Information to the treatment of personal data pursuant to art. 13 of the EU Regulation no. 679/2016

As required by the European Union Regulation no. 679/2016 (hereinafter “GDPR”) concerning the treatment of personal data, and in particular by Article 13, the user of this website (hereinafter the “User”) is provided with the Notice below.

Each update of this Notice will be promptly communicated to the User by appropriate means.

Data controller and type of treated data (GDPR Article 13, Paragraph 1, Letter a, Article 15, Letter b)

The company reDrives S.r.l. (hereinafter “reDrives”), in the person of its legal representative, based in Lentini (SR), Via Tommaso Fazello n. 5, acts as Data Controller (hereinafter “Data Controller”) and can be contacted via the contact forms or the contact details available on this website or through the e-mail address privacy@redrives.eu

reDrives only receives the information that the Users wants to communicate and in particular:

personal data such as name, surname, gender, physical address, nationality, city and province of residence;
e-mail addresses and phone/fax numbers;
tax information such as tax code, VAT identification number;
bank details such as IBAN and other bank data (with the exception of the credit card number);
data relating to Internet traffic (Log, IP address) always in anonymous form;

reDrives does not request to the User “special categories” of personal data (as defined by the GDPR in Article 9), such as for example:

personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership;
genetic data, biometric data intended to uniquely identify a physical person;
data relating to the health or sexual life or sexual orientation of the person;

In the event that the service requested to reDrives involves the treatment of such data, the User will receive prior notice and explicit request for consent.

Purpose of data treatment (GDPR, Article13, Paragraph 1)

Personal data are used by reDrives for:

following up contact requests, requests of general information or informative material sent by the User;
performing assistance or providing services requested by User;
collecting any comment left by the User in any of pages of this website;
generating statistical and anonymous reports on the website activity;
complying with the legal and regulatory obligations affecting the Controller in accordance with the carried-out activity.

Any treatment of the personal data for purposes other than those referred to in this Notice, will be communicated in advance to the User and performed only after receiving his explicit consent.

Data treatment methods (GDPR, Article 32)

The Data Controller takes appropriate security measures to preserve the confidentiality, integrity and availability of the User’s personal data and to prevent any possible data violation.

No automated decision-making methods, including profiling, are used by reDrives for treating any personal data.

Place of data treatment

The User’s personal data are stored in printed, computer and electronic archives located in EU countries where the GDPR is applied.

Communication of personal data to third parties (GDPR, Article 13, Paragraph 1)

In no case reDrives resells the User’s personal data to third parties, nor uses data for purposes not listed in this Notice.

However, personal data may be provided to:

Suppliers, for the supply of services connected to the service requested by the User, such as assistance, maintenance, delivery/shipment of products, accounting;
Credit and digital payment institutions, banking/postal institutions for the management of receipts, payments, refunds connected to the contractual service;
External professionals/consultants and consultancy companies for the fulfillment of legal obligations, exercise of rights, protection of contractual rights, credit recovery;
Financial administration, public bodies, judicial authorities, supervisory authorities and control for the fulfillment of legal obligations, defense of rights; lists and registers held by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance;
Users formally delegated or with recognized legal title such as for example legal representatives, curators, tutors, etc.

The Data Controller imposes to third parties the respect of security measures at least equal to those adopted by reDrives when treatment the User’s personal data.

The Data Controller provides only the data and requires only the treatment strictly necessary for the relationship with the Third Recipients.

The Data Controller does not transfer personal data to countries outside the EU in which the GDPR is not applied, unless when necessary to comply with the requests of the User. In this particular case, the User’s consent will be previously requested.

What happens if the User does not provide the data indicated as necessary or does not consent to the data treatment? (GDPR, Article 13, Paragraph 2)

If the User does not provide the personal data indicated as necessary or does not consent to the data treatment, it will not be possible to respond to requests made by the User.

When can the data treatment be carried out without the User’s consent? (GDPR, Article 6)

The User’s consent is not required, when:

the treatment is necessary to fulfill obligations arising from a contract between the User and the Data Controller or to fulfill, before the conclusion of the contract, specific User’s requests;
the treatment is necessary to fulfill a legal obligation which the Data Controller is tied to;
the treatment is necessary to safeguard the vital interests or the physical integrity of the User or of another physical person;
the treatment is necessary for the execution of a task carried out in the public interest or in connection with official, public powers exercised by the Data Controller;
the treatment is necessary for the pursuit of the legitimate interest of the Data Controller or Third Parties, provided that the interests or the fundamental rights and freedoms of the User do not prevail, in particular if the User is a minor;
the treatment concerns data coming from public registers, lists, deeds or documents that can be known by anyone, without prejudice to the limits and to the procedures that the laws, regulations or community legislation establish for the data disclosure and publicity;
with the exclusion of dissemination, the treatment is necessary for the purposes of conducting the defensive investigations referred to in the law of December 7, 2000, n. 397, or, in any case, to assert or defend a right in court, provided that the data are treated exclusively for these purposes and for the period strictly necessary, in compliance with current regulations regarding company and industrial secrecy;
with the exclusion of external communication and dissemination, the treatment is carried out by associations, bodies or non-profit organizations, even those not recognized, which have regular or adherent contacts with the User, for the pursuit of specific and legitimate purposes identified by the deed of incorporation, by the statute, by the collective agreement, or by a Privacy Notice expressly provided to theUser at the time of data disclosure or collection;
the treatment is necessary, in accordance with the respective codes of deontology, for exclusive scientific or statistical purposes, or for exclusive historical purposes in private archives declared of considerable historical interest.

Treatment of personal data of minors (GDPR, Article 7)

Personal data of minors will never be treated.

If personal data of a minor are communicated to reDrives, reDrives can not be considered a Data Controller of these data and will delete such data as soon as possible.

How long are the user data stored? (GDPR, Article 13, Paragraph 2)

Unless the User expresses a different will, his personal data will be kept until necessary for the legitimate purposes the date were collected for.

In particular, the data will not be kept for more than 24 (twenty-four) months after the last User’s activity.

In the event that the User provides unsolicited or unneeded personal data for the purpose of requesting a service or for the provision of a service closely connected to it, reDrives cannot be considered the owner of these data, and will arrange for its cancellation in the shortest possible time.

Regardless of the User’s determination for data removal, the personal data will in any case be kept according to the terms established by current legislation and / or national regulations.

Furthermore, personal data will in any case be kept for the fulfillment of the obligations (eg fiscal and accounting obligations) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the Data Controller will retain only the data necessary for the relative prosecution.

Except in cases where the rights deriving from the contract and / or registration, in which case the personal data of the interested party, exclusively those necessary for such purposes, will be treated for the time necessary to their pursuit.

What are the User’s rights? (GDPR, Articles 15 – 20)

The User has the right to obtain from the Data Controller:

confirmation about the existence of any treatment of his personal data;
full access to the personal data being treated, provided that this right does not conflict with the rights and freedoms of others;
explanation about the purposes of the treatment;
the categories of personal data being treated;
a list of recipients or of categories of recipients the personal data has been or will be communicated to, with particular attention to recipients of third countries or international organizations;
when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
the correction of inaccurate personal data;
the cancellation of his personal data, if any of the reasons described by the GDPR in art. 17 applies, among which, for example, if the data are no longer necessary for the purposes of the treatment or if this is assumed to be illegal, and provided that the conditions established by law exist; and in any case if the treatment is not justified by another equally legitimate reason;
the limitation of the data treatment, in the cases provided for by art. 18 of the GDPR. The User must be informed, within reasonable time, about the end of any temporary suspension of treatment or about the resumption of the same following the termination of the reasons for the limitation;
the origin of data, if the personal data were not collected directly from the User;
confirmation about the existence of automated decision-making processes, including profiling, and an explanation about the consequences for the User and about the logic used by these processes;
adequate guarantees provided by the third country (non-EU) or by an international organization about the protection of any data transferred;
the list of recipients whom requests for correction or deletion of data or limitation of processing have been sent to, unless impossible or requiring a disproportionate effort;
a copy of User’s personal data; in case of further copies requested by the User, the Data Controller may charge a reasonable contribution fee based on administrative costs;
in the cases listed in Article 20 of the GDPR, a copy of the data in structured file format, commonly used and readable by automatic devices and the direct transmission of it from one Data Controller to another, if technically feasible.

To ensure that the rights mentioned above are requested only by the legitimate User and not by unauthorized third parties, the Data Controller may request additional information necessary for a proper identification.

How and when can the User oppose to the treatment of his personal data? (GDPR, Article 21)

The User can oppose at any time to the treatment of his personal data or can have his personal data cancelled, if the request is based on a legitimate interest and if there is no any other legitimate conflicting reason or if it regards personal data collected for commercial promotion activities.

In the above cases, the User must send a request to the Data Controller through the contact forms or to the addresses indicated on this website.

Whom can the User submit a complaint to? (GDPR, Article 15)

Without prejudice to any other legal or administrative action, the User can raise a complaint to the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or to the Authority carrying out its duties and exercising its powers in the Member State where the GDPR violation took place.

Information on the use of cookies

Cookie – Used types

This web site uses the following types of cookies to provide simple and efficient services for those visiting the pages.

Technical cookies

They allow the correct operation of some sections of the site. There are two categories of technical cookies:

persistent cookies: they remain even after user closes the browser, until their expiry date;
session cookies: they are reset each time the browser is closed.

These cookies, are always sent from the domain of the site, are needed for the proper operation and visualisation of the site and, in relation to the services provided by the site, they will be always used and sent to the user unless the user does modify the settings in his browser (thus potentially invalidating the use of the site).

Analytical third-party cookies

These cookies are used to anonymously collect information about how the site is used by the user, such as the pages visited, time spent, the origins of the received traffic, geographical origin, age, gender and interests for the purpose of marketing campaigns. These cookies are sent from domains of third parties, external to the site.

This website uses Google Analytics in anonymised form (removal of the last IP address block), a web analytics service provided by Google, Inc. to analyze how users use the site. The information generated by the cookie about the use of the site (including the user’s IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating the use of the website, for compiling reports on website activity to be used by the website operators and for providing other services relating to website activity and internet usage. Google may also transfer this information to third parties if required by law or if such third parties process the information on Google’s behalf. Google will not associate the user’s IP address with any other data held by Google. The user may refuse the use of cookies by selecting the appropriate settings on his browser, but this may prevent the user from using all the site’s features. By using this site, the user consents to the treatment of data by Google in the manners and for the purposes stated above.

Further information, relating the privacy policy for Google Analytics services, can be found at the following link: https://www.google.com/policies/privacy/partners/

Cookies to integrate third-party products and services

This type of cookies is necesseary for incorporating features and software developed by third parties within the pages of the site (such as icons and preferences expressed in social networks, software for creating maps, software for protecting the contact forms from spam). These cookies are sent from third-party domains and from partner sites.

Detailed list of the used cookies

Cookie Type Duration Description
Google Analytics Third-party, Analytical 10 minutes - 2 years Used by Google Inc. and its Google Analytics service to analyse all the traffic to this web site and the visitor interactions with it.
NID Third-party, Services 6 months Used by Google Inc. and its reCAPTCHA service to the determine if the web site visitor is an human or a software robot.
PHPSESSID Technical, Session Single session Used for keeping track of the selections made by the web site visitor during the same PHP session.
viewed_cookie_policy Technical, Persistent 1 year Used for storing any interaction of the web site visitor with the cookie banner (banner closing or privacy policy reading).

Other Web sites

The site may contain links to other web sites that have their own privacy policy, about which this site is not responsible and which the user should refer to.

How to disable cookies

The site-owner, according to current legislation, is not required to seek approval for technical cookies as they are needed to provide the services requested by the user.

For all other cookie types, the consent about their use can be expressed by the user with one or more of the following modes:

Using browser-specific configurations, following the instructions: Internet Explorer – Chrome – Safari – Firefox – work. From mobile: Android – Safari –Windows Phone – Blackberry.
By changing settings directly accessing the third-party services, following the instructions: Facebook – Twitter – linkedin – Google+

Both of these solutions may prevent the user to use or display parts of the site.

To learn more about cookies and to manage cookie preferences (first party and/or third party cookies) users are invited to visit the external site www.youronlinechoices.com.

Cookie	Type	Duration	Description
Google Analytics	Third-party, Analytical	10 minutes - 2 years	Used by Google Inc. and its Google Analytics service to analyse all the traffic to this web site and the visitor interactions with it.
NID	Third-party, Services	6 months	Used by Google Inc. and its reCAPTCHA service to the determine if the web site visitor is an human or a software robot.
PHPSESSID	Technical, Session	Single session	Used for keeping track of the selections made by the web site visitor during the same PHP session.
viewed_cookie_policy	Technical, Persistent	1 year	Used for storing any interaction of the web site visitor with the cookie banner (banner closing or privacy policy reading).