Personal Data Protection StatementRegulation (EU) 2016/679 (of 27 April 2016), Article 13
RIVIT domain: the domain, reachable through the Internet world wide web service, at http://www.rivit.it, consists of data, applications, technological resources, human resources, organizational rules and procedures for the acquisition, storage, processing, exchange, retrieval and transmission of information.
Collection points: areas within the rivit.it domain dedicated to the collection of personal data.
I. Warnings and Protection of Children
Any processing of personal data should be lawful, fair and transparent. Personal data will be collected for specific, explicit, legitimate purposes (purpose limitation) and will be adequate, relevant and limited to the purposes for which they are processed (data minimization). They will always be up to date and accurate, and kept for a period of time not exceeding what is necessary for the purposes related to the execution of a Contract, with the exception of the fulfillment of legal and tax obligations that establish longer retention periods (limitation of conservation ). Personal data will be processed by adopting all appropriate security measures to ensure their integrity, confidentiality and unavailability to unauthorized third parties (integrity and confidentiality). If not expressly indicated, the storage of personal data through the collection points on www.rivit.it is limited to persons over 14 years of age.
II. Reference Standards and Lawful Basis for the Data Processing.
The data processing operations, which will be described in detail below, have their lawful basis in the rules governing the right to the protection of personal data, the right to privacy, and finally in those rules allowing to express or revoke, at any time, the consent to processing operations, i.e.: (A). - The EU General Regulation 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data; (B). - Your informed consent, expressed in accordance with the current legal provisions on the protection of personal data (Article 6 GDPR); (C). - The fulfillment of contractual obligations assumed by Rivit in your favor upon the use of the contents of the website or the submission of requests for offers (Article 6 GDPR); The fulfillment of obligations or orders to which the Data Controller is bound by law or by order of the Authority (Article 6 GDPR).
III. - Nature of the Data Being Processed.
III.1. - The optional, explicit and voluntary sending of e-mails to the addresses shown on this website, entails the subsequent collection of the sender's address, necessary to reply to any request, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the website prepared for specific services on request. In any case - where required by law – the consent to the processing of personal data will be required from time to time.
III.2. Exclusively after consent, where necessary, the following categories of personal data will be, or may be, processed for the purposes indicated.
(a). - Common Personal Data, Identifiers.
Such as Name and Surname, Address, City, Province, E-mail address, Telephone number, Zip code, Link to social network profiles (e.g. Facebook, Instagram, Twitter, etc.…).
(b). - Technical Processing.
The IP number and the type of browser you use to connect with the RIVIT.it domain (non-identifying data), automatically recorded by the logical protection and access control devices (LOG FILES) are also subject to processing. These personal data are used exclusively for controlling the network traffic to the RIVIT.it domain. This information is not collected to be associated with identified interested parties, but by its nature could, through processing and association with data held by third parties, allow the identification of the user. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the website: except for this possibility, at present, data on web contacts are not stored for more than seven days.
(c). - Cookies.
(d). - Special Categories of Personal Data (‘sensitive data’).
Should the RIVIT domain start collecting special categories of personal data pursuant to art. 9 Reg. UE 679/2016, you will be informed in advance and put in a position to express – according to the law - the relative consent.
IV. - Provision of Data, Data Sources.
Usually the supply of your personal data is not mandatory but, in some cases it is necessary, and therefore mandatory, if you wish to benefit from the services and functionalities of the website.
IV.1. - Necessary Data.
IV.1.1. - The provision of some personal data is necessary, and therefore mandatory, to satisfy specific requests; the applicant is always free not to provide personal data, but in this case it could be impossible for the Data Controller to meet her/his requests and needs, or to allow her/him to use of all functions available on the RIVIT website.
IV.1.2. - The provision of personal identification data is mandatory to: (a). - make your registration on the website and receive, together with other advantages, the desired information on RIVIT products, services and initiatives. (b). – request specific offers on RIVIT products
IV.1.3. - Above identification data will be processed both on paper and electronic/digital media, and will be kept by RIVIT only as long as the interested party will keep her/his registration on the website, or for a maximum of three years from the last action carried out on the website. After which, the personal identification data will be automatically deleted.
IV.2. - Data Used for Authentication.
Following registration, you will receive an alphanumeric password created by RIVIT; from a mobile device or desktop you will now be able to access the RIVIT website, entering in the appropriate fields your personal authentication credentials, which you will have to keep with the utmost care. At any time you can change your password using the appropriate function provided in your account. In this case, we suggest you to choose a password that has at least the following characteristics: not less than eight characters, one special character. In case you forget your password, the recovery procedure provides a link to reset it independently. The authentication data of the password you have created are personal and RIVIT will not be able to know them in any way.
IV.3. - Data Sources.
We will collect your data directly from you, through the www.RIVIT.it website.
V. Purpose of Processing.
RIVIT, in addition to the necessary processing according to law and rules obligations, and to any obligation arising from order of the Authority, will carry out only with your consent, if necessary, the operations to allow you to benefit from the services and functionalities of the www.RIVIT.it website; id est: (1). the management of your relationship with RIVIT; (2). - purposes strictly connected and necessary to the management of the aforesaid relationship (e.g. for the acquisition of pre-contractual information, and to execute the services and operations, as contractually agreed); (3). - purposes of evaluating the information for proposals finalization, by sending RIVIT newsletter and/or promotional or advertising material, services and/or RIVIT products deemed of your interest, as well as RIVIT taking opinion polls; (4). - purposes relating to the monitoring of customer relations and checks on credit and fraud risks related to the services provided by RIVIT; (5). - fulfill specific requests by the interested party.
VI. - How Personal Data are Processed.
In relation to all the purposes indicated in the previous paragraphs, your personal data will be the subject to computer and paper processing and managed with special computer procedures in order to customize the services that RIVIT can offer you. The data will be processed in such a way as to guarantee their logical and physical security and confidentiality, and may be carried out using manual, computerized and telematic means to store, transmit and share the data. The logic of the processing will be strictly related to the pursued purposes.
VI.1. - Data Security and Record-Keeping.
Personal data will be stored within the European Union, whose related security policies are revised taking inspiration from the Best Practices on the subject.
In relation to the purposes referred to in position (V.3), namely the proposition of commercial or promotional information, and in compliance with the provisions of the Prov. Doc. Web 1103045 of the Authority for the protection of personal data, the processing of data, not including sensitive data, is determined by the Data Controller, subject to her/his consent, for no longer than 5 years from collection exclusively on aggregate data.
Each access to the data will be stored in appropriate Log tables. The relevant information will specify the access timestamp, the identifier of the user who has accessed the data; the type of data accessed, the owner of the data, the operation performed, the application from which access was made.
VI.2. - Profiling, Automated Decision-making.
VII. - Recipients of the Data and Transfers Abroad.
VII.1. - Processors and Persons in Charge of Data Processing.
The following persons may become aware of the personal data referred to in this document, as processors or persons in charge of data processing: (a). - qualified personnel within RIVIT, limited to competence and job positions and based on the assigned duties and given instructions. (b). - third parties outside RIVIT, also specifically designated as processors or persons in charge of data processing - of which RIVIT uses various services and exclusively to perform these services - each limited to its position and duties and on the basis of the assigned tasks and the given instructions.
VII.2. - Communication (to Specified External Parties) of the Data.
RIVIT, for ordinary management, accounting and administrative activities, may communicate your personal data, subject to previous acquisition of your consent in accordance with the law, where required, in compliance with security measures, to third party service providers for the sole purpose of the services requested by you, such as: - postal service companies, - law firms and notaries, - consultants, also in associated form, - other service companies, banks, as well as other entities in compliance with any law obligations (such as insurance, police, judicial authorities, etc.). The list of such subjects to whom the data may be communicated, is available at the headquarters of the Data Controller.
VII.3. - Transfer of Personal Data Abroad.
RIVIT does not transfer personal data abroad on its own initiative. However, some third parties, service providers, may have their servers physically located abroad (as in the case of an e-mail provider). In such cases, the transfer of data abroad will take place exclusively within the scope and in compliance with EU Reg. 2016/679 Art. 44 ss. Under no circumstances, personal data shall be released.
VIII. - Rights of the Data Subject.
Articles 15 to 22, GDPR confer on the data subjects specific rights. Article 15 GDPR recognizes the right of individuals to access their personal data and to obtain a copy thereof. The right to obtain a copy of the data must not affect the rights and liberties of others.
With the application for access, the data subject has the right to obtain from RIVIT confirmation as to whether or not personal data concerning him or her are being processed, and to know the purposes of the processing and the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations with adequate guarantees. The data subject also has the right to know the period for which the personal data will be stored, and has the right to request the rectification of inaccurate data and the integration of incomplete ones, or the erasure (right to be forgotten) under the conditions indicated in article 17, GDPR, the restriction of the processing, the revocation of consent, the portability of data and the right to object, at any time and without having to provide justifications, to the treatment for direct marketing purposes.
The rights may be exercised by e-mail or by ordinary mail to the address indicated below. The data subject who believes that the processing of the personal data violates the provisions of the GDPR, or of the internal regulations regarding the protection of personal data, has the right to lodge a complaint with a supervisory authority for the Protection of Personal Data based in Rome, as per article 77 GDPR and/or to start legal proceedings. For the exercise of these rights, or to obtain any other information about them or more generally about the processing of personal data, requests may be sent via e-mail to the following address: privacy@RIVIT.it; - by ordinary mail to Rivit S.r.l., Via Marconi 20 - 40064 Ozzano dell'Emilia (BO) Italy - Tel. +39 051.4171111 - Fax +39 051.4171119.
IX. Withdrawal of Consent Questions of Privacy Access and Response.
You are entitled at any time to withdraw consent to the processing of your personal data, by communicating the intention. If you have any question or would like more information on the processing of your personal data (point VI), i.e. exercise the rights referred to in the previous paragraph n. VII, you can send an e-mail to the administrator of the RIVIT website, writing to privacy@RIVIT.it. You can also contact us at the same address for issues regarding the RIVIT management of information. Before RIVIT can provide or modify any data, we may need to verify your identity and you may have to answer a few questions. Our reply will be forwarded as soon as possible.
X. – Data Controller and Data Processors.
The data controller is RIVIT S.r.l., based in Via Marconi 20 - 40064 Ozzano dell'Emilia (BO) - ItalyTel. +39.051.4171111 - Fax +39051.4171119. - The complete list of data processors is available at the headquarters of the company.
The above mandatory statement is subject to updating, depending on possible changes in the provisions in the law in force.