Information pursuant to art. 13 of regulation (EU) 2016/679 on the protection of Personal Data (GDPR).
1. DATA CONTROLLER
1.1. RAMCUBE s.r.l. (hereinafter “Data Controller”) having its seat in Via Parmigianino n. 16 – 20148 Milano (MI), in its vest of the Data Controller of your Personal Data communicated using the website www.ramcube.it (hereinafter “Personal Data”) informs you of the following, pursuant to art. 13 of the regulation (EU) 2016/679 (hereinafter “GDPR”).
2. PURPOSES OF THE PROCESSING AND RELATED LEGAL BASISA
2.1. Your Personal Data are collected and processed without your consent (article 6, letters b – c and f of the GDPR) for the following purposes:
2.1.2. Providing for any legal and/or regulatory obligations which may be encountered (e.g. invoicing, bookkeeping)
2.1.3. Meeting the Data Controller’s operating or management requests regarding services and/or products on offer to you.
2.1.4. Protecting the Data Controller’s legal rights both in and out of law courts.
2.2. With your consent (art. 7 of the GDPR), which can be subsequently revoked at any time, for the following purposes:
2.2.2. Profiling: collection of information about behavior and commercial preferences related to your company’s field in order to improve services provided to our customers, and more specifically in order to analyze information relative to your choices, preferences, interests and habits acquired by you in the context of the services offered.
3. NATURE OF PROVISION OF PERSONAL DATA AND CONSEQUENCES OF THE EVENTUAL REFUSAL
3.1. The provision of Personal Data for the purposes outlined in articles 2.1.1, 2.1.2, 2.1.3 and 2.1.4 above is, therefore, obligatory. Unwillingness to provide said data and/or the written refusal on the part of the person providing said data to allow it to be processed will make it impossible for the Data Controller to fulfill the terms of the contract and lead the Data Controller to potentially violate the requests made by the relevant authorities.
3.2. For the purposes under art. 2.2.1 e 2.2.2 above, the collection of your Personal Data is made on voluntary basis: consequently, you may decide not to provide us with any express consent, or to waive it in any moment. The lack of any express consent to process such data may cause the impossibility for the Data Controller to perform the above-mentioned activities.
4. DATI PERSONALI TRATTATI
4.1. According to the services requested by accessing the site, the Data Controller will be able to process Personal Data of different types:
4.1.2. Personal data provided voluntarily: this includes personal identification data and contact details provided by you through the Data Controller’s website, through e-mail or other electronic communication tools and otherwise. Specifically, the Data Controller may process your personal data essentially for identification purposes such as (to give a non-exhaustive list of examples): name and surname, telephone number, company position and/or corporate framework. The Data Controller will process data provided by you observing the regulations to be applied, on the assumption that they refer to you or to third parties which have expressly authorized you to provide them based on a founded legal basis which legitimizes the use in question thereof.
5. MODALITIES OF DATA PROCESSING
5.1. The processing of your Personal Data is carried out by means of the operations indicated in art. 4, no. 2), GDPR and more precisely: collection, registration, organization, structuring, updating, preservation, adaptation or modification, extraction and analysis, consultation, use, communication by transmission, comparison, interconnection, limitation, cancellation or destruction. The Data Controller guarantees the logical and physical security of the data and, in general, the confidentiality of the processed Personal Data, putting in place all the necessary technical and organizational measures to prevent the loss of Personal Data, illicit or, in any case, incorrect use thereof, as well as any unauthorized access by third parties. The processing by the Data Controller of your Personal Data will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights, in accordance with the principles expressed by the GDPR and the Privacy Code (Legislative Decree n. 196/2003). Personal Data may be processed by paper-based instruments, computerized and telematic tools and it will include – in compliance with the limits and conditions provided for by privacy legislation – all the operations or set of operations necessary for the processing at issue. The processing of Personal Data will be carried out in compliance with confidentiality and security rules provided by for European and domestic law, regulations and provisions.
6. CATEGORIES OF PERSONAL DATA RECIPIENTS
6.1. The Personal Data you will submit us for the purposes mentioned under art. 2 above, could be transferred to:
6.1.2. Third parties who carry out outsourced activities on behalf of the Data Controller providing specific services as Data Processors pursuant to art. 28 GDPR. For information on the names and relative references of the Processors, you can contact the Data Controller at the following address: email@example.com or by mail at the Data Controller headquarter.
6.1.3. To judicial or supervisory authorities, public administrations, public (national and foreign) bodies, in compliance with the provisions of the law and conforming with a previous formal request from such subjects.
6.2. Personal Data will not be disclosed or transferred to third parties. It is understood that, in the event of any extraordinary corporate transactions (e.g. transfer or lease of a company, merger, etc.) concerning the Data Controller, Personal Data could be transferred to third party (buyers/beneficiaries or successors in title to the Data Controller).
7. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
7.1. Personal Data are processed and stored on servers located in the Data Controller headquarter as on the cloud. The complex business structure of the Data Controller implies, necessarily, a cross-border circulation of data that under the law is seen as transfer of data abroad, even outside the territory of the European Union. The transfer to non EU-countries shall always be performed in compliance with the provisions of art. 45 and 46 GDPR, by providing adequate guarantees and subject to an adequacy decision adopted by the European Commission.
8. PERSONAL DATA STORAGE PERIOD
8.1. Your Personal Data will be stored for the period of time strictly necessary for the pursuit of the purposes of the data processing indicated in art. 2 above and, specifically:
8.1.2. For the purposes indicated in art. 2.2.1 (i.e. for marketing purposes and market research): 24 (twenty-four) months from the moment of acquired consent to the processing or until revocation of your consent or request for its cancellation.
8.1.3. For the purposes indicated in Art 2.2.2 (or for purposes of profiling): hey will be kept for the maximum time identified by the Italian Guarantor for the protection of Personal Data. For purposes of personalized marketing: 12 (twelve) months from the time of the acquired consent or until withdrawal of consent or your request of cancellation.
9. EXERCISABLE RIGHTS
9.1. With reference to your Personal Data you can exercise, at any time, the rights pursuant the GDPR as indicated below:
9.1.2. Right of rectification art. 16: obtain, without undue delay, the rectification of inaccurate Personal Data and to have incomplete Personal Data duly completed.
9.1.3. Right of erasure art. 17: obtain, without undue delay, the erasure of your Personal Data, in the cases provided for by the GPDR.
9.1.4. Right to restriction art.18 – “limitation” means the marking of the data stored with the aim of limiting the processing in the future. This will imply the burden on the part of the Data Controller to suspend the processing of your Personal Data.
9.1.5. Right to Data Portability art. 20: in case of automated processing carried out on the basis of consent or in execution of a contract, to receive your data in a structured format, commonly used and readable by automatic device.
9.1.6. Right to object art. 21: object to the processing of your personal data, unless there are reasons of legitimate interest for the Data Controller to continue processing such data. You also have the right to object to processing where your personal info’s are used for direct marketing purposes.
9.1.7. Oppose the automated decision-making process, including profiling art. 22 – your Personal Data must not be subject to any automatic decision-making process by the Data Processor through the use of personal information or through the customer profiling, unless you have expressed your consent.
9.1.8. Withdrawal of consent: in the event that you have given consent to the collection, processing and transfer of your Personal Data, you have the right to revoke it for such specific processing at any time. Once we receive the notice of withdrawal of consent, we will no longer process your Personal Data, unless these are not based upon other legitimate interest-basis.
9.1.9. File a complaint pursuant to art. 77 to the competent supervisory authority based on your residence, workplace or place of violation of your rights; for Italy, is competent the Italian Guarantor for the protection of Personal Data, which can be contacted via its website: http://www.garanteprivacy.it/.
9.1.10. You may exercise your above listed rights by means of a request to be sent by e-mail to firstname.lastname@example.org or by mail to the Data Controller headquarter. Requests relating to the exercise of your rights will be processed without undue delay and, in any case, within 30 (thirty) days of receipt of the request. For further information on the processing of your Personal Data by the Data Controller, you may contact the Data Controller at the following e-mail email@example.com or by mail to the Data Controller headquarter.