The Data Controller, pursuant to Articles. 4 and 24 GDPR, is RG ITALIA S.R.L., with registered office in Via Celio Bottai 11, 51015, Monsummano Terme, (PT). e-mail: email@example.com Phone: +39 0331 254230
Joint Data Controllers
Joint Controllers, pursuant to Art. 26 GDPR, are the Companies of Cavalleria Toscana Group (Cavalleria Toscana S.p.a. and Event Design S.r.l.), with registered office in Via Celio Bottai 11 – 51015, Monsummano Terme (PT) - e-mail firstname.lastname@example.org and CT Academy S.a.r.l., with registered office in Monaco (Principality of Monaco), Les Abeilles 7-9, Boulevard d'Italie – e-mail email@example.com
Type of data collected
• Navigation data. The IT systems and software procedures used for the operating of the websites may acquire, during their normal functioning, some data whose transmission is implicit in the use of Internet communication protocols. This category of data could include IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. This data is used solely for the purpose of receiving anonymous statistical information on the use of the site and to check the correct functioning and is deleted immediately after processing. • Data provided through the Contact Us section. In addition to the data collected following the e-mail sent by the User to the e-mail addresses indicated on the site, through the appropriate form are acquired: name/surname, e-mail, telephone number and any other data that the User enters in the message section. • Personal data provided for Newsletter subscription, such as name, surname, e-mail address. • Data provided for registration on the website (customer login), such as name, surname, e-mail, VAT number. • Data relating to order history and products saved in the cart, such as purchase history and type of products purchased or saved. • Data released through the e-commerce section (Check-out), such as name, surname, e-mail, address, telephone number, company name, fiscal code, VAT number, SDI/PEC code and further data related to shipping, payment and billing. • Personal data, including " special" data, contained in CVS’s that may be received at the e-mail addresses indicated on the site. In this case, the Data Controller - in compliance with the provisions and guidelines of the Supervisory Authority - will provide information on the processing of the data contained in the curriculum at the time of the first useful contact with the applicant.
Purposes and legal basis of processing
In general, data are processed for the following purposes: • to execute the User's requests and answer questions formulated through the Contact Us section or by e-mail; also by providing information on goods or services similar to those already purchased - so-called soft spam -, as long as the User does not object to the processing. The legal basis is the legitimate interest of the Data Controller (Article 6, letter f, GDPR) to be more efficient, to provide information on the services offered, as well as to improve and develop new products and services; • to process orders, manage payments and provide customer service and support. The legal basis is the execution of contractual and pre-contractual measures taken at the request of the customer (Article 6, letter b, GDPR); • for marketing and sales promotion purposes, in order to send news about products, services or offers promoted by RG ITALIA and the Joint Data Controllers, by e-mail, telephone or other digital communication tools. The legal basis is the express consent given by the User (Article 6, letter a, GDPR); • the processing of data contained in the CVs received is lawful as necessary to implement pre-contractual measures (Article 6, letter b, GDPR) taken at the request of the data subject. The processing of "special" data is lawful on the basis of the Garante's Provision of 5 June 2019 supplementing and amending General Authorisation No. 1/2016; • to comply with legal obligations to which the Data Controller is subject in the administrative-accounting field (Article 6, letter c, GDPR).
Mandatory or optional nature of the provision of the data
The provision of the data requested in the fields marked with an asterisk (*) is mandatory. Refusal to provide the data marked as mandatory may make it impossible to perform the contract and provide the services available. The provision of further data is optional.
Processing place and modality
The processing of personal data is carried out using electronic and telematic methods by the Data Controller and the Joint Controllers, with the assistance of specially authorised internal staff. They adopt adequate security measures in order to minimise the risks of destruction or loss - even accidental - of the data, unauthorised access or processing that is not allowed or does not comply with the purposes of collection. The data are processed at the offices of the Data Controller and the Joint Controllers and at any other place where the parties involved in the processing are located, as well as at the host servers. For further information, please contact the Controller.
Data Retention Period
The data are processed for the time necessary to provide the service requested by the User or in general until the purpose for which they were collected is achieved. The User can always request the interruption of the processing or the erasure of data. Some data will be stored for longer periods to allow the Controller to comply with legal obligations. For marketing purposes, the retention period is 24 months from the last useful interaction. Thereafter, personal data will be automatically deleted or permanently anonymised.
The User's personal data may be communicated to consultants, collaborators, companies and third parties providing services of technical and management nature on behalf of RG ITALY and the Joint Controllers. These individuals will process the data as data Controllers and Processors duly appointed, in full compliance with the above-mentioned regulations in force; only needed information is provided. The complete and updated list of data Processors is available upon request.
The transfer of personal data to the Joint Controller CT Academy S.a.r.l., based in the Principality of Monaco, is carried out in accordance with Articles 44 et seq. of the GDPR, by providing appropriate tools to ensure adequate guarantees of data protection. Any further transfer to third countries that may be necessary in order to implement the contract in place with the User will be carried out in accordance with the same principles.
Links to other websites
At any time, pursuant to Articles 15 et seq. of EU Regulation 2016/679, the User may exercise the following rights: a) to access your processed data, obtain information on certain aspects of the processing and receive a copy. b) to verify the fairness of your data and request its updating or rectification. c) to obtain the deletion or removal of your personal data. d) to obtain the limitation of the processing of your data, when certain conditions are met. e) to receive your data in a structured, commonly used and machine-readable format and, where technically possible, to obtain its transfer to another data controller. f) to object to the processing of your data when it is done on a legal basis other than consent. g) to lodge a complaint with the competent Supervisory Authority (for Italy, Garante per la protezione dei dati personali, www.garanteprivacy.it ).
The exercise of rights, except for letter g), may take place by sending a request to the following e-mail address firstname.lastname@example.org