PRIVACY POLICY PURSUANT TO ART. 13 OF EU REGULATION 2016/679
This Privacy Policy describes how the website www.rdbos.it/ is managed in relation to the processing of personal data of visitors who access it.
RDB & Open Systems S.r.l. ensures compliance with personal data protection laws (Italian Legislative Decree 196/03 and EU Regulation 2016/679). Visitors are invited to carefully read this Privacy Policy before submitting any personal information and/or filling out any electronic forms on the website.
1.Data Controller and Data Protection Officer
RDB & Open Systems S.r.l., with registered office in Via Golgi 5, Gussago (BS), 25064, email: privacy@rdbos.it, PEC address: rdb@pec.rdbos.it, is the Data Controller. Partner company websites that may participate independently in data processing may act as autonomous data controllers.
The Data Protection Officer (DPO) appointed by RDB & Open Systems S.r.l. is Avv. Elisa Prepi, who can be contacted at studioprepi.privacy@gmail.com or via PEC at elisa.prepi@avvocatiperugiapec.it.
2.Data Processing
In general, visitors can access the website without providing any personal data.
The following is a description of the types of data processing:
- Browsing data
The IT systems and software procedures used to operate this website acquire certain personal data in the course of their normal operations, which are transmitted as part of the use of Internet communication protocols. This information could, by its nature and through association with data held by third parties, allow for the identification of users (e.g., IP addresses, domain names of the computers used by visitors, etc.). These data are used solely to check the proper functioning of the site and are not communicated or disclosed.
2) Data voluntarily provided by visitors
If visitors send personal data to access specific services or submit requests via email, this implies the acquisition of the sender’s email address and/or other personal data that will be used to respond or provide the requested service. These data may be communicated to third parties only if required to meet the visitors’ requests or to comply with legal obligations.
3) Cookies
Navigation data may be recorded in an anonymous and aggregated form for statistical analysis regarding website usage
3.Processing Methods
Data are processed using automated and/or manual tools for the time strictly necessary to achieve the purposes for which they were collected, in compliance with current regulations.
4.Purpose of the Processing
In addition to the purposes related to the use of forms on the website, personal data are processed for:
- Using the visitor’s personal data (e.g., email, name, surname, job title, company) to send commercial information, announcements about new products or services, and to respond to inquiries submitted via the website;
- Sending promotional or advertising material and managing participation in online events (e.g., webinars, conferences, etc.);
- Collecting, storing, and processing visitor data via CRM Dynamics365;
- Performing anonymous and/or aggregated statistical analyses.
5.Legal Basis
The Data Controller may process personal data if one of the following applies:
- The visitor has given explicit consent for one or more specific purposes;
- Processing is necessary for compliance with a legal obligation;
- Processing is necessary for public interest tasks or the exercise of official authority;
- Processing is necessary for the legitimate interests pursued by the controller or a third party;
- Processing is carried out for marketing purposes.
You may always request clarification from the Data Controller regarding the specific legal basis.
6.Recipients
In addition to the Data Controller, some categories of employees and authorized parties involved in the organization of the site (administrative, commercial, marketing, legal staff, IT administrators) may access the data. External entities (e.g., third-party technical service providers, hosting providers, IT companies) may be appointed as Data Processors. An updated list is available upon request.
7.Transfer to Third Countries
The Data Controller uses servers located in Italy, which is within the EU and therefore deemed adequate under the GDPR. The data will not be transferred or sold.
8.Data Processing Location
Data processing activities related to web services are carried out at the aforementioned headquarters and handled only by personnel appointed for this purpose.
9.Data Retention Period
If the visitor is a client, personal data will be kept for the duration of the contractual/business relationship and stored for up to five (5) years after its termination.
If the visitor is a prospect, and no contract is established, data will be retained for no more than three (3) years from the initial contact request.
Log files are kept for security, maintenance, and improvement purposes and will be retained for no more than one (1) year.
10.Provision of Data
Except for browsing data acquired automatically, providing personal data is optional. Failure to provide such data may result in the inability to obtain the requested services or participate in online activities.
11.Data Subjects’ Rights
Visitors have the right at any time, pursuant to the GDPR, to obtain confirmation as to whether or not personal data concerning them exists and to be informed of their contents and origin, verify their accuracy, or request integration, update, or rectification.
They are also entitled to request:
| Right of Access:
(Art. 15 of the Regulation) |
That is, confirmation as to whether or not personal data concerning you are being processed and, if so, the right to obtain, among other things, access to your personal data and information regarding the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. |
| Right to Rectification
(Art. 16 of the Regulation)
|
Rectification of inaccurate personal data concerning the visitor without undue delay, and (ii) completion of personal data if incomplete. |
| Right to Erasure (“Right to be Forgotten”) (Art. 17 of the Regulation) |
Erasure of personal data concerning the visitor without undue delay (the Data Controller is obliged to erase such personal data without undue delay in the cases provided for under Article 17 of the Regulation). |
| Right to Restriction of Processing
(Art. 18 of the Regulation) |
Restriction of processing in the cases referred to in Article 18 of the Regulation. |
| Right to Data Portability
(Art. 20 of the Regulation) |
The right to receive, in a structured, commonly used, and machine-readable format, the personal data concerning the visitor and in our possession; the right to transmit such data to another Data Controller without hindrance from the Data Controller to whom they were provided, in the cases referred to in Article 20 of the Regulation. |
| Right to Object to Processing based on Articles 6, 1 letters e) o f):
(Art. 21 of the Regulation) |
The right to object, at any time, on grounds relating to their particular situation, to the processing of personal data concerning the visitor under Article 6(1)(e) or (f), including profiling based on those provisions. |
At any time, visitors will have the opportunity to exercise the aforementioned rights by submitting a formal request to the PEC address rdb@pec.rdbos.it or privacy@rdbos.it, accompanied by an identity document.
12.Automated Decision-Making Processes
Automated decision-making processes are not carried out on the aggregated data collected, except for those aimed at the better management of the website.
13.Clausole finali
Given the current state of evolution of the regulations regarding personal data protection, please note that this privacy policy may be subject to updates.
Date of last update
26/06/2024
