INTRODUCTION
The purpose of this Privacy Policy is to ensure that the User can check in full transparency the processing activities of his/her data in the social profiles of our company RIGANELLI
S.R.L.
In particular, RIGANELLI S.R.L., as the Data Controller respects and protects the privacy of its users and is committed to logics of transparency regarding the processing of personal data.
This policy is intended to illustrate how RIGANELLI S.R.L., as the Data Controller, processes personal data using different social platforms, such as Facebook, Instagram and YouTube.
This policy may be subject to change, so we encourage users to consult it to view the most up-to-date version.
CONCEPT OF USER DATA
Within the present context with the term User data we mean the set of information freely released by the user in the appropriate forms on the social pages of RIGANELLI S.R.L.
TYPES OF DATA
The Personal Data being processed may include, but are not limited to:
- Information such as first name, last name, e-mail, age, gender, country, job title, current or former employer, educational background, profile picture, interests, friends and/or followers list, and other publicly available information, provided that you have posted all this information on your Social Profile.
- Additional information that the user will provide by posting on the Social Page of RIGANELLI S.R.L., comments and/or “Like” to our posts, images or by sending direct messages.
If the user decides to subscribe to a newsletter, about products, related services or if he/she requests to be contacted for information, he/she may provide us with his/her personal data such as first name, last name, e-mail address, phone number.
In addition, we inform users that different social platforms also collect personal data through the use of cookies as well as similar technologies, including cookies collected through social networks such as [Facebook, Instagram and YouTube], etc.
In some cases, for example, in relation to our Facebook page, it acts as a “Co-owner” together with Facebook of the processing of personal data. Therefore, we advise users to read the privacy policy of the social network Facebook to understand how Facebook processes and treats personal data.
Users can find the various personal data processing policies of the different social platforms Facebook, Instagram and YouTube.
USER POLICY
Users who connect to the social pages of RIGANELLI S.R.L. are required to observe the policies described below.
- the user must pay particular attention to the possibility of including, in his or her posts, data that may reveal, even indirectly, the identity of third parties. In this case he declares that he has personally taken care to request consent from the third parties themselves for dissemination;
- the user must be aware that the content of his messages and/or posts can be seen by the entire community. Therefore, RIGANELLI S.R.L. reserves the right to remove, even without notice, all posts considered inappropriate and not in accordance with this policy or current regulations;
- the user must be polite and courteous in his/her postings. The use of language that is inappropriate, detrimental to the image of our firm, discriminatory by sexual orientation, personal and social conditions, race, language, nationality is prohibited;
- the user must refrain from violations of copyright, privacy of persons or unauthorized use of registered trademarks;
- the user is prohibited from advertising other trademarks or logos on our pages;
- the user is prohibited from posting SPAM content that could harm other fans (viruses, malicious software, etc.) or legitimate owners.
WEBSITE.
The social pages of RIGANELLI S.R.L. [Facebook, Instagram and YouTube] may contain links related to sites owned always traceable to the Data Controller or to sites owned by third parties. This Privacy Policy does not apply to third party sites, so if you would like information about their data collection and distribution policies, we suggest that you contact them directly
TRANSFER OF DATA ABROAD
The data are stored and processed within the European Economic Area. With regard to the possible transfer of data to Third Countries outside the European Economic Area, the Data Controller makes it known that the transfer will take place according to one of the modalities allowed by Articles 44 et seq. of the GDPR, such as the adoption of Standard Clauses approved by the European Commission, the selection of entities adhering to international programs for the free movement of data or operating in countries considered safe by the European Commission, in compliance with Recommendations 01/2020 adopted on November 10, 2020 by the European Data Protection Committee. Alternatively, transfers may be necessary on the basis of one of the exemptions in Art. 49 GDPR, for example, with the informed consent of the data subject or to perform a contract concluded between the data subject and the Data Controller or pre-contractual measures taken at the request of the data subject, or a contract concluded between the Data Controller and another natural or legal person for the benefit of the data subject, or for important reasons of public interest or to ascertain, exercise or defend a right in court or, again, to protect the vital interests of the data subject or other persons where the data subject is physically or legally incapable of giving consent. You can obtain more information, upon request, regarding any transfers and related safeguards implemented, from the Data Controller
DIRITTO DEGLI INTERESSATI
Each subject has the right at any time to obtain confirmation of the existence or non-existence of the data and to know its content and origin, verify its accuracy or request its integration or update, or rectification (Art. 7 GDPR 2016/679); it is likewise the right of each user to revoke any consent previously granted for information or marketing purposes. Under the same article, one has the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their processing. The subjects to whom the personal data refer have the right, at any time, to obtain
- Confirmation or non-confirmation of the existence of the same data;
- To know the content of the same, as well as their origin
- Verifying their accuracy;
- To request their integration or updating or rectification (art. 7 GDPR 2016/679);
- The cancellation of the data or making them anonymous;
- Block the data as well as object, for legitimate reasons, to their processing.
Inquiries may be addressed via email to: info@riganelli.it
You have the right to file a petition with the Data Protection Authority.
DATA RETENTION
Regarding the storage of data on social pages, the Owner is required to follow the policies established by the Service Provider.
DATA PROCESSING NOTICE
RIGANELLI S.R.L. as data controller, provides the User who releases his data in the form on the “Contact” page, with the details of the information processed and stored by our company. This communication is made in accordance with the provisions of the GDPR2016/679.
- Art.1 Data Controller
Ownership of the processing of data acquired through this site, is in the Data Controller, RIGANELLI S.r.l., based in Corridonia (Mc) in Via delle Maestranze n. 24, P.I. 01428180432. - Art.2 Type of data processed
Pursuant to GDPR 2016/679, the data covered by this document, by way of example, but not
exhaustive,are qualified as “personal data” namely: first name, last name, email address; telephone number, IP Address, Cookies. - Art. 3 Purposes of processing
The data are processed and stored for the communication activity, to respond to any information requested by the user in the “Contact” sections and in the “Register” Form of the website https://www.riganelli.it/ and for the management of e-commerce. - Art. 4 Storage period
The RIGANELLI S.R.L. informs that these data are stored both in electronic and in paper mode at our headquarters. They are also kept for a maximum period of 1 year, in the case of non-starting of projects; however, by legal provision, the data are kept at our provider, located in an EU country, for the period of 6 years in accordance with Law 167/2017 – Data Retention. - Art. 5 Modes of processing
The term processing mode in this context describes the technical and organizational methods implemented by the Company to ensure appropriate and secure data management and storage. Data are processed electronically and on paper and are accessible to authorized personnel. Their electronic storage takes place at the server located at the registered office and at the server units of the provider where the domain is located; while in the case of paper-based management, storage takes place in the archive located i.e. at our office. - Art. 6 Communication and dissemination
Data are communicated to authorized internal personnel. No dissemination of the data is carried out. - Art. 7 Transfer of Data outside the EU of the European Economic Area.
Data are stored and processed within the European Economic Area. With regard to the possible transfer of data to Third Countries outside the European Economic Area, the Data Controller informs that the transfer will take place according to one of the modalities allowed by Articles 44 et seq. of the GDPR, such as the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free movement of data or operating in countries considered safe by the European Commission, in compliance with Recommendations 01/2020 adopted on November 10, 2020 by the European Data Protection Committee. Alternatively, transfers may be necessary on the basis of one of the exemptions in Art. 49 GDPR, for example, with the informed consent of the data subject or to perform a contract concluded between the data subject and the Data Controller or pre-contractual measures taken at the request of the data subject, or a contract concluded between the Data Controller and another natural or legal person for the benefit of the data subject, or for important reasons of public interest or to ascertain, exercise or defend a right in court or, again, to protect the vital interests of the data subject or other persons where the data subject is physically or legally incapable of giving consent. You can obtain more information, upon request, regarding any transfers and related safeguards implemented, from the Data Controller. - Article 8 Rights of the data subject
Data subjects may assert their rights and/or request information on the processing of their data, by contacting the Data Controller. The GDPR grants the data subject:
(a) the right to revoke the consent given, it being understood that revocation of consent does not affect the lawfulness of the processing based on the consent before revocation;
(b) the right of access, i.e., the possibility to obtain copies of personal data as well as to know: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients from third countries or international organizations; when possible, the expected storage period of the personal data or, if this is not possible, the criteria used to determine this period; the existence of the data subject’s right to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing the right to lodge a complaint with a supervisory authority; where the data are not collected from the data subject, all available information about their origin; the existence of an exclusively automated decision-making process, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the importance and the expected consequences of such processing for the data subject;
(c) the right to rectification and integration of inaccurate or outdated data;
(d) the right to their deletion, whenever the data are no longer necessary in relation to the purposes pursued, or if the data subject decides to revoke consent or objects to the processing and there is no other legal basis for their retention, or if the data are processed unlawfully, or must be deleted due to a legal obligation
(e) the right to restriction of processing if the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; if the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests that its use be restricted although the data controller no longer needs them for the purposes of processing, if the personal data are necessary for the data subject to establish, exercise or defend a right in court; if the data subject has objected to the processing, pending verification as to whether the data controller’s legitimate reasons prevail over those of the data subject. In cases of exercise of the rights referred to in (c), (d), and (e), the data subject shall have the right to know the recipients to whom the personal data have been transmitted and the right for the Data Controller to notify them of rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
f) the right to data portability, i.e. to receive in a structured, commonly used and machine-readable format the personal data concerning him/her, including the direct transfer of the same by the Controller to other Controllers, if the processing is carried out by automated means and is based on consent or contract;
(g) the right to object to the processing if the processing is based on the legitimate interest of the Data Controller, as already specified in Section 2 above;
h) the right to lodge a complaint before the competent Supervisory Authority (for Italy, the Garante per la protezione dei dati personali, https://www.garanteprivacy.it ).
For how to exercise your rights you may write to: info@riganelli.it - Art. 9 The right to data portability
Every data subject has the right to data portability, that is, the right to transfer his or her data from one electronic system to another. - Art. 10 The security of the data
The Data Controller and each designee shall implement the security measures deemed most appropriate to ensure security in data processing and storage activities.