RdCom’s Privacy & Antispam Policy

The European Regulation n. 2016/679 regarding the protection of personal data (hereinafter the “Privacy Regulation or EU Regulation”) and the Legislative Decree 30 June 2003 n. 196, as amended by Legislative Decree 101/2018 “Code regarding the protection of personal data” (hereinafter the “Code”) ordered the right to the protection of personal data and its processing in compliance with the fundamental rights and freedoms, as well as the dignity of the interested party, with particular reference to confidentiality and security, personal identity and the right of personal data protection.

This information, prepared in accordance with the art. 13 of EU Regulation no. 2016/679 (hereinafter “Regulation”) is to be understood as rendered for the site https://rdcom.com (hereinafter “The Site”), as well as for other products and web services offered by R&D Communication S.r.l, as Controller of the Processing (hereinafter, “Controller” or also “RdCom”).

R&D Communication S.r.l. with its registered office in Montorio, Verona, via dei Castagni, n. 9, 37141, makes it known that the personal data provided by the interested party and collected through the electronic channels will be processed according to the legislative provisions of the Regulation and the confidentiality obligations provided by the same processing, in particular in a lawful and correct manner, as well as in the general compliance with the confidentiality obligations, which inspire all the assistance of R&D Communication S.r.l.
Below are the details of the data controller:

– R&D Communication S.r.l., with registered office Via dei Castagni n. 9, 37141 Montorio Veronese (VR) – Contact email: privacy@rdcom.com

1. Processing – Definition

“Processing” of Personal Data means, according to the provisions of the Regulation, any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration , organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection , limitation, cancellation or destruction.

2. Data Controller and Data Protection Officer (DPO).

The Data Controller is R&D Communication S.r.l., as previously indicated.

The Data Controller has also provided for the presence of a Data Protection Officer (“DPO”), who can be contacted at the following email address: dpo@rdcom.com

3. Processed Personal Data

R&D Communication S.r.l. discloses that the personal data being processed are the following:

– Navigation data.

During their normal operation, the IT systems and software procedures used to run this website acquire some personal data, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which, because of its very nature, could allow users to be identified through the processing and association with data held by third parties.

This category of data includes, for example, the IP addresses or domain names of the computers used by the users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other
parameters relating to the operating system and the IT environment user.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing.

The data could be used, if available at the time of the request of the competent authorities, also for ascertaining responsibility in case of hypothetical computer crimes against the site or third parties.

Browsing data is normally deleted after 60 days or stored in compliance with the applicable regulatory provisions in force.

– Data voluntarily provided by the user.

The Site allows users to voluntarily provide personal information through, for example, registration via contact forms, requests for services, information or quotes, optional, explicit, and voluntary sending of e-mails to the addresses indicated on the Site, etc. This information is therefore also intended for the processing of personal data provided voluntarily through the site.

– Data of third parties voluntarily provided by the user.

When using some services on the Site, the processing of Personal Data of third parties transmitted by the user to R&D Communication S.r.l may occur. With reference to these events, the user acts as an independent data controller, assuming all the obligations and legal responsibilities. In this regard, the user indemnifies R&D Communication S.r.l. with respect to any dispute, claim, request for compensation for damage from processing, etc. that should occur from third parties whose Personal Data has been processed through the use of the Site’s functions by the user and in violation of the applicable Personal Data protection rules.

In any case, if the user provides or otherwise processes Personal Data of third parties in the use of the Site, he guarantees from now – assuming every connected and consequent responsibility – that this particular processing hypothesis is based on a suitable legal basis, as established pursuant to art. 6 of the Regulation.

-Cookies.

Following the EU Electronic Communications Directive and Provision 229 of 8 May 2014 issued by the Guarantor for the Protection of Personal Data, the use of cookies to collect user data is allowed only with consent.

The websites of R&D Communication S.r.l. (and other web products and services provided by R&D Communication S.r.l.) use cookies and similar technologies to ensure the correct functioning of the procedures and improve the experience of using online applications.

Cookies are small text extensions saved by the browser in use on the user’s terminal which are intended to speed up the analysis of Internet traffic and facilitate users’ access to the services offered by the site. Cookies may contain information relating to the user, collected and stored by the browser (Microsoft® Internet Explorer®, Mozilla® Firefox®, Google® Chrome ™, Apple® Safari®, etc.) used by the interested party during navigation, such as e.g. preferences, tastes, interests, etc. The use of any data collected with the cookies thus generated by the Controller has the aim of offering the customer the best possible experience on the site.

Third-party cookies may also be used, with the aim of tracking the functioning of their services or of personalising them, modulating them on the tastes and preferences of the user. The Controller will not be able to access these cookies, nor will he be able to control them. The user can at any time disable and/or block the cookies present on the browser, activating the functionality to remove and block cookies on the browser or device in use. Once
deactivated and/or blocked the sending of cookies, however, it may happen that some services will not be usable or that access to certain areas of the site or web page may be limited.

R&D Communication S.r.l. provides information on the use of cookies on this Site and in other products and web services offered by R&D Communication S.r.l, accessible to the User through a dedicated link present on the Site itself or on the web page concerned from time to time (https://rdcom.com/en/cookie-policy).

4. Purposes and methods of data processing

The Data Controller uses the personal data provided by the interested party for the following purposes:
(i) for the provision of the activity and/or services requested, and also to offer navigation on the Site.

(ii) for marketing purposes for sending advertising material, or commercial communications concerning the offer of own and/or third party products and/or services, relating to any promotional sales, also via SMS and/or e- mail, by R&D Communication S.r.l, or for sending newsletters or market research; in line with the provisions of the Guarantor Authority for the protection of Personal Data in the Provision “Guidelines on promotional activities and fight against spam – 4 July 2013 [2542348]”, where the user gives his consent to receive information relating to the promotional activities, including market research, of the Data Controller, it is specified that these activities can be carried out, as required by current legislation, by means of paper mail, telephone contacts via operator (“traditional methods”), email, sending texting and use of social networks (“automated mode”). The user may also, at any time, revoke the consent previously issued for traditional or automated methods by communicating it to the Data Controller without any formalities by writing to privacy@rdcom.com . If, in any case, the user wishes to oppose the processing of their data for marketing purposes carried out in the manner indicated above, he can do so at any time by contacting the Data Controller at privacy@rdcom.com , without prejudice to the
lawfulness of the processing based on consent given prior to revocation;

(iii) for the purpose of communication to third parties, whose categories are identified below, for the purpose of the
delivery by these third parties of their commercial communications relating to any promotional sales, also via SMS
and / or e-mail.

(iv) to create user profiles in order to improve the relevance of our advertising messages, both on our site and on other websites used by this site, as well as the use of other products and web services offered by R&D Communication S.r.l, using profiling cookies and similar technologies (see, in this regard, the specific information notice https://rdcom.com/en/cookie-policy)

(v) to fulfil any legal obligations or regulations, including EU ones, or satisfy requests from the authorities.

(vi) for statistical purposes, without it being possible to trace the identity of the user.

(vii) in order to carry out direct email marketing for products and services similar to those requested by the user unless there is an expressed refusal to receive such communications, which can be expressed when requesting services or on subsequent occasions by writing to privacy@rdcom.com.

The data processing takes place in accordance with the provisions of Legislative Decree 196/2003 “Privacy Code” and Regulation (EU) 2016/679 “GDPR”, according to principles of correctness and lawfulness and in order to guarantee their safety and confidentiality. Data processing is also carried out with the aid of IT and telematic tools, suitable for managing the data.

The data processing will be carried out both with manual, computerised or telematic or in any case automated tools, according to logic strictly related to the organisation and processing purposes indicated above and in any case in order to guarantee the security, integrity and confidentiality of the data, in compliance with the organisational, physical and logical measures provided for by current provisions, and in such a way as to guarantee in any case the
protection and confidentiality of user data thus processed.

5. Mandatory or optional nature of the provision of data and consequences of any refusal

The collection of personal data is carried out for the purpose of providing the services requested by the interested party, as well as for the obligations connected with legal or regulatory obligations.

The Data Controller processes personal data only with the expressed, free, and specific consent of the relevant
individual.

The Data Controller informs the interested party from time to time of the mandatory or optional nature of the personal data provided, by marking the mandatory data with the asterisk symbol (*). The interested party expresses each individual consent from time to time, by means of ticks that can be individually placed in special checkboxes during navigation and data confirmation.

The provision of data marked as mandatory (*) is necessary and indispensable for the provision of the activities and / or services requested and will allow the Data Controller to provide the data subject with maximum assistance during navigation and subsequently, if necessary.

Consequently, in case of refusal to the provision of their data by the interested party, R&D Communication S.r.l will be unable to provide the services requested by the interested party.

Summarising and specifying:

– The legal basis for the processing of Personal Data for the purposes referred to in point 4 (i) is art. 6, paragraph I, lett. b) of the Regulation (“[…] processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same”), as the processing is necessary for the provision services or for the response of requests from the interested party. The provision of Personal Data for these purposes is optional but any failure to provide it would make it impossible to activate the requested services or to find some requests.

– The legal basis for the processing of Personal Data for the marketing purposes referred to in points 4 (ii) and (iii) is based on the release of consent pursuant to art. 6, paragraph I, lett. a) (“[…] the interested party has given consent to the processing of their personal data for one or more specific purposes”); the legal basis for the processing of Personal Data for the purposes referred to in point 4 (iv) is based on the release of consent pursuant to art. 6, paragraph I, lett. a) (“[…] the interested party has given consent to the processing of their personal data for one or more specific purposes”), which can be collected through specific check-boxes or the banner cookie, or on the legitimate interest of RdCom pursuant to art. 6, paragraph I, lett. f) (“[…] processing is necessary for the pursuit of the legitimate interest of the data controller”). The provision of Personal Data for these purposes is therefore entirely optional and does not affect the use of the services. If you wish to oppose to the processing of Personal Data for marketing and profiling purposes, you can do so at any time by writing to privacy@rdcom.com.

– The processing of Personal Data for the purposes referred to in point 4 (v) represents a legitimate processing of personal data pursuant to art. 6 paragraph I, lett. c) of the Regulation (“[…] processing is necessary to fulfil a legal obligation to which the data controller is subject to”).

– The processing carried out for the purposes referred to in point 4 (vi) is not performed on personal data and therefore can be freely carried out by RdCom.

– The processing of Personal Data for the purposes referred to in point 4 (vii) represents a legitimate process in accordance with the current applicable legislation on the protection of personal data, which does not require consent. The interested party may oppose to the processing of their Personal Data for this purpose both when requesting the products and services available on the Site and on the occasion of subsequent communications by the Controller by writing to privacy@rdcom.com.

6. Data relating to telematic traffic

The Customer or the User who enters or in any other way processes the Data of third parties must guarantee, assuming all related responsibilities, that they have previously provided the information referred to in art. 13 of the Regulation and to have acquired the required Consent to Data Processing, pursuant to art. 7 of the GDPR.

The data concerning the recipient / user telephone numbers and the data concerning the communications made by the customers will never be used by RdCom for purposes other than those permitted or transferred to third parties.

Personal data relating to electronic traffic is normally stored by RdCom for a period not exceeding 60 days (SMS) or 180 days (E-MAIL), except for different storage times contractually agreed between the Parties and without prejudice, in any case, the need to comply with regulatory obligations that impose (longer traffic information) longer retention times.

7. Individuals to whom the data can be communicated and scope of diffusion

Personal data (also in the form of photographs and / or video recordings) can be communicated to subjects external to R&D Communication S.r.l connected to the previously stated purposes; by way of example and not limited to:

– people, companies, or professional firms that provide assistance and advice to the Data Controller at a technical level in the IT, systems and cloud matters relating to the provision of the Services.

– people, companies, or professional firms that provide assistance and advice to the owners in accounting, administrative, legal, tax, financial and debt collection matters relating to the provision of the Services.

– individuals, entities, or authorities to whom the communication of personal data of the interested party is mandatory pursuant to legal provisions or orders from the authorities.

– third parties that operate by way of example in the commercial consumer goods, publishing, communications, finance and insurance, clothing sectors, for the purpose of the delivery by these third parties of their own commercial communications relating to any promotional sales, also by SMS and / or e-mail.

8. Rights of the interested party

The interested party has the right to exercise the rights referred to in articles 15 and following of the GDPR, including:

1) Obtain confirmation of the existence or not of personal data concerning him, as well as the logic and purposes on which the processing is based.

2) Obtain the cancellation, transformation into anonymous form or blocking of data processed in violation of the law.

3) Obtain the updating and correction of inaccurate data or, if interested, integration of incomplete data or limitation of the use of data.

4) Obtain certification that the operations referred to in points 2) and 3) have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case where this fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right;

5) Oppose, as a whole or in part, for legitimate reasons, the processing of personal data concerning him, even if pertinent to the purpose of the collection.

6) Receive in a structured format, commonly used and readable by automatic devices, the personal data concerning him provided to a data controller and to transmit these data to another data controller, as well as to obtain the direct transmission of data from a data controller to the other, if technically feasible (data portability);

7) Withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.

8) Propose a complaint to a supervisory authority.
For the exercise of their rights, the interested party can contact the Data Controller at the addresses indicated; requests must specifically be sent to the following address: privacy@rdcom.com.

9. Right of access

The interested party has the right to obtain confirmation from the Data Controller that personal data concerning him or her is being processed. The Data Controller provides a copy of the personal data being processed; in the event of further copies requested by the interested party, the data controller can charge a reasonable fee contribution based on administrative costs.

10. Communication to the interested party of a violation of personal data (data breach)

When the violation of personal data is likely to present a high risk for the rights and freedoms of natural persons, the data controller communicates the violation to the interested party without undue delay (Article 34 GDPR). Communication is not required if the data controller has put in place adequate technical and organisational protective measures or if the communication would require disproportionate efforts.

11. Transfer of personal data

The data collected is stored on the R&D Communication S.r.l servers; these servers are located within the European Union. In any case, it is understood that the Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures as of now that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission, or to territories subject to adequacy Decisions by the European Commission.

12. Retention of personal data

Personal Data processed for the purposes referred to in section 3 (i) will be kept for the time strictly necessary to achieve those same purposes. In any case, since there is processing carried out for the supply of services, RdCom will process the Personal Data up to the time allowed by the Italian legislation to protect its interests (Art. 2946 of the Italian Civil Code and ss.).

Personal Data processed for the purposes referred to in section 3 (ii), 3 (iii) and 3 (iv) will be processed until the consent is revoked.
Personal Data processed for the purposes referred to in section 3 (v) will be kept until the time provided for by the specific obligation or applicable law.
Personal Data processed for the purposes referred to in section 3 (vii) will be processed until the exercise of opposition to this processing.

More information about the data retention period and the criteria used to determine this period can be requested by writing to the DPO at the following address: dpo@rdcom.com . The possibility for RdCom to keep Personal Data for the time provided for and allowed by Italian law to protect its interests is reserved in any case (art.2947 of the Italian Civil Code).

13. AntiSpam rules.

Any commercial e-mail sent without the recipient’s consent is spam.
The notion of “commercial e-mail” includes any e-mail message whose main purpose is to advertise and promote a product or service. The email services offered by RdCom are intended for the sole and exclusive purpose of sending messages to recipients who have accepted and confirmed that they want to receive communications from the user. This practice is called Permission-based Email Marketing. The account could be immediately suspended or removed if the customer sends spam.

RdCom signals its commitment to promoting and adopting a policy to combat spam, right from the Customer’s vetting process. Each customer who uses the e-mail services offered by RdCom enters into a contract in which he undertakes to use them according to the terms allowed therein, in compliance with the relevant regulatory requirements. Each customer is required to upload their list of contacts in accordance with the law, verifying that they have acquired consent to the processing of data.

Any violation of anti-spam rules is specifically sanctioned:

  • Account suspension for 1 week at the first abuse report.
  • Account suspension for 2 weeks on the second abuse report.
  • Permanent suspension of the account on the third abuse report.
  • Immediate suspension of the account in case of abuse by spam trap.
  • Penalty of € 1,000.00 for each blacklist in which IPs or domains are entered as a result of spamming.
  • In the most serious cases, the report is sent to the competent authority.

In order not to run the risk of being blacklisted or being accused of spam, you must:

  • Send e-mails only to contacts who have given their explicit and voluntary consent to receive communications.
  • Do not purchase or rent lists of e-mail addresses from third parties.
  • Do not add e-mail addresses to an existing contact database: e-mail addresses must always and only go through confirmation by issuing consent and preferably by double opt-in.
  • Do not send messages to publicly available contact lists.
  • Do not collect contacts and email addresses on the internet.

In the event that the account is closed due to the violation of this antispam policy, the amounts paid for the use of the Service will not be refunded.
In the case of receiving newsletters, you can cancel your e-mail address by simply clicking on the unsubscribe link at the end of the newsletter received and confirming your desire to unsubscribe on the page that will open upon clicking on the relevant link.

Alternatively, in the “Unsubscribe-List” header of the newsletter received there is both a link to directly unsubscribe (which does not require further confirmation) and an email address to which it is possible to send an email to unsubscribe.

If the un-subscription procedures described above were not present or were not working, you can report the abuse by writing to one of the following contact email addresses: privacy@rdcom.com ; dpo@rdcom.com.

Anyone who deems themselves to be a victim of a spam occurrence and wants to report the abuse, can proceed by sending their report to one of the following contact addresses: privacy@rdcom.com ; dpo@rdcom.com.

Following the report sent and the documentation provided, RdCom will check for any contractual violation and take the consequent measures. If you receive numerous spam emails from different companies this could be due to the registration of your address in a database sold online. In this case, RdCom suggests asking the sender to provide the origin of their data. To this end, the Privacy Guarantor provides a useful model:

https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924

13. References and contacts

Data Controller:
R&D Communication S.r.l, registered office Via dei Castagni, 9, 37141 Montorio Veronese (VR) – e-mail privacy@rdcom.com