The policy of the website www.rexadesign.it is provided in compliance with articles 13 of the EU Regulation no. 2016/679 (hereinafter Regulation or GDPR), relating to the protection of individuals with regard to the processing of personal data, and Legislative Decree 196/2003 and subsequent amendments
REXA DESIGN s.r.l. informs that the use of this site therefore involves the processing of the data subject's personal data only for the purposes and through the methods indicated below.
a) Data Controller
1. The data controller is REXA DESIGN S.R.L., with registered office in (33080) San Quirino, via Maniago, 57 / A - certified e-mail: email@example.com.
2. The data controller can be contacted at the following e-mail address: firstname.lastname@example.org
b) Purpose of the processing and legal basis of the processing:
1.the personal data (hereinafter also “Data”) provided by you while browsing the website are collected and processed for the provision of services based on a web interface for the publication and consultation of web pages of an information purposes and in anonymous and aggregate form, as well as for statistical purposes and to monitor the correct functioning of the site.
2. Furthermore, your personal data may also be used in various processing operations (storage, archiving, processing) in any case in terms compatible with this purpose. In particular, your personal data may be processed for the following purposes:
respond to requests for information;
allow the provision of the requested services;
fulfil legal obligations;
respond to you is you voluntarily send us your curriculum vitae;
(marketing) for sending, even on a periodic basis for example by means of newsletters, advertising material, direct sales, for carrying out market research and/or commercial and promotional communication including invitations to fairs, meetings, training courses, and/or other private/public events organised for the promotion of the business activity, carried out directly by the Company or through external specialised companies. This can be done by e-mail, MMS or SMS messages or other types of messages.
The legal basis for the processing of personal data referred to in letters b) point 2 (I, II, III, IV) is art. 6 paragraph 1, lett. b) and c) of the Regulation, as the processing is necessary for the provision of services, for the execution of the contract of which the data subject is a party or for the execution of pre-contractual measures or for the response of requests from the data subject, also representing a treatment necessary to fulfil a legal obligation of the Data Controller. The provision of personal data for these purposes is optional but failure to provide it would make it impossible to activate services provided by the Site, to find requests.
The legal basis for the processing of data included in the curriculum vitae envisaged in letter b), point 2 V spontaneously sent is art. 6 paragraph 1, lett. b) of the Regulations as the processing is necessary for the provision of pre-contractual measures requested by the data subject. The provision of personal data for these purposes is optional but failure to provide it would make it impossible to find the request of the data subject.
The legal basis for the processing of data referred to in lett. b), point 2, VI is art. 6, paragraph 2, lett. a) of the Regulations. The data for these purposes may be processed with explicit and specific consent. The granting of consent for these purposes is therefore free and optional and, failing that, the Data Controller will limit itself to processing the data for the purposes referred to in the further points without prejudice in any way to the possibility of using the services. Even if the processing for these purposes is provided, it may be revoked at any time by simply making a request to the Data Controller.
c) Data processed
1. data provided voluntarily by the user
The site deals exclusively with common data (such as: name, surname, email, telephone number, etc.)
2. navigation data
This category of data includes the IP addresses or domain names of the computers used by the data subjects who connect to the site, the addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response successful, error, etc.) and other parameters relating to the operating system and the IT environment of the data subject.
d) Processing methods
Your personal data will be processed through the use of appropriate tools and procedures to guarantee security and confidentiality, both by using analogue/paper media and with the help of IT media and/or digital tools.
e) Subjects who may be recipients of the personal data
Your personal data will be processed exclusively by the Data Controller, by the Data Processors appointed by them and by the strictly authorised data processors. The updated list of Managers and appointees may always be requested from the Data Controller for consultation.
Your personal data may be communicated, following inspections or verifications, to all inspection bodies responsible for checks and controls concerning the regularity of legal obligations.
Your personal data may be communicated, by way of example, to professional companies/firms that provide assistance, advice or collaboration to the data controller, in accounting, administrative, tax, legal, tax, financial, social security matters, in relation to the establishment and management of the contractual and/or pre-contractual relationship with you, to public administrations for the performance of institutional functions within the limits established by law or regulations or to third-party service providers to whom such communication is necessary for the fulfilment of the services inherent and related to the existing contractual and/or pre-contractual relationship with you, to other employees and/or collaborators of the data controller for the time strictly necessary for the fulfilment of their tasks that are instrumental and/or ancillary to the execution of the relationship with you and always under the control and supervision of the data controller, the data processors and the strictly authorised persons in charge of processing. Your personal data may be disclosed to public or private parties who may access personal data by virtue of legal or regulatory provisions or by virtue of judicial measures.
Your personal data will not be disclosed except in cases in which you have given your express and explicit consent. In the latter case, the dissemination will in any case be limited and governed by what you expressly consent to by deed signed by you.
f) Data retention period
The retention of your personal data will take place for the time necessary to follow up on your requests and in any case for no more than 10 (ten) years, limited and functionally to the need to be able to guarantee the Company any exercise and protection, both judicial and/or out of court, of their rights and interests deriving from, connected or connected to the relationship with you in existence and/or to its subject.
The data of the candidates, collected both in paper and digital format, are catalogued and retained for 12 months. After this retention period has elapsed without having recruited the candidate, the data is destroyed.
The personal data processed for the additional optional purposes (marketing purposes) will be deleted after 2 years, a term deemed appropriate since it is data related to the sale of the goods covered by the contract and in any case not beyond the withdrawal of consent, without prejudice to the lawfulness of processing based on consent before revocation.
g) Existence of an automated decision-making process
There is no automated decision-making process.
h) Intention of the data controller
If the data controller transfers your personal data to countries outside the EU or in any case outside the European Economic Area (consisting of Switzerland, Iceland, Liechtenstein and Norway), they will proceed as follows.
In the event of data transfer to the aforementioned third countries, the data controller will guarantee an adequate level of protection pursuant to art. 45 European Regulation n. 679/2016 and by art. 29 Working Party (the Commission has the power to establish this adequacy through a specific decision and on this point, please refer to the list of decisions on the website of the Guarantor for the protection of personal data www.garanteprivacy.it).
In the absence of an adequacy decision pursuant to Article 45 of the European Regulation, the data controller will provide adequate guarantees pursuant to Articles 46 - 47 of the European Regulation no. 679/2016.
Lastly, in the event that there is no adequacy decision pursuant to Art. 45 of the E.R. 679/2016 or guarantees adequate in compliance with art. 46 of the aforementioned Regulation, including binding company rules, the transfer of personal data to a country will be allowed only in the presence of exceptions in specific situations referred to in art. 49 of the E.R. 679/2016.
Any information relating to the adequate guarantees referred to in the paragraph above will always be available at the headquarters of the Data Controller and in any case can be requested at the email address email@example.com.
i) Redirect to external sites
l) Rights of the data subject
In relation to the personal data subject to the processing referred to in this policy, you are entitled at any time to:
- Access (Art. 15 Reg. EU no. 2016/679): the Data Controller guarantees the right of access to personal data concerning the data subject;
- Correction (Art. 16 Reg. EU no. 2016/679): the Data Controller shall, at the request of the data subject, rectify the inaccurate personal data without undue delay.
- Cancellation (Art. 17 Reg. EU no. 2016/679): the Data Controller shall delete the personal data of the data subject without undue delay if: the personal data are no longer necessary with respect to the purposes for which they were collected or processed; the data subject withdraws consent; the data subject objects to the processing and there is no prevailing legitimate reason to proceed with the processing; the personal data have been processed unlawfully.
- Limitation (Art. 18 Reg. EU no. 2016/679): the Data Controller shall restrict the processing at the request of the data subject when: the data subject disputes the accuracy of the data; the processing is unlawful and the data subject objects to the deletion of the data but requests the limitation of the processing; the data are no longer necessary for the purposes of processing, but are necessary for the establishment, exercise, defence of a right in court; the data subject has opposed the processing and is awaiting the prevalence of the legitimate reasons of the Data Controller compared to those of the data subject.
- Portability (Art. 20 Reg. EU no. 2016/679): understood as the right to obtain data from the Data Controller in a structured format commonly used and readable by an automatic device to transmit them to another data controller without hindrance.
- Objection to processing (Art. 21 Reg. EU no. 2016/679): the data subject has the right to object at any time to the processing of personal data concerning them.
-Exercise the right to withdraw consent, if given for one or more specific purposes, at any time without prejudice to the lawfulness of the processing until the withdrawal of the aforementioned consent.
- To lodge a complaint with the Guarantor Authority for the Protection of Personal Data (art. 51 Reg. EU n. 2016/679).
The aforementioned rights may be exercised by written communication to be sent by email to firstname.lastname@example.org
Or by registered letter with return receipt to the following address: REXA DESIGN srl, with registered office in (33080) San Quirino, via Maniago, 57/A - certified e-mail: email@example.com
The Data Controller will take care to keep this information updated.