Sources

Documents

Welcome to the website www.farfisa.com (hereinafter also referred to as the "Website").

This page provides information regarding cookies and other technologies used on the www.farfisa.com website, as well as the related processing of personal data.
In compliance with national and European data protection legislation, we respect and safeguard the privacy of visitors and users of the Website, making every reasonable and proportionate effort to avoid infringing their rights.

1. CONTACT DETAILS OF THE DATA CONTROLLER

ACI s.r.l. (hereinafter also referred to as “we”, the “Data Controller” or the “Controller”)
Via Ezio Vanoni, 3 · 60027 Osimo (An) · ITALY
C.F.: 00759300676
P. I.V.A.: 001309100426
T +39 071.7202038
Email: privacy@farfisa.com, info@farfisa.com
p.e.c.: acifarfisa@pec.farfisa.com

As the Data Controller falls within one of the cases outlined in the Guidelines of the Article 29 Working Party WP 243/17, a Data Protection Officer (DPO) has not been appointed at this time.

2. CATEGORIES OF DATA PROCESSED

On the website www.farfisa.com, we process browsing data provided directly by visitors.

3. WHAT ARE COOKIES?

Cookies are small strings of text that websites (so-called "publishers" or "first parties") visited by the user, or different websites or web servers (so-called "third parties"), place and store—either directly in the case of publishers, or indirectly through them in the case of third parties—on a terminal device under the user's control. This is done for technical, performance, statistical, or marketing/profiling purposes.

4. TYPES OF COOKIES AND COOKIES USED ON THE WEBSITE

4.1. From a subjective perspective, cookies are classified as follows:

• FIRST-PARTY COOKIES: These are installed on the user’s device by the operator of the website, acting as the Data Controller. In this case, the Data Controller is directly responsible for providing the necessary information and managing user consent.
• THIRD-PARTY COOKIES: These are installed on the user’s device by websites other than the one being visited, although through the latter. In such cases, the operators of those third-party websites are typically independent Data Controllers, while we act as mere technical intermediaries.

A common example, as found on most websites (including ours), is the inclusion of YouTube videos, Google APIs, the use of Google Maps, and social plugins such as Facebook and LinkedIn.

4.2. From the perspective of purpose, cookies are classified as follows:

• TECHNICAL COOKIES: Used to optimize website navigation and to enable the operator to provide the requested services. These can be further classified into:
  • a) Strictly necessary cookies: These are essential to allow navigation of the website and to ensure its proper functioning. They do not store personal information and are set in response to user actions (such as setting privacy preferences, user-centric security cookies used to detect authentication abuse, session cookies for media players—e.g., flash player cookies with session duration—and load balancing session cookies). These cookies cannot be disabled, and user consent is currently not required for their use (subject to the obligation of the Data Controller to provide appropriate information), insofar as the technical storage or access to the information collected by them is “solely for the purpose of carrying out the transmission of a communication over an electronic communications network (...)” (Art. 122 of Legislative Decree No. 196/2003).
  • b) Functionality Cookies: These allow the website to provide enhanced functionality and personalized settings (they are typically used to remember certain preferences and information—such as language, country of origin, selected products for purchase, data entered in forms, user-input cookies valid for a session, or persistent cookies limited to a few hours in some cases, authentication cookies used for authenticated services valid for a session, persistent cookies for UI customization valid for a session or slightly longer, and social plug-in sharing cookies for logged-in members of a social network). The technical storage or access to information by these cookies is also permitted without the need for consent, “to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide that service” (Art. 122 of Legislative Decree No. 196/2003).
  • Disabling and/or refusing the use of strictly necessary or functionality cookies will result in the inability to properly navigate the Website and/or the inability or difficulty in accessing services, pages, functionalities, or content available therein. The legal basis for the processing of data via these cookies is the legitimate interest of the Data Controller in ensuring the correct operation and display of the website across various devices.
  • c) Performance or Analytics Cookies: These allow the operator to access, detect, and collect statistical information in anonymous and aggregated form (such as the number of website visitors, how they use and interact with the website) in order to improve products and services. As clarified by the Italian Data Protection Authority, analytics cookies—which are used to monitor website usage by users for optimization purposes—may be treated as technical cookies if they are implemented and used directly by the first-party website (i.e., without third-party involvement). As regards third-party analytics cookies (e.g., Google Analytics), they may be considered equivalent to technical cookies (and thus installed without user consent) only if measures are implemented to reduce their identifiability (e.g., by masking significant portions of the IP address), and provided that their use is governed by contractual agreements between the website and the third party, which expressly bind the latter to use them solely for the provision of the analytics service. If these conditions are not met, we will obtain your consent before using such types of cookies.
  • Google Analytics: We would like to use Google Analytics on our Website to store anonymized information necessary for compiling reports on website usage and navigation. Although we act, as per the guidance issued by the Italian Data Protection Authority, as technical intermediaries with respect to the third-party provider (Google), we will, in the best interests of data subjects, seek user consent prior to enabling the installation of this cookie. We will only use this cookie without your consent if we are able to ensure that a reasonable level of uncertainty regarding the digital identity of the data subject can be maintained (for example, by masking at least the fourth segment of the IP address, a practice that introduces a degree of uncertainty in associating the cookie with a specific data subject equivalent to 1 in 256, or approximately 0.4%).
  • To prevent your data from being used by Google Analytics, we invite you to consult this link.
  • For greater transparency, the following links are provided: Google Analytics Terms of Service, page relating to data processing by Google Analytics and the page relating to privacy policy by Google Analytics.
• PROFILING COOKIES: (not active on this Website as first-party cookies) - These are used to associate specific actions or recurring behavioral patterns during the use of the functionalities offered (so-called patterns) with identified or identifiable individuals, in order to group various user profiles into homogeneous clusters of different sizes. This enables the delivery of increasingly targeted advertising messages, tailored to the preferences expressed by the user while browsing the web. For more information on such cookies, please visit the information page of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) regarding cookies
  Similarly, other tracking tools can be classified according to various criteria, the most relevant of which remains the purpose for which they are used—whether technical or commercial in nature.
  The legal basis for the processing of data by these cookies is the informed and specific consent of the data subject.

4.3. From the perspective of duration, cookies are classified as follows:

• SESSION COOKIES: These are automatically deleted when the browser is closed;
• PERSISTENT COOKIES: These remain stored on the user’s terminal device until a predetermined expiration date or until manually deleted by the user.

4.4. Cookies used on our website

Below is a list, for each type of cookie, indicating its name, whether it is first- or third-party, the purpose for which it is used, the link to the third party (if applicable), and its duration click here.

To manage, modify, or withdraw consent to data processing via cookies, please refer to the panel at the bottom of the site.

5. HOW TO DISABLE OR BLOCK COOKIES

In addition to the possibility to manage, grant, or refuse consent through the cookie manager that appears upon the first access to our Website and is always accessible in the footer of every page, visitors may disable cookies directly via their browser by following the relevant instructions. For your convenience and greater transparency, below are the links to the instructions for disabling cookies on the main browsers:

• Mozilla Firefox
• Microsoft Edge
• Safari
• Google Chrome
• Opera

If using a mobile device, please refer to its user manual to learn how to manage cookies.

For further information about cookies, including how to view those set on your device, manage, and delete them, please visit: www.allaboutcookies.org

6. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION AND DISCLOSURE OF DATA

Data collected through the use of cookies may be transferred to countries outside the European Union whose data protection level has been recognized as adequate by the European Commission pursuant to Article 45 of the GDPR.

Furthermore, personal data may be transferred abroad to non-European countries, in particular to the United States (by way of example and not limitation, Google, Facebook, LinkedIn, YouTube), subject to the execution of the Standard Contractual Clauses adopted/approved by the European Commission pursuant to Article 46(2)(c) and (d) of the GDPR, or on the basis of another lawful ground, such as, for example, the Data Privacy Framework.

A copy of the safeguards adopted may be obtained by submitting a written request to the Data Controller at the contact details provided in this Privacy Notice, together with a valid identification document.

Data collected through all other cookies will not be further disclosed.

7. SECURITY MEASURES

The Data Controller processes personal data based on the security obligations related to data processing pursuant to Article 32 of the GDPR. In order to ensure an adequate level of data protection aimed at mitigating the risk of improper or unlawful use of such data, technical and organizational measures have been implemented that comply with internationally recognized standards, including, by way of example, HTTPS protocols for browsing, encryption where possible, protection of IT systems through updated professional antivirus and firewalls, backup procedures, periodic changes of access credentials, continuous training, physical security measures for the storage of paper documentation, and appropriate supplier selection. The list of security measures is available at the Data Controller’s registered office.

8. LOCATION OF DATA PROCESSING

Navigation data will be processed, in the case of first-party cookies, through the servers hosting the website. Currently, the site is hosted on machines managed by an external company appointed as Data Processor, Life Color Communications, located in Moie di Maiolati, in Via Ariosto 12. Data processing may, however, also take place, with regard to each respective area of competence, at other entities (e.g., Facebook, LinkedIn, Google Maps, YouTube), specifically appointed as Data Processors (where required under the GDPR) or acting as independent Data Controllers. In some cases, data may be transferred outside the European Economic Area: this may occur, for example, where certain providers (e.g., Google) use servers located outside of said area. In any event, it is the responsibility of the Data Controller to select Providers who ensure that such transfer takes place only under at least one of the conditions set forth in Chapter V of the GDPR.

9. DURATION OF PROCESSING AND RETENTION PERIOD

The duration of cookies varies depending on their nature (persistent or session) and the provider; therefore, for accurate information on this matter, please refer to this panel.

10. EXERCISE OF RIGHTS BY THE DATA SUBJECT

Pursuant to Articles 13(2)(b) and (d), and Articles 15 to 22 of the GDPR, the data subject is informed that they may exercise the following rights free of charge:

• Right of Access: The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and, if so, access to such personal data and information regarding: the purposes of processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients are in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; where the data were not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
• Right to Rectification: The data subject has the right to obtain from the data controller the rectification without undue delay of inaccurate personal data concerning them. Considering the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement. The data controller shall communicate any rectification to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients upon request.
• Right to Erasure (“Right to be Forgotten”): The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or if the data subject withdraws consent and there is no other legal ground for the processing; or if the data subject objects to the processing for direct marketing or profiling purposes, including withdrawing consent; if the personal data were unlawfully processed; or if they relate to information collected from minors in violation of Article 8 of the GDPR. The data controller shall communicate any erasure to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients upon request.
• Right to Restriction of Processing: The data subject has the right to obtain from the data controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject for a period enabling the data controller to verify the accuracy; the processing is unlawful and the data subject opposes erasure and requests restriction instead; the data controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims; or the data subject has objected to processing pending verification of whether the controller’s legitimate grounds override those of the data subject. Where processing is restricted, such personal data shall only be processed—with the exception of storage—with the data subject’s consent or for the establishment, exercise, or defense of legal claims, or for the protection of another natural or legal person’s rights, or for reasons of important public interest. The data controller shall inform the data subject before the restriction is lifted. The data controller shall communicate any restriction to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients upon request.
• Right to Object: The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them which is carried out by the data controller based on public interest or the exercise of official authority, or for the legitimate interests pursued by the controller or third parties (including profiling). Additionally, where personal data are processed for direct marketing or commercial profiling purposes, the data subject has the right to object at any time to such processing.
• Right Not to Be Subject to Automated Decision-Making, Including Profiling: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except where such decision is necessary for entering into or performance of a contract between the data subject and the data controller; is authorized by law with appropriate safeguards; or is based on the data subject’s explicit consent.
• Right to Withdraw Consent Freely: Where processing is based on consent, the data subject has the right to withdraw their consent at any time freely and without charge. The lawfulness of processing based on consent prior to withdrawal shall not be affected.
• Right to Lodge a Complaint with the Data Protection Authority: The data subject has the right to lodge a complaint with the relevant supervisory authority, by following procedure published on official website of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
  Alternatively, the data subject has the right to lodge a complaint with another competent European privacy authority located in the place of their habitual residence or domicile in Europe, following the relevant procedures and guidelines. Any rectifications, erasures, or restrictions of processing carried out at the data subject’s request—unless this proves impossible or involves a disproportionate effort—will be communicated by the Controller to each recipient to whom the personal data have been disclosed. il Titolare may inform the data subject of such recipients upon request. In the case of requests for additional copies of the data made by the data subject, the il Titolare may charge a reasonable fee based on administrative costs. If the data subject submits the request by electronic means, unless otherwise indicated by the data subject, the information will be provided in a commonly used electronic format.

Requests shall be sent to the email address privacy@farfisa.com or to other contacts of the Data Controller published on the Website. A response will be provided within the legal timeframe (30 days, which may be extended by two months if necessary).

Last update: August 5, 2025

Data Controller: ACI s.r.l.