PRIVACY POLICY

 

Summary

1. Types of Data Processed

2. Legal Basis and Purpose of Processing

3. Methods and Place of Data Processing

   3.1 Methods

   3.2 Place

4. Retention Period

5. Details on the Processing of Personal Data

6. User Rights

7. Exercise of Rights and Complaints to the Privacy Authority

8. Additional Information on Data Processing

   8.1 Defense in Court

   8.2 System Logs and Maintenance

   8.3 Information Not Contained in This Policy

   8.4 Response to "Do Not Track" Requests

   8.5 Updates to This Privacy Policy

 

This notice is provided to users pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 of April 27, 2016 (hereinafter, "Privacy Regulation").

Specifically, Rossini S.p.A., headquartered in Rescaldina (MI), Viale Alcide De Gasperi 5 (hereinafter, "Company"), as the Data Controller (hereinafter, the "Company" or the "Controller"), informs users (hereinafter "Users" or, individually, the "User") of the website www.rossini-spa.it (the "Site"), that it will process their personal data collected through the Site in the manner and for the purposes described in this notice (hereinafter the "Notice").

This Privacy Notice applies exclusively to the Site and not to other websites owned by the Company or third parties that the User may access through links on the Site. If the User accesses another website, it is recommended to read the information regarding the processing of personal data applicable to that site.

 

1. Types of Data Processed

The Company will process the following types of personal data of Users who browse and interact with the web services of the Site, including name, surname, email, phone, various types of data, cookies, and usage data.

Personal data can be freely provided by the User or, in the case of usage data, automatically collected during browsing the Site.

Unless otherwise specified, all data requested by the Site are mandatory; if the User refuses to provide them, it may be impossible for the Site to provide the service. For this reason, if the Site indicates some data as optional, Users are free to abstain from communicating them without any consequence on the availability or operation of the service. The possible use of cookies or other tracking tools by the Site or the owners of third-party services used by the Site, unless otherwise specified, is aimed at providing the service requested by the User, in addition to other purposes described in this document and within the Cookie Policy.

If the User wishes to obtain more information, they can contact the Controller via email at privacy@rossini-spa.it.

 

2. Legal Basis and Purpose of Processing

The data collected during browsing will be processed, without the prior consent of the User, for the following purposes:

  1. To allow Users to browse the Site;
  2. To carry out necessary maintenance and technical assistance to ensure the proper functioning of the Site and related services;
  3. To inform the User, through the content of the Site, about the activities carried out; to improve the quality and structure of the Site by creating new services and functionalities;
  4. To obtain statistical information on the use of the services (most visited pages, number of visitors by time slot or daily, geographic areas of origin, etc.);
  5. For the purpose of displaying content from external platforms.

 

The legal basis for this processing is the legitimate interest of the Data Controller (Art. 6, para. 1, letter f of the GDPR).

Additionally, if the User has given consent for one or more specific purposes; if the processing is necessary for the execution of a contract with the User and/or for pre-contractual measures; if the processing is necessary to comply with a legal obligation to which the Controller is subject; if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

 

If the Controller intends to use the personal data collected for any other purpose incompatible with the purposes for which they were originally collected or authorized, the Controller will inform the User in advance, and the User may deny or revoke their consent.

It is always possible to request the Controller to clarify the legal basis of each specific processing and, in particular, to specify whether the processing is based on law, required by a contract, or necessary for the conclusion of a contract.

 

3. Methods and Place of Data Processing

3.1 Methods

User data processing is carried out through the collection, recording, storage, extraction, consultation, use, limitation, and deletion of data (Art. 4 of the GDPR).

Additionally, User data will be:

  • Processed in compliance with the principles of lawfulness, fairness, and transparency;
  • Collected for the purposes described above;
  • Adequate, relevant, and limited to what is necessary concerning the purposes for which they are processed;
  • Stored in a form that allows the identification of the User for a period not exceeding the achievement of the purposes;
  • Processed in a manner that ensures adequate security from the risk of destruction, loss, modification, disclosure, or unauthorized access through technical and organizational security measures.

The Controller adopts security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data. Processing is carried out using computer and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the Controller, in some cases, others involved in the organization (such as administrative, commercial, marketing personnel, legal advisors, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data, also appointed as Data Processors by the Controller.

The updated list of Data Processors can always be requested from the Controller at the following email address: privacy@rossini-spa.it.

 

3.2 Place

Data are processed at the operational offices of the Controller and in any other place where the parties involved in the processing are located. For further information, the Controller can be contacted at the following email address: privacy@rossini-spa.it. The User's personal data may be transferred to a country different from the one in which the User is located, and, in this case, the User has the right to obtain information regarding the legal basis for the transfer of their data to a non-EU country or to an international organization of public international law or constituted by two or more countries (e.g., the UN), as well as regarding the security measures adopted by the Controller to protect the data. If one of the transfers described above takes place, the User can refer to the respective sections of this document or request information from the Controller by contacting them at the following email address: privacy@rossini-spa.it or by mail to Rescaldina (MI), Viale Alcide De Gasperi 5.

 

4. Retention Period

Data are processed and stored for the entire duration of the browsing session and, following its termination, for any reason, for a period not exceeding 6 months, unless a different retention period is provided by law.

At the end of the retention period, personal data will be deleted, unless there are additional legitimate interests of the Company and/or legal obligations that necessitate their retention, subject to minimization.

Personal data collected for purposes related to the execution of a contract between the Controller and the User will be retained until the execution of that contract is completed; personal data collected for purposes attributable to the legitimate interest of the Controller will be retained until that interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.

When the processing is based on the User's consent, the Data Controller can retain the data until the consent is revoked. Furthermore, the Data Controller may be required to retain personal data for a longer period in compliance with a legal obligation or an order from an authority.
At the end of the retention period, all data will be deleted. Therefore, after this period, the right to access, deletion, rectification, and the right to data portability can no longer be exercised.

 

5. Details on the processing of personal data.

Personal data is collected using the following services:

  • Google Fonts (Google Ireland Limited): a font style display service managed by Google Ireland Limited that allows the Site to integrate such content within its pages. Personal data processed includes usage data and tracking tools; the location of the processing is Ireland;
  • Google Maps Widget: a service that allows content hosted on external platforms to be viewed directly from the pages of the Site and to interact with them. If a service of this type is installed, it is possible that even if Users do not use it, it collects traffic data related to the pages where it is installed;
  • Google Maps Widget (Google Ireland Limited): a map display service managed by Google Ireland Limited that allows such content to be integrated within its pages. The personal data collected includes cookies and usage data; the location of the processing is the USA;
  • YouTube Video Widget: a video content display service managed by Google Inc. that allows such content to be integrated within its pages. The personal data collected includes cookies and usage data; the location of the processing is the USA.

 

6. User rights

The User, in their capacity as an interested party, can exercise certain rights with reference to the data processed by the Data Controller. In particular, they have the right to:

a) Revoke consent at any time;

b) The “right to object,” i.e., the right to object, in whole or in part:

  1. To the processing of personal data carried out by the Data Controller for its own legitimate interest;
  2. To the processing of personal data carried out by the Data Controller for marketing or profiling purposes of the User;

c) The “right of access” specifically to obtain confirmation of the existence or otherwise of personal data concerning the User and their communication in an intelligible form, as well as to obtain the following information:

  1. The purposes and methods of processing the User's personal data (including the existence of automated decision-making processes, including profiling as referred to in Article 22, paragraphs 1 and 4 GDPR, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject), the categories of personal data processed, the origin of the personal data, the retention period of the personal data (if possible), or the criteria used to determine such period;
  2. The identification details of the Data Controller, processors, and the designated representative pursuant to Article 5, paragraph 2, letter e) GDPR, and in general of all the subjects or categories of subjects to whom the personal data have been or will be communicated within Italy, especially if there are recipients from third countries or international organizations (and in such cases, the User also has the right to be informed of the existence of adequate safeguards pursuant to Article 46 GDPR regarding the transfer);
  3. The existence of the User’s right, as an interested party, to request the Data Controller to rectify, delete, or limit the processing of personal data or to object to their processing;

b) The “right to rectification,” i.e., the right to request the rectification or, if they have an interest, the integration of personal data;

c) The “right to restriction of processing” i.e., the right to obtain from the Data Controller the restriction of processing in certain cases provided for under the Privacy Legislation;

d) The “right to erasure” (or “right to be forgotten”), i.e., the right to request the deletion or transformation into anonymous form of data processed in violation of the law, including data that does not need to be retained in relation to the purposes for which the data were collected or subsequently processed;

e) The “right to data portability” i.e., the right to receive (or to transmit directly to another Data Controller) personal data in a structured, commonly used, and machine-readable format;

f) The right to lodge a complaint with the Data Protection Authority (the “Privacy Authority”).

 

7. Methods of exercising rights and complaint to the Privacy Authority

The User can exercise their rights at any time in the following ways:

a) By sending a registered letter with return receipt to the Company's address in Rescaldina (MI), Via Alcide de Gasperi 5;

b) By sending an email to privacy@rossini-spa.it.

 

Additionally, the User, pursuant to the Privacy Legislation, has the right to lodge a complaint with the Privacy Authority. The complaint can be delivered by hand to the offices of the Privacy Authority (at the address indicated below) or by sending a registered letter with return receipt addressed to "Garante per la protezione dei dati personali", Piazza Venezia n. 11 - 00187 Rome; email to the address: garante@gpdp.it, or protocollo@pec.gpdp.it; fax: 06-696773785.

 

For more information, please consult the Privacy Authority's webpage http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

The User can also alternatively lodge a complaint with the supervisory authority of the EU member state, if different from Italy, where they usually reside or work. For more information, please consult the webpage https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

 

8. Additional information on data processing

8.1 Legal defense

The User's Personal Data may be used by the Data Controller in court or in the stages leading to possible legal action arising from improper use of the Site or the related services by the User. The User declares to be aware that the Data Controller may be required to disclose the data at the request of public authorities.

8.2 System logs and maintenance

For operational and maintenance purposes, this Site and any third-party services it uses may collect system logs, i.e., files that record interactions and may also contain personal data, such as the User's IP address.

8.3 Information not contained in this policy

Further information regarding the processing of personal data can be requested at any time from the Data Controller using the following contact details: Rescaldina (MI), Via Alcide de Gasperi 5; email privacy@rossini-spa.it.

8.4 Response to "Do Not Track" requests

This Site does not support "Do Not Track" requests. To find out if any third-party services used support them, the User should consult their respective privacy policies.

8.5 Updates to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time, which will be highlighted by updating the date on the Site.