of rexsafe.com website
Pursuant to articles 13 and 14 of Regulation EU 2016/679 (“GDPR” or “Regulation”), and in general in compliance with the principle of transparency provided for by said Regulation, RubiconEx s.r.l. (the “Company”) provides the following information regarding the processing of personal data.
1 DATA CONTROLLER
The data controller (i.e. the party that determines the purposes and means of processing of personal data, “Data Controller” or “Controller”) is RubiconEx s.r.l., with registered office in Lavis (TN), Via per Pressano 1, tax code and VAT no. 02113290221, certified e-mail address email@example.com, tel. +39 0461 245324 fax +39 0461 249670.
For contacts specifically regarding the protection of personal data and exercise of the rights referred to in paragraph 8 below, the following e-mail address is provided: firstname.lastname@example.org which can be contacted to address any requests.
2 PROCESSING PURPOSES
- The processing of personal data may have the following purposes:
- follow up on your contact request;
- promotion and sale of products and services through e-mail newsletters;
3 TYPE OF DATA PROCESSED
- name and surname;
- company details;
- telephone numbers;
- e-mail address;
4 LEGAL BASIS OF PROCESSING AND OBLIGATORY NATURE OF PROVISION
- As regards purpose 1) provision of data is optional, but the lack of contact data will prevent us from following up your request; the legal basis for processing such data is the adoption of pre-contractual measures (contact) at your request;
- as regards purpose 2) provision is optional and processing will take place only with your consent as a data subject, specifically provided for the indicated purpose; in case of failure to provide the data, or lack of the related consent, therefore, you will not be sent the newsletter and in general your data will not be processed in relation to the purpose referred to in this policy.
5 COLLECTION, PROCESSING METHODS AND RETENTION
The data is collected from the data subject, i.e. the data you will provide us with.
Processing will be carried out:
- through the use of manual and automated systems;
- by persons or categories authorised to perform the related tasks;
- with the use of appropriate measures to guarantee confidentiality of the data and to prevent its access by unauthorised third parties.
As regards purpose 2), in particular, also through automated e-mail transmission means.
Processing for purpose 1) will last for the time necessary to process your contact request and any subsequent negotiations.
Processing for purpose 2) may last until the consent is revoked, and in any case no later than two years from when the consent was expressed or renewed and, if there is a contractual relationship, from termination of the contractual relationship legitimising the transmission of communications relating to the direct sale of products or services similar to those already supplied by us, no later than two years from the last purchase.
There are no automated decision-making processes.
6 DATA COMMUNICATION
The data collected and processed may be communicated, exclusively for the purposes specified above, to:
employees, collaborators and suppliers of the Controller, within the scope of the related duties and/or contractual obligations related to execution of the contractual relationship with data subjects; the suppliers of the Data Controller may, by way of example, include communication and software companies.
7 PLACE OF DATA PROCESSING
The activity takes place in the territory of the European Union and there is no intention to transfer the data outside the territory of the European Union or to an international organisation.
8 RIGHTS OF DATA SUBJECTS
We remind you that the GDPR grants you the following rights of:
- access to personal data (you will therefore have the right to have information free of charge concerning the personal data held by the Controller and the related processing, and to obtain a copy in an accessible format);
- rectification of data (at your request, we will ensure the correction or integration of your incorrect or imprecise data – not the expression of evaluation elements – even if it has become such due to lack of updating);
- revocation of consent (if the processing is carried out by virtue of the consent provided by you, you can revoke the consent at any time, without prejudice to the lawfulness of processing made before the revocation);
- deletion of data (right to be forgotten) (for example, the data is no longer necessary for the purposes for which it was collected or processed; it has been unlawfully processed; it must be deleted to fulfil a legal obligation; you have revoked and there are no other legal grounds for processing; you object to processing);
- limitation to processing (in certain cases – dispute of the accuracy of the data, in the time necessary for verification, dispute of the lawfulness of processing with objection to deletion; need for use for your rights of defence, while it is no longer useful for processing purposes; if there is objection to processing, while the necessary verifications are carried out – the data will be stored in such a way as to be able to be restored but, in the meantime, not able to be consulted by the Controller, other than in relation to the validity of your request for limitation);
- objection in whole or in part to processing for legitimate reasons (under certain circumstances you can in any case object to the processing of your data, in particular, if the personal data is processed for direct marketing purposes, you have the right to object at any time to processing, including profiling, in so far as it is related to such direct marketing. If the personal data is processed for scientific or historical research purposes or for statistical purposes, for reasons related to your particular situation, you have the right to object to processing, unless the processing is necessary for the performance of a task of public interest);
- data portability (if the processing is based on consent or on a contract and is carried out by automated means, at your request, you will receive the personal data concerning you in a structured, commonly used format readable by an automatic device and may transmit it to another Data Controller, without impediments by the Data Controller who supplied it and, if technically feasible, may obtain that said transmission is performed directly by the latter);
- submission of a complaint to the supervisory authority (Authority for the protection of personal data – Privacy Authority ).