Privacy Policy

Premise

What is this document? This document is the privacy policy regarding data processing for the website and social media pages. 

Why this document? National and international data protection regulations require that you – the data subject – be informed about the personal data being processed and by whom, to ensure that the processing is fair and transparent. 

Below, you will clearly see who will process your data, which personal data will be processed, the purposes for which the personal data will be processed, the duration of the data processing, your rights, and how to exercise them.chi tratterà i suoi dati, quali dati personali verranno trattati, le finalità con cui saranno trattati i dati personali, per quanto tempo i dati saranno trattati, quali sono i suoi diritti come esercitarli

Which regulations does this document refer to? This privacy notice is provided in accordance with the following regulations:L’informativa è fornita tenendo conto del combinato disposto delle seguenti norme: 

  • Legislative Decree 196/2003 (hereinafter 'Privacy Code')
  • Regulation (EU) 2016/679 on the protection of personal data (hereinafter 'Regulation')
  • European Directive 2002/58/EC, known as 'e-Privacy'

PRIVACY NOTICE

1. DATA CONTROLLER: Replate srl - Viale Maria Ceccarini Borman 195, 47838 Riccione (RN) - CF 04691470407 – email [email protected] – PEC replate.pec.it (hereinafter 'Controller')Replate srl - Viale Maria Ceccarini Borman 195, 47838 Riccione (RN) - CF 04691470407 – e-mail [email protected] – PEC replate.pec.it (di seguito “Titolare”) 

2. PURPOSE, LEGAL BASIS, RETENTION PERIOD, AND NATURE OF THE PROCESSING: Depending on the actions taken by the data subject, personal data will be processed for the following purposes: I dati personali, a seconda delle azioni svolte dall’interessato, saranno trattati per le seguenti finalità:

a. Responding to contact requests (e.g., information requests received via email, etc.):

  • - the legal basis for this processing is the necessity to carry out pre-contractual measures adopted at the data subject's request;
  • - the retention period for data processed for this purpose is the time necessary to fulfill the request;
  • - personal data is necessary to process the request, and refusal will result in the inability to contact the data subject.

b. Responding to requests received through social platforms (direct messages or on the wall):

  • - the legal basis for this processing is the necessity to carry out pre-contractual or contractual measures requested by the data subject (e.g., responding to a question about a service on the company's social pages via private messages), using their name or username and other data provided to respond;
  • - the retention period for data processed for this purpose is the time necessary to fulfill the request;
  • - the requested personal data is necessary to process the request, and refusal will result in the inability to respond to the data subject.

c. Administrative and managerial tasks and compliance with legal obligations, regulations, or orders from authorities (e.g., accounting, tax formalities, administrative and accounting management, etc.):

  • - the legal basis derives from the necessity to fulfill a legal obligation to which the data controller is subject;
  • - the retention period for data processed for this purpose is tied to the specific legal obligations regulated by the respective laws;
  • - providing personal data is mandatory, as the controller must comply with a legal obligation or requests from competent authorities.

d. Prevent, detect, and prosecute illegal conduct:

  • - the legal basis for this processing is the Controller's legitimate interest in preventing, detecting, and prosecuting illegal activities or violations of intellectual/industrial property rights (including third-party rights) or computer crimes or crimes committed through telematic networks, defamation, or other similar offenses committed on the Website or during interaction with the respective social media communities managed by the Controller (e.g., posting a comment, liking, or sharing a post);
  • - the retention period for data processed for this purpose is the time reasonably necessary to assert the data controller's rights from the moment the offense or its potential commission is discovered.

3. PROCESSED PERSONAL DATA: By personal data processing, we mean any operation or set of operations, carried out with or without automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of availability, comparison or interconnection, restriction, deletion or destruction.Per trattamento di dati personali intendiamo qualsiasi operazione o insieme di operazioni, compiute con o senza l'ausilio di processi automatizzati e applicate a dati personali...

Data qualifying as 'special categories of personal data' under Article 9 of the Regulation, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health, sex life, or sexual orientation may also be sent by the data subject (e.g., in the message field of a contact request form) to the Controller. This category of data will be processed to fulfill the received request. Additional processing of special categories of data by the Controller will only be conducted with prior explicit consent.

Additional personal data processed by the Controller:

  • - Browsing Data: The computer systems and software procedures responsible for the operation of this site acquire, during their normal activity, certain personal data whose transmission is implicit in Internet communication protocols. This category includes IP addresses or domain names of the users' computers and terminals, the URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the response file, the numeric code indicating the response status from the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment. These data, necessary to use the web services, are also processed to obtain statistical information on service usage (e.g., most visited pages, number of visitors per time slot or day, geographic areas of origin) and monitor the correct functionality of services offered. Browsing data are retained for no more than seven days and are deleted immediately after aggregation (except in cases where judicial authorities need them to investigate criminal offenses).
  • - Data provided by the user: Voluntary, explicit, and optional sending of messages to the Controller's contact addresses involves acquiring the sender's contact information, necessary for responding, as well as any other personal data included in the communications.
  • - Social Media Platforms: Using the Controller's social pages entails additional personal data processing by the respective social platform provider, not necessarily limited to interactions with us. The processing of user data is subject to the privacy policies in place on the used platforms. For this purpose, we refer to the privacy notices of the social platform operators we use: Facebook, Instagram, LinkedIn. Data shared by users through private messages sent directly to the managers of the channels will be processed in compliance with current personal data protection laws and this privacy notice.
  • - Cookies and other tracking systems: See the detailed privacy notice available at the following link: https://www.replate.it/privacy/

4. RECIPIENTS OF PERSONAL DATA: Depending on the actions taken by the data subject, personal data will be processed for the purposes above by:I dati personali, a seconda delle azioni svolte dall’interessato, saranno trattati per le finalità di cui sopra, da:

  • - entities acting typically as 'Data Processors,' pursuant to Article 28 of the Regulation, i.e., individuals, companies, or professionals providing assistance and consultancy services to the Controller regarding service/product provision;
  • - entities, bodies, or Authorities to whom personal data disclosure is mandatory by legal provisions or orders from Authorities;
  • - entities necessary for interacting to provide services/products, as independent data controllers;
  • - personnel expressly authorized by the Controller to perform activities strictly related to the provision of services/products, bound by confidentiality or an adequate legal confidentiality obligation, and who have received suitable operational instructions under Article 29 of the Regulation or Article 2-quaterdecies of Legislative Decree 196/2003.

The complete list of Data Processors is available by sending a written request to the Controller.

5. PERSONAL DATA TRANSFER: Some of your personal data is shared with recipients who may be located outside the European Economic Area (EEA). The Controller ensures that the processing of your personal data by these recipients complies with the Regulation. Transfers may be based on an adequacy decision or on Standard Contractual Clauses approved by the European Commission. More information is available from the Controller.Alcuni dei suoi dati personali sono condivisi con destinatari che si potrebbero trovare al di fuori dello Spazio Economico Europeo (SEE)...

6. EXISTENCE OF AUTOMATED DECISION-MAKING, INCLUDING PROFILING: The Controller does not adopt automated decision-making processes on personal data processing, including profiling, as per Article 22 of the Regulation. More information is available from the Controller.Il Titolare non adotta un processo decisionale automatizzato...

7. DATA RELATED TO MINORS UNDER 18 YEARS: Minors under 18 years cannot provide personal data. The Data Controller shall not be held responsible for any collection of personal data or false declarations provided by a minor, and in any case, if detected, the Controller will facilitate the right of access and deletion as requested by the guardian, trustee, or whoever exercises parental responsibility.I minori di 18 anni non possono fornire dati personali...

8. DATA SUBJECT'S RIGHTS: The data subject has the right to obtain from the Controller, in the cases provided for, access to personal data and rectification or deletion thereof or restriction of processing concerning them or to object to processing (Articles 15 et seq. of the Regulation). The specific request to the Controller is presented by contacting the dedicated email for responses to the data subject.L’interessato ha il diritto di ottenere dal Titolare, nei casi previsti, l'accesso ai dati personali...

9. RIGHT TO COMPLAIN: If the data subject believes that the processing of personal data relating to them is in violation of the Regulation, they have the right to file a complaint with the Italian Data Protection Authority (www.gpdp.it), as provided by Article 77 of the Regulation, or to seek judicial remedies (Article 79 of the Regulation).L’interessato qualora ritenga che il trattamento dei dati personali a lui riferiti avvenga in violazione...

10. EXERCISING RIGHTS: To exercise the above rights, please contact: Replate srl - Viale Maria Ceccarini Borman 195, 47838 Riccione (RN) - CF 04691470407 – email [email protected] – PEC replate.pec.itPer l’esercizio dei diritti che precedono può contattare: Replate srl...

11. CHANGES: The Controller reserves the right to modify and/or supplement this Privacy Notice at any time and commits to publish changes on the company website under the Privacy section. Data subjects are invited to periodically review its contents. This privacy notice is effective from 24/07/2023.Il Titolare si riserva il diritto di modificare e/o integrare la presente Informativa in qualsiasi momento...