INFORMATION ON PERSONAL DATA PROCESSING
pursuant to art. 13 of Regulation (EU) 2016/679 (“GDPR”)
This information notice is not a contract, and it does not bind you in any way. It is only provided for the sake of transparency: it serves to clarify, pursuant to the law (art. 13 of the GDPR), which processing operations concerning your personal data we perform when you connect to our website and navigate through our pages.
To quickly read the individual sections of this document, you can click on the direct links below. You can also download this information notice in .pdf format.
- DATA CONTROLLER AND CONTACT DETAILS
The Data Controller is Rivacold s.r.l., with registered office in Fraz. Montecchio, Vallefoglia (PU), via Sicilia, no. 7, 61022, VAT no. and Tax Code 00956400410. Rivacold is the subject that decides the purposes for and the means by which your data, which are collected during your interaction with the website, are processed.
For all questions regarding the processing of your personal data, you may contact the Data Controller (also referred to just as “Controller” in this document) by writing to the e-mail address firstname.lastname@example.org (recommended solution) or by post to the addresses above or by calling the contact numbers indicated in the website.
The Controller is not obliged to appoint a DPO (Data Protection Officer), as the mandatory legal requirements are not met.
- PURPOSES OF PROCESSING, LEGAL BASES, RETENTION PERIOD
Through our website, we perform the following processing operations with regard to your personal data:
- a) Processing for the purposes of viewing the website and navigation
Purpose: to make it possible for you to view the website correctly and navigate its pages. In fact, for intrinsic reasons to the use of IT protocols, viewing the website and navigating through it involve an exchange of technical information between the Controller’s IT system and yours. The following information is sent, by way of example: operating system used, browser and its version, time of the request, size of the information flows.
Legal basis: use of a service requested by the User who connects to our website to view and navigate it. The legal basis is art. 6, para. 1, letter b) of the GDPR.
Period of retention of the personal data: the personal data collected for this purpose are erased immediately when the navigation session ends, unless they are necessary for the exercise or defence of rights, see point 2.e) below: this, for example, happens if you have committed or are part of a cyber attack against our website or if you used our contact form to libel or commit offences, etc.
2.b) Processing for website optimisation purposes (analytics)
Purpose: performance of statistical research/analysis on aggregated or anonymous data, which does not entail the processing of personal data by the Controller. To know how many Users visit our website and other significant statistical elements in order to improve its efficiency, we use the analytics service provided by Google, which, among other things, collects the IP (Internet Protocol) address of your device. As a guarantee to you, we have set the analytics service to only collect anonymised IP addresses.
Legal basis: not applicable, as this is anonymised information that is aggregated for our company, therefore not entailing the processing of personal data.
Period of retention of the personal data: not applicable for the same reason above.
2.c) Processing for marketing purposes (newsletter)
Purpose:marketing by sending newsletters via e-mail. Subscribing to the newsletter service is your free choice: it requires your consent. If you do not subscribe, you will not receive any newsletters. You can withdraw the consent granted at any time, free of charge and easily, by writing to us or by using the link “unsubscribe” (or other similar terms) that you can find in all our e-mails. In the same way, you can at any time object to the marketing processing, free of charge and easily, by contacting us (see Data controller and contact details). The withdrawal of consent and/or the objection to marketing do not compromise the lawfulness of the processing performed previously. Your information will not be transmitted to “third parties”, as they are defined in art. 4, para. 10 of the GDPR. You will only receive promotional information from Rivacold relating to news, events or commercial communications/offers.
Legal basis: consent, articles 6, para. 1.a) of the GDPR and 130, para. 2 of It. Legislative Decree 196/03. However, notwithstanding the possibility permitted by law to send promotional emails to natural persons even without consent, provided they refer to products and services similar to those already purchased. In that case the legal basis is articles 6, para. 1.f) of the GDPR (legitimate interest) and 130, para. 4 of It. Legislative Decree 196/03.
Retention period of the personal data: 24 months from the time consent is granted or, in the cases under art. 130, para. 4 of It. Legislative Decree 196/03, since the last purchase of a Rivacold product or service. Always without prejudice to the purpose under point 2.3) below.
2.d) Processing for replying to requests (form, CV and access)
Purpose: replying to/fulfilling requests you made on the website. Currently, the website supports two types of direct requests:
- Contact through the contact form. We only collect the data that are absolutely necessary to reply to the contact request and the general information needed to identify the person making the request, as per the law. In the case of business clients, we also request the indication of the company where they are employed, as this is information needed for our technical reply. Duration and retention: the personal data sent by filling out the aforementioned forms are exclusively used for the purposes mentioned above; they are not processed for marketing or profiling purposes or any other purpose other than those indicated. They are not transmitted to third parties. They are erased once the client’s request has been satisfied and after one month, at the latest (technical time of removal of the related backups).
- Sending your CV (Section contact/work with us). Duration and retention: we keep the CVs for a maximum of 1 month from when we received them; after this time, they will be erased. If the CV is of interest, we may go ahead with the selection or retain, for 1 year at most, the CV in an internal database of interesting candidates for the purposes of further selection procedures. In both cases, we will inform you, cf. purpose 2.f) below. You may request erasure at any time or an extension of the retention period (subject to our assessment). In case a selection procedure is launched, you will receive specific information on the processing of the personal data. The personal data contain in the CVs are not processed for marketing or profiling purposes, nor any other purpose other than those indicated.
- Access request and use of the reserved area “Select”. We collect the name, surname, type of customer, company name, e-mail address and password used for signing up. The data are required to make it possible for you to log into the reserved area. Inside the reserved area, you can consult the services contained in it (e.g. reserved price lists) and modify the authentication information with which you provided us. Duration and retention: the personal information of the Select area are retained for the entire time you are authorised to access Select.
- Legal basis: contract/pre-contractual measures, art. 6, para. 1, letter b) of the GDPR. This information notice is meant to meet the requirements of art. 111-bis of It. Legislative Decree 196/03. Note: if the CV contains sensitive data (e.g. specific legal benefits connected to the state of health), you will have to grant us explicit consent for the processing of your data; otherwise, we will not be able to take them into consideration.
2.e) Processing for the establishment, exercise and/or defence of a right
Purpose: defence of rights. The Controller’s legitimate interest is to exercise rights and defend itself both in court (including the pre-litigation stage) and out of court against third parties (including public entities) and the data subjects. For example, this may refer to the activation of our self-protection in case of a cyber-attack against our website.
Legal basis: legitimate interest, art. 6, para. 1, letter f) of the GDPR.
Retention period of the personal data: the personal data collected for this purpose are retained for 10 years, as envisaged by the ordinary limitation period (art. 2946 of the It. Civil Code) unless the limitation period is interrupted.
2.f) Sending verification communications
Purpose 4: sending verification communications. Specifically, this refers to the procedure for verifying the e-mail provided in the website’s registration areas and sending any communications/reminders for the management of CVs, as well as reminders warning of the expiry of the consent granted for marketing activities.
Legal basis: legitimate interest, art. 6, para. 1, letter f) of the GDPR. You may object at any time, freely and without consequences.
Personal data retention period: e-mail evidence of the authentication procedure performed is retained in compliance with purpose 3; the reminders are not stored.
- OPTIONAL NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF A POSSIBLE REFUSAL TO PROVIDE THEM
The provision of your personal data during your interaction with us through the website constitutes your free and voluntary choice. The only consequence in case of failure to provide your personal data will be the impossibility to navigate the website or receive the services requested. For example, if you do not register for access to Select, you will not be able to access that section.
- RECIPIENTS OR CATEGORIES OF RECIPIENTS
The following subjects may become aware of your personal data, in their capacity as data controllers, data processors or persons authorised to perform processing operations:
- hosting, housing, cloud providers, e-mail service providers (in response to the need to reply to requests via e-mail). These subjects do not perform activities aiming to know the content of the personal data, just technical archival activities;
- providers of maintenance on this website and our databases. These subjects do not perform activities aiming to know the content of the personal data, just technical activities that may entail the occasional knowledge of the contents;
- consultants and professionals who assist us (also on legal and tax matters). These subjects may become aware of the information that concerns you, to the extent to which we involve them;
- Public entities and police authorities, where their involvement is necessary. These subjects may get to know the information contained in the data;
- Judicial authorities in the exercise of their functions where deemed necessary or where required by legal rules. These subjects may get to know the information contained in the data;
- Persons authorised by the Controller to process data, who are bound by confidentiality or are under an adequate legal obligation of confidentiality (e.g. employees or associates);
- Any other private or public entities, on regulatory grounds or to fulfil a legitimate interest of the Data Controller.
- TRANSFER OF DATA ABROAD
For your guarantee, we do not transmit the personal data you have provided outside the European Union.
- EXCLUSIVELY AUTOMATED DECISION-MAKING PROCESS
Have no fear: we do not perform this type of processing (cf. art. 22 of the GDPR) on your personal data.
- RIGHTS OF THE DATA SUBJECT
You have the following rights: access, rectification, erasure (being forgotten), restriction, objection and portability as per articles 15, 16, 17, 18, 20, 21 and 23 of the GDPR.
Complaint: you also have the right to lodge a complaint with the competent Supervisory Authority (for Italy: Italian Data protection Authority) regarding any violation of the regulatory framework on the processing of personal data (GDPR).
Withdrawal of consent: consent may be withdrawn at any time, without formalities. For example, you can always withdraw consent to the newsletter.
- INFORMATION NOTICE ON COOKIES
8.a) What are cookies
Cookies are text files stored on the user’s device. They are temporary markers that contain information that makes it possible to keep track of the activities carried out by the user until they are deleted.
Cookies may be ours (so-called “first-party cookies”) or belong to third parties.
Other cookies are just technical, i.e. they are required for functions you have requested. For example, they serve to keep track of your login so that you do not have to repeat it on every page.
We only need your consent for profiling cookies. Not for technical ones.
8.b) Characteristics, purposes, legal bases, storage
- Technical cookies:
- Purpose: they enable the proper operation and use of the Website.
- Legal basis: art. 122 of It. Legislative Decree 196/03, does not require consent
- Storage: session cookies are removed when the browser is shut down, except for cookies that serve to record the possible acceptance of profiling cookies (“acceptance of the cookiespolicy”), which are stored for 1 year;
- Note: these cookies do not require consent. If technical cookies are disabled, the website may not function properly.
- Third-party analytics cookies. For the purpose, legal basis, duration, cf. above purpose 2.b), more information here: https://support.google.com/analytics/answer/2763052?hl=enWebTrekk
To opt out (i.e. object to the processing) with regard to this type of cookies: https://tools.google.com/dlpage/gaoptout/
- Third-party profiling cookies
- Cookie name: ________________________
- Third party: Google LLC – Cookie associated to YouTube video streaming
- Purpose: ___________________________. Third-party information notice: cf. https://policies.google.com/privacy?hl=en&gl=en
- Legal basis: consent pursuant to art. 122 of It. Legislative Decree 196/2003
- Note: with regard to third-party cookies, we are just the go-betweens. All decisions on the purposes and means of processing are taken by the third party, not by us. Equally, the information notice on cookies indicated above is provided by the third party
- We limit ourselves to collecting, as go-betweens, your possible consent for the installation of the cookies by the third party.
- You grant your consent to the installation of third-party cookies if: you click “I accept” on the banner on the home page.
- The consent may be withdrawn at any time. The withdrawal is made directly to the third party.
- It is, however, always possible to: erase, at any time, the cookies stored on your device; manage the browser’s settings so that the installation of cookies is disabled (see below for more details); use third-party extensions to (also selectively) disable cookies. We recommend using open source extensions. Note: the use of third-party extensions may, in turn, entail the processing of personal data by the third-party providers of said extensions. We invite you to check their information notices.
8.c) How to manage the browser’s settings to prevent the installation of cookies
It is possible to disable the installation of cookies by managing the settings of your browser. below please find instructions for the main browsers (non-exhaustive list):