This document ("Privacy Policy") is intended to provide you with guidance regarding the processing of information, as specified below, that will be provided by you or otherwise available at our facility and that will be processed by us and/or other identified parties for the purposes set forth below. This Policy, in particular, is made pursuant to Regulation (EU) No. 679/2016 ("GDPR") and following national implementation regulations (jointly with the GDPR hereinafter "Applicable Legislation"). Specific policies may be presented on the website pages depending on special services or the processing of the data provided by the data subject and specific consents collected (where necessary).
1. Data Controller Identity and Contact Information
The Data Controller according to articles 4 and 24 of Regulation (EU) 2016/679 is F.G. 1936 S.R.L., VAT number 01430650679, Ph. (39) 0861 8879200, e-mail: info@rehash.it, represented by the temporary legal representative (hereinafter the "Controller").
2. Data Protection Officer ("DPO") Contact Information
The Controller does not carry out activities that require the appointment of a Data Protection Officer.
3. Purposes of the Processing and Legal Basis
The Personal Data provided will be processed in compliance with the conditions of lawfulness under Art. 6 of Regulation (EU) 2016/679 for the purposes specified below. Processing will be automated and manual, using methods and tools designed to ensure maximum security and confidentiality by persons specifically authorized to do so. In compliance with the provisions of Article 5 paragraph 1 point e) of Regulation (EU) 2016/679, the personal data collected will be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. The retention of the personal data provided depends on the purpose of the processing, as outlined below:
Purpose A)
1) Website browsing
LEGAL BASIS: Legitimate interest under article 6 point f) and Recital 47; processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. Activities strictly necessary for the operation of the website and the delivery of the browsing service on the platform. DATA RETENTION PERIOD: Until expiry of the browsing session. For navigation, see the cookie policy.
2) Application for events (events, sweepstakes, promotional campaigns, etc.) by filling out paper forms ·
LEGAL BASIS: contract (article 6, paragraph 1, point b GDPR), compliance with a legal obligation (article 6, paragraph 1, point c GDPR). DATA RETENTION PERIOD: the data provided will be retained for the whole duration of the event and for the next 10 years for administration purposes.
3) Any data collection form filled out for contacts ·
LEGAL BASIS: To take steps at the request of the data subject prior to entering into a contract. DATA RETENTION PERIOD: 1 year for contacts.
4) E-Commerce and administrative-accounting activities related (including registration/subscription to this website).
Processing necessary within a contract or to conclude a contract and related administrative and accounting activities prior to entering into a contract; any registration on this website in dedicated areas (application for events, sweepstakes, promotional campaigns, etc.); to provide the related services as required in the relevant contractual conditions and to enable the performance of all activities related to the execution of the contract and fulfillment of any related services and obligations. LEGAL BASIS: article 6 point b) GDPR: processing is necessary for the performance of a contract to which the data subject is party (e-commerce) or in order to take steps at the request of the data subject prior to entering into a contract. DATA RETENTION PERIOD: Until opt-out, erasure from the web platform, 10 years or as otherwise required by the law. Art. 2220 of Italian Civil Code.
5) Softspam
Commercial/promotional information activity, newsletters by e-mail to the e-mail address provided during the sale process, concerning the same type of product and/or service (Soft Spam) similar to the product/service being sold, under article 130, paragraph 4 of D.lgs. 196/03/(article 6 point f) Regulation (EU) 2016/679, unless opted out. To compare and possibly improve the results of communications, the Controller uses systems to send newsletters and promotional communications with reports. Thanks to the reports, the Controller will be able to know, for example: the number of readers, opens, unique "clickers" and clicks; The devices and operating systems used to read the communication; The detail on the activity of individual users; The details of sent emails, delivered and undelivered emails, and forwarded emails; All these data are used to compare and possibly improve the results of the communications. LEGAL BASIS: Legitimate interest - article 6 point f) and Recital 47; processing is necessary for the purposes of the legitimate interests pursued by the controller in maintaining their contacts with customers to continue their relationship, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject and article 130, paragraph 4 of D.lgs.196/03. DATA RETENTION PERIOD: Until opt-out.
Purpose B)
Direct Marketing Subject to your consent and until your opt-out for the Controller's direct marketing activities, market research, direct sales, satisfaction surveys, newsletters and promotional, commercial and advertising material or about events and initiatives sent by the Controller using automated means such as e-mail, telefax, SMS, MMS or other types of messages, as well as by operator phone calls, including automated, plus paper mail and other information materials. To compare and possibly improve the results of communications, the Controller uses systems to send newsletters and promotional communications with reports. Thanks to the reports, the Controller will be able to know, for example: the number of readers, opens, unique "clickers" and clicks; The devices and operating systems used to read the communication; The detail on the activity of individual users; The details of sent emails, delivered and undelivered emails, and forwarded emails. All these data are used to compare and possibly improve the results of the communications. LEGAL BASIS: Consent article 6 par. 1 point a): the data subject has given consent to the processing of his or her personal data for one or more specific purposes. DATA RETENTION PERIOD: Until opt-out.
Purpose C)
Profilazione User profiling based on preferences, personal interests, purchasing habits, location, etc. in order to send marketing materials appealing to the user. · LEGAL BASIS: Consent article 6 point a); the data subject has given consent to the processing of his or her personal data for one or more specific purposes. DATA RETENTION PERIOD: 1 year (or until user's opt-out if earlier)
4. Nature of Data Provision and Refusal
Except as specified for navigation data (which are necessary to enable website navigation), the user is free to provide their personal data. Data provision is either optional or necessary depending on the specific purpose for which data are processed. Failure to provide data for the above-mentioned purpose will result in the inability to obtain what was requested or to use the data controller's services.
5. Categories of Personal Data Processed
"Personal Data" are any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30). Within the limits of the purposes and methods described in this Policy, information that can be considered as "Personal Data" may be processed, which includes your personal details, contact information (such as, for example, cell phone number, e-mail address, IP address, cookies, etc.). Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific explanatory texts displayed before the data are collected. Any use of Cookies (or other tracking tools) by this website or the owners of third-party services used by this website, unless otherwise specified, is intended for providing the service requested by the User, in addition to any other purposes described in this document and in the cookie policy.
5.1 Browsing Data
During normal operation, the computer systems and software procedures responsible for the operation of this website will acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the date and time of the request, the method used for submitting the request, the size of the response file, the numerical code indicating the status of the response given by the server, and other parameters related to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information about the use of the website and to monitor its proper operation, and are deleted immediately after processing. The data may be used only by the Judicial Authority to ascertain responsibility in case of hypothetical computer crimes against the website.
5.2 Data Voluntarily Provided by the User
Sending optional, explicit and voluntary e-mails to the addresses indicated on this website, or filling out forms, causes the sender's address necessary respond to requests, as well as any other personal data entered voluntarily by the User, to be acquired. The user shall be responsible for any Third-Party Personal Data obtained, published or shared via this website and shall guarantee they are entitled to communicate or disclose them, while releasing the Controller from any liability towards third parties.
5.3 Social Media Redirect Plug-Ins
During website navigation, so-called social plug-ins may be used. Social plug-ins are special tools that allow social media features to be embedded directly within the Website (e.g., Facebook's "like" feature). All social plug-ins on the Website are marked with their own logo owned by the respective social media platform. When you visit a page on the Website and interact with the plug-in (e.g., by clicking on the "like" button) or decide to leave a comment, the corresponding information is transmitted from your browser directly to the social media platform (in this case, Facebook) and stored by it. For information about the purpose, type and method of collection, processing, use and storage of personal data by the social media platform, as well as how to exercise your rights, please refer to the privacy policy of the relevant social media..
6. Recipients and Categories of Recipients
Personal data will not be disseminated, meaning that they will not be disclosed to unspecified parties. Instead, they may be communicated to well-defined parties in compliance with legal requirements for purposes strictly related to those specified above. Any access to your personal data is limited to individuals authorized by the Controller. Communications to the identified recipients, only if involved and functional, is related to the achievement of the purposes mentioned in point 3 above, so the personal data collected and processed may be:
a) Used anonymously for statistical purposes;
b) Made available to the Controller's employees, in their capacity as Data Processors or individuals authorized to process personal data;
c) Disclosed to third persons, either natural or legal, public administrations, professionals, law enforcement agencies, government agencies, regulatory bodies, courts or other public authorities authorized by law;
d) Parties who provide information system and communication network management services, including e-mail, newsletters and website management;
e) Firms or Companies providing assistance and consulting;
f) If necessary, transferred to another Data Controller in accordance with the GDPR, including about the right to data portability. In addition, the information may be disclosed whenever communication may be necessary to comply with requests from the Judicial or Public Security Authorities.
The data collected will not be disseminated under any circumstances. The list of Personal Data Processors is available at the Data Controller's premises.
7. Transfer of Data Abroad
Data will not be transferred outside the European Union.
8. Data Processing Methods
The processing of Personal Data will be carried out using manual, computerized or online means capable of guaranteeing their security and confidentiality, by duly trained staff in compliance with the Applicable Legislation. There is no automated decision-making process. In some cases, in addition to the Controller other subjects involved in the organization of this Website (administrative, sales, marketing, legal staff, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) who may also be appointed, if necessary, as Data Processors by the Controller, may have access to the Data. In addition to the cases when it is necessary to contact you to manage your position, if you consent to the processing of your data for the purposes referred to in Section 3 point b), you may be contacted by e-mail, newsletter, text message, instant messaging systems or through any equivalent electronic means, or by paper mail or operator call to any of the contact details provided. If you prefer to be contacted only at one or some of these addresses, you may file an express written request addressed without formality to the Controller.
8.1 Defense in Court
The User's Personal Data may be used by the Controller in legal proceedings or in the preparatory stages of any proceeding to be initiated for defense against abuse in the use of this website or related services by the User. The User declares that they are aware that the Data Controller may be obliged to disclose the Data by order of public authorities.
8.2 Specific Information
At the User's request, in addition to the information contained in this privacy policy, this website may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.
8.3 System and Maintenance Logs
For operation and maintenance purposes, this website and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User's IP address.
8.4 Information not Included in this Policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
8.5 Response to "Do Not Track" Requests
This website does not support "Do Not Track" requests. To check whether any third-party services used support them, read their respective privacy policies.
8.6 Changes to this Privacy Policy
The Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page and, if possible, by sending a notification to the Users through one of the contact details held by the Controller. Therefore, please check this page regularly, referring to the date of last change at the bottom. If the changes affect processing whose legal basis is consent, the Controller will re-collect the User's consent, if necessary.
9. Your Rights
We inform you that you may exercise the rights recognized by the Applicable Legislation including, but not limited to, the right to:
a) Access your Personal Data and know their source, the purposes of processing, the data of the subjects to whom they are disclosed, the period of data retention or the criteria used to determine that period (article15);
b) Ask for rectification (article16);
c) Erasure ("be forgotten") of personal data if no longer necessary, incomplete, wrong or collected in violation of the law (article17);
d) Request that the processing be restricted to some of the information about you (article18);
e) Receive the personal data concerning you in a structured format and transmit those data (so called "portability") or any data you provided voluntarily to you or any third parties specified by you, where technically feasible (article 20);
f) To object to processing of personal data based on legitimate interest (article 21);
g) As well as to withdraw your consent at any time, in the event that it served as the basis of the processing (however, withdrawing consent does not affect the lawfulness of the consent-based processing carried out prior to withdrawal).
The rights above may be exercised by means of a written request addressed without formalities to the Controller, using the contacts specified in point 1. The Controller shall do so without delay and, in any case, no later than one month after receipt of the request. This deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, within one month of receiving your request, the Controller will inform you and make you aware of the reasons for the extension. Please remember that if you were not satisfied with the response to your requests, you may refer to and lodge a complaint with the Personal Data Protection Authority (http://www.garanteprivacy.it/) as provided for in the Applicable Legislation.
10. Privacy Policy Amendment
The Controller reserves the right, ai their sole discretion, to change, modify, add or remove any part of this Privacy Policy at any time. To make it easier to check any changes made, the policy will specify the date when it was updated.
Updated on: May 16, 2022