Information policies on the processing personal data for Customers and Partners

Version 1 | Last update on 03/2025

Pursuant to Articles 13 and 14 of the EU Regulation 2016/679 (hereinafter, the “Regulation”), also known as GDPR, Fabrick S.p.A. (hereinafter, the “Data Controller”) provides you with the following information regarding the characteristics of the processing it carries out on your personal data.

1) Who is the Data Controller of your personal data?

The Data Controller of your personal data is Fabrick S.p.A. with its registered office at Piazza Gaudenzio Sella, n. 1, 13900 Biella (BI), Italy.

2) How can you contact the Data Protection Officer?

The Data Protection Officer (hereinafter, “DPO”) can be contacted at the following details:

Postal address: Piazza Gaudenzio Sella, n. 1, 13900 Biella (BI) - DPO;
Email address: privacy@fabrick.com

3) What categories of personal data are processed, and what are the data sources?

The processing concerns your personal data, belonging to the categories detailed below, in your capacity as:

a) Customer or Partner (or legal representative of the company or sole proprietor or freelancer), with reference to the following categories of data:

Personal, contact, and contractual data (e.g., name, surname, tax code, VAT number, residence, ID document, company affiliation details, email address, phone number, PEC, registered office, and administrative office);
If invoicing is required, data revealing financial information (e.g., payment account details).

b) Employee or business collaborator of the customer or partner, acting as a contact for specific activities (e.g., communication recipient, administrative contact, technical contact), with reference to the following categories of data:

Personal, contact, and contractual data (such as: name, surname, email address, phone number).

The data mentioned above is personally provided by you to the Data Controller or has been acquired in the context of corporate operations (e.g., mergers, acquisitions).

4) For what purposes are the data processed, and what are the legal bases?

The processing of your personal data is carried out by the Data Controller for the following purposes:

a) To sign the contract and execute the relationship, as well as ensure everything necessary for its execution (in particular, for contract registration, communication and correspondence management, carrying out the activities provided for in the contract).

The processing referred to in point a) is carried out as it is necessary for the execution of the contract or pre-contractual measures adopted at your request, pursuant to Article 6, paragraph 1, letter b) of the Regulation. Providing the data is necessary, and failure to provide one or more data will make it impossible to establish the relationship.

b) To comply with obligations set forth by law, including, for example but not limited to, accounting, tax obligations, and complaint management.

The processing referred to in point b) is carried out to comply with legal obligations to which the Data Controller is subject, pursuant to Article 6, paragraph 1, letter c) of the Regulation. Providing the data is mandatory, and failure to provide one or more data will prevent the establishment of the relationship as it would prevent the Data Controller from fulfilling legal obligations.

5) Who may your personal data be communicated to?

Your personal data may be accessed by authorized personnel of the Data Controller, based on their work responsibilities, or by entities acting as processors – specifically appointed pursuant to Article 28 of the Regulation – or independent data controllers. The categories of recipients involved include:

Public authorities in cases of legally required communications, supervisory authorities and bodies (e.g., Chamber of Commerce);
entities handling the audit and certification of the Data Controller’s financial statements;
companies providing software for customer and supplier registration and invoicing;
entities supporting customer assistance activities;
third-party companies supporting the Data Controller in the development and improvement of services;
companies supplying customer relationship management (CRM) software;
entities managing debt collection or providing professional consultancy and tax/legal assistance, or investigative activities in case of contractual non-compliance.

6) Can your personal data be transferred to countries outside the European Economic Area?

To pursue the above-mentioned purposes, the Data Controller may transfer your personal data outside the European Economic Area (e.g., to the United States). Transfers will occur only to third countries recognized by the European Commission as providing an adequate level of protection, or in the presence of adequate safeguards, such as the Standard Contractual Clauses adopted by the European Commission or specific exemptions provided by the Regulation.

7) For how long will your personal data be retained?

The data will be processed for as long as necessary to pursue the purposes for which the data was collected and/or provided. In particular, the data will be processed and retained for the entire duration of the contractual relationship and subsequently retained for 10 years from the termination of the contract in accordance with the applicable legal requirements (e.g., accounting and tax obligations).

After the retention period, personal data will be deleted or kept in a form that does not allow identification, unless the data processing is necessary for one or more of the following purposes:

Resolution of pre-litigation and/or litigation initiated before the expiration of the retention period;
Follow-up on investigations/inspections by internal control functions and/or external authorities initiated before the expiration of the retention period;
Compliance with requests from Italian and/or foreign public authorities received/notified to the Data Controller before the expiration of the retention period.

8) What are your rights?

You are informed that, as a data subject, you can exercise the following rights regarding the processing of your personal data:

Right of access: the right to obtain confirmation from the Data Controller whether or not your personal data is being processed, and, if so, to access the data (subject to not infringing the rights of others);
Right to rectification: the right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the completion of incomplete personal data, including by providing an additional statement;
Right to erasure ("right to be forgotten"): the right to obtain from the Data Controller the erasure of your personal data without undue delay, where, for example but not limited to:
1. Your personal data is no longer necessary for the purposes of processing;
2. The consent on which the processing is based has been withdrawn and there is no other legal basis for processing;
3. Your personal data has been processed unlawfully;
4. Your personal data must be erased to comply with a legal obligation;
Right to restriction of processing: the right to obtain from the Data Controller the restriction of processing, where:
1. The accuracy of your personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such data);
2. The processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use;
3. Personal data (although no longer necessary for processing) is required by you for the establishment, exercise, or defense of legal claims;
4. Verification is underway as to whether the legitimate interests of the Data Controller override your interests, rights, and freedoms in case you have exercised the right to object as set forth below;
Right to data portability: the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit such data to another data controller, applicable when processing is based on consent or a contract and only for data processed via electronic means;
Right to object to processing: You have the right to object at any time to the processing of your personal data based on the legitimate interest of the Data Controller, unless the Data Controller demonstrates the existence of compelling legitimate grounds for processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. You also have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling to the extent related to such marketing;
Right to withdraw consent: you can manage and/or withdraw your consent for specific activities (e.g., marketing and/or profiling), provided that the processing carried out before the withdrawal remains lawful;
Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, if you believe that the processing of your data violates the Regulation, you have the right to lodge a complaint with the supervisory authority in the EU member state of your habitual residence, place of work, or the place where the alleged violation occurred.

To exercise the above rights, you can submit a request to the following contact details:

Postal address: Piazza Gaudenzio Sella, n. 1, 13900 Biella (BI) - DPO;
Email address: privacy@fabrick.com

The Data Controller will provide information about the actions taken regarding your request without undue delay, and at the latest, within one month of receipt.

In any case, you can contact the Data Controller and/or DPO at the aforementioned contact details for further information or clarification regarding the processing of your personal data.

Get the latest news in your inbox

When it comes to innovation, don't be caught off guard. Stay up to date with our latest news and learn more about our initiatives and events.

Join our newsletter

Advertising message for promotional purposes.
© 2017 - 2025 Fabrick S.p.A. - Piazza Gaudenzio Sella 1, 13900 Biella - Appartenente al Gruppo IVA Maurizio Sella S.a.a. - Partita IVA 02675650028 - Codice Fiscale 02654890025