Regarding personal data processing
Data processing includes any operation or group of operations, also carried out without the use of electronic instruments, as per art. 4 of EU Regulation 2016/679 (hereafter ‘GDPR’).
1. What type of personal data do we process?
During normal operations, the IT systems and software procedures by which this website is run collect certain personal data that is implicitly transmitted when using internet communications protocols.
This information is not collected to be associated to identified data subjects, but by their very nature they could allow users to be identified by means of processing and association to data held by third parties.
This category of data includes IP addresses or domain names of computers used by data subjects who connect to the website, URI addresses for required resources, the time the enquiry was posted, the method used to transmit the enquiry to the server, the dimensions of the file containing the reply, the numerical code indicating the status of the server’s reply (successful, error, etc.) and other parameters relating to the operating system and the user’s computing environment.
Data provided voluntarily by data subjects
Subject to the above regarding navigation data, Riflessi will collect the personal data provided by the data subject through the special forms on the website, the data controller’s contact addresses or profiles/social media institutional pages in order to follow up on enquiries or to register users for the Newsletter. In addition, Riflessi will collect any vital and contact data contained in any CV you may submit.
The data controller shall not use the website to collect data considered sensitive or in any case included in the special categories mentioned in art. 9 GDPR, or data relating to penal sentences or criminal offences.
Personal data processing through social media platforms
With regard to personal data processing performed by social media platforms used by the data controller, see the information contained in the relevant privacy policies. The data controller processes personal data provided by the user through pages on social media platforms to interact with users (comments, public posts, private messages, etc.), in observance of current regulations.
2. Scope and legal basis for processing
a) to follow up on enquiries
IData provided voluntarily by users shall be processed by the data controller to follow up on enquiries and nothing else. Therefore, provision of such data is necessary to obtain the service required and the legal basis for processing is art. 6, clause 1b of the GDPR (‘performing a contract’).
Data provided to register for the Newsletter may be used to inform of promotions, novelties and initiatives by Riflessi in its business sector.
Data included in a curriculum will be processed for the purpose of selecting personnel.
Your data will be processed to ensure that the website and its contents are fully operative. In such cases, processing is based on the data controller’s legitimate interests (art. 6, clause 1f).
b) to fulfil legal obligations
Data processing in order to fulfil legal obligations is based on art. 6, clause 1c (‘legal obligations’).
c) to send commercial information
Your personal data and contact information, i.e. name, surname, postal address, email address, landline and mobile telephone numbers, may be used to call you by telephone or to send commercial information to your home, email address or via SMS, including automatically. Consent to processing, which is based on art. 6a), is optional and if you deny your consent you will not receive commercial information.
d) to use profiling to formulate personal special offers
Personal data provided, such as personal details, residence and contact details, type of product purchased or of interest, may be used, with your specifically expressed consent, to carry out profiling, based on art. 6a), for the purpose of formulating customised special offers and commercial initiatives in line with your interests and preferences. Consent for profiling based on art. 6a) is optional and failure to provide such consent will have no other effects than to prevent our company from informing you of special offers, discounts and commercial initiatives by telephone or via SMS, email or post.
3. Subjects to whom personal data may be communicated
Personal data provided will not be disseminated but may be communicated for the same purposes to subjects who:
- are authorised by the data controller to process data for the above-mentioned purposes. To this end, Riflessi guarantees that in-house personnel are duly trained to understand the importance of protecting personal data and to use safe instruments to perform their duties.
- operate as independent data processers, where necessary due to a legal obligation (e.g. public administrations to perform institutional functions; lawyers for legal assistance in any litigation, banks and insurance companies).
- operate as outsourced data processers, i.e. authorised by contract to operate in the name and on behalf of Riflessi, committed to the regular, legitimate pursuance of the purposes described herein (e.g. companies providing accounting and administrative services, companies used by Riflessi S.r.l. to manage its activities).
Such companies, entities and organisations shall receive only personal data needed to provide the contracted services or to fulfil legal obligations, and shall not be authorised to use them for any other purpose whatsoever.
You may ask the data controller for a list of data processors at any time, by writing to Riflessi srl - C. da Cucullo – Zona Industriale, 66026 Ortona (CH) or sending an email to firstname.lastname@example.org.
Should it be necessary to transfer personal data abroad in order to pursue the above-mentioned purposes, the transfer shall be made pursuant to the relevant legal provisions.
4. Duration of data processing and storage
Your data shall be stored for the period strictly necessary to deal with your enquiries and in any case for a period of no more than 12 months. Data collected for the ‘News’ and ‘Atelier’ services shall be stored until you withdraw your consent by writing to email@example.com. Data in spontaneously submitted CVs shall be used for the sole purpose of assessing candidates and where no selection is made they shall be erased within 12 months of receipt. If the candidate is successful, the data shall be stored for the duration of his or her employment.
5. Rights of Data Subjects
Under the terms of current regulations (arts.15 ff GDPR), you have the right to:
1. obtain information regarding the existence of personal data you have provided to the data controller and gain access to such data with indication of their origin, to check their accuracy or require updating, rectification, integration or erasure of such data, restrict their processing or object to processing;
2. require transfer to another data controller, if processing is carried out by automated means (data portability);
3. obtain amendments and/or rectification of your personal data if you consider them to be inaccurate or incomplete;
4. require the controller to block processing the data, render them anonymous or erase them, and/or restrict processing if it is unlawful, including data whose storage is not necessary, or no longer necessary, for the purposes for which the data were collected or subsequently processed.
Such requests shall be made to the data controller by writing to firstname.lastname@example.org.
Furthermore, pursuant to current regulations, you have the right to lodge a complaint with a supervisory authority (in Italy Garante per la protezione dei dati personali).
6. Data Controller and contact information
The Data Controller is Riflessi Srl, registered office C. da Cucullo – Zona Industriale, 66026 Ortona (CH), Italy – VAT No. 01536130691- email email@example.com
Last update: 08.06.21