Who are we and what do we do with your personal data?
Ferretti S.p.A. with its office at Via Irma Bandiera 62, Cattolica (RN), Italy (hereinafter also the “Data Controller”), in its capacity as Data Controller, is concerned with protecting the privacy of your personal data and ensuring it is duly protected against all events that may expose it to the risk of a breach.
To this end, the Data Controller implements policies and practices for the collection and use of personal data and the exercise of the rights granted to you by applicable legislation. The Data Controller is responsible for updating the policies and practices adopted to protect personal data when it becomes necessary to do so and whenever there are legal and organisational changes that may affect the processing of your personal data.
The Data Controller has appointed a data protection officer (DPO) whom you may contact if you have questions regarding the processing of your personal data.
You may contact the DPO at the address firstname.lastname@example.org.
How does the Data Controller collect and process your data?
Personal information regarding you will be processed for:
- Browsing of the website www.rivaboutique.it
Your personal data, such as browsing data and your IP address, is processed to allow you to browse the website. They are used by the Data Controller to manage the website and collect information in aggregate form. Your personal data is primarily communicated to third parties and/or recipients whose activity is required to complete activities relating to the above purposes and to comply with certain legal obligations. Your consent will be required for all communication for purposes other than the above.
Your personal data will not be disseminated or divulged to unidentified parties in any way.
- Registration with the site www.rivaboutique.it
Your personal data, and specifically the data indicated in the registration form voluntarily submitted by you upon registration with the website, such as identifying personal data (name, surname, address, e-mail address and telephone number), is processed to fulfil your request to create a personal account that may be used to benefit from the services provided by the Data Controller through the website and to access the online portal.
It is also possible to register with the website via social login. If you decide to use this method, the social network, with your authorisation, will send the site your personal data (name, surname and e-mail address) required for your registration with and access to the site www.rivaboutique.it. To receive information regarding the use of the personal data processed when you use the social login method, please visit the websites of the social networks that apply this method. Below you will find the details of the third parties concerned, and alongside each of them a link to the page where you may obtain information regarding processing and, where provided for by law, grant or deny your consent:
Google account login: https://www.google.com/policies/privacy
Commercial promotion activity through subscription for the newsletter
If you subscribe for the newsletter, your personal data will be processed to offer you products and services in addition to those you have purchased, in some cases as improved or better suited to your needs, and also to send you advertising material.
Through the use of your data (such as your name, surname, e-mail and telephone number), promotional material may be sent to you by:
The processing in question may be performed if:
- you grant your consent to use your data, including in reference to methods of communication, whether traditional or automated, used for processing;
- you have not objected to processing and/or if, where appropriate, you have not specifically and separately objected to the transmission of communications via traditional methods and/or automated means.
- Creation of a profile to send you dedicated promotional messages
Your personal data is processed to create a personal profile of you on the basis of your consumption habits and preferences and to send you dedicated promotional messages. Such processing involves only the personal data indicated above, with your consent. Data processed for this purpose will not be communicated by the Data Controller in any way to third parties nor disseminated.
- Communication to third parties and recipients
Your data will not be communicated to third parties/recipients for their autonomous purposes unless:
- you grant your authorisation;
- it is necessary to discharge obligations under a contract or laws governing a contract (e.g., to protect your rights, etc.);
- the data is communicated to revenue authorities, to public supervisory authorities in respect of which the Data Controller is required to discharge specific obligations arising from the specific nature of its activity or to IT service providers.
- name, surname, address, e-mail address and telephone number;
- browsing data.
- IT security
Directly and through its providers (third parties and/or recipients), the Data Controller processes your personal, IT (i.e. logical accesses) or traffic data collected or obtained in the case of services presented on the website to the extent strictly necessary and proportionate to ensure the security and capacity of a network or servers connected to it to resist, with a given level of security, unforeseen events or unlawful, malicious acts that jeopardise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
To this end, the Data Controller implements procedures for managing personal data breaches.
What happens if you do not provide your data for registration with the website www.rivaboutique.com?
Personal data regarding you and identifying you is necessary to fulfil the request that you have submitted through the “register” section. If it is not provided, it will be impossible for the Data Controller to fulfil your requests.
What happens if you do not grant your consent to the processing of personal data for marketing purposes (direct marketing, market research and surveys, customer care and customer satisfaction) pursued by the Data Controller and to create your personal profile?
Your personal data will not be processed for these purposes. This does not entail any effect on the processing of your data for the purposes of browsing the website and registration, where you have so requested, for the related services, nor for processing for which you have already granted your consent.
Your consent for marketing purposes and the creation of your profile (profiling) is autonomous and independent, and you are free not to grant it, or to grant it for one or for both purposes, without any adverse consequences or effects.
If you grant your authorisation and then revoke it or object to processing for marketing and/or profiling purposes, your data will not be processed for marketing and profiling activities.
Where, how and for how long is your data kept?
Data regarding you is processed solely within the EEA (European Economic Area) using electronic means and instruments, i.e. electronic archives protected using security measures effective and adequate to preventing the risks of a breach, and manual means made available to persons acting under the authority of the Data Controller, authorised and trained for this purpose.
Personal data is retained for the time required to permit browsing of the website, to fulfil requests for registration with the site and to send communications of this exclusive nature made by the Data Controller in response to a request from you, and in any event until your request for deletion, unless events entail the intervention of the competent authorities, including in collaboration with the third parties/recipients tasked with IT security activity for the Data Controller’s data, to perform any investigations into the causes of the event and to protect the interests of the Data Controller with regard to any liability relating to use of the site and the related services.
Personal data processed by the Data Controller for marketing purposes (direct marketing, market research and surveys, customer care and customer satisfaction) will be retained for 24 months by the Data Controller unless, following the exercise of your data, you request that the data be deleted.
Data processed by the Data Controller for profiling purposes (creation of your profile) will be retained for a period of no more than 12 months from when it is collected, unless you revoke your consent and/or object to processing.
What are your rights?
The rights afforded to you allow you to monitor your data at all times, in a manner compatible with the time limits established above for the processing of personal data regarding you.
You have the following rights:
- limitation of processing;
- objection to processing;
Your rights are guaranteed without particular obligations or formalities for requesting the exercise of your rights, which is essentially free of charge.
Essentially, you may:
- obtain confirmation of the processing performed by the Data Controller;;
- access your personal data and be informed of the origin (where the data has not been obtained directly from you), purposes and aims of processing, the details of the parties to which your data is communicated, the retention period for your data or the criteria useful to determining the said period;
- update or rectify your personal data so that they are always correct and accurate;
- delete your personal data from the Data Controller’s databases and/or archives, including back-ups, where, inter alia, it is no longer necessary for the purposes of the processing or such processing is believed to be unlawful, provided that the legal conditions have been met; and, in any event, if processing is not justified by another equally legitimate reason;
- limit the processing of your personal data in some circumstances, for example where you have disputed its accuracy, for the period required by the Data Controller to verify its accuracy. You must also be informed, within an appropriate period, of when the suspension period ends, the cause of limitation of processing ceases to apply or the limitation is revoked;
- obtain your personal data, if received or processed by the Data Controller with your consent and/or if your data is processed on the basis of a contract and using automated instruments, in electronic format, including so that they may be transmitted to another data controller.
That Data Controller must see to the above without delay and, in any event, no later than one month from receipt of your request. This period may be extended by two months, where necessary, in view of the complexity and number of requests received by the Data Controller. In such cases, within one month of the receipt of your request the Data Controller will inform you and advise you of the reasons for the extension.
For all additional information and to submit your request, contact the Data Controller at the address www.rivaboutique.it
You have the right:
- to obtain a copy, including in electronic form, of the data to which you have requested access. If you should request additional copies, the Data Controller may charge you a reasonable fee to cover expenses;
- to have your data deleted, to limit processing, or to update or rectify your personal data, and also to have third parties/recipients comply with your request, where they receive your data, unless there are prevailing legitimate reasons that outweigh those that gave rise to your request (e.g., environmental surveys and containment of the risk caused by the emergency managed by the Data Controller through such surveys);
- to obtain all useful communications regarding the activities performed following the exercise of your rights without delay and in any event, within one month of your request, save for a justified extension of up to two months, which must be duly communicated.
For all additional information and to submit your request, contact Ferretti S.p.A. at the address www.rivaboutique.it
A With whom may you lodge a complaint?
Without prejudice to all other actions in an administrative or judicial venue, you may lodge a complaint with the competent supervisory authority or the authority discharging its duties and exercising its powers in Italy where you have your customary residence or work or in the Member State where the violation of Regulation (EU) No 2016/679 has occurred, where different.
Updating of documentation
All updates to this policy statement will be communicated to you promptly and through appropriate means. You will also be informed whether the Data Controller will process your data for purposes beyond those set out in this policy statement before such processing is undertaken and in time for you to grant your consent, where necessary.