en
en
Regarding personal data processing
The purpose of this Privacy Policy is to describe the way our website https://www.riflessi.it (hereafter ‘website’) is managed in terms of processing users’ personal data.
Data processing includes any operation or group of operations, also carried out without the use of electronic instruments, as per art. 4 of EU Regulation 2016/679 (hereafter ‘GDPR’).
Such privacy policy is issued pursuant to art. 13 GDPR regarding the protection of natural persons when processing their personal data, and the free circulation of such data. Italian Legislative Decree 196/2003 and later amendments applies for all users who consult and interact with the services provided by the website of Riflessi srl, registered office Via C. da Cucullo, Zona Industriale, 66026 Ortona, (CH), Italy, VAT No. 01536130691 (hereafter ‘data controller’ or ‘Riflessi’).
The privacy policy herein describes the aims and methods used by the data controller to collect and process personal data, the data categories involved in processing, the data subjects’ rights and how to exercise such rights.
Because the policy is valid only for this website, Riflessi assumes no liability regarding other websites that may be consulted through hyperlinks available on the company’s website. Data will be processed electronically and manually. This privacy policy also refers to data collected from the pages run by Riflessi on social network platforms, such as, by way of example only: Facebook, Instagram, LinkedIn, Messenger, WhatsApp and YouTube
By using this website users accept this privacy policy and are therefore invited to read it before providing personal information of any kind.
1. What type of personal data do we process?
Navigation data.
During normal operations, the IT systems and software procedures by which this website is run collect certain personal data that is implicitly transmitted when using internet communications protocols.
This information is not collected to be associated to identified data subjects, but by their very nature they could allow users to be identified by means of processing and association to data held by third parties.
This category of data includes IP addresses or domain names of computers used by data subjects who connect to the website, URI addresses for required resources, the time the enquiry was posted, the method used to transmit the enquiry to the server, the dimensions of the file containing the reply, the numerical code indicating the status of the server’s reply (successful, error, etc.) and other parameters relating to the operating system and the user’s computing environment.
Such data are used for the sole purpose of collecting anonymous statistics regarding use of the website (most popular pages, number of visitors per time range or daily, geographical area, etc.) and to check operation, and are erased within the terms indicated in the cookie policy. The data may be used to ascertain liability in the event of hypothetical IT crimes that damage the website.
Data provided voluntarily by data subjects
Subject to the above regarding navigation data, Riflessi will collect the personal data provided by the data subject through the special forms on the website, the data controller’s contact addresses or profiles/social media institutional pages in order to follow up on enquiries or to register users for the Newsletter. In addition, Riflessi will collect any vital and contact data contained in any CV you may submit.
The data controller shall not use the website to collect data considered sensitive or in any case included in the special categories mentioned in art. 9 GDPR, or data relating to penal sentences or criminal offences.
Personal data processing through social media platforms
With regard to personal data processing performed by social media platforms used by the data controller, see the information contained in the relevant privacy policies. The data controller processes personal data provided by the user through pages on social media platforms to interact with users (comments, public posts, private messages, etc.), in observance of current regulations.
2. Scope and legal basis for processing
a) to follow up on enquiries
IData provided voluntarily by users shall be processed by the data controller to follow up on enquiries and nothing else. Therefore, provision of such data is necessary to obtain the service required and the legal basis for processing is art. 6, clause 1b of the GDPR (‘performing a contract’).
Data provided to register for the Newsletter may be used to inform of promotions, novelties and initiatives by Riflessi in its business sector.
Data included in a curriculum will be processed for the purpose of selecting personnel.
Your data will be processed to ensure that the website and its contents are fully operative. In such cases, processing is based on the data controller’s legitimate interests (art. 6, clause 1f).
b) to fulfil legal obligations
Data processing in order to fulfil legal obligations is based on art. 6, clause 1c (‘legal obligations’).
c) to send commercial information
Your personal data and contact information, i.e. name, surname, postal address, email address, landline and mobile telephone numbers, may be used to call you by telephone or to send commercial information to your home, email address or via SMS, including automatically. Consent to processing, which is based on art. 6a), is optional and if you deny your consent you will not receive commercial information.
d) to use profiling to formulate personal special offers
Personal data provided, such as personal details, residence and contact details, type of product purchased or of interest, may be used, with your specifically expressed consent, to carry out profiling, based on art. 6a), for the purpose of formulating customised special offers and commercial initiatives in line with your interests and preferences. Consent for profiling based on art. 6a) is optional and failure to provide such consent will have no other effects than to prevent our company from informing you of special offers, discounts and commercial initiatives by telephone or via SMS, email or post.
3. Subjects to whom personal data may be communicated
Personal data provided will not be disseminated but may be communicated for the same purposes to subjects who:
- are authorised by the data controller to process data for the above-mentioned purposes. To this end, Riflessi guarantees that in-house personnel are duly trained to understand the importance of protecting personal data and to use safe instruments to perform their duties.
- operate as independent data processers, where necessary due to a legal obligation (e.g. public administrations to perform institutional functions; lawyers for legal assistance in any litigation, banks and insurance companies).
- operate as outsourced data processers, i.e. authorised by contract to operate in the name and on behalf of Riflessi, committed to the regular, legitimate pursuance of the purposes described herein (e.g. companies providing accounting and administrative services, companies used by Riflessi S.r.l. to manage its activities).
Such companies, entities and organisations shall receive only personal data needed to provide the contracted services or to fulfil legal obligations, and shall not be authorised to use them for any other purpose whatsoever.
You may ask the data controller for a list of data processors at any time, by writing to Riflessi srl - C. da Cucullo – Zona Industriale, 66026 Ortona (CH) or sending an email to privacy@riflessi.it.
Should it be necessary to transfer personal data abroad in order to pursue the above-mentioned purposes, the transfer shall be made pursuant to the relevant legal provisions.
4. Duration of data processing and storage
Your data shall be stored for the period strictly necessary to deal with your enquiries and in any case for a period of no more than 12 months. Data collected for the ‘News’ and ‘Atelier’ services shall be stored until you withdraw your consent by writing to privacy@riflessi.it. Data in spontaneously submitted CVs shall be used for the sole purpose of assessing candidates and where no selection is made they shall be erased within 12 months of receipt. If the candidate is successful, the data shall be stored for the duration of his or her employment.
5. Rights of Data Subjects
Under the terms of current regulations (arts.15 ff GDPR), you have the right to:
1. obtain information regarding the existence of personal data you have provided to the data controller and gain access to such data with indication of their origin, to check their accuracy or require updating, rectification, integration or erasure of such data, restrict their processing or object to processing;
2. require transfer to another data controller, if processing is carried out by automated means (data portability);
3. obtain amendments and/or rectification of your personal data if you consider them to be inaccurate or incomplete;
4. require the controller to block processing the data, render them anonymous or erase them, and/or restrict processing if it is unlawful, including data whose storage is not necessary, or no longer necessary, for the purposes for which the data were collected or subsequently processed.
Such requests shall be made to the data controller by writing to privacy@riflessi.it.
Furthermore, pursuant to current regulations, you have the right to lodge a complaint with a supervisory authority (in Italy Garante per la protezione dei dati personali).
6. Data Controller and contact information
The Data Controller is Riflessi Srl, registered office C. da Cucullo – Zona Industriale, 66026 Ortona (CH), Italy – VAT No. 01536130691- email privacy@riflessi.it
7. Amendments to privacy policy
Last update: 08.06.21