PRIVACY POLICY

COMMUNICATIONS AND TRANSPARENT WAYS FOR THE DATA SUBJECT TO EXERCISE ITS RIGHTS 

The user is asked to read the following privacy policy carefully in compliance with art. 12, 13 and 14 (for personal data not obtained from the data subject but from other sources) of the European General Data Protection Regulation (GDPR), as amended, to fully understand why personal data are collected, how they are used and stored and to whom they are disclosed, in particular related to:

  • Website navigation data;
  • Website cookies;
  • Processing of client and supplier data

1. ABOUT US 

This information is provided by Giordano Riello International Group S.p.A. (hereinafter also Company) as Data Controller, holding company of the “Giordano Riello International Group”Group (hereinafter also Group).

2. SHARING INFORMATION 

Each Group company may have a legitimate interest to share the personal data of its clients and suppliers with other Group companies, also entering data in centralised databases.

The Company may also transfer the personal data to suppliers and third parties who perform certain services on its behalf, always in compliance with data processing agreements and, if required, based on user consent. The data will only be shared with and made available to those external service suppliers to the extent required to satisfy the purposes mentioned in this policy. The categories of external subjects that the Company could use to perform some of its activities are the following:

  • companies who provide banking and financial services;
  • external companies and/or consultants who perform instrumental activities (management, collection of economic and financial information, management of IT systems, insurance, management and protection of credit);
  • external companies and/or consultants for compliance with laws (firms of accountants, notaries, lawyers and labour consultants);
  • shippers;
  • public bodies (INPS [National Social Insurance Agency], INAIL [National Institute for Insurance against Accidents at Work], Provincial Labour Department, Tax Offices, etc.): authorised tax assistance centres;
  • pension and assistance funds, also private.

3. RIGHTS ESTABLISHED BY LAW 

The law guarantees a number of rights with regard to personal data. The company undertakes to protect personal data and respect the data privacy laws in force each time. Further information and suggestions on rights can be obtained from the National Personal Data Protection Authority.

  1. Right of information – The user has the right to receive clear, transparent and easily understandable information on how his/her personal data are being used and on his/her rights. That is why the information in this policy is being provided.
  2. Right of access – The user has the right to access his/her data (if those data are being processed) and other information (similar to what is provided in this privacy policy). The purpose is to enable the user to know and verify whether his/her personal data are used in compliance with the data privacy law.
  3. Right to rectification – The user has the right to have information corrected if it is incorrect or incomplete.
  4. Right of erasure – Also known as the “right to be forgotten”, in simple terms it allows the subject to request the erasure or removal of data where there is no valid reason to keep on using them. This is not a general right to erasure; there are exceptions.
  5. Right to restrict data processing – The user has the right to ‘block’ or restrict further use of information. When data processing is restricted, the company may however store the data but may not use them any more. The company stores lists of people who have requested the “blockage” of further use of their information to guarantee that said restriction is respected in the future.
  6. Right to the portability of data – The user has the right to obtain and reuse his/her personal data for his/her own purposes in different services. For example, should he/she decide to move to a new supplier, this right enables moving, copying or easily transferring data between the IT systems of the company and their systems securely and in a protected way, without compromising usability.
  7. Right to object to processing – The user has the right to object to processing for direct marketing purposes (only performed with prior consent) and to processing performed for purposes that protect legitimate company interests.
  8. Right to lodge complaints – The user has the right to lodge a complaint on how the company processes his/her personal data with the National Personal Data Protection Authority.
  9. Right to revoke consent – If the user has consented to any activity being performed with his/her personal data, he/she has the right to withdraw that consent at any time (though, in that case, that does not mean that what was carried out using the personal data with user consent until that moment was illegal). This includes the right to revoke consent to use personal data for marketing purposes.

For more information on how to exercise the rights, please write to: Giordano Riello International Group  S.p.a., 904/7 Via Roma, Bevilacqua – Verona, Italy.

4. WHICH PERSONAL DATA ARE COLLECTED AND HOW ARE THEY USED?

 What are personal data?

Personal data are the information that, directly or indirectly, enables identification of a user as an individual. “Directly” means, for example, name, surname and address; “indirectly” means when the data are processed together with other information.

4.1. Navigation Data

During normal operations, the IT systems and software procedures operating this website acquire certain personal data transmitted implicitly during the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but it may, by its very nature, through processing and association with data held by third parties, enable the identification of users. This data category includes IP addresses or domain names of computers used by users to connect to the website, URI addresses (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating response status given by the server (successful, error, etc.), time indications of the start and end of the session and other parameters related to the user’s operating system and IT environment.

Processing purposes and legal basis
These data are only used to obtain anonymous statistics on the use of the website and to check it is working correctly. The data could also be used to ascertain responsibility for IT offences against the website (legitimate interest of the Controller). 

Storage period

Data are normally stored for short periods of time, except for any extended periods connected to enquiries.

Providing data
The data are not provided by the data subject. They are acquired automatically by the website’s technological systems.

4.2 Cookies

Cookies are small text files that websites visited by users send to their devices, where they are memorised to be retransmitted to the same websites at the next visit. Cookies of so-called “third parties” are, however, set by a website other than the one being visited by the user. That is because each website can have elements (images, maps, sounds, specific links to web pages of other domains, etc.) residing on servers other than the one of the website visited.

Based on their duration, they are referred to as session cookies (temporary ones deleted automatically by the device at the end of the navigation session) and persistent cookies (that is those that remain memorised on the device until they expire or are deleted by the user).

Cookies are used for different purposes. First of all, they are used to transmit the communication or to provide the service requested by the user. More specifically, they enable the optimisation of website operations, the execution of computer authentications and the prevention of abuse, they allow to monitor sessions, improve the users’ navigation experience; for example, by maintaining the connection to reserved areas active during navigation through website pages with no need to login again with user id and password and memorising specific information concerning the users themselves (including preferences, type of browser and computer used).

Cookies can only be read or modified by the website that generated them. They cannot be used to recall any data from the user’s terminal and cannot transmit computer viruses. Some cookie functions can also be performed by other technologies. In this web privacy policy, the term “cookie” refers to cookies and all similar technologies.

Use of cookies in this Website
This Website may use both session and persistent cookies. The cookie types generated directly by this Website are “technical” cookies, used to:

  1. personalise the user interface (e.g. to record preferences expressed by the user, such as language and product catalogue);
  2. authenticate and manage a navigation session (for example, to identify and validate the user to access the Support Area);

“Third-Party” cookies
This Website does not allow transmission of third-party cookies to the user’s terminal.

Consent 
The cookies used by the Website do not require prior user consent. Access to the website and navigating it imply implicit consent to receiving the cookies. However, users can also decide not to receive the cookies, using the specific browser option.

4.3 Processing of client and supplier data

The data are processed to:

  • finalise contractual/professional agreements;
  • fulfil pre-contractual, contractual and fiscal obligations resulting from existing relations, and manage the communications connected to them;
  • fulfil obligations set forth by law, in a regulation, by Community regulations or an Authority order;
  • exercise a legitimate interest and a right of the Controller (for example: the right to legal defence, protection of credit positions, ordinary operational, management and accounting needs).

Processing purposes and legal basis Administrative and accounting (contract and legitimate interest).

Storage period Timing compatible with collection purposes.

Providing data Mandatory to come into contact with the Company.

5. LEGAL FOUNDATIONS FOR THE USE OF USER DATA 

In most cases, it is in the legitimate interest of the Company to collect and use personal data, as described in “Which personal data are collected and how they are used”, so as to provide the user with as useful a service as possible.

Personal data is processed using manual and IT instruments adopting logics strictly related to the purposes themselves, while guaranteeing the security and confidentiality of the data themselves.

6. REQUESTS TO THE COMPANY 

The Company is legally obliged to follow up on requests and provide information free of charge, except when the requests are manifestly unfounded or excessive (especially for their repetitive nature). In that case, the Company may charge a reasonable fee (considering the administrative costs needed to supply the information or the communications, or for the action requested) or refuse to follow up on the request.
Any request for information can be sent to the email: segreteria@riellointernational.com.

We kindly ask that you consider the request responsibly before sending it. The Company will answer as soon as possible. This usually happens within one month of receiving the request. If more time should be needed, the Company will contact and notify the user.

7. AMENDMENTS 

This policy has been in force since 15 June 2018. The Company reserves the right to amend or simply update its content, in whole or in part, also because of changes to the applicable laws. The Company kindly asks the Data Subject to visit this section regularly to see the most recent, updated version of the Policy and be constantly updated on the Personal Data collected and on how they are used by the company.

8. DEFINITIONS 


  • «Personal data»: any information concerning an identified or identifiable individual («Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • «processing»: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • «process controller»: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • «processor»: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • «recipient»: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • «third party»: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • «consent of data subject»: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • «personal data breach»: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • «supervisory authority»: an independent public Authority which is established by a Member State pursuant to Article 51;
  • «supervisory authority concerned»: means a supervisory Authority which is concerned by the processing of personal data because:
    1. the controller or processor is established on the territory of the Member State of that supervisory Authority;
    2. data subjects residing in the Member State of that supervisory Authority are substantially affected or likely to be substantially affected by the processing; or
    3. a complaint has been lodged with that supervisory Authority.