Privacy policy

Within the meaning and for the purposes (i) of EU Regulation 2016/679 on the ‘protection of natural persons with regard to the processing of personal data, and on the free circulation of such data’, the “GDPR”, art.13 and 14 and (ii) of Legislative Decree of 30 June 2003, n. 196, the ‘Privacy Code’, also jointly called ‘Privacy Policy’, some obligations are set forth upon the subjects carrying out the processing – intended as ‘the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction – of personal data referred to other subjects (The “Processing”).

flon gaskets headquartered in Viale delle Industrie 7, 24060, Sovere, Bergamo (the ‘Company’) wish to inform you, in the following sections, about the modalities and purposes dealing with the processing of your personal data.

A. Data Controller

The Data Controller is the person who determines the purposes for which and the manner in which personal data are to be processed (the ‘Data Controller’) and is identified in flon gaskets.

The Data Controller may be contacted by e-mail at the following address Viale delle Industrie 7, 24060, Sovere, Bergamo or at the following e-mail address  info@flongaskets.it

B. Modalities to collect data from the Data Subject

The Data Controller may acquire your personal data under the following circumstances:

C. Categories of data subject to Processing

Data processed by Data controller may include:

D. Purposes and legal basis of the processing

Within the meaning of the Privacy Policy, the processing of personal data must be legitimised by one of the legal provisions provided by art 6 of the GDPR. These are specifically described for each purpose under which the Data Controller processes your data:

E. Nature of consent to data processing:

Consent to data processing for letter a), b), c) purposes is compulsory since it is required to perform legal and contractual obligations. Any refusal or successive withdrawal may determine the inability for the Controller to fulfil the outstanding contractual relationship. Instead, consent to data processing for letters d) and e) is optional and the failure to give consent to the processing to those data will determine the inability to carry out the abovementioned activities.

F. Modalities to process Personal Data:

Processing will be carried out by the Company in compliance with the security measures under art. 32 of the GDPR, through manual, information system and computerised tools specifically designed to store, manage and transmit them to pursue only the purposes for which the data were collected and, in any case, to guarantee their security and confidentiality, as well as in full compliance with the principles of fairness, lawfulness and transparency. No automated tools are used by the Controller to process data.

G. Communication of Data:

Access may be granted to:

H. Data transfer to a third country or an international organization:

Personal data are to be processed within the European Union and stored on servers located in that area. Anyway, if necessary, the Data Controller will have the right to transmit such data to a third country or to an international organisation and / or to move the servers even outside the EU. In this case, the Data Controller ensures that the transfer of non-EU data will be carried out in accordance with the applicable legal provisions under art. 44 and following of the GDPR.

I. Data subject’s rights:

The Company informs you that, pursuant to articles 15-22 of the GDPR and in relation to your personal data, you as Data subject may exercise specific rights at any time, by contacting the Data Controller, such as:

If you need further information on the processing of your personal data and to exercise the above-mentioned rights, you can send a written request using the contacts provided in the ‘Data Controller’ section of this statement. If you request more information about your data, the Data Controller shall respond promptly – unless it is impossible or involves a manifestly disproportionate effort compared with the right to be protected – and in any case no later than thirty days from the request. The Data Controller will justify any inability or delay in doing so to meet the request.

Last update: May 2022