Commission. We rely on cloud platforms for certain mailing or storage services, which can have servers outside of the EU, but the data is only temporarily deposited for the service required.

7) Mandatory or optional nature for provision of data and consequences of the refusal to reply
The provision of data for the purposes described in art. 2.A) is mandatory. In the absence of said data, we will not be able to guarantee the services described in point 2.A). The provision of data for the purposes described in art. 2.B) is optional.
Therefore, you can decide to not provide any data or to subsequently deny the possibility to process data already provided: in this case it will be impossible to receive commercial communications and advertising relevant to the Services offered by the Controller. In any case, you will continue to have the right to the Services described in art. 2.A).

8) Rights of the data subject
As the data subject, you have the rights set out in the Italian Legislative Decree 196/03 and arts. 15-22 of the GDPR and specifically, the right to:
A) Obtain confirmation as to whether or not personal data concerning you exist, regardless of their being already recorded, and communication of such data in intelligible form;
e) Obtain indication: of the origin of the personal data, the purposes and methods of processing; the logic applied should the processing take place using electronic instruments; generalities of the Data Controller, Data Processors and the appointed representative pursuant to the Data Protection Code and art. 3, subsection 1, of the GDPR; and parties or categories of parties to whom the personal data may be communicated or that can obtain knowledge of the same in their office as designated representative within the territory of the State, of processors or persons in charge;
C) Obtain: the updating, rectification or, where interested therein, integration of the data; the erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; the certification to the effect that the operations set out in art. 8 .A) and B) have been notified, as also related to their contents, to the parties to whom the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
D) Object, wholly or partially, on legitimate grounds, to the processing of your personal data, even though they are relevant to the purpose of the collection; to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for market research or commercial communications, using automated call systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It is noted that the data subject’s right to object, set out in point B), for direct marketing purposes through automated methods is extended to traditional methods and, in any case, without prejudice to the possibility for the data subject to exercise the right to object, even only partially. Therefore, the data subject can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, the data subject is also entitled to the rights described in arts. 16-21 GDPR (Right of rectification, right to be forgotten, right to data portability, right to object), as well as the right to lodge a complaint to the Supervisory Authority.

9) Method of exercising rights
You may exercise your rights at any time by sending:
• A letter by registered mail with acknowledgement of receipt to: FIMIC SRL, with registered office in Via Ospitale, 54 – 35010 Carmignano di Brenta – (PD) ITALY
• To the e-mail address info@fimic.it or certified e-mail address fimic@pecit.it

10) Minors
The services provided by the Controller are not intended for minors under 14 years of age and the Data Controller shall not intentionally collect personal data that refers to minors. In the event information relative to minors is involuntarily recorded, the Controller will promptly delete said information upon request by the users. In the event it becomes necessary to process data pertaining to minors, a specific request for consent and authorisation will be submitted to those with parental authority and/or responsibility (pursuant to art. 8 of Regulation 679/16).

11) Controller, processor and persons authorised to process the data
The Data Controller is FIMIC SRL – duly represented by the acting legal representative. The Data Controller can be contacted at the above-listed addresses The up-to-date list of Data Processors and Persons in charge of processing the data is kept at the Data Controller’s registered office.

12) Data Protection Officer
The role of Data Protection Officer (D.P.O.) is not applicable to our company.

13) Amendments to this policy
This policy may be subject to amendments. Therefore, it is recommended to regularly check this policy and refer to the most up-to-date version.