Pursuant to Article 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27/04/2016, hereinafter GDPR, the Company RGM S.R.L., informs you of the following:
A) Purpose of Data Processing and Legal Basis.
Your personal data are processed by RGM S.R.L. as data controller with your express consent (art. 6 lett. a) GDPR), for the following Service Purposes:
- Acquisition and processing of your data to pursue a legitimate interest of its own, consisting in ensuring the security of the Site www.rgmitalia.it and the information exchanged on it, i.e., the ability of such Site to withstand a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible;
- For the fulfillment of pre-contractual and contractual obligations to enable the provision of the services you requested (request for contact, appointment, request for opinions and information, etc.), as well as to facilitate the continuation of communication with the client;
- Data acquisition to carry out marketing activities for sponsoring dehor furniture facilities to stay up-to-date with the latest trends in the latest furniture;
- Transfer of data to third parties;
- Acquisition of personal data for the purpose of internal profiling processes;
- Newsletter activities;
- Acquisition and processing to fulfill obligations required by law, regulation, EU legislation or an order of the Authority (such as, for example, on anti-money laundering);
- Acquisition and processing of data to exercise the rights of the Data Controller (e.g., exercise of the right of defense and Art. 24 Const.);
B) Nature of the Provision of Data and Legal Basis for Processing
Your personal data subject to processing are collected directly by the Data Controller or by the person expressly authorized by the Data Controller. The legal basis for the processing of data for the purposes under A1), A2) and A6) is respectively in Art. 6.1(f) of the GDPR – legitimate interest – and Art. 6(1)(b) of the Regulation (processing necessary for the performance of a contract or pre-contractual measures), as the processing is necessary for the performance of the agreed activities on a contractual basis and your consent is not required. The provision of Personal Data for this purpose is optional, but failure to provide it would result in the impossibility of starting and/or continuing your opportunity to browse our site.
The legal basis for the processing of data for the purposes referred to in A3), A4) and A5) is Art.6. par.1 lett. a of the Regulations, as your data can only be lawfully processed with your specific, separate, express, documented, prior and entirely optional consent. Relative to these processing purposes for which your consent is required. We inform you that your refusal will not affect your obligations and that your consent may be revoked at any time.
The legal basis for the processing of data for the purposes referred to in A7) and A8) is legitimate interest within the meaning of Article 6(1)(c) of the Regulation (processing necessary to fulfill a legal obligation to which the data controller is subject) and does not require your consent.
C) Methods of Data Processing
Your data are processed lawfully and fairly in accordance with the provisions of Articles 5 and 6 of the Regulations for the pursuit of the purposes indicated above and in compliance with the fundamental principles established by the applicable legislation. The processing of personal data may be carried out both by manual, computer and telematic means, but always under the supervision of technical and organizational measures suitable to guarantee their security and confidentiality, especially in order to reduce the risks of destruction or loss, even accidental, of the data, unauthorized access, or processing that is not permitted or does not conform to the purposes of the collection.
D) Categories of Data and Their Origin
The subject of the processing is personal data provided by the data subject through the acquisition of data for business activities and product shipment order management, as well as for the management and distribution of the order itself. Therefore, we inform that the personal data subject to processing are collected directly from the data subject to processing.
E) Scope of Communication
Within the limits pertinent to the purposes of the processing of the indicated data, only employees authorized to their processing and belonging to the organizational structure of the Data Controller may become aware of them.
It should be noted that, your data may be transmitted to the following recipients:
– Authorized internal processors
Contractually identified external data processors, such as HubSpot of HubSpot Inc. for the provision of the instant messaging service or Mailchimp for the use of email addresses.
The list is available at the Controller’s office.
F) Retention Period
In accordance with the principle of “limitation of storage” in Article 5, of Regulation (EU) No. 679/2016 (GDPR), the collected data subject to processing for the purposes indicated above, will be retained in accordance with the deadlines provided to the legal regulations and, thereafter, for as long as the Company is subject to retention obligations for purposes provided for by law or regulation. Verification of the obsolescence of retained data in relation to the purposes for which they were collected is carried out periodically.
In any case, data are expected to be retained for a maximum period of:
Fiscal and Commercial data = 10 years
Marketing data:2 years
Profiling data:2 years
G) Data Profiling and Dissemination
H) Rights of the Data Subject
In your capacity as a data subject, you have the rights under Article 15 GDPR, namely the rights to:
1. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in intelligible form;
2. obtain an indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identity of the owner, managers and the representative appointed under Article 3, paragraph 1, GDPR; e) the subjects or categories of persons to whom the personal data may be communicated or who can learn about them as appointed representative in the State territory, managers or authorized;
3. obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
4. oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or mail. It should be noted that the data subject’s right to object, set out in point b) above, for direct marketing purposes through automated modalities extends to traditional ones and that, in any case, the possibility for the data subject to exercise the right to object even partially remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.
5. Right to rectification of his/her personal data in case they are modified and do not correspond to those previously acquired or communicated (Art. 16)
6. Right to erasure of data (“right to be forgotten” art. 17). RGM S.R.L., if one of the following cases exists, proceeds to the deletion of the data from all databases and archives where the same is contained:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent and if there is no other legal basis for the processing;
(c) the data subject objects to processing under Article 21(1) and there is no overriding legitimate ground for processing, or objects to processing under Article 21(2);
(d) personal data have been processed unlawfully;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
(f) the personal data have been collected in connection with the provision of information society services referred to in Article 8(1).
7. Right to restriction of processing (Article 18). The data subject shall have the right to obtain from the data controller the restriction of processing when any of the following occurs:
(a) the data subject disputes the accuracy of personal data, for the period necessary for the controller to verify the accuracy of such personal data;
b) the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests that their use be restricted;
(c) although the data controller no longer needs the personal data for the purposes of the processing, the personal data are necessary for the data subject to establish, exercise or defend a legal claim; and
(d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the data controller override those of the data subject.
8. Right to object (Art. 21-22): The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f), including profiling on the basis of these provisions. RGM S.R.L. does not subject data to decisions based solely on automated processing.
Propose complaints to a supervisory authority (Guarantor Authority for the Protection of Personal Data – based in Rome, Piazza Venezia n.11 – www.garanteprivacy.it );
I) Data Controller and Personal Data Protection Officer.
The Data Controller is RGM S.R.L., with registered office in Via Provinciale Nocera Sarno, 43, 84014 Nocera Inferiore (SA)
and operational headquarters in Via Sibelluccia – Frazione di Curteri, 84085 Area P.i.p. having P. Iva 05091950658.
The Holder can be contacted at the following e-mail address: firstname.lastname@example.org