Privacy Policy

Privacy Policy

pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR).

1. Data Controller

F&M Ingegneria S.p.A.
Via Belvedere 8/10, 30035 Mirano (VE), Italy
VAT No.: IT02916640275 – Share capital: € 334,841.00 fully paid-in
Tel: +39 041 5785711
Email: fm@fm-ingegneria.com

2. Categories of personal data processed

Navigation data

The IT systems and software procedures used to operate this website automatically acquire certain technical data during normal operation. Such data include: IP addresses, domain names, URI/URL of requested resources, time of request, HTTP method, response size, status code, and parameters of the client’s operating system. This data is processed solely for IT security purposes and anonymous statistical analysis, and is not linked to identified individuals.

Data provided voluntarily

Sending messages via the contact forms on this website or by email entails the collection of the sender’s email address and any other personal data included in the communication, solely for the purpose of processing the request.

Usage data and cookies

This website uses technical cookies and, subject to consent, analytical and profiling cookies. For full details on the types of cookies used, their purposes, third parties involved and management options, please refer to our Cookie Policy.

3. Purposes and legal basis of processing

Purpose Legal basis (Art. 6 GDPR)
Responding to contact requests and providing requested information Performance of pre-contractual or contractual measures (point b)
Anonymous statistical analysis of website traffic and service improvement Legitimate interests of the Controller (point f)
Behavioural analysis via third-party tools (e.g. Google Analytics 4), subject to consent Consent of the data subject (point a)
IT security, detection and prevention of unauthorised access Legitimate interests of the Controller (point f)
Compliance with legal obligations Legal obligation (point c)

4. Processing methods and data retention

Data is processed using IT tools, with technical and organisational security measures appropriate to the risks (Art. 32 GDPR). Data is stored on servers located within the European Union or in countries with an adequate level of protection recognised by the European Commission.

Retention periods are as follows:

  • Navigation data (access logs): maximum 12 months, unless longer retention is required for the investigation of unlawful acts.
  • Contact data: for the time strictly necessary to process the request, and subsequently for the period required by applicable legal obligations (generally 10 years for business communications).
  • Data processed on the basis of consent: until consent is withdrawn or the relevant purpose ceases to exist.

5. Data disclosure to third parties

Personal data may be disclosed to:

  • Technical and IT service providers acting as Data Processors pursuant to Art. 28 GDPR (e.g. hosting providers, analytics tools, email services), with whom the Controller has entered into data processing agreements.
  • Third parties whose integration has been accepted in advance by the user through the consent management platform (e.g. Google Analytics, Google Fonts).
  • Public, judicial or supervisory authorities, in cases expressly provided for by law.

Data will under no circumstances be sold or disclosed to unidentified third parties.

6. International data transfers

Some service providers used (e.g. Google LLC) involve transfers of personal data to the United States of America. Such transfers are carried out in compliance with the appropriate safeguards provided for by Arts. 45–46 GDPR, in particular:

  • An adequacy decision by the European Commission (EU–U.S. Data Privacy Framework, where applicable), or
  • Standard Contractual Clauses approved by the European Commission.

The Controller continuously updates its assessments in accordance with the guidance of the Italian Data Protection Authority (Garante) and the European Data Protection Board (EDPB).

7. Rights of data subjects

Data subjects may exercise the following rights against the Controller at any time:

  • Access (Art. 15 GDPR): obtain confirmation of processing and a copy of the data;
  • Rectification (Art. 16): correct inaccurate or incomplete data;
  • Erasure (Art. 17): obtain deletion of data (“right to be forgotten”);
  • Restriction of processing (Art. 18): in the cases provided for by the GDPR;
  • Data portability (Art. 20): receive personal data in a structured, machine-readable format;
  • Objection (Art. 21): object to processing based on legitimate interests;
  • Withdrawal of consent (Art. 7(3)): at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise these rights, please contact the Controller at: fm@fm-ingegneria.com

Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali – Piazza Venezia 11, 00187 Rome – www.garanteprivacy.it) or with the supervisory authority of their country of habitual residence.

8. Changes to this policy

The Controller reserves the right to update this policy at any time. Changes will be published on this page together with the date of update. In the event of material changes affecting the rights of data subjects, the Controller will take appropriate notification measures.

Last updated: May 2025