Privacy Policy on the Processing of Personal Data

pursuant to articles 13 – 14 of EU Regulation 2016/679 (GDPR)

Introduction

The Data Subject (user or visitor of the website) is informed that Legislative Decree 196/2003 (so-called “Code regarding the protection of Personal Data” – hereinafter the “Code“) and EU Regulation no. 2016/679 (hereinafter, “GDPR”) provide for the protection of the Processing of Personal Data. In accordance with the Code, the GDPR and ordinary legislative procedure, the Processing shall be based on principles of fairness, lawfulness and transparency in respect of fundamental rights and freedoms, the dignity of the Data Subject, with particular reference to confidentiality, personal identity and the right to protection of Personal Data.

This Privacy Policy is provided pursuant to article 13 of the Code as well as pursuant to articles 13 and 14 of the GDPR and is subject to updates of which is advertised on the Website.

1. Definitions

For the purposes of this privacy policy:

  • Database” means any organized set of Personal Data, divided into one or more units located in one or more sites of the Controller;
  • Communication” means giving knowledge of Personal Data to one or more specific subjects other than the Data Subject, the representative of the Controller in the territory of the State, the Processor and the Delegates, in any form, including by making them available or consulting;
  • Consent” means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which the Data Subject, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to Data Subject;
  • Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Delegate” means the natural person authorized to perform processing operations by the Controller or the Processor;
  • Data Subject” means the natural person to whom the Personal Data refers;
  • Privacy Policy” means this privacy policy provided pursuant to articles 13 and 14 GDPR;
  • Products” means the products marketed by the Company, including through the Website;
  • Profiling” means any form of automated processing of Personal Data consisting of the use of such Personal Data to evaluate certain personal aspects relating to a natural or legal person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements, propensity to buy, etc.;
  • Pseudonymization” means the Processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person;
  • Processor” means the natural person, the legal person, the public authority and any other body, association appointed by the Controller to process Personal Data pursuant to article 28 GDPR;
  • Data Protection Officer (DPO)means the person appointed by the Controller pursuant to articles 37-39 GDPR;
  • Services” means the services provided by the Company, including through the Website;
  • Website” means the websites owned by the Controller asrch.it; www.mct-italy.com; www.trovaconcessionario.rch.it;  www.rchsmartorder.com/it; www.rch-europe.com;  www.cortina59.rch.it; www.rch-europe.fr; www.rch-europe.de with transfer protocol “Hypertext Transfer Protocol Secur“;
  • Controller” means the natural person, legal person, public authority agency or any other body, also jointly with another Data Controller, which determinates the purposes, means of such Processing of Personal Data and tools used, including the security profile;
  • Processing” means any operation or set of operations which is performed on personal data or on sets of personal data whter or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination restriction, erasure or destruction;
  • User” means any natural person using the Website.

2. Controller

  • The Controller is RCH S.p.A., in the person of its legal representative with registered office in Silea (TV), Via Cendon, 39, tax code and VAT n. 01033470251, (hereinafter, the “Owner” or the “Company“).
  • Any request relating to Processing of Personal Data, also relating to the exercise of the rights of the Data Subject indicated in article 9 below, can be addressed to the Controller by e-mail at privacy@rch.it
  • The Data Controller has appointed the Data Protection Officer, who can be contacted at privacy@rch.it.

3. Place of Data Processing and their transfer

The Processing of Personal Data takes place at the Company’s offices and by personnel in charge of Processing. The Processing and storage of Data takes place on servers located within the European Union. Currently, the servers are located in Italy. The Controller reserves the right to change the location of the servers even outside the European Union, ensuring, in this case, that the transfer will take place in accordance with the applicable legal provisions, with the appropriate safeguards measures by the article 46 GDPR.

4. Type of Data processed and purpose of the processing

Data provided by Users

The optional and explicit sending of Data by the User (e.g. when entering their Data by filling in appropriate forms, sending e-mails to the addresses indicated on the Website, etc.), involves the subsequent acquisition of the sender’s address and the Data provided, for which the User gives express Consent to their Processing.

Personal Data are collected and processed for the following purposes:

  1. conclude, manage and execute the request for contact or supply of Services and/or Products forwarded by the Data Subject;
  2. conclude, manage and execute the request forwarded by the Data Subject to subscribe to the newsletter and to the mailing list of the Controller in order to receive, either by e-mail or SMS, advertising and/or promotional and/or advertising communications on the Services and/or Products provided and/or provided by the Controller, also by communicating the Data to third party suppliers of the Company;
  3. organize, manage and execute requests for contact and supply of Services and/or Products even through communication to third parties in general, including suppliers and/or partners of the Company for the purpose of providing the Services and/or Products;
  4. defense of rights and/or fulfillment of statutory obligations and upon the request by the competent Authorities;
  5. manage any application request submitted by the Data Subject spontaneously by sending CVs via e-mail or filling in the appropriate “work with usform on the Website;
  6. manage any request to become a reseller of the Company forwarded by the Data Subject by filling in the appropriate “become a resellerform on the Website;
  7. fulfill legal obligations or other obligations required by the competent Authorities.

To interrupt the transmission and to cancel from the newsletter and from the mailing list, the Data Subject may, at any time, carry out the cancellation procedure from the service by following the instructions set forth in the communications received.

Data collected through registration on the Website

By registering on the appropriate page of the Website, the User authorizes the Company to process Personal Data such as, by way of example but not limited to, name, surname, telephone number and e-mail address, for the sole purpose of completing and managing the process of creation, registration and use of the features related to the Services or the Website. For the provision of the Services and/or supply of the Products, the Company may acquire other types of Data such as credit card data.

The Personal Data collected by filling in forms on the Website shall be processed for the following purposes:

  1. provision of the Services and/or supply of the Products in favor of the Data Subject, in accordance with the provisions of the general conditions of contract signed by the Data Subject;
  2. conclude, manage and execute the request for contact or supply of Services and/or Products forwarded by the Data Subject;
  3. organize, manage and execute requests for contact and supply of Services and/or Products also through communication to third parties in general, including suppliers and/or collaborators of the Company for the purpose of providing the Services and/or Products;
  4. defense of rights and/or fulfillment of statutory obligations and upon the request by the competent Authorities;
  5. management of administration and fulfillment of legal obligations (e.g. accounting, tax);
  6. marketing for sending advertising communications with traditional means (ordinary mail and telephone with operator) or automated means (e-mail, telephone without operator, sms, push notification, instant messaging app, livechat, social media, WhatsApp, Telegram) relating to the activities of the Controller or third-party customers, clients or partners of the Controller;
  7. carrying out market analysis and statistics;
  8. Profiling of the Data Subject;
  9. communication of Data to third parties, as specified in the following articles 7 of this Privacy Policy.

In any case, whereas the Controller intends to further process the Personal Data for a purpose other than that for which they were collected, the Controller, before such further Processing, shall provide the Data Subject any information regarding this different purpose, as well as any further relevant information.

Navigation data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects but, by their own nature could, through processing and association with Data held by Third Parties, allow Users to be identified. This category of Data includes the IP addresses or domain names of  the computers used by Users connecting to the Website, the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s computer environment. These Data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website, to check its correct functioning and shall be deleted immediately after processing. The Data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website. In any case, the Data are kept for the period strictly necessary and in any case in compliance with the current regulatory provisions on the subject.

Cookies

The Website uses services and interactions with external platforms in order to offer the best browsing experience. These external services and platforms may collect for the Controller, information about the User’s behavior, always anonymous and never identifying. These external services and platforms may also collect some User Data, governed directly by their privacy policy settings.

5. Method and duration of the Processing

The Processing of Personal Data is based on principles of fairness, lawfulness and transparency and the collected Data shall be:

  1. processed by using automated, computerized and telematic automated means or through manual processing to the purposes for which the Data were collected;
  2. processed lawfully, fairly and in a transparent manner in relation to the Data Subject;
  3. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  4. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  5. accurate and, where necessary, kept up to date;
  6. kept in a form which permits identification of Data Subject for no longer than is necessary for the purposes for which the Personal Data are processed;
  7. processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures.

The Personal Data of the Data Subject may be used to request information, including telephone information, relating to the quality of the Services offered, for the purposes of marketing of the Services and/or Products.

The Data shall be kept for the time strictly necessary in relation to the purposes pursued, taking into account legal obligations and the limits established by law in relation to the cancellation of Data.

6. Optional provision of Data

Except for navigation data, the communication of Data by the Data Subject is optional, but any refusal may not allow to provide for the timely and correct management of the contact request or supply of the Services and/or Products performed by the Data Subject.

7. Communication and transfer of Personal Data

With the consent of the Data Subject, Personal Data may be communicated:

  1. to companies controlled by the Data Controller or connected to it;
  2. to third parties’ suppliers of the Company for the provision of Services and/or the supply of Products to the Data Subject, in accordance with the provisions of article 28 GDPR;
  3. to third parties who, on behalf of the Controller, provide administrative, payment and billing services to the Controller, or even legal consultants and web masters who operate on behalf of the Controller, in accordance with the provisions of article 28 GDPR;
  4. to third party customers, clients or partners of the Controller so that, acting as independent Controllers, they proceed with the execution of advertising communications sent through the web, e-mail, telephone (sms and telemarketing). To know the list of third-party companies to which the Data may be communicated, contact the Controller;
  5. to administrative or judicial authorities for the fulfillment of legal obligations.

Any communication in addition to the above, shall take place only with the prior consent of the Data Subject.

The Data may be communicated, transferred, or licensed for use with the express consent of the Data Subject to natural and/or legal persons for the same purposes referred to in this statement. These subjects will operate as Controllers or Processors.

The Data may be transferred to countries belonging to the European Union and to countries outside the EU, for the purposes indicated in this Privacy Policy. In this case the Data shall be transferred:

  1. to third countries or international organizations for which the Commission has intervened with an adequacy decision (article 45 GDPR);
  2. to third countries or international organizations that have provided appropriate safeguards (also through the standard contractual clauses adopted by the article 46 GDPR);
  3. to third parties or international organizations on the basis of derogations for specific situations (article 49 GDPR).

8. Information security

All information collected on the Website are stored in secure facilities that restrict access only to authorized personnel. The Website is regularly monitored for security breaches and ensure the safety of the Personal Data. The Controller complies with the security measures to ensure and guarantee the confidentiality of Users’ Personal Data, and minimize, as far as possible, a Data Breach.

Pursuant to 32 GDPR, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risks of varying likelihood and severity for the rights and freedoms of the natural persons concerned by the Processing, shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including as the pseudonymization and encryption of Personal Data, and a process for regularly testing for assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

9. Rights of the Data Subject

The Data Subject shall have the right to:

  1. access to the Personal Data and obtain the information about purposes of the Processing;
  2. rectification, to obtain from the Controller the rectification of inaccurate Personal Data;
  3. erasure, to obtain the erasure of Personal Data in case of unlawful Processing or if there is a legal obligation to erase;
  4. restriction of the Processing of Personal Data provided, when one of the conditions referred to in article 18 GDPR has occurred;
  5. objection, at any time, to the Processing of Personal Data, unless there is a legitimate interest of the Data Controller to proceed with the Processing that prevails over the right to objection.
  6. portability, to receive the Personal Data, or to have them transmitted to another Data Controller indicated for this purpose, in a structured format, commonly used and readable by format

Furthermore, pursuant to article 7, par. 3 GDPR, the Data Subject shall exercise the right to withdraw his Consent at any time. The withdrawal of the Consent does not affect the lawfulness of the Processing based on the Consent before the withdrawal. In case of withdrawal of the Consent, the Data of the Data Subject shall be definitively deleted.

The Data Subject also has the right to lodge a complaint to the Data Protection Authority.

10. if under-18s

If the Data Subject is under-18s, the Processing is lawful only if and to the extent that the consent is given or authorized by person exercising parental responsibility identified by lega document provided.

Informationen anfordern

Möchten Sie weitere Informationen zu den Lösungen von RCH?

Füllen Sie das Formular aus: Unser Team wird sich mit Ihnen in Verbindung setzen und Ihnen alle Informationen zur Verfügung stellen, die Sie benötigen!