Privacy policy

Privacy Policy

Pursuant to and for the purposes of art. 13-14 of EU Regulation no. 2016/679 (hereinafter also called only "Regulation") and of the applicable National Legislation on the processing of personal data, this information is provided in order to inform the interested parties on the purposes and methods of use of the data provided by the latter for the conclusion of contracts governed by the General Conditions of Online Sale, visible on the website.



Flyhammer di Castagnino Marco may request and process the following data: personal data, domiciliation, contact details, payment and in any case all the data necessary for the fulfillment of contractual and legal obligations.


  • a) Purposes strictly connected and instrumental to the management of contractual and pre-contractual relationships governed by the GCS and the execution of obligations and activities provided for by Flyhammer di Castagnino Marco (e.g.: acquisition of preliminary information at the conclusion of contracts, execution of operations based on the obligations deriving from the contract concluded with the interested party);

This processing is mandatory for the fulfillment of contractual obligations.
Since any treatment is essential for the definition and implementation of the contractual agreement, your consent is not required

  • b) Elaboration of documentation for invoicing and administrative, tax and accounting needs (electronic invoicing);
  • c) Communication of your data to third parties for the fulfillment of legal obligations;
  • d) Collection and processing of data for the purpose of sending promotional communications (marketing) relating to the activities of Flyhammer di Castagnino Marco;
  • e) Purposes related to the management of disputes.

Any refusal to provide your data for the purposes described in letters a), b) and c) prevents Flyhammer di Castagnino Marco from establishing or continuing the contractual professional assignment, its correct
carrying out and correctly executing the related legal obligations.

However, it is always possible to request the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.


The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

The processing is carried out using paper, computer and / or telematic tools, with organizational methods and with intentions strictly related to the purposes indicated.

In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, in which persons are administrative, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Data Controller.

The updated list of Data Processors can always be requested from the Data Controller.


The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the Data Controller.


By virtue of the provisions of art. 13, paragraph 2, lett. a) of the Regulation, below are provided information on the retention times of the Data based on the different purposes of the processing:

  • with reference to the purposes marked with letters a) b) and c) the Data are kept for the period necessary to manage the contract and fulfill legal obligations;
  • With reference to the purpose marked with letter d), storage times are set at 2 years.
  • With reference to the purpose marked with letter e), the storage times are fixed until the end of the litigation and the exhaustion of the appeal periods.


Your data will not be transmitted outside the EU, unless required by law.


The interested party can exercise the rights provided for by Regulation 2016/679 / EU, within the limits and under the conditions provided for by the same and by Legislative Decree 196/2003.

In particular, the interested party has the right:
1. To obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in intelligible form.

2. To obtain the indication:

  • the origin of personal data;
  • the purposes and methods of processing;
  • the intentions applied in case of treatment carried out with the aid of electronic instruments;
  • of the identification details of the owner, of the managers and of the designated representative;
  • the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.

3. To obtain:

  • updating, rectification or, when interested, integration of data;
  • the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
  • the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right.

4. To object, in whole or in part:

  • for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
  • to the processing of personal data concerning him for the purpose of sending advertising material or direct selling or for carrying out market research or commercial communication.

The interested party is also entitled to all the rights referred to in Articles. 16-21 of EU Reg. 679/2016 (GDPR), namely: right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to opposition, as well as the right to lodge a complaint with the Guarantor Authority.


To exercise the User's rights, Users can address a request to the contact details of the Owner indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.


At the request of the User, in addition to the information contained in this privacy policy, the Owner may provide
to the User additional and contextual information regarding specific Services, or the collection and processing of Personal Data.


Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.


The Data Controller reserves the right to make changes to this privacy policy at any time.
If the changes concern treatments whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.