Privacy Policy - Rosiglioni Impianti

WEBSITE USER PRIVACY POLICY

As required by current legislation (Article 13 of the General Data Protection Regulation, hereinafter also GDPR), Rosiglioni Impianti S.r.l. (hereinafter also referred to as “Controller” or “Company”) provides users visiting the website https://www.rosiglioni.it with information regarding the processing of their data.

WHO IS THE CONTROLLER AND HOW CAN THEY BE CONTACTED?

The data controller is Rosiglioni Impianti S.r.l. with its registered office located in Rome, via G.Righelli, 76/78, VAT: 05900461004

The Controller can be contacted via email at info@rosiglioni.it or by phone at 06 8200 2732

WHAT DATA IS PROCESSED?

The data processed includes browsing data and data voluntarily provided by the user.

Data provided directly by the user

This category includes all personal data voluntarily provided by the user (for example, when requesting information using the phone numbers or email addresses indicated on the website). If the user decides to contact the Controller through the appropriate form on the site, they can find detailed information on the data processing by accessing the specific notice provided on the relevant pages.

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

These are information that are not collected to be associated with identified individuals, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.

Information acquired through cookies and other tracking systems

The site uses cookies. The specifics are contained in the cookie policy which can be consulted at any time.

WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?

Data provided directly by the user: purposes and legal bases

The personal data voluntarily provided by the user by contacting the Controller through the contact details on the site are used solely to fulfill the requests made.

The legal basis for processing such data is the execution of pre-contractual measures and obligations arising from the contract.

If necessary, the data may also be used for the Controller’s legitimate interest in verifying the security and proper functioning of the computer systems used and in carrying out defensive activities or asserting or defending a right in court.

The user can provide their data through the form on the site, where specific information is provided, which the user must review before providing the data, detailing all information on their processing.

Browsing data: purposes and legal bases

Browsing data is used for site security purposes and to check its proper functioning and may be used to ascertain responsibility in the event of potential cybercrimes against the website.

The legal basis for processing such data is the Controller’s legitimate interest and, in the case of requests from Authorities, the legal obligation.

HOW IS THE DATA MANAGED?

The collected data is processed using computer tools that ensure adequate security measures to prevent data loss, unlawful or incorrect use, and unauthorized access.

Transfer of data abroad

The hosting used for the site involves a transfer of data to non-EU countries (USA)

Retention periods

Data provided directly by the data subject is retained for the time strictly necessary to fulfill the requests and then deleted, except for defensive needs (which may require further retention).

WHAT HAPPENS IF DATA IS NOT PROVIDED?

Except for browsing data necessary to execute IT and telematic protocols, the provision of data by users through the various available methods is free and optional. However, failure to provide the data will make it impossible to respond to the requests made and to use the services of interest.

WHO CAN ACCESS THE DATA?

The data will be processed by the Controller through authorized personnel.

The data will be known by the companies used by the Controller for the provision of hosting services and additional services related to the site, by the companies providing assistance and maintenance of the systems used, by the company providing communication services, and by consultants for dispute management and legal assistance in the event of any disputes requiring their involvement. The data may also be known by the competent Authorities in case of specific requests which the Controller is legally obliged to comply with.

Additional third parties involved in the processing of data acquired through the forms on the site and through cookies and similar tools are listed in the specific detailed notices.

It should be noted that some of the indicated parties operate as data processors and that communication to those who operate as independent controllers is carried out because it is required by legal obligations or necessary to fulfill obligations arising from the contractual relationship or the Controller’s legitimate interest in maintaining the security of computer systems and in carrying out defensive activities through legal consultants.

Communication is, in any case, limited to only the categories of data whose transmission is necessary for the performance of the activities and purposes pursued.

The data subject may request from the Controller the list of external parties who carry out their activities as data processors.

WHAT ARE THE DATA SUBJECT’S RIGHTS?

The law grants the data subject the right to request from the data controller access to personal data and the rectification or erasure of the same or the restriction of processing concerning them or to object to their processing, as well as the right to data portability.

The data subject may exercise their rights at any time, without formalities, by contacting the Controller through the indicated email address. The Controller will respond within 30 days of receiving the request, as required by current legislation.

Below are detailed the rights recognized by current data protection legislation.

The right of access, i.e., the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and, if so, to access the personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
The right to rectification, i.e., the right to obtain from the data controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The right to erasure, i.e., the right to obtain from the data controller the erasure of personal data concerning them without undue delay if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; c) the data subject objects to the processing carried out because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the pursuit of the legitimate interest and there are no overriding legitimate grounds for the processing, or objects to processing for direct marketing purposes; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; f) the personal data have been collected in relation to the offer of information society services to minors. However, the request for erasure cannot be accepted if the processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; c) for reasons of public interest in the area of public health; d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise or defense of legal claims.
The right to restriction, i.e., the right to obtain that the data be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State if: a) the data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) although the data controller no longer needs the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise or defense of legal claims; d) the data subject has objected to processing carried out because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the pursuit of the legitimate interest of the data controller or third parties, pending the verification whether the legitimate grounds of the data controller override those of the data subject.
The right to data portability, i.e., the right to receive in a structured, commonly used and machine-readable format the personal data concerning them provided to the controller and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as well as the right to have the personal data transmitted directly from one controller to another, where technically feasible, if the processing is based on consent or on a contract and the processing is carried out by automated means. This right shall not adversely affect the right to erasure.
The right to object, i.e., the right of the data subject to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them carried out because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the pursuit of the legitimate interest of the data controller or third parties. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

The data subject is also informed that, if they believe that the processing of their personal data is carried out in violation of the GDPR, they have the right to lodge a complaint with the Data Protection Authority, as provided by Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).