WEBSITE POLICY REV.02

This Privacy Policy is produced by the Data Controller in compliance with Article 13 of EU Regulation 2016/679 (General Data Protection Regulation).

1. DATA CONTROLLER

ROTHO BLAAS SRL, with registered offices at Via dell'Adige 2/1, I-39040 Cortaccia (BZ), Italy, VAT No. IT 01433490214, is the Data Controller for the personal data you have provided.
If you wish to make a report, or if you have any requests or wish to exercise the rights referred to in Article 15 et seq. of EU Regulation 679/2016, please contact our Privacy Representative by e-mail at the following address: privacy@rothoblaas.com.

2. TYPE OF DATA PROCESSED, PURPOSES OF DATA PROCESSING AND LEGAL BASIS

2.1 Browsing data
In addition to the provisions related to cookies in the dedicated privacy policy, access to the site involves the acquisition, through the site’s information systems and software procedures for such purpose, of browsing data which is implicitly transmitted by virtue of using internet communication protocols.

This information is not collected for the purpose of being associated with identified data subjects, but can be used for such purpose through processing and association with data held by third parties. For example, this category includes the IP addresses or domain names of the computers and/or other devices used by users who connect to the website, addresses of the requested resources in URI (Uniform Resource Identifier) format, the time of the request, the method used for submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system or IT environment.

This data is used for the purpose of obtaining anonymous statistical information related to the way the site is used and to check that it is working correctly. The data could be used to identify responsibilities in the event of any possible cyber crimes against the website.
The website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). For more information, consult Google's cookie policy for Google Analytics.

The purposes of data processing in such cases are therefore:
• to enable the operation of the website and the performance of the services requested by the User;
• to monitor and improve the functioning of the website;
• to obtain and use statistical information on the use of the website;
• to determine any responsibility in the event of cyber crimes.

The legal basis is the legitimate interest of the Data Controller for conducting and improving the services provided on the website.

2.2 Data provided voluntarily for registration
You can register directly on the website by completing the registration form and giving your consent to the processing of your personal identification and commercial data being submitted (name, surname, e-mail, residential address and country of residence, telephone number, occupation, business name).
The purpose of the data processing is:

3. NATURE OF THE PROVISION OF THE DATA

The User is at liberty to provide the personal data listed in the site services request form. Failure to provide the data that is identified as mandatory, however, will prevent the requested service from being provided. Failure to provide data that is identified as optional, on the other hand, could lead to the provision of an incomplete service.

4. DISCLOSURE AND DISSEMINATION OF DATA TO THIRD PARTIES

In order to fulfil the specified objectives, some data may be disclosed to Group companies; external parties/companies to whom the disclosure of the personal data proves to be necessary or in any case functional for the purpose of performing the requested service or for the management of the contractual relationship with the data subject (strategic and/or IT consulting companies, hosting companies or companies that manage services on their behalf, sales networks) under the control of the Data Controller.
Website registration and authentication services are provided with the help of the web company identified by Rotho Blaas as an external manager for personal data processing, in accordance with Article 28 of (EU) Regulation 2016/679.
The Data Controller shall not disclose any data deriving from the web services outside the Data Controller’s own organisation, including Group companies, not even any of the above-mentioned individual parties, unless consent has been expressly granted or as required for legal obligations.

5. TRANSFER TO THIRD COUNTRIES

The personal data provided by the data subject may be processed or transferred to a country outside the EU for the above mentioned purposes in accordance with the applicable legislation in relation to the transfer of data to Third Countries (Article 44 et seq. of EU Regulation No. 679/2016).

6. DATA PROCESSING METHODS AND RETENTION TIMES

Data processing of the gathered data is carried out through computerised procedures or, in any case, by digital means by internal or external parties specifically appointed and authorised for such purpose and committed to confidentiality terms. Data is processed and stored using tools suitable to ensure its safety, integrity and confidentiality through the adoption of adequate security measures, as established by law.
Personal data supplied by the User is kept for the time necessary to carry out the specified objectives and, to the extent necessary to fulfil contractual, tax, and legal obligations for the time as provided by applicable local legislation.

7. RIGHTS OF DATA SUBJECTS

For any comments, requests and/or for exercising the rights referred to in Article 15 et seq. of EU Regulation 679/2016, Data Subjects can refer to our privacy reference contact by sending a mail to the following address: privacy@rothoblaas.com.
Specifically, the data subject may, at any time, exercise their rights, find out about the data that concerns them, how it was acquired, receive information about the parties or classification of parties to whom their data may be disclosed, verify that their data is accurate, complete, current and safeguarded, receive their data in a commonly used structured format, readable on an automated device, revoke any consent given at any time to process their data, request its deletion, and fully or partially oppose the use of their data. In addition, data subjects shall have the right to revoke consent at any time without prejudice to the legality of the processing based on consent provided before revocation and to file a complaint with the applicable authority, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), should they believe that the processing of their data is in violation of the above-mentioned Regulation.