Privacy policy

Personal Data Processing

FBF S.p.A. (hereinafter FBF) as the Data Controller of personal data, informs you that access to its website, and/or any request for information or services, requires you to provide personal data, which will be processed in full compliance with the European General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR).This privacy statement informs users in advance about the processing methods necessary for the use of some areas of FBF websites.

In accordance with the aforementioned law, such processing will be based on principles of correctness, lawfulness, and transparency, protecting your privacy and your rights.


Data Controller and Data Processors

The Data Controller is FBF, with registered office in Via Degli Artigiani, 26014 Romanengo (CR).

The complete list of data processors is available upon written request to the Data Controller.


Purposes of data processing and legal basis.

Depending on the needs expressed on each occasion by the user who accesses the various sections of the website (except in the case of special regulations and privacy statements for individual operations that may involve the provision of specific personal data, as published on the site), the purposes for which the processing of personal data is required are laid out below, i.e. data provided directly by the user who fills in online forms or for the purposes of direct access, via links, to the FBF e-mail address regarding the service requested, or data acquired automatically through browsing (see the following section “Categories of personal data subject to processing”) (hereinafter, “personal data”):

  1. to respond to user requests regarding FBF services and/or products;

Legal basis of the processing: execution of a contract to which the user is a party or to execute pre-contractual measures adopted upon the request of the user (Art. 6(1)(b) of the Regulation).


Methods of processing.

Data processing means any operation or set of operations, performed with or without the use of electronic or automated means, concerning the collection, recording, organisation, storage, processing, modification, extraction, comparison, use, communication, dissemination, interconnection, blocking, deletion, destruction and/or selection of the data.

Personal data will be processed in a mainly automated manner but also on paper, for uses strictly related to the aforementioned purposes, using the data base and electronic platforms managed by FBF or by third parties appointed as data processors (for an updated list the user can contact the Data Controller at the address indicated) and/or integrated IT systems and/or websites owned or used by FBF.
The Data Controller has taken appropriate security measures to protect users against the risk of loss, misuse, or alteration of the data. In particular, it has adopted the measures referred to in Art. 32 of EU Regulation 679/2016; it also uses the secure data transmission protocol known as HTTPS, and it stores users’ data on server sites in European territory. The servers are subject to an advanced daily backup and disaster-recovery system.


Duration of processing

The data provided by means of the website or e-mail addresses of the same domain are saved for the time required to fulfil the purposes, which is to say:

  • 1) For the purpose of requesting information: depending on the type of request, for the time required to comply with the regulatory obligation of conservation and/or for any legal requirements.

For further information, please contact the Data Controller.


Place of processing

Personal data are mainly processed on the premises of the Data Controller in Via Degli Artigiani, 26014 Romanengo (CR) and in the places where the data processors are located. The servers that host the web services provided on this website are outsourced to an external company that has been appointed as data processor and that is located on Italian territory.

For further information, please contact the Data Controller by e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. or by writing to the office indicated.


Nature and methods of providing users’ personal data

The provision of personal data is optional, but for some personal data it is required (i.e. necessary for those fields that are highlighted during insertion, or otherwise marked as mandatory) so that FBF can satisfy the needs of the user with regard to website operations. Failure to provide personal data, or the partial or incorrect provision of personal data required for provision of the service requested, will make it impossible to provide the service; while failure to provide optional data, or the partial or incorrect provision of optional data will have no consequences.
Personal data may be provided by filling in the fields of the forms in the various sections of the website or by sending requests via e-mail where provided for.


Categories of personal data subject to processing.

In addition to the personal data provided directly by users when connecting to the website (such as, but not limited to, first name, surname, postal address, and e-mail address), the computer systems and software procedures used for running the website may provide and/or automatically and indirectly acquire some information that may constitute personal data, the transmission of which is implicit in the use of Internet communication protocols (such as, but not limited to, so-called cookies (as specified below), IP addresses, domain names of the computers used by users connecting to the website, URL addresses of the requested resources, the time the request is made to the server, and browsing history on the site.


Categories of subjects who may be gain knowledge of the users’ personal data

Personal data may be made available to employees or collaborators of the Data Controller who, operating under the direct authority of the latter, process data and are appointed as data processors in accordance with Arts. 24-29 of Reg. (EU) 2016/679 or system administrators, who will receive special operational instructions from the Data Controller in this regard. The same will hold true – from the data processors appointed by the Data Controller – for the employees or collaborators of the data processors.

Personal data may also be made available to the data processors, who are appointed by the Data Controller as third-party companies or other subjects (for example, but not limited to, those who are entrusted with assistance, communication, promotion and sales of products and/or services, IT service providers, website managers, electronic platform managers, and partners) that perform outsourced operations on behalf of FBF.


Area of communication or dissemination of users’ personal data

Personal data will not be communicated to third parties, other than to companies in the Group and external companies that perform specific tasks for the undersigned company and that have been appointed as data processors. Personal data will not be released.


Transfer of users’ personal data outside the EU

Personal data communicated to FBF will not be transferred to countries outside the EU.

Any transfer of personal data that may be made in future to non-EU countries will be based exclusively on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission or verification of the registration of external data processors within the framework of the “Privacy Shield” system.



The site contains virtually no information targeted directly at minors. Minors must not provide information or personal data to FBF.


Users’ rights

As interested parties, users can exercise their rights in accordance with Articles 15-21 Reg. EU 2016/679.

In particular:

  • The right of access: to obtain confirmation or otherwise of personal data concerning you and to obtain access to such data and to specific information (e.g. processing purposes, categories of data involved, recipients to whom the data will be communicated);
  • The right to rectification: to obtain the correction of inaccurate data concerning you, without undue delay. In this case, the Data Controller is obliged to communicate the correction to all the recipients to whom the data has been transmitted, unless this involves a disproportionate effort;
  • The right to deletion of data: to obtain the deletion of data concerning you without undue delay. The Data Controller is obliged to delete the data without undue delay if there are particular reasons (e.g. personal data are no longer required for the purposes for which they were collected; if the data subject revokes his or her consent; if they are to be deleted due to a legal obligation, etc.). In this case, the Data Controller is obliged to communicate the deletion to all the recipients to whom the data has been transmitted, unless this involves a disproportionate effort;
  • The right to limit processing: the Data Controller may be instructed to restrict the processing of data, for example, to storage only, to the exclusion of any other use, under certain circumstances (e.g. if the processing is illegal and the data subject opposes the deletion of data; if the data subject disputes the accuracy of the data, within the limits of the period for the verification of accuracy, etc.). In this case, the Data Controller is obliged to communicate such restriction of processing to all recipients to whom the data has been transmitted, unless this involves a disproportionate effort;
  • The right to data portability: to obtain the return of personal data provided and to transmit them to others, or to request that they be transmitted from one controller to another, if technically feasible;
  • The right to object: to object to the processing at any time for purposes of public interest or for legitimate interest; for marketing purposes; for scientific, historical or statistical research purposes.

Interested parties can submit a complaint to the Italian Data Protection Authority ( if necessary, or simply ask for information about the exercise of their rights as recognised by Reg. EU 2016/679.


Use of cookies

Cookies are lines of text that act as information markers sent by a server (in this case, the server of this website) to a user’s device (usually an Internet browser) when they access a given page of a website; cookies are automatically stored by the user’s browser and re-transmitted to the server that generated them whenever the user accesses the same Internet page. Like this, cookies may, for example, allow and/or facilitate access to some Internet pages to improve the user’s browsing experience, which is to say they allow the pages visited to be stored, together with other information, such as the pages that are viewed most frequently, connection errors, etc. For simple and complete use of this website, you are therefore advised to configure your browser to accept these cookies.
Browsers are often set to accept cookies automatically. You can however change the default configuration, so as to disable or delete cookies (each time or once and for all), though this means that optimal use of some areas of the website might be rendered impossible. You can also check the methods and types of cookies stored on your browser by changing the cookie settings on your browser.


Types and management of cookies used by our website:

Our website uses the following categories of cookies:

  1. Technical cookies:
    1. Strictly necessary cookies: are required for navigation on a website and for using its functionalities, for example to enable correct viewing or to gain access to restricted areas (if present).
      Therefore, if you disable these cookies you will not be able to use these functions.
    2. Performance cookies:collect information on the efficiency of a website’s responses to users’ requests in an anonymous form, for the sole purpose of improving the functionality of the website; indicating, for example, which pages are most frequently visited by users, and whether there have been errors or delays in the display of web pages.
    3. Third-party cookies: are used and configured to collect anonymous information on how the website is used, with the aim of improving its efficiency and/or for statistical purposes (Google Analytics with anonymised IP). With these settings, this type of cookie is equivalent to a technical cookie.

Google Analytics with anonymised IP (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google collects personal data for the purpose of tracking and examining the use of this application, compiling reports and sharing them with other services developed by Google.

Google may use the personal data to contextualise and personalise the advertisements on its own advertising network.

FBF uses this integration of Google Analytics, which makes the user’s IP address anonymous. Anonymisation works by abbreviating users’ IP addresses within the borders of the member states of the European Union or in other countries participating in the agreement in the European Economic Area. Only in exceptional cases, the IP address will be sent to Google’s servers and abbreviated in the United States.

Personal data collected: Cookies and usage data. Place of processing: USA.

You can receive information on the processing of your personal data by Google Analytics at the following address:; For further information about the IP anonymisation feature of Google Analytics please see:


Opt-out for cookies

The regulations governing personal data protection require the user to authorise the use of cookies (“opt-in”) by continuing to browse after reading the window with the notice on the use of cookies. The user can also disable cookies already provided (“opt-out”). The opt-out can be used for so-called technical cookies (Art. 122 of the Code), as well as for cookies that do not fall under the heading “technical cookies” (“targeting cookies” and “cookie analytics”) previously accepted (“opt in”) by the user (if present).
As provided by this distinction, the user may disable and/or delete the cookies (“opt-out”) by changing the relevant settings on their browser and disabling and/or deleting individual non-technical cookies by accessing the following websites:

  1. to disable Google Analytics
  2., a website run by the European Interactive Digital Advertising Alliance (EDAA), for the deletion of other cookies in the case of users based in the European Union,
  3. delete other cookies in the case of users in the United States of America. These sites are not managed by FBF, which therefore assumes no responsibility with regard to their content.


How to enable or disable cookies on your browser:

You can prevent acceptance of cookies by your browser. However, this operation may make access to certain features or pages of the website less efficient or even impossible. Below we indicate the methods offered by the main browsers to prevent acceptance of browsing cookies:

Internet Explorer: 


Links to third-party websites.

FBF is not responsible for the policies applied by sites to which it provides links, nor for the information or content they contain. Links to other sites are often present solely for the purpose of providing further information and/or more detailed information on certain topics that may be useful to users. Please note that when you follow a link from our site to another site, our privacy policy is no longer applicable on that site. Browsing and interacting with other sites, including sites linked to ours, is subject to the rules and policies of such sites. Please carefully read the rules and policies they contain before proceeding. Any risk entailed in navigating sites owned by third parties is entirely yours. Links to third-party sites, or to any third-party product, publication process, service or offer, does not constitute or imply approval or recommendation by FBF of such products or services.


Date of Data Protection Notice:


08 May 2018