PRIVACY POLICY REV.02

This Privacy Policy is produced by the Data Controller in compliance with Article 13 of EU Regulation 2016/679 (General Data Protection Regulation).

1. DATA CONTROLLER

ROTHO BLAAS SRL, with registered offices at Via dell'Adige 2/1, I-39040 Cortaccia (BZ), Italy, VAT No. IT 01433490214, is the Data Controller for the personal data you have provided.
If you wish to make a report, or if you have any requests or wish to exercise the rights referred to in Article 15 et seq. of EU Regulation 679/2016, please contact our Privacy Representative by e-mail at the following address: privacy@rothoblaas.com.

2. TYPE OF DATA PROCESSED, PURPOSES OF DATA PROCESSING AND LEGAL BASIS

2.1 Browsing data
In addition to the provisions related to cookies in the dedicated privacy policy, access to the site involves the acquisition, through the site’s information systems and software procedures for such purpose, of browsing data which is implicitly transmitted by virtue of using internet communication protocols.
This information is not collected for the purpose of being associated with identified data subjects, but can be used for such purpose through processing and association with data held by third parties. For example, this category includes the IP addresses or domain names of the computers and/or other devices used by users who connect to the website, addresses of the requested resources in URI (Uniform Resource Identifier) format, the time of the request, the method used for submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system or IT environment.

This data is used for the purpose of obtaining anonymous statistical information related to the way the site is used and to check that it is working correctly. The data could be used to identify responsibilities in the event of any possible cyber crimes against the website.
The website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). For more information, consult Google's cookie policy for Google Analytics.

The purposes of data processing in such cases are therefore:
• to enable the operation of the website and the performance of the services requested by the User;
• to monitor and improve the functioning of the website;
• to obtain and use statistical information on the use of the website;
• to determine any responsibility in the event of cyber crimes.

The legal basis for the processing of browsing data is the legitimate interest of the Data Controller for conducting and improving the services provided on the website.

2.2 Data provided voluntarily to request services or information
Should the User voluntarily provide, for the purpose of accessing services and/or information offered on the site, any personal identification or commercial data, collected in a format used on the website for such purpose, then such action shall constitute the acquisition of such data by the Data Controller in order to provide the requested services in accordance with the manner described in the applicable Privacy Policies.
The data processing purpose for such data shall therefore differ according to the services that the User is requesting (registration on the website, subscription to the newsletter, marketing and commercial communications, enrolment in courses, downloading of documents and/or spreadsheets):

• perform the service requested by the User;
• execution of the contractual relationship with the User and any related contractual obligations, including the management of the Customer Service;
• performance of legal, administrative, and accounting obligations related to the User’s requested services or contractual obligations;
• communication with the customer in relation to the requested service;
• marketing activity and transmission of related commercial communications, analysis of personal interests and information or habits or consumer choices and subject to the consent of the data subject;
• in some cases, it could be necessary for the purpose of preventing fraud and/or abuse to the detriment of Rotho Blaas or for Rotho Blaas to protect itself from any complaints due to the use of the services made available.
• management of applications.

The legal basis for the processing in relation to the services requested by the User is the fulfilment of contractual obligations; otherwise, the legal basis is the consent of the data subject.

3. NATURE OF THE PROVISION OF THE DATA

Apart from what is specified in relation to browsing data, the User shall be free to provide the personal data as listed in the site services request forms. Failure to provide the data that is identified as mandatory, however, will prevent the requested service from being provided. Failure to provide data that is identified as optional, on the other hand, could lead to the provision of an incomplete service.

4. DISCLOSURE AND DISSEMINATION OF DATA TO THIRD PARTIES

Personal data provided by the User (e.g. for website registration, subscription to the newsletter, management of job applications) are managed by Data Controller internal resources (associates and employees) identified above according to their skills and the context of their relative responsibilities and/or any contractual obligations as described in the relevant Privacy Policies.
In order to fulfil the specified objectives, some data may be disclosed to Group companies; external parties/companies to whom the disclosure of the personal data proves to be necessary or, in any case, functional for the purpose of performing the requested service or for the management of the contractual relationship with the data subject (marketing, strategic and IT consulting companies, hosting companies or companies that manage services for third parties, sales network, recruitment companies to manage job applications) in the manner and for the objectives illustrated in the relevant Privacy Policies, under the control of the Data Controller.
The Data Controller shall not disclose any data deriving from the web services outside the Data Controller’s own organisation, including Group companies, not even any of the above-mentioned individual parties, unless consent has been expressly granted or as required for legal obligations.

5. TRANSFER TO THIRD COUNTRIES

The personal data provided by the data subject may be processed or transferred to a country outside the EU for the above-mentioned purposes in accordance with the applicable legislation in relation to the transfer of data to Third Countries and the relative guarantees specified therein (Article 44 et seq. of EU Regulation No. 679/2016).

6. DATA PROCESSING METHODS AND RETENTION TIMES

Data processing of the gathered data is carried out through computerised procedures or, in any case, by digital means by internal or external parties specifically appointed and authorised for such purpose and committed to confidentiality terms. Data is processed and stored using tools suitable to ensure its safety, integrity and confidentiality through the adoption of adequate security measures, as established by law.
Personal data supplied by the User is kept for the time necessary to carry out the specified objectives and, to the extent necessary to fulfil contractual, tax, and legal obligations (e.g. course registration data) for the time as provided by applicable local legislation.

7. RIGHTS OF DATA SUBJECTS

For any comments, requests and/or for exercising the rights referred to in Article 15 et seq. of EU Regulation 679/2016, Data Subjects can refer to our privacy reference contact by sending a mail to the following address: privacy@rothoblaas.com.

Specifically, the data subject may, at any time, exercise their rights, find out about the data that concerns them, how it was acquired, receive information about the parties or classification of parties to whom their data may be disclosed, verify that their data is accurate, complete, current and safeguarded, receive their data in a commonly used structured format, readable on an automated device, revoke any consent given at any time to process their data, request its deletion, and fully or partially oppose the use of their data. In addition, data subjects shall have the right to revoke consent at any time without prejudice to the legality of the processing based on consent provided before revocation and to file a complaint with the applicable authority, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), should they believe that the processing of their data is in violation of the above-mentioned Regulation.