Pursuant to Article 13 of the EUROPEAN REGULATION No. 679/2016
Dear Data Subject,
Ravaservice srl, as the Data Controller pursuant to Article 13 of European Regulation No. 679/2016 “General Data Protection Regulation (GDPR)” (hereinafter “EU Regulation”), which provides for provisions concerning the processing of personal data, intends to inform you regarding the processing of your personal data.
The regulation stipulates that anyone who processes personal data must inform the data subject about the data processed and the key elements of the processing, which must in any case be conducted lawfully, fairly, and transparently, as well as protect confidentiality and ensure the rights of the data subject.
It is specified that the term “data processing” refers to any operation or set of operations concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, and destruction of data.
1. Data Controller
The Data Controller is Ravaservice srl, located at Viale della Repubblica, 4– 35010 Limena (PD), Tax Code and VAT number 04961130285, contactable at the following numbers: phone +39 (0)49 711167, email: amministrazione@ravaservice.com.
2. Nature of the Data Processed, Purposes, and Legal Basis of the Processing
Nature of the data processed: For the purposes listed below, only “common personal data” such as:
– company identification data (name, surname, email, etc.) will be processed.
Purposes of the processing: Your personal data will be processed for the following purposes:
– A. to respond to your requests: through voluntary completion of the appropriate form available in this contact area;
– B. to comply with legal obligations;
– C. marketing: to send you advertising materials, direct sales, market research, and commercial and promotional communications;
– D. profiling: to analyze your preferences and receive personalized information and/or commercial communications.
Legal basis of the processing: Personal data for the purposes outlined in points 2A and 2B will be lawfully processed to fulfill pre-contractual and contractual obligations between us and the user (art.6, par.1, letter b), and to fulfill our legal obligations (art.6, par.1, letter c).
Your personal data, for the purposes outlined in points 2C-2D of this notice, will only be lawfully processed with your explicit, separate, expressed, documented, prior, and completely voluntary consent (art. 6, par.1, letter a of the EU Regulation).
The consent you provide may be revoked at any time without affecting the lawfulness of processing based on the consent given before its withdrawal (art.7, par.3 of the EU Regulation).
Furthermore, the data subject is informed that pursuant to art. 21 of the EU Regulation, the data subject has the right to object at any time to the processing of personal data concerning them for direct marketing purposes (including profiling), and if the data subject objects to processing, the personal data will no longer be processed for such purposes.
Clarification: Following our company’s principle of maximum transparency towards the data subject, we inform you that if you choose to consent to point 2C (marketing), you must be informed and aware that the processing purposes pursued are specifically of a commercial, advertising, promotional, and broad marketing nature, such as:
1. sending promotional advertising and informational material (e.g., newsletters);
2. sending commercial information via paper, automated, or electronic methods, and in particular via ordinary mail or email, phone (e.g., calls, WhatsApp messages, SMS, MMS), fax, and any other digital channel (e.g., websites, mobile apps);
3. forwarding invitations to events, exhibitions, and informational and promotional meetings;
4. forwarding updates on promotional initiatives or technical innovations, services, training, or assistance, and/or gathering satisfaction surveys on quality.
3. Data Recipients and Processing Methods, Existence of Automated Decision-Making Processes, Including Profiling
The processing of your personal data will be carried out based on principles of fairness, lawfulness, and transparency and may be conducted using paper and electronic tools by the company’s staff, authorized/appointed for personal data processing, as well as by external parties appointed to perform specific tasks on behalf of the Data Controller, as Data Processors pursuant to art. 28 of the EU Regulation, following our letter of appointment that imposes confidentiality and data security duties, and the adoption of appropriate security measures to prevent data loss, unlawful and incorrect uses, and unauthorized access, in compliance with current personal data protection regulations.
For brevity, the detailed list of these entities is available at the Data Controller’s premises and is at your disposal.
Your personal data will not be disclosed and will not be transferred to third countries or international organizations, nor will it be communicated to third parties except for legal or contractual obligations.
Pursuant to Article 13 of the EU Regulation, paragraph 2, letter f) and Article 14 of the EU Regulation, paragraph 2, letter g), it is noted that the Data Controller currently does not use any automated decision-making systems or processes.
4. Data Retention Period
Your personal data will be retained for a period no longer than necessary to achieve the purposes for which they are processed, in accordance with the principle of storage limitation stipulated by the EU Regulation, and/or for the time required by legal and contractual obligations or until the specific consent is revoked by the data subject. Therefore:
– For the purposes indicated in points 2A-2B, the data will be retained for no longer than necessary to achieve the purposes for which they are processed and/or for the time strictly necessary to fulfill legal and contractual obligations.
– For the purposes indicated in point 2C, data processed for marketing purposes will be retained for no longer than 24 months from collection.
– For the purposes indicated in point 2D, data processed for profiling purposes will be retained for no longer than 12 months from collection.
To guarantee the declared retention periods, an annual review will be conducted on the processed data to determine if they can be deleted if no longer necessary for the intended purposes.
5. Access to Data (Categories of Recipients to Whom Data May Be Communicated)
Additionally, we inform you that the collected data will never be disclosed and will not be communicated without your explicit consent, except for the necessary communications which may involve data transfer to public entities, consultants, or other subjects for the fulfillment of fiscal and legal obligations or for fulfilling the purposes (where authorized), following our letter of appointment that imposes confidentiality and data security duties on them.
Pursuant to Article 13, paragraph 1, letter e) of the EU Regulation, we provide the following list of subjects or categories of subjects (duly identified and instructed) who may become aware of the user’s personal data as data processors or appointees:
– Members, employees, collaborators, and suppliers of the Data Controller in Italy and abroad, in their capacity as appointees/authorized and/or data processors (e.g., commercial, technical, administrative, legal, print offices; system administrators, external professionals, various service providers, etc.)
– Partner companies and/or directly linked to the company, as their activities are essential for the completion/execution of what you requested.
Your personal data may also be communicated to external subjects responsible for processing your practices and to external subjects interacting with the company, always and exclusively for activities functional to the purposes described above, external subjects appointed to perform specific tasks on behalf of the Data Controller, as Data Processors, pursuant to art. 28 of the EU Regulation.
For brevity, the detailed list of these entities is available at our premises and is at your disposal.
6. Communication and Transfer of Data
Without needing explicit consent (art. 6, par. 1, letters b), c), and f) of the EU Regulation), the Data Controller may communicate your data for the purposes outlined in points 2A to 2F to supervisory bodies, judicial authorities, and to those entities to whom communication is obligatory by law to fulfill the aforementioned purposes.
These subjects will process the data as autonomous data controllers.
Personal data is stored on devices located at the Data Controller’s premises or with providers within the European Union.
Your data will not be disclosed.
To ensure the security of such transfers, we only use entities that offer the necessary guarantees to implement appropriate technical and organizational measures to ensure the processing meets the requirements of EU Regulation 679/2016.
For data stored on their own devices or with providers, the Data Controller has implemented appropriate technical and organizational measures to guarantee an adequate level of security, fully respecting the provisions of the EU Regulation.
8. Consequences of Non-Disclosure of Data
Personal data outlined in points 2A-2B of this notice are necessary; without such data, it would be impossible to proceed and fulfill contractual and legal obligations.
Personal data outlined in points 2C-2D are optional; refusal to provide them will have no consequences and will not prejudice your request to proceed with registration and fulfill contractual and legal obligations. You can decide not to provide any data or deny the possibility of processing already provided data at any time.
9. Rights of the Data Subject
As a data subject, you have the rights outlined in Articles 15 to 22 of the EU Regulation, which are specifically as
Last update: 05/2024