Privacy Policy pursuant to art. 13 of the European General Data Protection Regulation 2016/679 (GDPR)

This Privacy Policy, pursuant to art. 13 of the European General Data Protection Regulation 2016/679 (hereafter the “Regulation”), is provided for the web site www.rdcom.com (hereafter the “Web Site”) as well as and for other web products and services offered by R&D Communication S.r.l. as Data Controller (hereafter Data Controller), with its registered office in Montorio, Verona, via dei castagni, n. 9, 37141, informs that personal data provided from the data subjects and collected through telematic channels will be processed according to the laws of the Regulation and the confidentiality obligations provided by the same, in particular in a lawful and fair manner, and in the general respect of the obligations of confidentiality on which the whole R&D Communication Srl. activity is based.

Below are the references of the controller:
– R&D Communication Srl, registered office Via dei castagni n.9, 37141 montorio Veronese (VR)

Contact e-mail: privacy@rdcom.com.

1. Processing – Definition

“Processing” of Personal Data means, in accordance with the Regulation, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Data Controller and Data Protection Officer (DPO).

The Data Controller is R&D Communication S.r.l., as previously indicated.
The Data Controller has also provided for the appointment of a Data Protection Officer (“DPO”), who can be contacted at the following e-mail address: dpo@rdcom.com.

3. Categories of Personal Data.

R&D Communication S.r.l. informs that the processed personal data are:
– Browsing data
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment. The data could be used, if available at the request of the competent authorities, also for the investigation of liability in case of hypothetical cyber crimes/offences against the site or third parties.
Browsing data is normally deleted after 60 days or stored in accordance with the applicable provisions of law.
– Data communicated by users
The web-site allows users to voluntarily provide personal information by, for example, registering for a contact form, requesting services, information or quotes, the optional, explicit and voluntary sending of electronic mail to the addresses indicated on the Site, etc. This Notice is therefore intended also for the Processing of Personal Data voluntarily provided through the Site.
Specific information notices will be displayed on the pages of the Garante’s websites that are used for providing certain services.

The Site allows users to voluntarily provide personal information through, for example, registration to contact form, request for services, information or estimates, the optional, explicit and voluntary sending of e-mail to the addresses indicated on the Site, etc. This Policy also covers the processing of Personal Data provided voluntarily through the Site.
– Third Parties Data communicated by users
In the use of some services of the Site you may experience a processing of Personal Data of third parties communicated by the user to R&D Communication S.r.l.. With reference to such eventualities, the user stands as the independent data processing controller, taking all the law obligations and responsibilities. In this regard, the user keep undamaged R&D Communication S.r.l. regarding to any dispute, claim, claim for compensation of the damage from the processing, etc. which should be received by third parties whose Personal Data has been processed through the use of the Site’s functions by the user and in violation of the personal data protection applicable law.
In any case, if the user provides or otherwise deals with Personal Data of third parties in the use of the Site, the user guarantees from now on – assuming any related and consequent responsibility – , that this particular case of processing is based on an appropriate legal basis, according to art. 6 of Regulation.
– Cookie.
Following the EU Directive on Electronic Communications and Provision 229 of 8th of May 2014 issued by the Data Protection Authority, the use of cookies to collect user data is allowed only with consent.
The Site (and other products and web services provided by R&D Communication Srl) use cookies and similar technologies to guarantee the correct functioning of the procedures and improve the experience of using online applications.
For this purpose, RdCom provides information about cookies on this Site and in other products and web services offered by R&D Communication Srl, availble for the User through a dedicated link on the Website or on the web page of time in time interested (https://www.rdcom.it/it/cookie-policy ).

4 Processing of Personal Data Subject-matters and Objectives.

Data Controller uses the personal data provided by the Data Subject for the following objectives:

(i) for the provision of the activity and / or services requested, and also for browsing the Site;

(ii) for marketing purposes for sending advertising material, or commercial communications relating to any promotional sales, also via SMS / MMS / VMS and / or e-mail from R&D or third parties, or for searches of market; according to the Provisions of the Data Protection Authority ” Guidelines on Marketing and against Spam – 4 July 2013 [2542348]”. If the user gives his consent to the receipt of information relating to promotional activities, including market research, of the Data Controller, such activities may be exercised, as required by current regulations, by postal service, telephone contacts by operator (“traditional methods”), sending e-mail, sms and using of social networks (“automated methods”). The user shall have the right to withdraw his or her consent previously issued by traditional or automated means at any time, pointing it out to the Data Controller without any formality by writing to privacy@rdcom.com. If, in any case, the user wishes to object to the data processing for the marketing purposes as indicated above, the user has the right to contact the Data Controller writing to privacy@rdcom.com, without prejudice to the legality of the processing based on the consent given before the withdrawal;

(iii) for the purpose of communicating to third parties, whose categories are identified below, to provide third parties commercial communications relating to any promotional sales, also via SMS / MMS / VMS and / or e- email.

(iv) to create user profiles in order to improve the relevance of our advertising messages, both on our site, and on other websites used by this site, as well as the use of other products and web services provided by R&D Communication Srl, also making use of profiling cookies – see, in this regard, the specific policy https://www.rdcom.it/it/cookie-policy;

(v) to accomplish any legal obligations or regulations, also European ones, or satisfy requests from the authorities;

(vi) for statistical purposes, without tracing the identity of the user;

(vii) to carry out direct marketing via e-mail for products and services similar to those requested by the user unless express refusal to receive such communications, which may be expressed at the time of requesting services or afterwards writing to privacy@rdcom.com;

The data processing takes place in accordance with the provisions of Legislative Decree 196/2003, “Privacy Code”, and Regulation (EU) 2016/679 “GDPR”, according to principles of correctness and lawfulness and in order to guarantee security and confidentiality. The data processing is also carried out with the aid of computerized and telematic tools, suitable for the management of the data itself.

The processing will be carried out both with manual and computerized or telematic or in any case automated instruments, according to logic strictly related to the organization and processing purposes indicated above and in any case in order to guarantee the security, integrity and confidentiality of the data, according to the organizational, physical and logical measures required by the applicable law, and in such a way to guarantee in any case the security and confidentiality of the processed user data.

5. Mandatory or optional nature of providing data and consequences of the refusal.

The collection of personal data is carried out for the purpose of providing the services requested by the data subjects, and according to data protection applicable law.

The Data Controller processes personal data only after express consent in a free, specific and informed manner by the data subject.
The Controller reports from time to time to the data subject the mandatory or optional nature of the personal data provided, marking the mandatory data with the asterisk (*) symbol. The data subject expresses each individual consent from time to time, by ticks that can be individually placed in special check-boxes during browsing and data confirmation.

Providing the data marked as mandatory (*) is necessary and indispensable for the provision of the activities and / or services requested and it will allow the Data Controller to provide to the data subjects the best assistance during browsing and subsequently, if necessary.
Consequently, if the data subject refuses to provide personal data, R&D Communication Srl will be unable to provide the services requested by the data subject.

While browsing the site, the Controller becomes aware of some data, such as for example IP address, time of access to the site, methods of access to the server, size of the file obtained in response, numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

These data can also be used by the competent Authorities to verify responsibility in the event of hypothetical computer crimes against the site or third parties.

The Controller may use “cookies”. Cookies are small text extensions saved by the browser in use on the user’s terminal that are intended to speed up the analysis of Internet traffic and make it easier for users to access the services provided by the site. Cookies may contain information relating to the user, collected and stored by the browser (Microsoft® Internet Explorer®, Mozilla® Firefox®, Google® Chrome ™, Apple® Safari®, etc.) used by the data subjects during browsing, such as for example preferences, tastes, interests, etc. The use of any data collected with the cookies generated by the Controller aims to offer the customer the best possible experience on the site.

Third-party cookies may also be used, with the purpose of tracing the services operation or customizing/modulating them according to the user’s tastes and preferences. The Controller will not be able to access these cookies, nor will be able to control them. The user may at any time disable and / or block the cookies present on the browser, activating the removal and blocking of cookies on the browser or device in use. Once the sending of cookies has been deactivated and / or blocked some services could not be usable or the access to certain areas of the web site or page may be limited.
Summarizing and specifying:

– The legal basis for the processing of Personal Data for the purposes referred to in point 4 (i) is art. 6, paragraph I, lett. b) of the Regulation (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”), as the processing is necessary for the provision of the services or for the reply of the data subject’s requests. The provision of Personal Data for these purposes is optional but not providing such data would make impossible to activate the services requested or to meet data subject’s requests;

– The legal basis of the processing of Personal Data for the marketing purposes referred to in points 4 (ii) and (iii) is based on the release of consent pursuant to art. 6, paragraph I, lett. a) (“[…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”);

– The legal basis for the processing of Personal Data for the purposes referred to in point 4 (iv) is based on the release of consent pursuant to art. 6, paragraph I, lett. a) (“[…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes “), which can be collected through specific check-boxes or the banner cookie, or on the legitimate interest of RdCom pursuant to art. 6, paragraph I, lett. f) (“[…] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”). The provision of Personal Data for these purposes is therefore entirely optional and does not affect the use of the services. The data subject has the right to object to the processing of Personal Data for marketing and profiling purposes writing to privacy@rdcom.com;

– The processing of Personal Data for the purposes referred to in point 4 (v) represents a legitimate treatment of personal data pursuant to art. 6 paragraph I, lett. c) of the Regulation (“[…] processing is necessary for compliance with a legal obligation to which the controller is subject”);
– The processing carried out for the purposes referred to in point 4 (vi) is not performed on personal data and therefore can be freely performed by RdCom;
– The processing of Personal Data for the purposes referred to in point 4 (vii) represents a legitimate processing pursuant to the data protection applicable law, which does not require consent. The data subject has the right to object to the processing for this purpose both when requesting the products and services available on the Site and during following communications by the Controller by writing to privacy@rdcom.com.

6. Data relating to telematic traffic

The Customer or the User who inserts or in any other way processes third parties Personal Data guarantees, assuming all related responsibilities, that he has previously provided third parties with the information pursuant to art. 13 of the Regulation and acquired the required Consent for Data Processing, pursuant to art. 7 of the GDPR.

Data referred to telephone numbers of recipients / users and Data concerning communications made by Customers will never be used by RdCom for purposes different from those permitted or assigned to third parties.

Personal data relating to telematic traffic are stored by RdCom for a period normally not exceeding 60 days (SMS) or 180 days (E-MAIL), without prejudice to the need to comply with the law obligations and longer storage times. (traffic information).

7. Subjects to whom the data can be communicated and scope of communication.

Personal data (also in the form of photographs and / or video recordings) can be communicated to subjects external to R&D Communication Srl connected to the previously stated purposes; merely by way of example and not exhaustive:

– persons, companies or professional offices that provide assistance and consultancy to the Controller at a technical level in the IT, system, cloud related to the provision of Services;

– persons, companies or professional offices that provide assistance and advice to the Controller in accounting, administrative, legal, tax, financial and debt recovery related matters regarding the provision of the Services;

– subjects, entities or authorities to whom the communication of the personal data of the data subjects is obligatory pursuant to legal provisions or orders of the authorities;

– third parties that operate by way of example in the commercial sectors of consumer goods, publishing, communications, finance and insurance, clothing, for the purpose of providing by these third parties their own commercial communications relating to any promotional sales, also via SMS / MMS / VMS and / or e-mail.

8. Rights of the Data Subjects.

The Data Subject has the right to exercise the rights pursuant to articles 15 and ss. of the GDPR, in particular:
1) to obtain confirmation as to whether or not personal data concerning him or her are being processed, as well as the logic and purposes on which the processing is based;
2) to obtain the erasure, transformation into anonymous form or blocking of data processed in violation of the law;
3) to obtain the update, the correction of inaccurate data or, if interested, the integration of incomplete data or the restriction of the data processing;
4) to obtain the certification that the operations referred to in points 2) and 3) have been noticed to subjects to whom the data have been communicated or made known, except if the provision of such information proves impossible or would involve a disproportionate effort;
5) to object, in whole or in part, for legitimate reasons, to the processing of personal data, even if pertinent to the purpose of the collection;
6) to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, as well as to have the personal data transmitted directly from one controller to another, where technically feasible (data portability);
7) to withdraw the consent at any time without prejudice the lawfulness of the processing based on the consent given before the withdrawal;
8) to make a complaint to a supervisory authority.
To exercise their rights, the data subjects may contact the Data Controller uding the addresses indicated; in particular requests should be addressed writing to the following address: privacy@rdcom.com.

9. Right of access by the data subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. The Data Controller provides a copy of the personal data being processed; in case of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

10. Notification of a personal data breach to the data subject (data breach)

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay. (Article 34 GDPR). Communication is not required if the data controller has implemented adequate technical and organizational protection measures or if the communication would involve disproportionate effort.

11. Transfer of Personal Data.

The data collected are stored on the R&D Communication Srl servers; these servers are located within the European Union. In any case, the controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures that the data will be transferred in compliance with the applicable data protection law, by signing the standard contractual clauses required by the European Commission, or to country assessed by adequacy Decisions adopted by the European Commission.

12. Personal Data Storage.

The Personal Data processed for the purpose referred to in section 3 (i) will be kept for the time strictly necessary to achieve those same purposes. In any case, since these are processings carried out for the provision of services, RdCom will process the Personal Data up to the time allowed by the Italian law for the legal protection of its interests (Art. 2946 of the Civil Code and subsequent amendments). The Personal Data processed for the purposes referred to in section 3 (ii), 3 (iii) and 3 (iv) will be processed until the consent is withdrawed. The Personal Data processed for the purposes referred to in section 3 (v) will be kept up to the time required by the specific obligation or applicable law. The Personal Data processed for the purpose referred to in section 3 (vii) will be processed up to the exercise of object to such processing. More information about the data retention period and the criteria used to determine this period can be requested by writing to the DPO at the following address: dpo@rdcom.com. In any case, RdCom has the right to store the Personal Data for the time allowed and admitted by Italian law for the legal protection of its interests (Article 2947 of the Civil Code).

13. References and contacts.

Data Controller:
R&D Communication S.r.l.- registered office in Montorio, Verona, Via dei Castagni, n. 9, 37141 – e-mail privacy@rdcom.com.