Under the provisions of GDPR, before proceeding to the processing of Personal Data - understood according to the relative definition contained in Article 4, point 2) of GDPR as "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction" ("Processing") - the person to whom the Personal Data belongs must necessarily be informed of the reasons for which the data has been requested and the way in which it shall be used.
To that end, this document is intended to provide, in a simple and intuitive manner, all of the useful and necessary information so that you can supply your Personal Data fully aware and informed and, at any time, request and obtain clarifications and/or corrections.
This document, therefore, has been written based on the principle of transparency and on all of the factors required by Article 13 of the legislation and is structured into individual sections, each of which deals with a specific topic so that it can be quickly read, is more user-friendly and be easily understood. ("document"). This document is provided exclusively for the aforementioned website and does not relate to any other site accessible by the user through the links it contains.
The data controller is RIV S.a.s. di Peter Reichegger & C. with registered office in Piazza Le Corbusier, 30016 Jesolo VE ("Company").
TYPES OF DATA PROCESSED
IT systems and software processes responsible for the operation of this website acquire some personal data in the course of their normal activity, the communication of which is implicit in the use of internet communication protocols.
The information used is not collected to be associated with identified persons but by nature could, after processing and association with data in the possession of others, make it possible to for the users to be identified.
This category of data would include, for example, the IP addresses and domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.) and other parameters pertaining to the operating system and the computing environment used by the user.
This data is used solely for the purposes of monitoring the correct functioning of the website and is deleted 7 days following its collection at the latest; except in cases in which it must be used to assess liability in the event of cybercrime detrimental to the website: in this case the information will be kept available to the Authorities for the time it takes to ensure that the Company exercises its right to a defence.
Data provided voluntarily by the user
The optional, explicit and voluntary completion of the form at the following link http://www.rivgroup.it/en/RIV-Contact.html leads to the subsequent acquisition of at least the information marked by the * symbol (name, surname, email address); as well as other information entered voluntarily.
The site uses so-called technical cookies to ensure the functionality of the site itself.
VOLUNTARY PROVISION OF DATA
Apart from the specifications concerning browsing data, the user is free to provide his/her personal data or to disclose it to request the sending of informative materials or other communications. Failure to provide personal data may, on the other hand, makes it impossible to obtain the materials requested. Additionally, where the user expresses their consent, the information may be processed for the additional purposes specified below.
PURPOSE OF PROCESSING AND LEGAL BASIS
Any data collected will be processed for the following purposes and pursuant to the specified legal bases:
|The Purpose||The legal basis for processing|
|A) To respond to requests for information, as described above||Processing Personal Data is necessary to fulfil a pre-contractual request on the part of the user|
|B) Marketing activities: any activities used to promote products and services sold and/or provided by the Company fall under this category||The consent of the individual concerned|
|C) Transfer to third parties: The Company may sell the information collected to other subjects operating in the same sector to allow these companies to process the information for their own marketing purposes||The consent of the individual concerned|
COMMUNICATION AND DISTRIBUTION OF DATA
Personal Data may be communicated to specific subjects considered to be the recipients of this Personal Data. Article 4 point 9) actually defines a recipient of Personal Data "a natural or legal person, public authority, agency or another body, to whom the personal data are disclosed, whether a third party or not" ("Recipients").
From this perspective, for the purposes of accurately performing all processing activities necessary to achieving the purposes referred to in this information, the following can be found under the condition relating to the processing of your Personal Data:
- third-parties carrying out part of the Processing activities and/or any activities connected and instrumental to this on behalf of the Controller. These subjects have been appointed responsible for the processing of data;
- Individuals, employees and/or collaborators of the Controller to whom specific and/or other Personal Data processing activities have been entrusted and to whom specific instructions on the subject of security and the correct use of Personal Data have been imparted;
- Where required by law or to prevent or suppress the committing of a crime related to Personal Data, they can be communicated to public authorities or law enforcement agencies without them being defined as Recipients. Pursuant to Article 4 point 9) of the Legislation "public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients". Any data collected will under no circumstances be distributed.
One of the principles applicable to the Processing of your Personal Data concerns the restricting of the storage period, governed by Article 5, paragraph 1, point e) of GDPR which states "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject".
In light of this principle, your Personal Data will be processed by the Controller within the limits necessary to fulfil the purposes referred to in point A) of this document.
In relation to Processing carried out for the achievement of the purposes referred to in points B) and C), Personal Data may be processed until such a time as the wish to withdraw consent for one or all of the purposes for which it has been requested is communicated. Any withdrawal of consent will effectively require the termination of the Processing of Personal Data for these purposes. In all cases, the Company will delete data 48 months from obtaining consent.
DATA SUBJECTS' RIGHTS
The aforementioned rights can be exercised through a written request without formalities to the Controller to the specified registered office or by sending notification to the following email address firstname.lastname@example.org
The Company, additionally, shall inform the user - without prejudice to recourse to any other administrative or jurisdictional location - if the processing of Personal Data conducted by the Data Controller is considered to be in violation of GDPR and/or the applicable legislation, and will be able to raise a complaint to the competent supervisory authorities for the Protection of Personal Data.
Latest update: May 2018