Privacy Policy

Privacy Policy 

The purpose of this privacy policy is to provide all the information on the processing of personal data carried out by FoolFarm S.p.A. when the user navigates the website (as better indicated below).

1. INTRODUCTION - WHO ARE WE? 

FoolFarm S.p.A. with registered office in Milan - Via Paolo Da Cannobio, no. 2, Tax Code/VAT No. 11331520962 and registration number with the Companies' Register of Milan MI2595513 (hereinafter, "Owner"), owner of the website www.foolfarm. com (hereinafter, the "Site"), as the owner of the processing of personal data of users browsing the site (hereinafter, "Users") provides below the privacy policy pursuant to Article 13 of the EU Regulation 2016/679 of April 27, 2016 (hereinafter, "Regulation", or "Applicable Legislation").   

2. HOW TO CONTACT US? 

The Owner holds in the highest regard the right to privacy and protection of personal data of its Users. 

Users may contact the Owner at any time using the following methods:  

• By sending a registered letter with return receipt to the Holder's registered office in Milan - Via Paolo da Cannobio n. 2;
• By sending an e-mail message to: info@foolfarm.com; 

Users may also contact the Data Protection Officer (DPO or DPO) of the Data Controller, whose contact details are as follows: Shibumi S.r.l., in the designated person of Ms.Giulia Sala, e-mail dpo@foolfarm.com.

3. WHAT WE DO. - PURPOSE OF PROCESSING  

Through browsing the Site, the User can stay up-to-date regarding the services and activities developed by the Owner (hereinafter, "Service"). In connection with the activities that may be carried out through the Site, the Owner collects personal data related to Users. 

This Site and any services offered through the Site are restricted to individuals who are eighteen years of age or older. Therefore, the Owner does not collect personal data relating to individuals under the age of 18. Upon the request of Users, the Owner will promptly delete all personal data unintentionally collected relating to individuals under the age of 18.

Users' personal data will be lawfully processed by the Controller for the following processing purposes: 

1. provision of the Service, i.e. to enable the User's navigation of the Site. The User's data collected by the Data Controller for this purpose include all personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and software procedures used to operate the Site acquire in the course of their normal operation: the IP addresses or domain names of the computers used by Users, the addresses in URI(Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters related to the User's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to allow it to function properly. Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances will the Data Controller make Users' personal data accessible to other Users and/or third parties;
2. legal obligations, i.e., to fulfill obligations required by law, authority, regulation or legislation, and for the establishment of liability in the event of hypothetical computer crimes against the Site.

The provision of personal data for the above processing purposes is optional but necessary, as failure to provide it will result in the User being unable to access the Site and use the Service. 

4. LEGAL BASIS. 

Provision of the Service (as described by par. 3, lett. a) above): the legal basis consists in art. 6 paragraph 1 lett. b) of the Regulations, i.e. the processing is necessary for the performance of a contract to which the User is a party or the execution of pre-contractual measures taken at the User's request. 

Legal obligations (as described by para. 3(b) above): the legal basis consists of Art. 6(1)(c) of the Regulations, as the processing is necessary to fulfill a legal obligation to which the Data Controller is subject.  

5. DATA PROCESSING METHODS AND RETENTION TIMES  

The Data Controller will process Users' personal data using manual and computerized tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data. 

The personal data of Users will be kept for the time strictly necessary to fulfill the primary purposes (as described in paragraph 3 above), or otherwise as necessary for the protection in civil law of the interests of the Owner and Users. 

6. SCOPE OF DATA COMMUNICATION AND DISSEMINATION 

The User's personal data may be transferred outside the European Union and, if so, the Controller will ensure that the transfer is made in accordance with Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulations. 

The personal data of the Users may come to the knowledge of the employees and/or collaborators of the Controller in charge of managing the Site. These individuals, who have been instructed to do so by the Owner in accordance with Article 29 of the Regulations, will process Users' data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Regulations. 

Users' personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller as Data Processors pursuant to Article 28 of the Regulations, such as, without limitation, providers of IT and logistics services functional to the operation of the Data Controller's Site, providers of outsourced or cloud computing services, professionals and consultants. 

The User has the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller in the manner indicated in paragraph 7 below. 

7. RIGHTS OF INTERESTED PARTIES 

The User may exercise the rights guaranteed by the Applicable Regulations at any time by contacting the Owner in the following ways: 

• By sending a registered letter with return receipt to the Holder's registered office in Milan - Via paolo da Cannobio, no. 2;
• By sending an e-mail message to: info@foolfarm.com.

Users may also contact the Data Protection Officer (DPO or DPO) of the Data Controller, whose contact details are as follows: Shibumi S.r.l., in the designated person of Ms.Giulia Sala, e-mail dpo@foolfarm.com.

Pursuant to the Applicable Regulations, the User has the right to obtain information on (i) the origin of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) the identification details of the data controller and data processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as data processors or persons in charge of processing. 

In addition, the User has the right to obtain: 

(a)access,updating, rectification or, when interested,integration of data; 

(b) the cancellation, transformation into anonymous form or limitation of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; 

c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the protected right. 

As well as: 

(a) the right to withdraw consent at any time if the processing is based on your consent; 

(b) (where applicable) the right to data portability (the right to receive all personal data concerning him or her in a structured, commonly used, machine-readable format); 

(c) the right to object: 

(i) in whole or in part, for legitimate reasons to the processing of personal data concerning him/her, even if relevant to the purpose of collection; 

ii) in whole or in part, to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication; 

(iii) where personal data are processed for direct marketing purposes, at any time, to the processing of the data carried out for that purpose, including profiling insofar as it is related to such direct marketing. 

d) if the User believes that the processing concerning him/her violates the Regulations, the right to lodge a complaint with a Supervisory Authority (in the Member State where he/she normally resides, in the Member State where he/she works or in the Member State where the alleged violation occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, based in Piazza Venezia, n. 11, 00187 - Rome (RM)(http://www.garanteprivacy.it/). 

_____________ 

The Owner is not responsible for updating all links displayed in this policy; therefore, whenever a link is not working and/or updated, the User acknowledges and agrees that he/she must always refer to the document and/or section of the websites referred to by that link.