Internet Privacy Policy


Disclosure on processing of personal data pursuant to arts. 13-14 EU Regulation 2016/679


Persons affected: visitators or stakeholders.

FH SPA,  in its capacity as  Controller of the processing of your personal data, pursuant to and for purposes of EU Regulation 2016/679, hereinafter,  'GDPR', hereby  informs you that the above-mentioned legal framework provides for the protection of persons affected with respect to the processing of personal data and that such data processing will be inspired by principles of fairness, lawfulness, transparency and protection of your privacy and your rights.  


Your personal data will be processed in accordance with the provisions of the above-mentioned legal framework and the duties of confidentiality provided thereunder.

The company processes your personal data, inter alia, in the following circumstances:

-          If you contact us directly, for example, through our websites, via e-mail or telephonically through our direct line, in order to request information.

If you provide personal data on behalf of someone else, it is your responsibility, prior to doing so, to ensure that the Person affected has viewed this Privacy Disclosure. If your are younger than 16 years of age, we ask that you please refrain from providing any personal data to us.  

We request your  support in order to keep your personal data updated, by informing us of any changes to the same.

Purposes of the data processing: in particular, your data will be processed for the following purposes related to the fulfillment of formalities and requirements related to obligations:  the management of your e-mail address and/or your first name and last name in order to conduct commerical and corporate business operations.  


The processing of data necessary for fulfilling such obligations is necessary for the correct management of the relationship and the transmission of such data is mandatory in order to achieve the above-mentioned purposes. The Controller points out, moreover, that any failure to notify, or erroneous notification, of any of the mandatory data, may prevent the Controller from ensuring the congruousness of the data processing. 


Method of data processing. Your personal data may be processed exclusively using electronic computers/processors.  All data processing takes place in accordance with the procedures provided under arts. 6, 32 of the GDPR and by implementing the adequate security measures provided thereunder.

Disclosure: your data will be disclosed exclusively to competent persons who have been duly appointed to perform the services necessary to ensure a correct management of the relationship, guaranteeing the protection of the rights of the affected person. 

Your data will be processed solely by personnel who have been expressly authorized by the Controller and, in particular, by the following categories of personnel: Personnel who handle Internal Operational functions.

Your data may be disclosed to third parties who have been duly appointed by the Data Processors (Responsabili al trattamento), and in particular to the Internal Operational Functions.


Dissemination. The data will not be disseminated in any way whatsoever.


Period of preservation. Let us point out that, in accordance with principles of lawfulness, and the limitation of the purposes and minimization of the data, pursuant to  art. 5 of the GDPR, the period for which your personal data will be preserved is set at a period of time not to exceed that necessary to achieve the purposes for which they were collected and processed in compliance with the mandatory timeframes required by law.


Controller: the Controller of the data processing, pursuant to applicable Law, is Finaval spa, with registered office at: Via Regina Margherita 42, 00198 Rome Tel. +39-0645208.1 Tax Code – Companies Register of Rome – VAT Code 02596490827 in the person of its pro tempore legal representative.

You are entitled to obtain from the Controller the cancellation (“right to be forgotten”), limitation of, updating to,  rectification of, portability of, and to raise an opposition against the processing of personal data concerning you and, more generally, you may exercise all of the rights provided under arts.  15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.


EU Regulation 2016/679: Arts. 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the person affected

1. The person affected is entitled to obtain confirmation of whether or not personal data concerning him/her exist, even if they are not yet registered, and disclosure of the same in an intelligible form.

2. The person affected is entitled to obtain an indication of:

a. the origin of the personal data;

b. the purposes and methods of data processing;

c. the method applied in the event that the data processing is carried out using electonic devices;

d. the identity details of the data controller (titolare), the data processors (responsabili) and designated representative pursuant to article 5, paragraph 2;

e. the persons or categories of persons to whom the personal data may be disclosed or who may gain knowledge of the same in the capacity of designated represented in the territory of the State, or data  processors (responsabili) or delegated persons (incaricati).

3. The person affected is entitled to obtain:

a. an update to, the correction of, or, should he or she so desire, a supplementation to the data;

b. the cancellation, transformation into anonymous form or a block on the data processed in breach of the law, including data the preservation of which is not necessary for the purposes for which the data have been collected or are subsequently processed;

c. certification that the actions referred to in letters a) and b) have been brought to the knowledge, also as regards their contents, of those to whom the data have been disclosed or disseminated, except in the event that such formality turns out to be impossible or entails a use of means that is manifestely disproportionate with respect to the right protected;

d. the portability of the data.

4. the person affected is entitled to oppose, in whole or in part:

a. for legitimate reasons, the processing of personal data concerning him/her, even if pertinent to the purpose for which the data were collected;

b. the processing of personal data concerning him/her for purposes of mailing advertising or direct sales material or to perform market research or to make marketing/sales communications.



ITALIANO Utilizziamo i cookie, anche di terze parti, per assicurarti la migliore esperienza nel sito. Se prosegui nella navigazione acconsenti all’utilizzo dei cookie. Per saperne di più ed eventualmente disabilitarli, ENGLISH We use cookies to ensure that we give you the best experience on our website. Our website uses cookies, which could include also third party cookies, to send advertising that is relevant to you. By continuing your visit on the website, you consent to the use of the cookies. If you want to find out more about the cookies we use and how to disable them, To find out more about the cookies we use and how to delete them, see our privacy policy.

I accept cookies from this site.
EU Cookie Directive plugin by