Flou

 

PRIVACY POLICY

Information document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)

 

Why this information

Pursuant to Regulation (EU) 2016/679 (hereinafter, "GDPR"), this page describes how personal data are processed. This information is provided pursuant to Article 13 of GDPR and is not to be considered valid for other third-party websites that may be reached through links on this website, for which no liability is accepted.

 

Processable personal data

Personal data: any information related to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30 of GDPR).


1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT THEM?

The data controller is Flou S.p.A., with registered office in Milan, Via Tommaso Grossi 2, in the person of its pro-tempore Legal Representative, who may be contacted for any information by e-mail privacy@flou.it, or telephone No. +39 0362 3731.

Browsing data
The computer systems and software procedures in charge of this site’s operation acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or the domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) form addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (done, error, etc.) and other parameters concerning the user's operating system and computer environment.

Data supplied voluntarily by the user
L'The optional, explicit and voluntary dispatching of electronic mail to the contact addresses indicated on this site and/or the filling in of data collection forms entail the subsequent acquisition of the sender's address, necessary in order to reply to the requests, as well as of any other personal data entered in the message.

Information on the processing of personal data through social media platforms
As for the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information provided by them in their respective privacy policies. The Data Controller processes the personal data provided by the users through the pages of the dedicated Social Media platforms in order to manage the interactions with the users (comments, public posts, etc.) and in compliance with the regulations in force.

Specific information
Specific information may be provided on the pages of the Site with reference to particular services or processing of the data provided.

Cookies and other tracking systems. What are cookies? What are they used for?
As for Cookies and other tracking systems, please refer to the cookies policy in the footer of the site and the following link.


2. PURPOSE OF PROCESSING, LEGAL BASIS, PERIOD OF DATA RETENTION AND NATURE OF DATA PROVISION

Purpose of processingLegal basisPeriod of data retentionNature of data provision
A) Browsing this website.
The data necessary for using the web services are also processed with the aim of:
  • Obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.)
  • Checking the proper functioning of the services offered
The data may be used to ascertain liability in case of hypothetical computer crimes against the site
Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into consideration the reasonable expectations of the data subject and the activities that are strictly necessary for the operation of the site or for browsing it (Art. 6, par. 1 lett. f and C47 of GDPR). You can obtain, on request, information on the balancing test performed.Navigation data will be retained for the whole duration of the browsing session.The provision of data is necessary to browse the website.
B) Use of cookies and similar technologies.
Please, refer to the cookies policy in the site footer.
For non-technical necessary cookies and similar technologies, processing is based on consent to the processing of personal data (Art. 6 par. 1 lett. a and C42, C43 of GDPR). The consent is given through the site banner and cookies policy.Please, refer to the cookies policy in the site footer.Please, refer to the cookies policy in the site footer.
C) Any contact request or enquiry via the telephone contacts or e-mail addresses given.Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (C44) art. 6 par. 1 lett. b) of GDPR.6 monthsNecessary to take steps prior to entering into a contract.
D) Handling your requests pursuant to art. 15 et seq. of GDPR (rights of the data subject)Processing is necessary for compliance with a legal obligation of the data controller (C45). Art. 6 par. 1 lett. c) of GDPR 5 years from the closing of the request, subject to litigation.The provision of personal data is compulsory, as it is necessary for the fulfilment of legal obligations.

3. TO WHOM WILL PERSONAL DATA BE DISCLOSED?

Personal data are disclosed, also on the basis of the purposes of specific areas, to subjects who will process them by acting as independent Data Controllers, or Data Processors (art. 28 GDPR) and processed by natural persons (art. 29 GDPR) acting under the authority of the Data Controller and the Processors on the basis of specific instructions on the purposes and methods of processing, for specific purposes based on the area of reference. The data will be disclosed to the following categories of recipients:

The list of Data Processors can be obtained by writing to privacy@flou.it or to the other addresses above.


4. WILL DATA BE TRANSFERRED TO NON-EEA COUNTRIES?

Personal data will not be transferred to non-EEA countries. In particular, note that the data will be stored in Italy for the purposes of hosting, managing, developing and maintaining the site. All third parties to whom the data may be disclosed are based in Italy.


5. IS THERE AN AUTOMATED DECISION-MAKING PROCESS?

Personal data are subject to traditional manual, electronic and automated processing. Note that the decision-making process is not fully automated. Profiling, which may be carried out with the express consent of the data subject as stated in the purposes, will be performed through the intervention of the operator who processes the profile of the data subject and analyses their habits and consumption choices, in order to improve the data controller’s commercial offer and services (non-automated profiling).


6. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?

You may assert your rights as stated in art. 15 et seq. of GDPR, by contacting the Data Controller at the e-mail address privacy@flou.it, or at the contacts above. You have the right, at any time, to obtain access to your personal data (art.15), their rectification (art.16), their erasure (art.17), restriction of processing (art.18). The data controller shall (art. 19) communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed. The controller shall inform the data subject about those recipients if the data subject requests it. In the cases provided for, you have the right to the portability of your data (Art. 20), in which case they will be provided to you in a structured, commonly used and machine-readable format. You have the right to object (art.21), at any time, to the processing of your data based on legitimate interest, and in cases where the legal basis is consent, you have the right to withdraw the consent given, without prejudice to the lawfulness of the processing based on the consent given prior to the revocation. If you wish to stop receiving automated direct marketing communications (e-mail, SMS, instant messaging), please send an e-mail to privacy@flou.it with the subject line "unsubscribe from automated" or use our automatic unsubscribe systems for e-mails only (opt-out). If you wish to stop receiving traditional direct marketing communications (telephone calls by an operator and paper mail), please write an email to privacy@flou.it with the subject line "unsubscribe from traditional". If you wish to stop receiving marketing communications, please send an e-mail to privacy@flou.it with the subject line "unsubscribe marketing". You may revoke your consent to (non-automated) profiling by sending an e-mail to privacy@flou.it with the subject line "no profiling". If you believe that the processing of personal data carried out by the Data Controller is in breach of the provisions of Regulation (EU) 2016/679, you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in which you normally reside or work or in the place where the alleged breach of the Regulation has occurred (Privacy Guarantor), or to take appropriate legal action.


7. CHANGES TO THE POLICY

The Data Controller reserves the right to modify, update this policy or to add or remove parts of it. In order to facilitate the verification and modification of the text, the policy will contain the date of its updating.

Update date: 28 September 2021