Disclosure pursuant to EU Regulation 2016/679 (“GDPR”)

The purpose of this document is to explain the ways in which RIVA DEI FRATI S.r.l. uses and manages the personal information of its Visitors/Final Customers that it comes into possession of, with the aim of fully implementing the current legislation aimed at protecting Privacy under the EU Regulation 2016/679 (“GDPR”). The following information refers to the website www.rivadeifrati.it .

WHAT TYPES OF DATA DO WE COLLECT?

When you use our services, you agree that our company collects some of your personal information. This page is intended to tell you what data we collect, why, and how we use it.

We deal with two types of data:

User-provideddata
If you are a private individual, when you register place or respond to an ad we ask you to provide us with some data address, email and password
When you buy a service on the site, according to the type of product purchased, we ask you to provide us with the following information: name, full address, tax code (for Italians), and phone number

Third Party Data
If you provide personal data of third parties, such as those of your family members or friends (particularly with the gift purchase mode) you must be sure that these individuals have been adequately informed and have consented to its processing in the manner described by this policy.

Data of minors
If you are under 18 years of age, you may not provide us with any personal information or register on rivadeifrati.it, and in any case we do not take responsibility for any false statements you provide.

data we collect automatically

We collect the following data through the services you use:
technical data: e.g. IP address, browser type, information about your computer, data about the current (approximate) location of the tool you are using;
data collected using cookies or similar technologies: for more information, please visit the “Cookies” section.
Your data is stored on a server in Italy (netsons).

1. HOW DO WE USE THE DATA COLLECTED?

We use the data collected to offer you our service, to inform you about our business activities, or to offer you a more personalized service.

1.1. To ensure access to and delivery of our services

We use them for communications related to service delivery
Such processing is necessary to properly deliver our services.
We also use your data to improve and implement the service, through the following treatments:
tracking of your current (approximate) Location to facilitate viewing events/experiences in your vicinity on the map posted on the site communications pertaining to services similar to those you use market research, and user satisfaction survey activities

Such processing is based on the legitimate interest of the Owner (see section 3.1) and you can object at any time.
The provision of personal data is required only for the processing necessary for the provision of services offered by rivadeifrati.it . In contrast, the provision of data is optional for promotional and profiling purposes

1.2. To inform you about our business activities

We use the data we collect, if you have expressly given us consent, to inform you about promotional activities that may be of interest to you by e-mail, by phone calls, newsletters, through our customer service in sales and after sales.
We also do data analysis such as tracking the number of emails opened, clicks made on links within the communication, the type of device used to read the communication and its operating system, or the list of unsubscribers to the newsletter.

1.3. For profiling purposes

We process the data collected, if you have expressly given us consent, to analyze your consumption habits or choices in order to offer you a service that is increasingly personalized and in line with your interests and to improve our commercial offerings.

2. WHO ARE THE SUBJECTS OF THE TREATMENT?

2.1. Data controller

The owner of the personal data is “RIVA DEI FRATI S.r.l.” in the person of Cesare Adami. The processing of data is carried out by the owner and/or specially authorized data processors, will always be aimed at ensuring the confidentiality and security of data in full compliance with the aforementioned Privacy regulations.

Data processor

The data controller à Andrea Modolo of the company Beeld, in charge of the management and operation of the technology platform rivadeifrati.it .

2.2. Persons to whom personal data may be disclosed

Personal data may be brought to the attention of the persons in charge of the processing and all those subjects to whom the communication is necessary for the correct fulfillment of the purposes indicated in point 1.1, 1.2 and 1.3 as well as to collaborators or external subjects, to whom RIVA DEI FRATI S.r.l. entrusts or may entrust certain functional activities for the consultation and/or management of the web platforms and related sites.
rivadeifrati.it is managed by the developer, Beeld by Andrea Modolo. He is in charge of managing reporting. The customer support we offer is in-house; therefore, it is not third parties, but always our own team. For analytics services, we use google analytics ; for mailing we rely on Mailchimp
Said entities will operate as autonomous data controllers. The user’s data may be disclosed to the Judicial, or administrative authorities or other public entity entitled to request them, in cases provided for by law.
Your personal data may be transferred outside the European Union for processing by some of our service providers. In this case, we ensure that this transfer is done in compliance with current legislation.
Under no circumstances do we give or sell personal data to third parties.

3. HOW CAN YOU DELETE YOUR DATA, CHANGE IT, OR GET A COPY?

You can, at any time, view your personal information in your restricted area. Log into your account and click the “Restricted Area” section. To export your personal information or request deletion, you can send a request to the email address info@rivadeifrati.it
Your personal data will be exported within 30 days. Deletion will be carried out within the prescribed technical timeframe and in accordance with the retention period made explicit in Section 5 below.
Any individual using our service can:

• exercise in your rights at any time by requesting information about the existence of your personal data, the origin of the data, the purposes and methods of processing, request the updating, rectification, integration, cancellation, restriction of data processing in case one of the conditions provided for in Article 18 of the GDPR is met, transformation into anonymous form or blocking of personal data, processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected and/or subsequently processed
• oppose, in whole or in part, for legitimate reasons, the processing of data, even if pertinent to the purpose of collection and the processing of personal data provided for the purposes of commercial information or sending advertising material or direct sales or for carrying out market research or commercial communication. Any user also has the right to revoke consent at any time without affecting the lawfulness of processing based on consent given before revocation
• To receive their personal data, provided knowingly and actively or through the use of the service, in a structured, commonly used, machine-readable format, and to transmit it to another data controller without hindrance
• Propose a complaint to the Italian Data Protection Authority

4. HOW AND FOR HOW LONG WILL YOUR DATA BE STORED?

Personal data will be stored in paper and/or electronic/computer form and for as long as is strictly necessary to fulfill the purposes mentioned in point 1, respecting your privacy and current regulations.
Your data will be kept for 11 years for tax purposes. For purposes of analysis directed at service development and improvement, the user’s personal data may be subject to the same retention period. For direct marketing and profiling purposes, we retain your data for a maximum period equal to that stipulated by applicable regulations (equal to 24 and 12 months, respectively).
In the case of exercising the right to be forgotten through a request for the express deletion of personal data processed by the owner, please note that such data will be retained, in a protected form and with limited access, solely for the purpose of investigating and prosecuting crimes, for a period not exceeding 12 months from the date of the request, and thereafter will be securely deleted or irreversibly anonymized.
Finally, we would like to remind you that for the same purposes, data related to telematic traffic, excluding in any case the contents of communications, will be kept for a period not exceeding 6 years from the date of communication, pursuant to Art. 24 of Law no. 167/2017, which transposed EU Directive 2017/541 on counterterrorism.

5. HOW DO WE ENSURE THE PROTECTION OF YOUR DATA?

The data are collected by the subjects indicated in point 3, according to the indications of the reference legislation, with particular regard to the security measures provided for by the GDPR (art. 32) for their processing by means of computer, manual and automated tools and with logics strictly related to the purposes indicated in point 1 and in any case in such a way as to guarantee the security and confidentiality of the data.
Data entered therein may be verified for the sole purpose of detecting illegal activity or content that does not comply with the General Conditions of Service, but will not be processed or disclosed for commercial or promotional purposes.

6.INFORMATION COOKIES

The use of cookies is of two types:
– Session cookies, which are not permanently stored on the user’s computer and are deleted when the browser is closed, and is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the Site. Specifically, we use session cookies for the following purposes:
-to allow the user to transport information through the pages of the Site and avoid the need for multiple entries.
-to compile anonymous statistics that allow us to understand how users use the Site and to improve the structure of the Site.
– Cookies suitable for auto-filling of forms with data provided by the user at a previous login . The session cookies used on this Site avoid the use of other computer techniques potentially detrimental to the privacy of users’ browsing and do not allow the acquisition of personal data identifying the user.

6.1. Commessions log

RIVA DEI FRATI S.r.l. stores technical data related to connections (logs) to allow the security checks required by Law and in order to improve the quality of the services offered and customize them in relation to the needs of users/visitors. RIVA DEI FRATI S.r.l. shall, in accordance with the relevant legal provisions in force, provide for the recording of log files. Such data do not allow for user identification except after a series of processing and interconnection operations, and necessarily through data provided by other providers. Operations that may be carried out exclusively at the request of the competent Judicial Authorities, authorized to do so by express legal provisions designed to prevent and/or repress crimes.

7. OTHER INFORMATION

Location

When you use the services of rivadeifrati.co.uk or its connected platforms with active location tracking, we may collect and process information about your current (approximate) location. This data is processed anonymously, in a format that does not personally identify the user, and used for the sole purpose of facilitating the use of certain location-based features of the service. You can enable/disable location services at any time by accessing your browser and/or device settings.

Changes

This policy may be subject to change. In case of substantial changes, the user will be notified.
Last updated: May 24, 2018