WELCOME

Welcome to the website www.farfisa.com (hereinafter also referred to as "the Website").

This privacy notice aims to specifically and comprehensively illustrate how your personal data are processed during your visit to and use of the website www.farfisa.com.

This notice, together with other information provided by Aci s.r.l. on the Website and its official channels, constitutes an integral part of the overall Privacy Policy of Aci s.r.l..

DATA CONTROLLER

The Data Controller of the Website and of the data processing is Aci s.r.l. (hereinafter also “the Controller”), with registered office in Osimo (AN) in Via Ezio Vanoni, 3 · 60027 Osimo (An) · ITALY, C.F.: 00759300676, P. I.V.A.: 001309100426, T +39 071.7202038, email: privacy@farfisa.com, acifarfisa@pec.farfisa.com.

SOURCE OF DATA

With regard to the processing described in this privacy notice, the data subject provides the data to the Controller.

DATA PROCESSORS AND THIRD-PARTY RECIPIENTS OF DATA

The Controller has also appointed external Processors to whom certain processing activities have been partly delegated, providing them, on a case-by-case basis, with specific instructions regarding the processing of data subjects’ personal data, each within the limits of their respective competences.

As required by the Transparency Guidelines WP 260/2017, where the Controller chooses to specify categories of processors and, more generally, recipients of data, it must justify why it considers this approach appropriate and, in any case, the reference to categories must not be generic but specific, referring to the activities performed, sector, industry, and territorial location of the identified recipients by category

In this perspective, the Controller deems the approach by categories of communication recipients correct in this case, as providing a nominative list of suppliers and subcontractors would be excessive and would make the privacy notice prone to obsolescence in case of any changes.

The appointed Processors are entities providing instrumental services to the Controller’s business and belong to the following categories:

• legal and tax consultancy firms (accountants),
• companies providing management or hosting services,
• technology and web services companies (mailing list services, marketing automation),
• shipping services (e.g., couriers and freight forwarders).

The list of external processors pursuant to Art. 28 GDPR, subject to continuous updating, is available at the Controller’s registered office.

In the aforementioned cases, Aci s.r.l. may communicate your personal data to these categories for the data processing activities it carries out.

Besides the Processors, the Controller may communicate data to autonomous third-party Controllers when such communication is mandatory by law or necessary for the Controller to properly fulfill contractual services (e.g., credit institutions for payment processing), pre-contractual or post-contractual obligations (e.g., technical assistance, customer support requests, or complaint handling).

As required by the WP 260/2017 Guidelines, the following indications are provided regarding the recipients of the data communication based on the relevant obligations (mandatory indication – where possible – of entities and subjects receiving data communication, including external processors, joint controllers, and internal managers):

• Public Authorities for the performance of institutional functions within the limits established by law or regulations;
• Third-party service providers when communication is necessary for the provision of website functions or the fulfillment of contractual obligations with the Controller, for compliance with legal obligations or for the protection of our rights;
• Authorized personnel.

Where necessary, recipients have been appointed as data processors. Personal data will not be sub-ject to dissemination.

PROCESSING – PURPOSES – LEGAL BASES – RETENTION

A) SECTION “REQUEST INFORMATION”

Data processed: first name, last name, email address, postal address, telephone number.

Purpose: Visitors to the Website can contact Aci s.r.l. not only through traditional channels (tele-phone, email) but also via the “Request Information” section accessible from this link, where users can fill out a contact form to request information or assistance from Aci s.r.l. In this case, the data are voluntarily entered and provided by the user who chooses to contact the Data Controller. The fields allow the insertion of identifying and contact data as well as the subject of the request.

Legal basis:

1. Pre-contractual/contractual measures (Art. 6(1)(b) GDPR): for example, purposes such as requests for quotes, assistance regarding products already purchased or payments, complaints, offers, or correspondence from suppliers and generally any communication addressed to the company. Where the data subject has an ongoing contractual relationship, data will be processed for the duration of the contract and, thereafter, for a maximum of 10 years; otherwise, they will be deleted after 6 months.
2. Legitimate interest (Art. 6(1)(f) GDPR): for example, the necessity for the Data Controller to: defend its own rights; respond to a request.

Retention period: Unless other legal bases justify further retention, data collected for pre-contractual purposes or to respond to requests will be retained, in the absence of contract conclusion, for six months, while in case of an existing contract with the Data Controller, for ten years following its termination.

Given the Data Controller’s strong commitment to the principles of minimization, proportionality, and other GDPR-imposed principles, processing carried out for legitimate interests is considered proportionate to the rights of the data subject. In particular, those intending to send requests for information, curricula vitae, or other documents containing personal data are invited to carefully consider the information provided in this document concerning the processing of their data contained in the transmitted documents. Only in this way will data processing be performed knowingly and consciously. The Data Controller specifically informs that the GDPR and the Privacy Code (Legislative Decree 196/03 and subsequent amendments) provide that sensitive and socalled “special catego-ries” of data (i.e., personal data revealing racial or ethnic origin, political opinions, religious or philo-sophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, data concerning health, sexual life, or sexual orientation) may normally be lawfully processed only with the consent of the data subject or other specific legal bases. However, in the case of unsolicited submission of curricula vitae, prior consent cannot be obtained from individual users who first contact the Data Controller. For this reason, and because the Data Controller is committed to lawful and transparent processing of information, all those intending to transmit their data are advised not to include any sensitive and/or special category data in their submissions or, alternatively, to provide their explicit consent by means of a signed declaration attached to the email along with an identity document.

With regard to processing deriving from the use of forms contained in the “Request Information” section, the user is naturally free to provide personal data, and failure to use this platform will in no way affect Aci s.r.l.’s compliance with obligations arising from existing contractual sources, other legitimate interests, or legal requirements. The failure to provide the above personal data may only result, in these cases, in Aci s.r.l.’s inability to respond to the users’ requests.

B) “CUSTOMER SATISFACTION” SECTION

Data processed: type of customer, email, first and last name, company name, email, address.

Purpose: Through the Website, at the page “Customer satisfaction”, it is possible to communicate to the Data Controller your degree of satisfaction regarding the products purchased, so that the Data Controller may take it into account to offer the Customer new solutions or provide additional services beyond those already purchased.

Legal basis: The legal basis for this processing is the following: Consent (Art. 6(1)(a) GDPR) – which will always be expressly given (by means of an “opt-in” option), freely, voluntarily, revocable at any time, informed, and granular by the user.

Retention period: Unless other legal grounds apply, data collected for this purpose will be deleted 24 months after provision.

C) “SUBSCRIBE TO THE NEWSLETTER” SECTION

Data processed - email, identifying and contact data.

Purpose - On the Website, the User may also, based on an additional express, free, informed, and always revocable consent, subscribe to Aci s.r.l.’s newsletter to receive commercial information, offers, and promotions.

The purpose, in this case, is direct marketing, which is the basis of the Data Controller’s promotional activities.

With your optional consent, given by selecting the specific consent box available in the dedicated sections of the Website (opt-in) or by ticking the appropriate box in paper-based privacy notices, we will process your data for marketing purposes (sending advertising materials, conducting market research, commercial communication, customer satisfaction surveys) and send advertising information, offers, and promotions related to our products and services via mail, email, and/or SMS/MMS.

You may freely and without charge revoke your consent to the processing of personal data for marketing purposes at any time, also selectively (for example, by communicating that you no longer wish to receive communications by email but want to receive communications by other contact methods).

With regard to promotional communications sent by email, you may revoke your consent to the processing of your email address for marketing purposes also by clicking on the unsubscribe link (opt-out) included in each promotional email.

For transparency purposes, and as required by the WP259 Guidelines on consent pursuant to the Regulation issued by the European Data Protection Board, as an exception to the rule of granularity of consent (i.e., requesting as many consents as there are purposes and distinct processing operations), it is noted that these Guidelines authorize a single consent “covering multiple processing operations, where such processing operations pursue a set of unified purposes.” Furthermore, according to Recital 32 of the Regulation, a single consent may apply “to all processing activities carried out for the same purpose or purposes.” The purposes specifically indicated above objectively refer to the pursuit of a unified purpose, even if the processing operations differ, which is commercial promotion and marketing in a broad sense. Consequently, by providing a single consent to Marketing Purposes processing, the data subject specifically acknowledges the homogeneous and diverse promotional, commercial, and marketing purposes detailed above (including related administrative and management activities) and expressly authorizes such processing and purposes, whether the means used for Marketing Purposes processing are telephone operators or other non-electronic, non-online, or not supported by automatic, electronic, or telematic mechanisms and/or procedures, or whether the means used are email, fax, SMS, MMS, automated systems without operator intervention, and similar, including electronic platforms and other telematic means.

Marketing Purposes processing includes both the processing and purposes pursued by the Controller during the contract term and those following contract termination, for any reason, aimed at sending unsolicited communications inviting the data subject to renew the contract using any of the above means (telephone operator, non-electronic or non-telematic means, or not supported by automat-ic/electronic/telematic mechanisms or procedures, email, fax, SMS, MMS, automated systems with-out operator intervention, and similar, including electronic platforms and other telematic means).

Naturally, the data subject’s right to object to the processing of their personal data for “direct mar-keting” purposes through the above-mentioned automated contact methods shall in any case extend to traditional methods as well, and even in that case, it remains possible to partially exercise this right, either with respect to certain means or specific processing operations.

In order to comply with privacy obligations simplification principles pursuant to the General Provision of the Data Protection Authority dated 15.5.13 cited above, the Controller informs the Customer that the specific consent formula available according to the consent collection procedure adopted from time to time will be unified and comprehensive and will refer to all possible marketing processing means listed above, without prejudice to the data subject’s right to express a different choice regarding the use of certain means and not others for receiving marketing communications, by simply sending an email to the Controller.

To proceed with Marketing Purposes processing, it is mandatory for each Data Controller to obtain from the data subject an informed, free, unequivocal, specific, separate, explicit, documented, prior, and fully optional consent.

In a spirit of absolute transparency, the Controller summarizes in greater detail the purposes of the processing:

• to send advertising and informational materials (e.g., newsletters), promotional or otherwise commercial solicitations;
• to carry out direct sales or placement activities of the Controller’s products or services;
• to send commercial information or conduct interactive commercial communications also pursuant to Legislative Decree 206/05 by means of email;
• to perform studies, research, and market statistics, even in identifiable form.

By giving optional consent, the data subject specifically acknowledges and authorizes such pro-cessing and/or processing aimed at the homogeneous but distinct purposes set forth here. In any case, even where the data subject has given consent to authorize the Controller to pursue all Marketing Purposes, they will remain free at any time to revoke it via our website by accessing their personal area with their credentials. Following any revocation of consent by the data subject, the Controller will promptly remove and delete the data from databases used for Marketing Purposes processing and will notify any third parties to whom the data were communicated for such deletion purposes.

Legal basis - The legal basis is consent (Art. 6(1)(a) GDPR) – which will always be expressly given (by means of an “opt-in” option), freely, voluntarily, revocable at any time, informed, and granular by the user.

Retention period - Aci s.r.l., in full compliance with the data minimization principle, will process data for this purpose until consent is revoked or, in any case, for no longer than 24 months, at which point the User will be automatically unsubscribed from the newsletter and may request a new subscription with renewed and autonomous consent.

Effects of failure to provide consent - Failure to give consent for newsletter subscription will not in any way have detrimental effects on the User, nor will it prevent the Controller from processing data on other legal bases.

---

E) COOKIES (REFERENCE)

The Controller has prepared a specific privacy notice relating solely to the use of cookies and specif-ic technologies, available here.

---

PLACE OF PROCESSING AND TRANSFER OF DATA OUTSIDE THE EEA

The Farfisa website uses the hosting service of Vianova s.p.a., acting as Data Processor, whose do-main and server information can be consulted at this link: https://whois.domaintools.com/farfisa.com.

Data processing may also take place, for each area of responsibility, at other entities (e.g., Facebook, TeamViewer, Paypal), specifically appointed as Data Processors (where required by the GDPR) or operating as independent Data Controllers.

In some cases, data may be transferred outside the European Economic Area: for example, this may happen if some providers (e.g., Google) use servers located outside that area. The Controller ensures, in any case, to select Providers who guarantee that the transfer occurs under at least one of the conditions provided for by Chapter V of the GDPR.

For greater transparency, below is a link to the European Commission adequacy decision related to EU-USA data transfers, the socalled "Data Privacy Framework," a self-certification system ensuring that US companies adhering to it comply with data protection standards recognized as adequate by the European Union and to which most of the Controller’s partners adhere (e.g., Google, Face-book): Adequacy Decision.

Also provided here is a link to the standard contractual clauses applied at European level in the case of cross-border data transfers, which some of our partners have adopted: Standard contractual clauses.

---

SECURITY MEASURES

The Controller processes personal data based on security obligations relating to data processing pursuant to Article 32 GDPR.
To ensure an adequate level of data protection aimed at limiting the risk of improper or unlawful use, technical and organizational measures have been implemented respecting internationally recognized standards, including, by way of example:

• HTTPS protocols for browsing;
• encryption where possible;
• protection of IT systems through updated professional antivirus and firewalls;
• backup procedures;
• periodic changes of access credentials;
• ongoing training;
• physical security measures for storing paper documents;
• proper supplier selection.

The list of security measures is available at the Controller's registered office.

DATA SUBJECT RIGHTS

The Data Subject has the following rights:

Right of Access

• The Data Subject may request at any time information about the data processed by the Controller.
• Such information includes, among other things, the categories of data processed, the purposes of processing, the origin of the data if collected from third-party sources, as well as the recipients to whom the Controller may transfer the data, if applicable.
• The Data Subject may receive a free copy of the data. For additional copies, the Controller reserves the right to charge a fee.

Right of Rectification

• The Data Subject may request correction of their data.
• The Controller adopts adequate measures to ensure that data is kept accurate, complete, up-to-date, and relevant, based on the most recent information.
• To rectify their data, including changes to consents previously granted for secondary processing purposes, the Data Subject may also access their personal area using their credentials.

Right of Integration

The Data Subject has the right to obtain the completion of incomplete personal data, also by providing a supplementary statement.

Right of Deletion

The Data Subject may request the deletion of their data. This may occur:

• if the data are no longer necessary for the purposes for which they were collected or other-wise processed;
• if the Data Subject withdraws consent on which the data processing is based, and no other legal basis exists;
• if the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing, or if they object to processing for direct marketing purposes;
• if the data have been unlawfully processed;
• if the data must be deleted to comply with a legal obligation.

Exceptions remain if processing is necessary:

• to comply with a legal obligation requiring data processing, particularly regarding document retention periods prescribed by law;
• for the establishment, exercise, or defense of legal claims.

Right to Restriction

The Data Subject may obtain restriction of the processing of their data. This right can be exercised, for example:

• if the accuracy of the data is contested, for the period necessary for the Controller to verify the accuracy;
• if the processing is unlawful and the Data Subject opposes deletion, requesting restriction instead;
• if the Controller no longer needs the data but the data are required for the establishment, exercise, or defense of legal claims;
• if the Data Subject has objected to processing pending verification whether the Controller’s legitimate interests override theirs.

Right to Object

The Data Subject may object at any time, for reasons related to their particular situation, to the processing of their data pursuant to Article 6(1)(e) or (f) GDPR, or if the data are processed for direct marketing purposes.

In such case, the Controller will no longer process the Data Subject’s data unless the Controller demonstrates compelling legitimate grounds that override the interests, rights, and freedoms of the Data Subject, or if necessary for legal claims.

Right to Data Portability

• The Customer has the right to receive a structured, commonly used, and machine-readable copy of the data previously provided directly to the Controller.
• Only personal data that (a) relates to the Data Subject, and (b) has been provided by the Data Subject to the Controller is portable. Data portability includes the right of the Data Subject to receive a subset of their personal data processed by the Controller and to store it for further personal use. Such storage may be on personal media or private cloud, without necessarily transmitting the data to another Controller.
• Portability is an integration and strengthening of the right of access to personal data, also provided under Article 15 of the Regulation.
• If the Customer requests portability along with the direct transmission of their data to another Controller, this right is subject to technical feasibility: Article 20(2) GDPR provides that data may be transmitted directly from one Controller to another upon request of the Data Subject, where technically feasible.
• Technical feasibility of transmission from one Controller to another must be assessed case by case. Recital 68 clarifies that Controllers are not obligated to adopt or maintain technically compatible processing systems.
• Therefore, direct transmission can occur if secure communication between the systems of the two Controllers (sending and receiving) is possible and if the receiving system can technically receive incoming data.
• If technical impediments prevent direct transmission, the Controller will fully inform the Data Subject and provide a detailed explanation.
• Regarding interoperability of formats for portability, the Controller will comply with paragraph 1021(b) of Law 205/2017 (“presence of adequate infrastructure for interoperability of formats with which data is made available to Data Subjects”) within limits clarified by the WP242 guidelines on data portability issued by the European Data Protection Board (“The expectation is that the Con-troller transmits personal data in an interoperable format, but this does not impose any obligation on other Controllers to support such format”).
• Controllers complying with portability requests have no specific obligation to verify data quality before transmission.
• Portability does not impose any further obligation on the Controller to retain data beyond what is necessary or specified.
• In particular, it does not require retaining personal data solely to comply with a potential portability request.
• Exercising the right to data portability (or any other GDPR right) does not affect any other rights.
• The Data Subject may continue to use and benefit from the service offered by the Controller even after a portability operation.
• Portability does not automatically delete data stored in the Controller’s systems and does not affect the original retention period for the data transmitted.

Right to Withdraw Consent at Any Time

If processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing based on consent given before withdrawal.

Right to Lodge a Complaint with the Supervisory Authority

If the Data Subject considers the Controller’s response unsatisfactory to any request or complaint, they have the right to lodge a complaint with a competent data protection authority pursuant to Article 77 GDPR.

• Below are the contact details of the Italian Data Protection Authority: http://www.garanteprivacy.it/web/guest/home/footer/contatti
• Here is a form for exercising data subject rights: http://194.242.234.211/web/guest/home/docweb/-/docweb-display/docweb/4535524

The Controller will normally process requests within 30 days. This period may be extended for reasons related to the specific right or complexity of the request.

In certain situations, due to legal obligations, the Controller may not be able to provide information about all data.

If the Controller must deny a request, it will explain the reasons for the refusal.

The Data Subject may exercise rights as long as processing by the Controller continues.

The address for exercising rights under Articles 15 to 22 of EU Regulation 2016/679 is: privacy@farfisa.com

Last update: August 5, 2025

Data Controller: ACI s.r.l.

In compliance with EU Regulation 2016/679 on the protection of personal data and their free movement, as well as with Legislative Decree no. 196/2003 as amended, the “Personal Data Protection Code”, we hereby inform you, as the “Data Subject”, about how your personal data is processed by the Company. This is to ensure that the processing is carried out lawfully, fairly, and transparently, in accordance with the principles that safeguard your rights and personal freedoms.

If you have any doubts, questions, or concerns, please contact the Data Controller directly. To exercise your rights, please submit your request using the appropriate form, addressed to:

DATA CONTROLLER

The Website Owner and Data Controller is Aci s.r.l. (hereinafter also referred to as the “Controller”), with registered office in (AN) in Via Ezio Vanoni, 3 · 60027 Osimo (An) · ITALY, C.F.: 00759300676, P. I.V.A.: 001309100426, T +39 071.7202038, email: privacy@farfisa.com, acifarfisa@pec.farfisa.com.

PRIVACY NOTICES

• Privacy Policy

• Cookie Policy

• Facebook Privacy Notice

Sources

Expand

Documents

Expand

Welcome to the website www.farfisa.com (hereinafter also referred to as the "Website").

This page provides information regarding cookies and other technologies used on the www.farfisa.com website, as well as the related processing of personal data.
In compliance with national and European data protection legislation, we respect and safeguard the privacy of visitors and users of the Website, making every reasonable and proportionate effort to avoid infringing their rights.

1. CONTACT DETAILS OF THE DATA CONTROLLER

ACI s.r.l. (hereinafter also referred to as “we”, the “Data Controller” or the “Controller”)
Via Ezio Vanoni, 3 · 60027 Osimo (An) · ITALY
C.F.: 00759300676
P. I.V.A.: 001309100426
T +39 071.7202038
Email: privacy@farfisa.com, info@farfisa.com
p.e.c.: acifarfisa@pec.farfisa.com

As the Data Controller falls within one of the cases outlined in the Guidelines of the Article 29 Working Party WP 243/17, a Data Protection Officer (DPO) has not been appointed at this time.

2. CATEGORIES OF DATA PROCESSED

On the website www.farfisa.com, we process browsing data provided directly by visitors.

Expand

3. WHAT ARE COOKIES?

Cookies are small strings of text that websites (so-called "publishers" or "first parties") visited by the user, or different websites or web servers (so-called "third parties"), place and store—either directly in the case of publishers, or indirectly through them in the case of third parties—on a terminal device under the user's control. This is done for technical, performance, statistical, or marketing/profiling purposes.

Expand

4. TYPES OF COOKIES AND COOKIES USED ON THE WEBSITE

4.1. From a subjective perspective, cookies are classified as follows:

• FIRST-PARTY COOKIES: These are installed on the user’s device by the operator of the website, acting as the Data Controller. In this case, the Data Controller is directly responsible for providing the necessary information and managing user consent.
• THIRD-PARTY COOKIES: These are installed on the user’s device by websites other than the one being visited, although through the latter. In such cases, the operators of those third-party websites are typically independent Data Controllers, while we act as mere technical intermediaries.

A common example, as found on most websites (including ours), is the inclusion of YouTube videos, Google APIs, the use of Google Maps, and social plugins such as Facebook and LinkedIn.

Expand

4.2. From the perspective of purpose, cookies are classified as follows:

• TECHNICAL COOKIES: Used to optimize website navigation and to enable the operator to provide the requested services. These can be further classified into:
  • a) Strictly necessary cookies: These are essential to allow navigation of the website and to ensure its proper functioning. They do not store personal information and are set in response to user actions (such as setting privacy preferences, user-centric security cookies used to detect authentication abuse, session cookies for media players—e.g., flash player cookies with session duration—and load balancing session cookies). These cookies cannot be disabled, and user consent is currently not required for their use (subject to the obligation of the Data Controller to provide appropriate information), insofar as the technical storage or access to the information collected by them is “solely for the purpose of carrying out the transmission of a communication over an electronic communications network (...)” (Art. 122 of Legislative Decree No. 196/2003).
  • b) Functionality Cookies: These allow the website to provide enhanced functionality and personalized settings (they are typically used to remember certain preferences and information—such as language, country of origin, selected products for purchase, data entered in forms, user-input cookies valid for a session, or persistent cookies limited to a few hours in some cases, authentication cookies used for authenticated services valid for a session, persistent cookies for UI customization valid for a session or slightly longer, and social plug-in sharing cookies for logged-in members of a social network). The technical storage or access to information by these cookies is also permitted without the need for consent, “to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide that service” (Art. 122 of Legislative Decree No. 196/2003).
  • Disabling and/or refusing the use of strictly necessary or functionality cookies will result in the inability to properly navigate the Website and/or the inability or difficulty in accessing services, pages, functionalities, or content available therein. The legal basis for the processing of data via these cookies is the legitimate interest of the Data Controller in ensuring the correct operation and display of the website across various devices.
  • c) Performance or Analytics Cookies: These allow the operator to access, detect, and collect statistical information in anonymous and aggregated form (such as the number of website visitors, how they use and interact with the website) in order to improve products and services. As clarified by the Italian Data Protection Authority, analytics cookies—which are used to monitor website usage by users for optimization purposes—may be treated as technical cookies if they are implemented and used directly by the first-party website (i.e., without third-party involvement). As regards third-party analytics cookies (e.g., Google Analytics), they may be considered equivalent to technical cookies (and thus installed without user consent) only if measures are implemented to reduce their identifiability (e.g., by masking significant portions of the IP address), and provided that their use is governed by contractual agreements between the website and the third party, which expressly bind the latter to use them solely for the provision of the analytics service. If these conditions are not met, we will obtain your consent before using such types of cookies.
  • Google Analytics: We would like to use Google Analytics on our Website to store anonymized information necessary for compiling reports on website usage and navigation. Although we act, as per the guidance issued by the Italian Data Protection Authority, as technical intermediaries with respect to the third-party provider (Google), we will, in the best interests of data subjects, seek user consent prior to enabling the installation of this cookie. We will only use this cookie without your consent if we are able to ensure that a reasonable level of uncertainty regarding the digital identity of the data subject can be maintained (for example, by masking at least the fourth segment of the IP address, a practice that introduces a degree of uncertainty in associating the cookie with a specific data subject equivalent to 1 in 256, or approximately 0.4%).
  • To prevent your data from being used by Google Analytics, we invite you to consult this link.
  • For greater transparency, the following links are provided: Google Analytics Terms of Service, page relating to data processing by Google Analytics and the page relating to privacy policy by Google Analytics.
• PROFILING COOKIES: (not active on this Website as first-party cookies) - These are used to associate specific actions or recurring behavioral patterns during the use of the functionalities offered (so-called patterns) with identified or identifiable individuals, in order to group various user profiles into homogeneous clusters of different sizes. This enables the delivery of increasingly targeted advertising messages, tailored to the preferences expressed by the user while browsing the web. For more information on such cookies, please visit the information page of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) regarding cookies
  Similarly, other tracking tools can be classified according to various criteria, the most relevant of which remains the purpose for which they are used—whether technical or commercial in nature.
  The legal basis for the processing of data by these cookies is the informed and specific consent of the data subject.

4.3. From the perspective of duration, cookies are classified as follows:

• SESSION COOKIES: These are automatically deleted when the browser is closed;
• PERSISTENT COOKIES: These remain stored on the user’s terminal device until a predetermined expiration date or until manually deleted by the user.

4.4. Cookies used on our website

Below is a list, for each type of cookie, indicating its name, whether it is first- or third-party, the purpose for which it is used, the link to the third party (if applicable), and its duration click here.

To manage, modify, or withdraw consent to data processing via cookies, please refer to the panel at the bottom of the site.

5. HOW TO DISABLE OR BLOCK COOKIES

In addition to the possibility to manage, grant, or refuse consent through the cookie manager that appears upon the first access to our Website and is always accessible in the footer of every page, visitors may disable cookies directly via their browser by following the relevant instructions. For your convenience and greater transparency, below are the links to the instructions for disabling cookies on the main browsers:

• Mozilla Firefox
• Microsoft Edge
• Safari
• Google Chrome
• Opera

If using a mobile device, please refer to its user manual to learn how to manage cookies.

For further information about cookies, including how to view those set on your device, manage, and delete them, please visit: www.allaboutcookies.org

6. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION AND DISCLOSURE OF DATA

Data collected through the use of cookies may be transferred to countries outside the European Union whose data protection level has been recognized as adequate by the European Commission pursuant to Article 45 of the GDPR.

Furthermore, personal data may be transferred abroad to non-European countries, in particular to the United States (by way of example and not limitation, Google, Facebook, LinkedIn, YouTube), subject to the execution of the Standard Contractual Clauses adopted/approved by the European Commission pursuant to Article 46(2)(c) and (d) of the GDPR, or on the basis of another lawful ground, such as, for example, the Data Privacy Framework.

A copy of the safeguards adopted may be obtained by submitting a written request to the Data Controller at the contact details provided in this Privacy Notice, together with a valid identification document.

Data collected through all other cookies will not be further disclosed.

7. SECURITY MEASURES

The Data Controller processes personal data based on the security obligations related to data processing pursuant to Article 32 of the GDPR. In order to ensure an adequate level of data protection aimed at mitigating the risk of improper or unlawful use of such data, technical and organizational measures have been implemented that comply with internationally recognized standards, including, by way of example, HTTPS protocols for browsing, encryption where possible, protection of IT systems through updated professional antivirus and firewalls, backup procedures, periodic changes of access credentials, continuous training, physical security measures for the storage of paper documentation, and appropriate supplier selection. The list of security measures is available at the Data Controller’s registered office.

8. LOCATION OF DATA PROCESSING

Navigation data will be processed, in the case of first-party cookies, through the servers hosting the website. Currently, the site is hosted on machines managed by an external company appointed as Data Processor, Life Color Communications, located in Moie di Maiolati, in Via Ariosto 12. Data processing may, however, also take place, with regard to each respective area of competence, at other entities (e.g., Facebook, LinkedIn, Google Maps, YouTube), specifically appointed as Data Processors (where required under the GDPR) or acting as independent Data Controllers. In some cases, data may be transferred outside the European Economic Area: this may occur, for example, where certain providers (e.g., Google) use servers located outside of said area. In any event, it is the responsibility of the Data Controller to select Providers who ensure that such transfer takes place only under at least one of the conditions set forth in Chapter V of the GDPR.

9. DURATION OF PROCESSING AND RETENTION PERIOD

The duration of cookies varies depending on their nature (persistent or session) and the provider; therefore, for accurate information on this matter, please refer to this panel.

10. EXERCISE OF RIGHTS BY THE DATA SUBJECT

Pursuant to Articles 13(2)(b) and (d), and Articles 15 to 22 of the GDPR, the data subject is informed that they may exercise the following rights free of charge:

• Right of Access: The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and, if so, access to such personal data and information regarding: the purposes of processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients are in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; where the data were not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
• Right to Rectification: The data subject has the right to obtain from the data controller the rectification without undue delay of inaccurate personal data concerning them. Considering the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement. The data controller shall communicate any rectification to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients upon request.
• Right to Erasure (“Right to be Forgotten”): The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or if the data subject withdraws consent and there is no other legal ground for the processing; or if the data subject objects to the processing for direct marketing or profiling purposes, including withdrawing consent; if the personal data were unlawfully processed; or if they relate to information collected from minors in violation of Article 8 of the GDPR. The data controller shall communicate any erasure to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients upon request.
• Right to Restriction of Processing: The data subject has the right to obtain from the data controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject for a period enabling the data controller to verify the accuracy; the processing is unlawful and the data subject opposes erasure and requests restriction instead; the data controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims; or the data subject has objected to processing pending verification of whether the controller’s legitimate grounds override those of the data subject. Where processing is restricted, such personal data shall only be processed—with the exception of storage—with the data subject’s consent or for the establishment, exercise, or defense of legal claims, or for the protection of another natural or legal person’s rights, or for reasons of important public interest. The data controller shall inform the data subject before the restriction is lifted. The data controller shall communicate any restriction to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients upon request.
• Right to Object: The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them which is carried out by the data controller based on public interest or the exercise of official authority, or for the legitimate interests pursued by the controller or third parties (including profiling). Additionally, where personal data are processed for direct marketing or commercial profiling purposes, the data subject has the right to object at any time to such processing.
• Right Not to Be Subject to Automated Decision-Making, Including Profiling: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except where such decision is necessary for entering into or performance of a contract between the data subject and the data controller; is authorized by law with appropriate safeguards; or is based on the data subject’s explicit consent.
• Right to Withdraw Consent Freely: Where processing is based on consent, the data subject has the right to withdraw their consent at any time freely and without charge. The lawfulness of processing based on consent prior to withdrawal shall not be affected.
• Right to Lodge a Complaint with the Data Protection Authority: The data subject has the right to lodge a complaint with the relevant supervisory authority, by following procedure published on official website of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
  Alternatively, the data subject has the right to lodge a complaint with another competent European privacy authority located in the place of their habitual residence or domicile in Europe, following the relevant procedures and guidelines. Any rectifications, erasures, or restrictions of processing carried out at the data subject’s request—unless this proves impossible or involves a disproportionate effort—will be communicated by the Controller to each recipient to whom the personal data have been disclosed. il Titolare may inform the data subject of such recipients upon request. In the case of requests for additional copies of the data made by the data subject, the il Titolare may charge a reasonable fee based on administrative costs. If the data subject submits the request by electronic means, unless otherwise indicated by the data subject, the information will be provided in a commonly used electronic format.

Requests shall be sent to the email address privacy@farfisa.com or to other contacts of the Data Controller published on the Website. A response will be provided within the legal timeframe (30 days, which may be extended by two months if necessary).

Last update: August 5, 2025

Data Controller: ACI s.r.l.

IP EVO is the innovative Farfisa technology, an IP solution dedicated to multi-user complexes (but also great in little implants) that takes advantage of an innovative approach for the video door phone market, in order to respond to precise needs of the highest level from a functional and safety point of view.

The system is basically made up of

- door station Connecto series (art. TD1000CN) or Alba series (modular composition with art. CV1000AB)

- the dedicated IP EVO app

- specific video intercoms (art. SE4000) and/or mobile device such as smartphones, tablets and Alexa...

The technology is based on the WebRTC protocol, expressly conceived for the best audio-video quality, in fact it offers various advantages that represent its absolute strengths:

• very high quality of the video signal thanks to the 5MP camera
• excellent audio, totally free of echo, delay or latency
• top IT cybersecurity guaranteed
• dedicated image encryption chip, AWS server cloud (Amazon Web Services) developed and managed by Farfisa

For the end-user multiple access ways available: IP EVO app, PIN code, QR (also temporary), RFID.

The pushbutton panels have 5Mpx camera, face focus, multilingual voice prompt.

Connecto door station has a 316L stainless steel plate with flush mounting, Skill Alexa available. It is designed for mounting an RFID access control module, but also allows access via QR code or advanced systems such as NFC and Apple Wallet. It can be connected to the Internet through various modes: Ethernet or WiFi. In the near future, the totally "stand alone" version with LTe/4G connectivity will also be available. Alba door station has anodised aluminium plate and allows modular compositions through additional button module art. CT2138AB, for installations with few users and reduced dimensions of the door station.

But the revolution of this technology lies in the possibility for the installer or condominium administrator to add, remove and modify system users, modify the access PINs associated with the users or associate them with certain time slots or specific periods of time, conveniently and remotely through the IP EVO app. 

The IP EVO system is now complete with the full web concierge for 1 user (art. CNPDX1) or for 5 users (art. CNPDX5).

The possible applications are varied: large complexes such as student residences, residences and holiday homes...

  

Click HERE to download the IP EVO brochure

Click HERE to watch the IP EVO video clip

Click HERE to download the IP EVO system guide

Click HERE to watch the 3 video tutorials

Click HERE to download the Cybersecurity brochure