This information is provided pursuant to Articles 13 and following of EU Regulation 679/2016 (“GDPR”) by RIGONI DI ASIAGO SRL, (VAT: 03722320243), located at Via Oberdan, 28 – 36012 Asiago (VI), contactable at the email address: [email protected], as Data Controller. 

The Controller has appointed its own DPO contactable at the following email address: [email protected].

This document relates to the website you are browsing; for more information on cookies or other tracking tools, read the cookie policy here. 

The information is not provided for other websites that may be accessed by the user via links. 

This document may be subject to updates. Specific information and any requests for consent will be made available to users in the event of further and different processing than those governed herein.

PROCESSING, LEGAL BASIS AND PURPOSES, STORAGE PERIOD, NATURE OF PROVISION.

Purpose of processing Interested and processed data legal basis nature of provision deadline for deletion
Contact Form: Response to Contact Request.

Users: email address, full name or other personal data, data potentially entered and communicated in the information request.

– Execution of a contract of which the data subject is a party or execution of pre-contractual measures taken at the data subject’s request.

Mandatory: the provision is necessary to provide and manage the requested service.

Subject to legal obligations, personal data will be kept for the period necessary to achieve the purposes for which they are processed. In particular, data relating to commercial transactions and online sales will be retained for 10 years. However, the data controller may continue to retain the data for a longer period in order to manage any disputes related to the established relationship.

Online sale: conclusion of the contract and management thereof.

Purchasing users: full name, tax code (CF), residential/billing/shipping address, contact information (email, phone number), IBAN, data of the selected payment method.

– Execution of a contract to which the data subject is a party or execution of pre-contractual measures adopted at the data subject’s request.

Administrative and accounting management of online sales.

– Fulfillment of a legal obligation

Website management and data collection through cookies.

Website visitors: browsing data

– Pursuit of the legitimate interest of the Data Controller (technical cookies) -Consent (other cookies)

We inform you that, in any case, in accordance with Article 130 paragraph 4 of Legislative Decree 196/2003, the email addresses provided by customers in the context of selling a service may be used by the Data Controller for the purpose of selling services similar to those subject to the commercial relationship already established. The customer can request the suspension of the sending of such material at any time using the Data Controller’s email provided or by using the specific link inserted in the received communications.

Minors

The Data Controller does not use its website to request data from individuals under the age of 14, and online sales can only be concluded by individuals over 18 years of age.

Methods of processing

The processing of data for each of the purposes mentioned above will be carried out using paper-based, computerized, or telematic means, suitable to ensure the security and confidentiality of the respective treatment. The data collected (limited to personal data) may be transferred to non-EU countries for the aforementioned purposes: in this case, the Data Controller undertakes to ensure adequate levels of protection and safeguarding in accordance with applicable regulations.

The Data Controller undertakes to observe specific security measures to prevent data loss, unlawful or incorrect uses, and unauthorized access, in full compliance with legal and regulatory requirements.

Entities involved in the processing

The collected data may be processed exclusively for the indicated purposes by personnel of the Data Controller who are duly trained and authorized, or by third parties appointed as data processors in accordance with Article 28 of the GDPR, such as:

  • Suppliers to the Data Controller, where communication is necessary to execute the provided services (e.g., IT service providers, couriers).
  • Companies offering maintenance services for information system management and website upkeep.
  • Professional firms and companies offering assistance, consultancy activities to the Data Controller (business partners, accountants, labor consultants).
  • Social security, welfare, and insurance institutions; tax administrations; and other authorized public entities, within the limits of legislative, regulatory, and contractual provisions. 

An updated list of all data processors is available upon request from the Data Controller.

Rights of the data subjects

The individuals to whom the personal data refer may exercise their rights as expressed in Articles 15 to 21 of EU Regulation 2016/679, in the manner established by Article 12 of EU Regulation 2016/679, and, for this purpose:

  • obtain access to personal data and their rectification or erasure, or the restriction of processing concerning them, or to object to their processing, as well as the right to data portability;
  • withdraw consent, where the processing is based on Article 6(1)(a), at any time without affecting the lawfulness of processing based on consent before its withdrawal;
  • lodge a complaint with a supervisory authority.

Any request regarding this matter can be addressed to the following email: [email protected] or sent by registered mail to the address of the Data Controller’s headquarters as indicated above.

 

TOP