Fablea

Privacy Policy and Cookie Policy

Last updated: 27/11/2025

This Notice is drafted pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, as well as in compliance with the Guidelines of the Italian Data Protection Authority and the e-Privacy Directive (2002/58/EC) regarding digital services.

EVM System S.r.l.s. attaches the utmost importance to the protection and security of its users’ personal data and undertakes to process them in full compliance with applicable regulations.

1. Data Controller

The Data Controller of personal data is:

  • EVM System S.r.l.s.
  • Corso Antonio Rosmini, 80 - 38068 Rovereto (TN), Italy
  • VAT No.: 02618410225
  • Email: support@evmsystem.it

EVM System S.r.l.s. manages the digital educational project Fablea.it, an online platform dedicated to the distribution of cultural and educational content intended for an international audience.

2. Definitions

For the purposes of this Notice:

  • "Personal Data": any information relating to an identified or identifiable natural person (Art. 4 GDPR).
  • "Processing": any operation performed on personal data (collection, recording, storage, modification, deletion).
  • "Data Subject": the natural person to whom the personal data refers.
  • "Processor": the entity that processes data on behalf of the Controller.
  • "Third Parties": external entities that may receive data in the context of service provision.

3. Scope of Application

This Notice applies exclusively to the website Fablea.it and does not concern any third-party websites accessible through external links, for which users are invited to consult the respective privacy policies.

4. Types of Data Processed

4.1 Browsing Data

The IT systems and software procedures used to operate the website acquire, during their normal functioning, certain personal data whose transmission is implicit in the use of Internet communication protocols. These include:

  • IP address and domain names of the computers used by users.
  • Date and time of the request and URI (Uniform Resource Identifier) of requested resources.
  • Method used in the request to the server and response status code.
  • Size of the file obtained.
  • User agent (browser and operating system information).
  • Technical security logs.

Such data are processed exclusively for technical purposes, aggregated statistics, and IT security.

4.2 Data Provided Voluntarily

The optional and voluntary sending of messages or completion of forms on the Website involves the acquisition of data necessary to respond to requests, including:

  • First and last name.
  • Email address.
  • Content of the message.
  • Data provided during account registration (if enabled).

4.3 Data Collected Through Tracking Tools

The website uses technological tools that may collect:

  • Aggregated statistical data.
  • Advertising identifiers.
  • Technical, analytical and profiling cookies.
  • Data relating to interactions with advertising banners.

4.4 Security and Abuse Prevention Data

To ensure website security and prevent IT fraud, system logs and unauthorized access attempts may be recorded.

5. Purposes of Processing

5.1 Contractual Purposes (Without the Need for Explicit Consent)

  • Enable proper website navigation.
  • Provide requested digital educational content.
  • Manage registration and maintenance of accounts (if enabled).
  • Respond to support requests sent through contact channels.

5.2 Legal Purposes

  • Comply with specific tax, accounting and regulatory obligations.
  • Cooperate with competent authorities in case of investigations.
  • Prevent cybercrime and protect network infrastructure.

5.3 Legitimate Interest Purposes

  • Improve website technical features and usability.
  • Conduct technical analysis, development and security testing.
  • Prevent fraud and abuse of offered services.
  • Defend the Controller’s rights in court.

5.4 Marketing and Profiling Purposes (Subject to Explicit Consent)

  • Deliver personalized advertising based on user interests.
  • Conduct remarketing activities through external advertising networks.
  • Measure advertising campaign performance.
  • Perform behavioral analysis to optimize content offerings.

6. Legal Basis for Processing

The processing of personal data is based on the following legal grounds under the GDPR:

  • Art. 6(1)(b): performance of a contract or pre-contractual measures (e.g., account management, responses to requests).
  • Art. 6(1)(c): compliance with legal obligations to which the Controller is subject.
  • Art. 6(1)(f): legitimate interest of the Controller (e.g., IT security, legal defense).
  • Art. 6(1)(a): explicit consent of the Data Subject (e.g., profiling, marketing, non-technical cookies).

7. Data Retention Periods

Data will be retained for the time strictly necessary to achieve the purposes for which they were collected:

  • Browsing data: generally deleted after a maximum of 30 days.
  • Security logs: retained for up to 6 months.
  • Contractual and account data: up to 10 years after termination of the relationship, for legal and protection purposes.
  • Marketing and profiling data: retained until consent is withdrawn by the user.
  • Cookies: according to the technical duration specified in the cookie banner (see Cookie Policy section).

8. Data Transfer Outside the EU

Some of our service providers (e.g., Google, Meta, Amazon) may process data on servers located outside the European Union. The Controller ensures that such transfers take place in full compliance with Articles 44–49 of the GDPR, adopting appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or relying on adequacy decisions (e.g., EU–US Data Privacy Framework).

9. Data Disclosure

Personal data may be shared, strictly for the purposes indicated above, with:

  • IT service providers, hosting and web maintenance providers.
  • Advertising and data analytics platforms (as Processors or independent Controllers).
  • Legal, administrative and tax advisors of the Controller.
  • Public authorities and law enforcement agencies where required by law.

10. Data Subject Rights

Pursuant to Articles 15–22 of the GDPR, users have the right to exercise the following rights at any time:

  • Access (Art. 15): obtain confirmation that data are being processed and receive a copy.
  • Rectification (Art. 16): request updating or correction of inaccurate data.
  • Erasure / “Right to be Forgotten” (Art. 17): request deletion of data if legal grounds exist.
  • Restriction (Art. 18): request temporary restriction of processing.
  • Data Portability (Art. 20): receive data in a structured, machine-readable format and transfer them to another controller.
  • Objection (Art. 21): object at any time to processing based on legitimate interest or for marketing purposes.
  • Withdrawal of consent: withdraw previously given consent without affecting the lawfulness of processing based on consent before withdrawal.

To exercise these rights, users may send a written request to: support@evmsystem.it.

Users also have the right to lodge a complaint with the competent Supervisory Authority. In Italy, this authority is the Italian Data Protection Authority.

Cookie Policy

A "cookie" is a small text file that websites save on the user’s computer or mobile device during browsing. Fablea.it uses cookies to ensure proper website functioning and to provide a personalized experience.

Types of Cookies Used

  • Technical Cookies (Strictly necessary): Essential for proper website navigation and use of its basic features (e.g., session maintenance). They do not require prior user consent.
  • Analytical Cookies: Used to collect aggregated information on the number of users and how they visit the website (e.g., Google Analytics). If anonymized, they are treated as technical cookies.
  • Profiling and Marketing Cookies: Used to track user browsing and create profiles to send advertising messages aligned with user preferences. Provided by third parties (e.g., Google AdSense, Amazon Advertising, Meta Ads) and require explicit user consent.

Consent Management (CMP)

Upon first access to the Website, users are shown an information banner (Consent Management Platform – CMP) allowing them to accept, reject, or customize non-technical cookies. Consent may be modified or withdrawn at any time by accessing the preferences panel via the dedicated link in the website footer.

Disabling Cookies via Browser

Users may configure their browser to block or delete cookies. However, disabling technical cookies may compromise proper website functioning. Below are links to official instructions for the most common browsers: