Information on the processing of personal data.
Articles 13 and 14 of EUROPEAN REGULATION No. 679/2016
Legislative Decree No. 196/2003 amended by Legislative Decree No. 101/2018

 

Dear Sir/Madam,

This policy describes how the website is managed with regard to the processing of personal data of users who consult it, as well as the data processing practices used by this website. In compliance with Articles 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of Regulation (EU) 2016/679 (hereinafter GDPR), the following information is provided to users of this website, which refers exclusively to the processing carried out through this website and not through other websites that may be visited via links from this website, for which we suggest you read the relevant information provided by the respective data controllers. This Website and any services offered through the Website are reserved for individuals who are at least 18 years of age. The Data Controller therefore does not process personal data relating to individuals under the age of 18. At the request of such Users, the Data Controller will promptly delete any personal data that has been unintentionally collected.

1. Data controller

The data controller is Fratelli Rossetti S.p.A., with registered office in Piazza Giovine Italia 3 - 20123 Milano, tax code and VAT number 10791930158, (hereinafter referred to as the ‘Controller’). The Data Controller reserves the right to appoint a web agency or consultant as Data Processor for the purposes of technical assistance, maintenance, technical management and similar activities relating to this Website. The contact details of the Data Processor may be provided upon request to the above addresses. The Data Controller and the Data Processor also process Users' data through their own internal staff, who are specifically designated and instructed to carry out the processing.

2. Category of data processed and sources of origin

  • Navigation data (the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access or exit was made, information on the pages visited by users within the site, the time of access, the time spent on each page, internal path analysis and other parameters relating to the user's operating system and IT environment. Such technical/IT data is collected and used exclusively in an aggregated and anonymous manner. This data is processed for the purpose of enabling and monitoring the correct use of this site, as well as to obtain anonymous statistical information on its use, and is deleted immediately after processing.
  • Cookies, for which we invite you to read our Cookie Policy
  • Data provided voluntarily by the user, including:
    • Common data (identification, personal, billing and similar data)
    • Only exceptionally special data (Art. 9 GDPR)
    • Only exceptionally criminal data (Art. 10 GDPR)

Sources: browsing, other websites, cookies and similar; user; public sources.

We may primarily process browsing data and cookies.

We may also process data provided voluntarily by the user, for example through the contact form or by sending an email, including common personal data (identification, personal details, billing and similar) and, exceptionally, special categories of data pursuant to Article 9 of the GDPR or criminal data pursuant to Article 10 of the GDPR within the strict limits in which this is made necessary by the request for information received and with the prior consent of the data subject.

The data may come from automatic sources or voluntary sources, as well as from public sources. For example, it may come from the user's browsing, which may carry information relating to previous consultations of other sites, including in particular cookies and other similar technologies. The data may also be provided voluntarily by the user or by persons related to them. Other data may come from public sources, such as those processed in the context of research and coming from surveys, public databases and the like.

3. Purpose of processing

The personal data of Website Users, as described above, will be processed in the manner and forms prescribed by the GDPR, for the performance of the Website's functions, with particular, but not exclusive, reference to the navigation of the pages and the procedures described therein for data collection, contact forms, any registration/access to the reserved area, subscription to the newsletter and the like. In particular, the personal data provided to the Data Controller will be processed for the following purposes:

  • to follow up on specific requests made to the Data Controller by the User through the Website and its communication tools (contact forms, information request forms and similar);
  • for communications of an informative nature relating to the services of the Data Controller itself, following a request for information via e-mail or by filling in the contact form and other communication tools;
  • for any registration for events organised by the Data Controller and other related activities (e.g. verification of participation, notices relating to any updates or changes to the event, etc.);
  • for other purposes ancillary or related to those indicated above and in any case falling within the scope of the Website's activities;

The processing of data provided in a generic manner will be carried out, including following automatic collection during navigation, for the sole purpose of verifying and controlling access to the Website. This also applies to technical cookies, understood as session, functionality or analytics cookies that meet the requirements specified by the Data Protection Authority. In particular, with regard to the latter, it is clarified that they can be assimilated to technical cookies where they are created and used directly by the Website. In any case, for these analytics cookies, the Website, also in accordance with the clarifications of the Data Protection Authority, has provided for the anonymisation of IP addresses and the amendment of data processing; the collection and use of the aforementioned navigation data (without prejudice to the anonymisation of IP addresses) allows the monitoring of the Website's performance and enables the improvement of the service offered, providing the User with a better browsing experience. Please refer to the specific Cookie Policy for further information.

4. Legal basis for processing

The processing of personal data is based on the fulfilment of contractual or pre-contractual obligations relating to the request made by the User (e.g. requests for information about the services provided by the Data Controller, requests for quotations, etc.), as well as, where necessary, on consent through the free and informed completion of the appropriate information fields in the form dedicated to the collection and provision of data and the ticking of the appropriate checkbox where provided.
It should be noted that the completion of the appropriate fields provided in the form for requesting information is inherent to the request itself and therefore entails the fulfilment of a pre-contractual or contractual obligation, depending on the context. Consent may be requested at a later date for the processing of additional data.
A specific privacy policy will be provided wherever necessary (different from this policy).
In any case, the processing is also based on legitimate interests, including the right to information, for which reference should be made to the following paragraph.

5. Legitimate interest of the Data Controller

The processing of personal data is also based on the legitimate interest of the Data Controller, such as the exercise of its rights in the context of the information society, the performance of contractual services and the implementation of direct marketing operations (in the manner, by the means and within the time limits provided for by law).

6. Mandatory provision

The provision of data relating to browsing by Users, for the purposes mentioned above, depends on the level of privacy that the User has enabled or disabled through their browser. In some cases, disabling this feature may affect browsing on this Website. For certain forms on this Website, the provision of browsing data and/or the use of technical cookies is mandatory for the proper functioning of the Website itself.

The provision of certain personal data is in any case necessary for the structure of the Website and its procedures. Any request for other optional data will be preceded by a specific approval check box. The provision of all other data is optional, depending on the type of information that the User wishes to provide to the Website.

Failure to provide the data necessary for the requested action (e.g., email account via the form for requesting information by this means) makes it impossible for the Data Controller to process the request.

PROVISIONS APPLICABLE TO ALL PROCESSING

In any case, even where the data subject has given consent to authorise the Data Controller to pursue all the purposes mentioned in the points above, they will remain free to withdraw it at any time.

We specifically and separately inform you, as required by Article 21 of the Regulation, that you have the right to object at any time to the processing of your personal data for the purposes mentioned above and that, if you object to the processing, your personal data may no longer be processed for those purposes.

7. Possible recipients of personal data

The data may be disclosed to companies connected, affiliated or controlled by the Data Controller, as well as to consultants, or even to third parties operating, including on behalf of the Data Controller, for the performance of services related to the purposes indicated in this policy, both within and outside the EU (in the latter case, only subjects complying with current regulations will be involved).

Browsing data and similar data (for which reference is made to the above), as well as profiling cookies, including those of third parties (for which reference is made to the Cookie Policy of this Website), will be disclosed to the respective third parties concerned, where they do not manage them directly as Data Controllers.

In any case, the data may be communicated to Data Processors, as well as to persons authorised to process the data and duly trained, always within the scope of the purposes of the processing.

For the sake of brevity, a detailed list of these figures is available at our headquarters.

8. Retention period

The data voluntarily provided by the Data Subject will be retained until expressly revoked by the Data Subject, including through action on their browser, clearing cookies, express request or other means. Browsing data will be stored, in accordance with the principle of proportionality, in a form that allows the identification of the data subject for a period of time not exceeding that necessary for the purposes for which it was collected or subsequently processed.

Personal data collected through customer support (e.g., support requests, complaints, communications via contact forms or email) will be retained for a maximum of 3 years from the final response to the request, in order to manage any disputes, protect the Data Controller in the event of disputes, and demonstrate proper fulfillment of contractual and pre-contractual obligations. This retention is based on the Data Controller's legitimate interest pursuant to Art. 6, paragraph 1, letter f) of the GDPR.

The above terms do not apply in cases where it is necessary to retain the data for a longer period of time in order to defend or assert a right or to comply with any legal obligations or orders from the Authorities.

9. Rights of the data subject

Each data subject has the right of access, rectification, erasure (to be forgotten), restriction, notification in the event of rectification, erasure or restriction, portability, objection and not to be subject to an automated individual decision, including profiling, pursuant to Articles 15 to 22 of the GDPR. These rights may be exercised in the forms and terms set out in Article 12 of the GDPR, by written communication sent to the Data Controller (see point 10).

The Data Controller will respond appropriately as soon as possible and in any case within one month of receiving the request.

10. Right to withdraw consent (How to exercise your rights)

You may withdraw your consent, where applicable, at any time and/or exercise your rights by sending:
- a registered letter with return receipt to the undersigned with an express request (see the address indicated on the letterhead);
- via e-mail at DPO@rossetti.it.

11. Complaints

Each Data Subject has the right to lodge a complaint pursuant to Articles 77 et seq. of the GDPR with a supervisory authority, which for the Italian State is identified as the Garante per la protezione dei dati personali (Italian Data Protection Authority). The forms, methods and terms for lodging complaints are provided for and governed by current national legislation. The complaint is without prejudice to administrative and judicial actions, which in Italy may be brought alternatively before the same Garante or the competent court.

12. Profiling

Personal data provided through browsing this website and any forms filled in on it may be subject to profiling by third-party providers through third-party cookies.

Profiling allows these third-party providers, independent data controllers of personal data for profiling purposes, other than the Data Controller of this website, to evaluate certain personal aspects of the Data Subject relating in particular to their preferences, interests and tastes with reference to the pages consulted and activities carried out, in order to allow these independent and different Data Controllers to offer the Data Subject a more specific service tailored to their needs.

For more information, please read the cookie policy.

13. Data Controller, DPO (Data Protection Officer), Data Processors/Authorised Persons, Persons in Charge of Processing

Below we provide you with some information that you need to be aware of, not only to comply with legal obligations, but also because transparency and fairness towards data subjects is a fundamental part of our business.

Data Controller. The Data Controller of your personal data is Fratelli Rossetti S.p.A., which is responsible for the legitimate and correct use of your personal data and which you can contact for any information at the e-mail address DPO@rossetti.it.

Data processors. The Data Controller has appointed CALICANTUS SRL as Data Processor, which is also responsible to you for the legitimate and correct use of your personal data and which you can contact for any information or requests by calling +39 0422 782890 or by filling in the following form.

Persons in charge/Authorised persons. The updated list of persons in charge/Authorised persons for processing is kept at the Data Controller's headquarters.

Data processors. For the sake of brevity, the detailed list of these figures is available at our headquarters.

14. Social media plug-ins

This website may contain plug-ins from certain social media platforms (e.g. Facebook). Social plug-ins are special tools that allow social network features to be incorporated directly into the website (e.g. the Facebook ‘Like’ button) and are marked with the logo of the respective social media platform. When you visit a page on this website and interact with the plug-in (e.g. by clicking the “Like” button) or decide to leave a comment, the corresponding information is transmitted from your browser directly to the social network platform (in this case Facebook) and stored there. For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social network platform, as well as the methods by which you can exercise your rights, please consult the social network's privacy policy.

15. Links to third-party websites

From this website, it is possible to connect to other third-party websites via specific links. The Data Controller declines all responsibility for the management of personal data by third-party websites and for the management of authentication credentials provided by third parties.

16. Cookies

Cookies are packets of information sent by a web server (e.g. the website) to the user's Internet browser, which are automatically stored on the computer and automatically sent back to the server each time the website is accessed. For information on the characteristics, types, methods of use and options for removing, deleting or disabling cookies on the website, please refer to the specific Cookie Policy.

The Data Controller

Fratelli Rossetti S.p.A.


To contact us

Fratelli Rossetti S.p.A. would appreciate receiving comments regarding this privacy policy.
Please contact us at the e-mail address DPO@rossetti.