Menu

CONTACT FORM PRIVACY POLICY

As required by current regulations (art. 13 General Data Protection Regulation, hereinafter also GDPR), Rosiglioni Impianti S.r.l. (hereinafter also referred to as “Data Controller” or “Company”), provides users who wish to contact the Company through the appropriate form on the website with information regarding the processing of their data.

WHO IS THE DATA CONTROLLER AND HOW CAN THEY BE CONTACTED

The Data Controller is Rosiglioni Impianti S.r.l. with registered office located in Rome, via G.Righelli, 76/78, VAT number: 05900461004

The Data Controller can be contacted through the email address info@rosiglioni.it or by phone at 06 8200 2732

WHAT DATA IS PROCESSED?

The data processed is that provided by the user through completion of the contact form.

WHAT ARE THE PURPOSES AND LEGAL BASES OF PROCESSING?

Personal data provided by the user through the appropriate form is used solely for the purpose of responding to the data subject’s request.

The legal bases for processing such data are therefore: the adoption of measures relating to pre-contractual relationships.

If expressly consented to, the data may also be processed for marketing purposes and, specifically, for sending advertising material and commercial communications about the controller’s activities and services through traditional means (such as telephone contact with an operator), as well as automated means (such as email, SMS and other types of messages, including DMs on social networks to which the user’s account refers when indicated). The legal basis for processing identifying data for the indicated marketing purpose is consent, which may be withdrawn at any time.

Should it become necessary, the data may also be used based on the controller’s legitimate interest to verify the security and proper functioning of the computer systems used and to carry out defensive activities or assert or defend a right in court.

HOW IS DATA MANAGED?

The collected data is processed using computer tools and paper methods, in compliance with the security obligations prescribed by current regulations to prevent data loss, illicit or incorrect use and unauthorized access.

Any consent given for marketing purposes, based on art. 130, paragraphs 1 and 2, of Legislative Decree 196/2003 (Privacy Code), implies receiving communications and promotional and commercial materials, not only through automated contact methods, but also through traditional methods, such as postal mail or calls through an operator.

Transfer of data abroad

The hosting used for the site involves a transfer of data to countries outside the EU (USA). For the email service used to manage information requests and for data management for marketing purposes – where authorized – the controller uses tools that involve the transfer of data abroad. The transfer takes place in compliance with current regulations according to the necessary guarantees (adequacy decision and standard contractual clauses).

Retention periods

Data will be retained for the time necessary to process requests.

In case of establishing a relationship, data will be retained for the time necessary to carry out activities related to its proper execution and according to the timeframes defined by legal obligations.

If consented to, data processed for marketing purposes will be retained for two years, without prejudice to the right of opposition that the data subject may exercise freely at any time and without any charge, even separately, for sending promotional communications through automated methods or through traditional means.

Any defensive needs are reserved, for which data may be retained even beyond the indicated terms.

WHO CAN ACCESS THE DATA?

Data will be processed by the Data Controller through authorized personnel. Data will be known by the IT companies that the controller uses for providing hosting services and email management, by companies that provide assistance and maintenance activities on the computer systems used and by the real estate intermediation agency that the controller uses. Data processed for marketing purposes may also be known by companies that provide email management tools, by consultants and by companies that provide communication and marketing services. Data will then be known by legal consultants for litigation management and legal assistance in case of any disputes for which their involvement becomes necessary and by competent Authorities in case of specific requests that the controller is required by law to follow up on. It is specified that some of the indicated subjects operate as data processors and that communication to those who operate as independent controllers is carried out because it is prescribed by legal obligations or necessary to carry out obligations arising from the contractual relationship or the controller’s legitimate interest consisting in maintaining the security of computer systems and carrying out defensive activities through legal consultants. Communication is however limited to only those categories of data whose transmission is necessary for carrying out the activities and purposes pursued. The data subject may request from the Data Controller the list of external subjects who carry out their activities as data processors.

WHAT HAPPENS IF DATA IS NOT PROVIDED?

Providing data is optional but, in its absence, it will not be possible for the controller to respond to requests made by the data subject.

WHAT ARE THE DATA SUBJECT’S RIGHTS?

The law recognizes the data subject’s right to request from the data controller access to personal data and rectification or erasure of the same or limitation of processing concerning them or to object to their processing, in addition to the right to data portability.

The data subject may exercise their rights at any time, without formalities, by contacting the controller through the indicated email address. The Data Controller will provide a response within 30 days of receiving the request, as required by current regulations.

The rights recognized by current regulations on personal data protection are detailed below.

  • The right of access, that is the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and in such case, to obtain access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right of the data subject to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
  • The right to rectification, that is the right to obtain from the controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • The right to erasure, that is the right to obtain from the controller the erasure of personal data concerning them without undue delay if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; c) the data subject objects to the processing carried out because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the purposes of the legitimate interests pursued and there are no overriding legitimate grounds for the processing, or objects to processing for direct marketing purposes; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; f) the personal data have been collected in relation to the offer of information society services to children. The erasure request cannot however be accepted if the processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; c) for reasons of public interest in the area of public health; d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise or defense of legal claims.
  • The right to restriction, that is the right to obtain that data be processed, except for storage, only with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State if: a) the data subject contests the accuracy of the personal data, for a period enabling the controller to verify the accuracy of such personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; d) the data subject has objected to processing carried out because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the purposes of the legitimate interest of the controller or of third parties, pending the verification as to whether the legitimate grounds of the controller override those of the data subject.
  • The right to data portability, that is the right to receive in a structured, commonly used and machine-readable format the personal data concerning them which they have provided to a controller and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as well as the right to have the personal data transmitted directly from one controller to another, where technically feasible, where the processing is based on consent or on a contract and the processing is carried out by automated means. This right shall be without prejudice to the right to erasure.
  • The right to object, that is the right of the data subject to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is carried out because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the purposes of the legitimate interests pursued by the controller or by a third party. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them which is carried out for such purposes, including profiling to the extent that it is related to such direct marketing.

The data subject is then informed that, should they believe that the processing of their personal data occurs in violation of what is provided by the GDPR, they have the right to lodge a complaint with the Supervisory Authority, as provided by art. 77 of the Regulation itself or to resort to the appropriate judicial venues (art. 79 of the Regulation).

ADDITIONAL INFORMATION

Additional information on data processing related to the website is contained in the website users privacy policy and in the cookie policy.