art. 13 of Regulation (EU) 2016/679
Dear Sirs, We would like to inform you that Regulation (EU) 2016/679 (GDPR) provides for the protection of persons with regard to the processing of personal data.
In accordance with the aforementioned law, such processing will be based on the principles of fairness, lawfulness and transparency, protecting both your confidentiality and your rights.
Pursuant to art. 13 of the above Regulation, we wish to provide you with the following information:
JOINT DATA CONTROLLERS
RHEA VENDORS GROUP S.p.A., with head office in via Via Trieste, 49 – 21042 Caronno Pertusella – Varese (VA), telephone: +39-02-966551, e-mail privacy@rheavendors.com, certified e-mail (PEC) rheavendorsgroup@legalmail.it
and its subsidiary companies
RHEA VENDORS INDUSTRIES S.p.A., with office in via Trieste, 49
21042 Caronno Pertusella – Varese (VA), telephone: +39-02-966551, e-mail privacy@rheavendors.com , certified e-mail (PEC) rvi-info@certimprese.it
RHEA VENDORS SERVICES S.p.A., with office in via viale 5 Giornate, 1405
21042 Caronno Pertusella – Varese (VA), telephone: +39-02-966551, e-mail privacy@rheavendors.com , certified e-mail (PEC) rvs-info@certimprese.it
(hereinafter: “Joint Data Controllers”).
DATA PROCESSED AND CATEGORIES OF DATA SUBJECTS
The term “Data” refers to the data of natural persons processed by the Joint Data Controllers for the performance of communication, information and promotional activities in favour of their respective customers and business contacts as specified below.
SCOPE OF DATA PROCESSING
The processing of personal data is carried out for the purposes set out below:
- use of the service requested following completion of the online form (i.e. request for contact, information, download of requested material).
Legal grounds for data processing
Execution of pre-contractual measures or of a contract to which you are a party – art. 6 (1)b of the GDPR.
Data storage period
Duration of the business relationship and, after termination, for the ordinary limitation period of 10 years.
- Promotion and direct marketing by the Joint Data Controllers, i.e., by way of example, sending – by automated contact methods (e-mail) – promotional and commercial communications, as well as carrying out market studies and statistical analyses.
Legal grounds for data processing and storage
In the case of Clients, the legal grounds for data processing is the legitimate interest of the Joint Data Controllers – art. 6 (1) lett. F) of the GDPR and art. 130.4 of the Privacy Code.
The data will be processed until you exercise your right to opt out, which can be exercised by clicking on the unsubscribe button at the bottom of the e-mail, or by contacting the Joint Data Controllers in the manner described below in the “Rights of the Data Subject” section.
Data on the details of promotional and commercial activities carried out will be stored for 5 years after the collection of each piece of data.
In the case of Prospects, the legal grounds for data processing is the consent of the data subject (optional, free and revocable at any time) – art. 6 (1) lett. a) GDPR.
Data will be processed until consent is withdrawn. Withdrawal of consent does not affect the lawfulness of data processing based on consent prior to withdrawal. Data on the details of promotional and commercial activities carried out will be stored for 5 years after the collection of each piece of data.
DATA PROCESSING CHARACTERISTICS
In order to carry out the above communication and generic marketing activities, the Joint Data Controllers will create a personal profile referring to you internally in their Centralised Management System (CRM).
Your possible request to opt-out with respect to generic marketing activities and/or the withdrawal of your previously given consent does not entail deletion of the aforementioned personal data profile from the CRM as well, unless you exercise your right to deletion in the manner provided for in this notice in the section “Rights of the data subject”.
When the above data storage period has expired, the data will be destroyed, deleted or anonymised, consistently with the technical deletion and backup procedures, and with the accountability needs of the Joint Data Controllers.
In particular, following your objection and/or your possible withdrawal of consent, the Joint Data Controllers will continue to process your Data in order to have evidence that you should no longer be sent any informative and promotional marketing material.
MANDATORY PROVISION OF DATA
Without prejudice to the above purposes for which your consent is required, please be informed that providing your e-mail address and other common data is necessary. Failure to provide this information will make it impossible to access the requested service, i.e., including but not limited to, replying to the contact request or downloading the requested material.
However, please note that consent is free, optional and always revocable. Failure to grant consent, where required in connection with a specific activity, will make it impossible to proceed with the indicated activity.
RECIPIENTS OF DATA
The data may be processed by external subjects acting as Data Controllers, such as, by way of example, Authorities and supervisory and control bodies and, in general, by subjects, including private subjects, entitled to request the data, Public Authorities that expressly request them from the Data Controllers, in accordance with the provisions of the applicable national and European legislation, as well as to persons, companies, associations or professional firms providing assistance and consultancy. In this case, the data will be processed, on behalf of the Joint Data Controllers, by the external entities designated as Data Processors pursuant to art. 28 of the GDPR, such as, by way of example:
- companies offering maintenance services for the website and information systems;
- companies performing database management and maintenance services for the Joint Data Controllers.
The complete list is available on request from the Joint Data Controllers by sending an e-mail to privacy@rheavendors.com
Personal data may also be processed by the employees of the corporate functions of the Joint Data Controllers appointed to pursue the above purposes, who have been explicitly authorised to process them, and who have received adequate operational instructions.
TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
Personal data may be transferred abroad to non-European countries, in compliance with the guarantees provided for in the GDPR, therefore only after verifying the presence of a decision of adequacy, or the adoption of Standard Contractual Clauses adopted/approved by the European Commission pursuant to art. 46 (2) lett. c) and d) of the GDPR or, in the absence thereof, by virtue of one of the exemption arrangements provided for in art. 49 of the GDPR.
OPPOSITION TO INFORMATION AND MARKETING ACTIVITIES OF JOINT DATA CONTROLLERS
You may at any time decide to stop receiving communications relating to the information and marketing activities of the Joint Data Controllers by clicking on the unsubscribe button at the bottom of each e-mail received. Alternatively, you may contact the Joint Data Controllers at any time by writing to privacy@rheavendors.com
OTHER RIGHTS OF THE DATA SUBJECT AND RIGHT TO COMPLAIN
By contacting the Joint Data Controllers by e-mail at privacy@rheavendors.com you may request their authorisation to access data concerning you, their deletion, the correction of inaccurate data, the integration of incomplete data, and the restriction of data processing.
If data processing is based on consent or contract and is carried out by automated devices, you may request the portability of your data and you will be entitled to receive them in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another Data Controller without hindrance.
You have the right to lodge a complaint with the competent supervisory authority in the Member State where you habitually reside or work, or in the State where the alleged infringement has occurred, or to bring an action before the competent courts.
Date of publication: October 2023