Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1. Data Controller and Joint Data Controllers and Data Protection Officer (DPO)
The data controller is Rivoira Giovanni e Figli S.p.A., with registered office at Via Pomarolo, 88, Verzuolo, VAT no. 00182260042, tel. +39 0175 280800, email amministrazione@rivoira.it.
Kiwi Uno S.p.A., with registered office at Via Mattona, 174/C, Verzuolo, VAT no. 01760900041, tel. +39 0175 280700, email amministrazione@kiwiuno.it
and OP Rivoira, with registered office at Via Mattona, 174/C, VAT no. 03671790040, tel. +39 0175 280781, email oprivoira@rivoira.it, are joint data controllers pursuant to Article 26 of the GDPR.
The Data Protection Officer (DPO) is Aesse Servizi S. C., with registered office at Via C. Colombaro, 56, 12100 Cuneo, telephone +39 0171 451725, fax +39 0171 451734, email dpo@aesseservizi.eu, segreteria@pec.aesseservizi.eu.
2. Types of data collected
The categories of personal data collected and processed when you browse https://www.rivoira.it are as follows:
personal data that you provide when you contact our office;
information regarding your browsing of https://www.rivoira.it;
information collected through cookies.
Failure by the User to provide certain personal data may prevent this Website from providing its services.
3. Purposes of the processing of the collected data and related legal basis
| PURPOSE | LEGAL BASIS |
| To ensure the proper functioning and display of the website | Legitimate interest of the data controller in ensuring the proper functioning of its website |
| To comply with a legal obligation | Compliance with a legal obligation to which the data controller is subject |
| To assess your unsolicited application submitted through the “Would you like to work with us?” section | Performance of a contract to which the data subject is party or implementation of pre-contractual measures taken at the data subject’s request |
| Statistical analysis and surveys aimed at improving our offer and our services | Consent of the data subject |
4. Methods of processing
The Data Controller processes Users’ personal data by adopting appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of personal data.
Processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated.
In addition to the Data Controller, in some cases, duly authorized persons involved in the organization of the website, or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data and may be appointed, where necessary, as Data Processors by the Data Controller.
The updated list of Data Processors may be requested at any time from the Data Controller.
5. Data transfer
Where personal data are transferred outside the European Union for technical and operational purposes and in order to ensure a high level of service continuity, the Data Controller ensures that such transfer will take place in compliance with the conditions set out in Chapter V of the GDPR, without prejudice to the other provisions of the Regulation.
6. Data retention period
We retain your personal data for a limited period of time, which varies depending on the type of activity involving the processing of your personal data. Once this period has expired, your data will be permanently deleted or, where applicable, irreversibly anonymized.
Your personal data are retained in accordance with the terms and criteria specified below:
| PURPOSE | DATA RETENTION PERIOD |
| To ensure the proper functioning and display of the website | In accordance with what is set out in our cookie policy |
| Statistical analysis and surveys aimed at improving our offer and our services | In accordance with what is set out in our cookie policy |
| To assess your unsolicited application submitted through the “Would you like to work with us?” section | 1 year |
| To comply with a legal obligation | In accordance with the time limits set out by applicable law |
In any case, for technical reasons, the termination of processing and the consequent permanent deletion or irreversible anonymization of the relevant personal data will be completed within thirty days from the deadlines indicated above.
7. Further information on data processing
7.1 Legal defense
The User’s personal data may be used by the Data Controller for legal defense in court or in the preparatory stages of any potential legal proceedings, in response to misuse of the website or related services by the User.
The User declares to be aware that the Data Controller may be required to disclose personal data upon request by public authorities.
7.2 Specific privacy notices
At the User’s request, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual privacy notices relating to specific services, or to the collection and processing of personal data.
7.3 System logs and maintenance
For operation and maintenance purposes, this Website and any third-party services used by it may collect system logs, i.e. files that record interactions and may also contain personal data, such as the User’s IP address.
7.4 Information not contained in this policy
Further information regarding the processing of personal data may be requested at any time from the Data Controller using the contact details provided.
8. Exercise of Users’ rights
Data subjects have the right, at any time, to obtain from the Data Controller confirmation as to whether or not personal data concerning them exist, to know their content and origin, to verify their accuracy or request their completion, erasure, updating, rectification, anonymization or blocking of personal data processed unlawfully, as well as to object, in any case, on legitimate grounds, to their processing.Requests shall be addressed to the Data Controller and/or the Data Protection Officer (DPO).