PRIVACY POLICY PURSUANT TO

OF THE EUROPEAN REGULATION 2016/679 (GDPR) AND OF THE D.LGS 169/2003

1. Introduction

Ricasoli Group S.r.l. (hereinafter “Ricasoli Group” or the “Company”), is a company incorporated under Italian law mainly active in the service sector.

Ricasoli Group considers the protection of the personal data of its and/or potential customers to be of fundamental importance, ensuring that the processing of personal data, carried out in any manner, whether automated or manual, takes place in full compliance with the safeguards and rights recognized by the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (hereinafter the “Regulation”), by Legislative Decree no. Lgs 169/2003 as applicable and by further applicable rules on the protection of personal data.

This privacy policy (hereinafter the “Privacy Policy”) is intended to describe the management methods of the website referable to Ricasoli Group, in relation to the processing of the personal data of users / visitors of the website pursuant to the Regulations.

Ricasoli Group, strongly considering the applicable regulations on the subject, intends to ensure the protection and security in the processing of the personal data of each user or visitor, also in relation to internet accesses made from abroad, in accordance with the provisions of this Privacy Policy.

Unless otherwise specified and regulated by a specific privacy policy provided pursuant to article 13 of the Regulation, this Privacy Policy must be understood as a document aimed at providing specific information referred to in section 13 and 14 of the abovementioned Regulation to all those who find themselves interact with the Data Controller (see below) through the services offered by the company’s website.

It should be noted that this Privacy Policy is applicable exclusively to the site http://www.RicasoliGroup.com (hereinafter the “Website”) and does not refer to other websites that may be consulted by the user during his navigation by clicking on links and / or banners on the site.

2. Data controller

RICASOLI Group S.r.l. – with registered office in Via Senato 29 – 20121 Milan – C.F. and VAT number 08638750961 in the person of the actual legal representative, assumes the role of Data Controller (hereinafter “Data Controller”) according to the relevant definition in section 4 at point 7 of the Regulation, ” ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.

For the purposes of compliance with the aforementioned legislation on privacy, the Data Controller indicates the following e-mail address for the appropriate communications: [indicate]

Your data may be shared with:

  1. appointed personnel of Ricasoli Group and possibly its professionals who are committed to confidentiality or have an adequate legal obligation of confidentiality;
  2. subjects delegated and / or appointed by the Data Controller to carry out activities strictly related to the pursuit of the aforementioned purposes (including technical maintenance interventions on the systems), rightly appointed as data processors;
  3. people, companies or professional firms that provide assistance and support to the Data Controller, rightly appointed as data processors;
  4. subjects, bodies or authorities to whom the communication of your personal data is mandatory by virtue of legal provisions or orders of the competent authorities;

3. Type of data processed and purposes of the processing relating to navigation on the Website

The website http://www.RicasoliGroup.com offers informative and, sometimes, interactive contents. While browsing the website, information about the user can then be acquired in the following ways:

The computer systems and software procedures used to operate the Website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the site, the access time, the stay on the single page, the analysis of the internal path and other parameters relating to the operating system and the user’s IT environment
These technical / IT data are collected and used exclusively in an aggregate and non-identifying manner and could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

This is all the personal data freely released by the visitor on the Website, for example, to register and / or access a reserved area and / or fill out forms useful for requesting information on a specific product or service, write to an address e-mail or call (in VoIP mode) a toll-free number to have direct contact with customer service or administration.

In some cases, personal data may be processed for profiling purposes collected in the manner described above or by cookies (see, in this regard, the Cookie Policy [link or delete the sentence if cookies are not used])..

The processing of personal data will be conducted, electronically or manually, for the following purposes:

  1. activities connected with the obligations established by laws, regulations and community legislation as well as by provisions issued by authorities legitimated by the law and by supervisory and control bodies;
  2. profiling, marketing and promotional activities, market research.

4. Methods of data processing

The processing of personal data is carried out mainly using electronic procedures and media, without excluding manual processing, for the time strictly necessary, in accordance with Section 5 of the Regulation.

Personal data will be processed by the Data Controller limited to what is necessary for the pursuit of the main purpose. In particular, personal data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulation, i.e. until the termination of the contractual relationships in place between the data subject and the Data Controller without prejudice to a further period of conservation that may be imposed by law as also provided for by Recital 65 of the Regulation and art. 2220 of the Italian Civil Code.

Personal data is stored on servers located within the European Union. These servers are owned by Ricasoli Group and are managed by TUCOWS, INC. Tucows Domains Inc .. The website of the Guarantor for the protection of personal data provides information and assistance in relation to the rights recognized by the Privacy Code and related legislation (www.garanteprivacy.it).

In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.

Ricasoli Group uses your data to ensure an efficient response to the requests you have made. The provision of your data for this purpose is optional, but failure to provide them could make it impossible to provide the requested services. We also process your data to ensure compliance with legal obligations, regulations and community standards.
If you have expressly given us your consent – and after registering in the specific area – we will use your data to inform you about the latest news relating to Ricasoli Group S.r.l. as well as on training events promoted by the Company.

The storage of personal data will take place in paper and / or electronic form and for the time strictly necessary to pursue the indicated purposes.

With reference to the processing of data relating to the provision of the requested services, we inform you that we will process your data for the time strictly necessary to process your request.

In particular, we inform you that the data sent to individual professionals entered in the special registration form for sending newsletters will be kept by the Data Controller for a period of time not exceeding the achievement of the purposes referred to in this Notice and, in any case , not exceeding 24 months.

Finally, we remind you that, in order to comply with the anti-terrorism requirements introduced by art. 24 of Law 167/2017, which transposed the EU Directive 2017/541, we will keep the data relating to telematic traffic, excluding the contents of communications, for a period not exceeding 72 months from the date of communication.
Your personal data are processed by the indicated subjects, in accordance with the provisions of current legislation. In particular, to ensure the security of your data taking into account the state of the art and the implementation costs, as well as the nature, object, context and purposes of the processing, as well as the risk of varying probability and severity for rights and freedoms of our users, we have adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

5. Redirect to external sites

The Website could use the so-called social plug-in. Social plug-ins are special tools that allows to incorporate the features of the social network directly within the website (eg the “like” function of Facebook).

All social plug-ins on the Website are marked with the respective logo owned by the social network platform.

When you visit a page of the Website and interact with the plug-in (eg by clicking the “like” button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform ( in this case Facebook) and stored by it.

For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social network platform, as well as for the methods by which to exercise your rights, please consult the privacy policy of the individual social network.

6. Link to / from third party sites

From the Website it is possible to connect through specific links to other third party websites.
In this regard, in no way can Ricasoli Group be held responsible for any management of personal data by third party websites and for the management of authentication credentials provided by third parties.

7. Rights of interested partieS

As foreseen by section 15 of the Regulation, the interested party can access their personal data, request their correction and updating, if incomplete or incorrect, request their cancellation if the collection took place in violation of a law or regulation, as well as oppose to the processing for legitimate and specific reasons.

In particular, we list below all the rights that can be exercised, at any time, towards the Data Controller and / or the joint Data Controllers:

Right of access: the right, pursuant to Section 15, paragraph 1 of the Regulation, to obtain from the Data Controller confirmation that personal data is being processed or not and, in this case, to obtain access to such personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data in question;
  3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
  4. when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period;
  5. the existence of the right of the interested party to ask the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
  6. the right to lodge a complaint with a supervisory authority;
  7. if personal data are not collected from the data subject, all available information on their origin;
  8. the existence of an automated decision-making process, including profiling referred to in Section 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the interested party.

All this information can be found within this information which will always be available in the Privacy section of the Website.

Right of rectification: right to obtain, pursuant to Section 16 of the Regulation, the rectification of personal data that are inaccurate, taking into account the purposes of the processing; moreover, it is possible to obtain the integration of personal data that are incomplete, also by providing an additional declaration.

Right of cancellation: the right to obtain, pursuant to Section 17, paragraph 1 of the Regulation, the cancellation of personal data without undue delay and the Data Controller will have the obligation to cancel your personal data, if only one of the following reasons:

  1. the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  2. the person wants to have revoked the consent on which the processing of the personal data is based and there is no other legal basis for their processing;
  3. the interested party has opposed the processing pursuant to Section 21, paragraph 1 or 2 of the Regulation and there is no longer any legitimate overriding reason to proceed with the processing of personal data;
  4. the personal data have been unlawfully processed;
  5. it is necessary to delete personal data to fulfill a legal obligation provided for by a community regulation or internal law.

In some cases, as provided for by Section 17, paragraph 3 of the Regulation, the Data Controller is entitled not to delete your personal data if their processing is necessary, for example, to exercise the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.

Right to limit the processing: this is the right to obtain the limitation of processing, pursuant to Section 18 of the Regulation, in the event that one of the following hypotheses occurs, the interested party:

  1. has contested the accuracy of his personal data (the limitation will last for the period necessary for the Data Controller to verify the accuracy of such personal data);
  2. the processing is unlawful but you have opposed the cancellation of your personal data, requesting, instead, that its use be limited;
  3. although the Data Controller no longer needs it for the purposes of processing, the personal data are used to ascertain, exercise or defend a right in court;
  4. opposed the processing pursuant to Section 21, paragraph 1, of the Regulation and is awaiting verification of the possible prevalence of the Data Controller’s legitimate reasons with respect to his own.

In case of limitation of the processing, the personal data will be processed, except eg:

8. Changes to the Privacy Policy and updates

This Privacy Policy is applicable to the Website from its publishing.

This information was published in September 2020 and may be subject to changes over time. The eventual entry into force of new sector regulations, as well as the constant examination and updating of the general conditions of use of the Website, may result in the need to revise this document. It is therefore possible that this Privacy Policy may undergo changes over time and we therefore invite each user to periodically consult this page. It is understood as of now that any variation of the privacy information provided during the collection of personal data will be communicated to each interested party by the Data Controller in the manner identified by the latter.

COOKIE POLICY

Definition of cookies

Cookies are small text files sent to your computer. The Site uses the following cookies:

  1. Session cookies

The use of session cookies is strictly circumscribed to the transmission of session identifiers (web server generated random numbers), which are required for a secure and efficient surfing of the site. The session cookies used in this site do not rely on potentially harmful IT techniques and do not allow the gathering of the user’s personal details.

There are other technical cookies which are necessary for the proper operation of the website. Purpose of these cookies is to provide the services required by users and to grant them the best possible surfing experience. This type of cookies may not be disabled.

  1. Google Analytics Cookies

This website uses Google Analytics, a web analytics service provided by Google, Inc. («Google»). Google Analytics uses cookies (text files placed on your computer) to help the website analyze how users use the site. The information generated by the cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google (data controller) will use this information for the purpose of examining your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties, if required by the law or if such third parties process the information on behalf of Google. Google will not associate your IP-address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you may not be able to use the full functionality of this website.

How do you disable cookies?

Most browsers allow you to refuse/accept cookies. We set out below some practical information on how to disable cookies on the main browsers.

Chrome

  1. Click on “Settings”
  2. Click on “Clear on Browsing data”
  3. Click on “Select Cookies”
  4. Click on “Clear Data”

Mozilla Firefox

  1. Click on “Options”
  2. Click on “Privacy & Security”
  3. Click on “Clear History…”
  4. Click on “Expand Details”
  5. Select “Cookies”
  6. Click on “Clear now”

Internet Explorer

  1. Click on “Internet options”
  2. Click on “Delete”
  3. Select “Cookies”
  4. Click on “Delete”

Apple Safari

  1. Click on “Preferences”
  2. Click on “Privacy”
  3. Click on “Cookies and website data” and confirm