Privacy notice given in compliance with Regulation (EU) 2016/679 (below “GDPR”) and article 13 of Legislative Decree no. 196/20003 (Privacy Code) to users visiting Decorazioni Rivedil s.r.l. websites, accessible by the following addresses:

https://9q10.rivedil.com

By visiting the abovementioned websites, personal data relating to an identified or identifiable natural person (‘data subject’) can be treated.

CONTROLLER

Controller is Decorazioni Rivedil S.r.l., (Via prov.le Salice-Veglie, n.1, 73015 Salice Salentino – LE, Italy; e-mail: contactus@rivedil.it; certified e-mail: decorazionirivedilsrl@legalmail.it) in person of its legal representative Marco Codardo.

Controller is assisted by recipients to which the personal data are disclosed in order they to process such data for the purposes described at point 4 thereof, and by a System Administrator (ADS) for the lawful protection of personal data processed by information systems and databases.
For any request about your personal data please see point 6 thereof.
If you have any question or request about your personal data and/or your privacy protection, you can send at any time the Controller an e-mail (privacy@rivedil.it).

CATEGORIES OF DATA PROCESSED
Personal data are acquired by those information systems and software procedures allowing this website to perform its tasks, to the extent that is needed to attain the purposes set out at point 4 thereof, in compliance with articles 12 et seq. of the Reg. (EU) 2016/679.

Browsing data
Data collected are about user’s interaction with the website, statistics on most-visited pages, the date and time the website was accessed, technologies used for accessing, user’s origin and destination pages mainly.

Data provided by the user

When the user contacts the controller by filling a form on the website, personal data about his/her name and surname, current or permanent address, e-mail address, telephone number, VAT number will be collected, as well as any other information on personal data provided by the user himself/herself within the e-mail text.

When the user buys any product on the e-commerce platform and/or creates an his/her own User Account by registering on the platform Reserved Area, common and simple personal data will be collected (personal record, shipping address, contact information, bank details; username, user IP sessions, data generated by information sessions deriving from the account usage; information about visits to the e-commerce area, purchases, product orders; data relating to the order, eventual promotions or discounts applied).

Cookies and other tracking systems

Some information on personal data is automatically collected by cookies and technologies described at section “Cookies” thereof (articles from 9 to 13).

Lastly, data may be automatically collected by third-party cookies (YouTube, Facebook, Google+, Analytics), or by cookies required for user-consent memorization, on www.rivedil.com and https://9q10.rivedil.com/ websites.

HOW COLLECTED DATA ARE PROCESSED
Personal data are processed in compliance with the rule of reference, in particular for what is about any measure to ensure a level of security and privacy appropriate to the GDPR regulation (art. 32) in their processing by manual or automatized computer devices, according to a logic strictly related to the purposes described at point 4 thereof. Data processing may consist in the following operations: collection, registration, organization and storage, consultation, usage, elaboration, modification, selection, extraction, comparison, interconnection, transmission, communication, erasure, destruction, block, and limitation.

FOR WHAT PURPOSES COLLECTED DATA ARE PROCESSED
Access to offered products and services, and activities pertaining to the creation, manage, and progression of commercial and contractual relations;
Proper performance, management, maintenance, security and improvement of the website, the offered services, the e-commerce platform, and the information infrastructure;
Technical and commercial customer assistance (claims, withdrawals, personalized technical assistance);
Purchases on the e-commerce platform;
Business security and compliance to regulatory requirements;
Direct marketing, commercial and/or technical communication (Newsletter & dedicated emails).

Personal data processing consent:
Is mandatory when processing is indispensable to service provision – see point 4 thereof, from letter a) to f) – and when a withdrawal, although allowed, would prevent service access;
Is optional for promotional and profiling purposes – see letter f) above, point 11 et seq., and “Cookie” section. In this event, the withdrawal of consent will not affect service provision.

PERSONAL DATA TRANSFER
Data collected within the scope of service provision may be disclosed to:
Data processors pursuant to article 28 Reg (UE) 2016/679, which can be natural or legal persons with functions strictly connected to and instrumental for the offered services, i.e., storage, administrative, payment and billing service suppliers, companies related to Decorazioni Rivedil S.r.l. and/or affiliates providing technical components/assistance for service provisions like tintometry/technical assistance/marketing, natural/legal persons engaged to website maintenance, previously engaged to such data processing;
Controller in person of its legal representative, System Administrator, processors carrying out data processing on behalf of the controller;
Administrative and judicial agencies and authorities, by reason of regulatory requirements.
Personal data my be treated under your consent outside of the European Union by our suppliers/partners/distributors, that guarantee the lawful respect of the current privacy regulation. In no other case we transfer or sell personal data to third parties.

RIGHTS CONCERNING PERSONAL DATA PROCESSING

6.1 RIGHT OF ACCESS AND RIGHT TO WITHDRAW
At any time, you have the right to fully access, on request, to your data or to withdraw one or more consent, by sending an e-mail to the privacy@rivedil.it address (article 7 of the Personal Data Protection Code).
You can withdraw your consent to the processing of personal data for promotional/commercial purposes and communications sent by e-mail (Newsletter), by clicking on the “Unsubscribe” link which is included in every e-mail sent within the newsletter service itself.

6.2 RIGHT TO PERSONAL DATA PORTABILITY AND DELETION
To receive a copy of your personal data (takeout) or require data deletion, you can send an e-mail to the privacy@rivedil.it dedicated address.
Your personal data will be taken out within 30 days from the request or, where the process is particularly complex, within three months.
Data deletion will be made within the expected technical times and in accordance with the retention period, which is described at point 7 below.

6.3 EXERCISE YOUR RIGHTS

Any natural person has the right to:
obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case: access to the personal data and information specified in article 15 Reg (UE) 2016/679; know from which source personal data originate, for what purposes personal data are used, how they are treated;
obtain from the controller information about where the personal data processing is based and an updated list – including identification details – of processors and System Administrators authorized to process user’s personal data;
request any personal data to be updated, rectified, completed, erased, and data processing restricted where one of the conditions described in article 18 Reg (UE) 2016/679 applies, as well as personal data – including data for which storage is not necessary considering the purposes for what they have been collected and/or processed – anonymization or block, where the processing is unlawful;
totally or partially object, for justified reasons, to personal data processing, even though such data are relevant to the purposes of the collection, including processing to the extent that it is related to commercial information or advertising or direct selling or market research or commercial communication. Moreover, user has the right to withdraw his or her consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
receive the personal data concerning him or her – which he or she has provided consciously and actively, as well as while enjoying the service – in a structured, commonly used, and machine-readable format. Moreover, the user has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;
settle a claim to the Personal Data Protection Authority.
For any question or request related to your personal data processing or your privacy defense, you can send an e-mail to the privacy@rivedil.it dedicated address.

07) DATA RETENTION
Personal data retention will last as long as it is strictly necessary for the fulfilment of purposes described at point 4, in the lawful respect of your privacy and in compliance with the current regulation.
For analytical purposes, aiming at the development or improvement of the service provided, user’s personal data may be stored for 36 months.
For direct marketing and profiling purposes, we store your data for the maximum period allowed by appliable regulations (that is 24 and 12 months respectively).
Bills, accounting documents, and data relating to commercial transactions are being stored for 11 years, in accordance with the law (fiscal duties included).

Where the right to be forgotten is exercised by a request to the controller for erasure of personal data, such data will be stored, in a protected and limited-access way, for purposes relating to crime investigation and prosecution only. Data will be stored for a period not exceeding 12 months, since request acquisition; after that period, they will be securely erased or irreversibly anonymized.
Lastly, we are glad to remember that, for the same purposes, data relating to web traffic, with the exclusion of the contents of communications, will be stored for a period not exceeding 6 years since the date of communication, in compliance with article 24 of the Law no. 167/2017, which adopted the EU Directive no. 2017/541 on combating terrorism.

08) CHANGES TO THE PRIVACY POLICY

The current Privacy Policy may be modified in the course of time. In case of substantial changes to purposes and means of the processing of personal data by the controller, the latter will inform the user by publishing modifications on its website (“Privacy Policy”) or by other channels provided by the user, just like e-mail.