Privacy Policy
Information pursuant in art.13 of Regulation (EU) 2016/679 (hereinafter GDPR)
In thanking you for providing us with your personal data, we provide you with the following information under the GDPR.
Object of the treatment and scope of application
The Owner treats the “personal data” (in particular, name, surname, tax code, VAT number, email address, telephone number – later, “personal data” or even “data”) communicated by the interested party when completing theinformation request form and / or when subscribing to the newsletter service offered by the Data Controller.
Personal data, pursuant to art. 2, 1st co. GDPR, are subjected to the treatment entirely or partially automated and to the non-automated treatment if contained in an archive or intended to be included.
Data controller
The “Owner” of the processing of personal data is REFLEXX S.p.A. Via Passeri, 2, Mantova – Italy – 46019 Viadana (MN), Italy, hereinafter referred to as the HOLDER of the TREATMENT. Following the consultation of the website www.reflexx.com, hereinafter referred to as the SITE, the “personal data” communicated by the interested party during registration to the website of the Data Controller and / or when subscribing to the newsletter service offered from the Owner, will be processed by the Owner in accordance with EU Regulation 2016/679. If treatment is to be carried out on behalf of the DATA CONTROLLER, the latter may designate a LIABILITY manager, pursuant to art. 28 GDPR, which will implement appropriate technical and organizational measures in such a way that the treatment meets the requirements of the GDPR and guarantees the protection of the rights of the data subject. The RESPONSIBLE may, pursuant to art. 28, 4th co., GDPR appointing SUB-RESPONSIBILITIES to perform specific treatment activities on behalf of the OWNER.
Purpose and legal basis of the processing
Personal data may be communicated to:
Employees or collaborators of the Data Controller who, acting under the direct authority of the latter, are appointed as managers or who are authorized to receive appropriate operational instructions for handling the files; the same will happen – by the Managers appointed by the Owner – towards the employees or collaborators of the Managers; the staff has been duly educated on the security of personal data and the right to privacy.
Data retention period
The data will be kept for two years from the completion of the information request form.
Rights of the interested party
The interested party, pursuant to art. 15 GDPR, has the right to obtain from the data controller confirmation that it is or is not undergoing treatment of personal data concerning him and in this case, to obtain access to personal data and the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
- whenever possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
- the existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
- the right to lodge a complaint with a supervisory authority;
- if the data are not collected from the data subject, all information available on their origin;
- the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for ‘interested.
Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the existence of adequate safeguards pursuant to Article 46 relating to the transfer.
Where applicable, the interested party has the rights set forth in articles 16 (Right of rectification), 17 (Right to be forgotten), 18 (Right to limitation of treatment), 19 (Obligation to notify in case of rectification or cancellation of personal data or limitation of processing), 20 (Right to the portability of data), 21 (Right of Opposition) of the GDPR, as well as the right of complaint to the competent Supervisory Authority.
Method of treatment
The processing of personal data will take place automatically or partially, or, if not automatically, personal data will be contained in an archive or intended to be included.
The treatments connected to the Web services on the SITE (physically resident on servers connected to the network) are carried out at the headquarters of the HOLDER of the TREATMENT and are only handled by employees and / or collaborators, or by persons in charge of occasional maintenance operations. No data deriving from navigation on the SITE is communicated or disclosed to third parties whose work is not inherent in the management, operation or control of the operations of the SITE itself.
Minors
1. In accordance with art. 8 GDPR, if Article 6 (1) (a) applies (“the data subject has given consent to the processing of their personal data for one or more specific purposes”), as regards the direct offer of services of the information society to minors, the processing of personal data of the minor is lawful where the minor is at least 16 years old. If the child is under the age of 16, such treatment is lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility.
Member States may establish by law a lower age for such purposes provided that they are not less than 13 years old.
2.The data controller shall make every reasonable effort to verify in such cases that consent is given or authorized by the holder of parental responsibility on the child, in consideration of the available technologies.
3. Paragraph 1 is without prejudice to the general provisions of contract law of the Member States, such as the rules on the validity, training or effectiveness of a contract with respect to a child.
Data transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Owner and / or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy. The data will not be transferred to outside the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for European Commission.
To exercise the rights listed above as provided for by the GDPR, the interested party must make a written request by registered letter a.r. Azienda.