Privacy Policy Data Processing Information Document Article 13 Reg. n. EU 2016/679 – GDPR

RENNA SRL, with operational headquarters in Fasano, Via Sant Oronzo, 139 VAT number 01321750745 in the person of its legal representative, (hereinafter, “Owner”), as data controller, informs you pursuant to art. 13 Legislative Decree 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following ways and for the following purposes:

  1. Object of the Processing

    The Data Controller processes personal, identifying data (for example, name, surname, company name, address, telephone, e-mail, bank and payment details) – hereinafter, “personal data” or also “data”) communicated by you on the occasion of the conclusion of contracts for the Data Controller’s services.
    As well as information collected automatically during online browsing and stored in log files, including (for example statistical or anonymized data on the type of browser used, name of the ISP, page of origin, date and time of access to the site and geographical area).
    The data deriving from the web service may be communicated to the technological and instrumental partners used by the Data Controller for the provision of the services requested by visitor users. The personal data provided by visitors who send requests for informative material (requests for information, answers to questions, etc.) or other communications are used for the sole purpose of carrying out the service or provision requested and are communicated to third parties only if this is necessary for this purpose (provision of the services requested through the technological and instrumental partner). The Data Controller uses agents for the processing. The Regulation places the obligation on the person in charge, but also on the Data Controller, to conserve documentation of all processing carried out under their own responsibility. Preservation which, if referring to electronic documents, obviously implies necessary skills relating to digital preservation in compliance with the law.
  2. Purpose of the processing

    Your personal data is processed:

    1. Without the need for express consent pursuant to art. 6 GDPR, for the following purposes:
      • conclude contracts for the Owner’s services;
      • fulfill pre-contractual, contractual and fiscal obligations deriving from existing relationships with you;
      • exercise the rights of the Owner, for example the right of defense in court;
    2. Solo previo Suo specifico e distinto consenso ex art. 7 GDPR, per le seguenti Finalità di Marketing:
      • inviarLe via e-mail, posta e/o sms e/o contatti telefonici, newsletter, comunicazioni commerciali e/o materiale pubblicitario su prodotti o servizi offerti dal Titolare e rilevazione del grado di soddisfazione sulla qualità dei servizi;
      • inviarLe via e-mail, posta e/o sms e/o contatti telefonici comunicazioni commerciali e/o promozionali di soggetti terzi (ad esempio business partner)
  3. Processing Method
    The processing of your personal data is carried out through the operations indicated in art. 4 n. 2) GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data are processed both in paper and electronic and/or automated form.
    The Controller will process the personal data for the time necessary to fulfill the above purposes and in any case for no more than 5 years from the termination of the Service Purposes and for no more than 2 years from the termination of the service, for data collection purposes for Marketing Purposes. Legal provisions for fiscal data retention are excluded.

    Navigation Data.

    The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data the transmission of which is implicit in the use of Internet communication protocols.
    These are pieces of information not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
    This data is used solely for the purpose of obtaining anonymous statistical information about the use of the site. The data might be used to ascertain responsibility in case of hypothetical computer crimes against the site.

    Data Voluntarily Provided by the User.

    The optional, explicit, and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the message.
    If you have explicitly and freely consented, during the registration process, request for assistance, or newsletter subscription or when using our services, the aforementioned personal data may also be processed for the following additional purposes: sending newsletters and commercial notifications, traditional marketing activities such as sending brochures, catalogs, and/or technical materials via postal mail and phone calls with operators, as well as marketing activities using automated or similar tools such as: Fax, E-mail, SMS, MMS, Instant Messaging, Chat, and phone calls without an operator. Moreover, online marketing, web marketing, and web advertising activities. Market research and commercial profiling activities, and finally, communication to third parties. Providing the personal data collected for the aforementioned purposes is optional.
    If necessary, data may also be disclosed to third parties. Data obtained through authentication with third-party systems are deemed provided to this site through the explicit acceptance of the authentication service.

  4. Data Access
    Your data may be made accessible for the purposes referred to in points 2.A and 2.B:

    • to employees and collaborators of the Controller or of other companies in Italy or abroad and, in their capacity as internal data processors and/or system administrators;
    • to third-party companies or other entities (indicatively, for shipping and packaging services, postal services, etc.) that carry out outsourcing activities on behalf of the Controller, in their capacity as external data processors.
  5. Data Disclosure

    Without the need for express consent art. 6 lett. b) and c) GDPR), the Controller may disclose your data for the purposes referred to in point 2.A to those subjects to whom communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data as independent data controllers. Such data might be processed through services located outside the European Union, such as – for example – those provided by companies like Google, Facebook, Microsoft, either through specific plugins used for social networks or through analysis services like Google Analytics.
    The aforementioned companies, in any case, have expressly adhered to the Privacy Shield.
  6. Nature of Data Provision and Consequences of Refusal

    Providing data for the purposes referred to in point 2.A) is mandatory. Without them, we cannot guarantee the Services provided by the Controller.
    Providing data for the purposes referred to in art. 2.B) is instead optional. You can therefore choose not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications, and advertising material related to the Services offered by the Controller. However, you will continue to have the right to the Services referred to in point 2.A).
  7. Rights of the Data Subject

    In your capacity as a data subject, you have the applicable rights set forth in Articles 15 to 22 of EU Regulation 2016/679, namely: the right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object, as well as the right to lodge a complaint with the supervisory authority.
  8. Exercising Rights

    You can exercise your rights at any time by sending an email to info@rennasrl.com or by sending a written communication via Registered Mail with return receipt: to the Data Controller, in the person of the administrator, located in Fasano, Via Sant’Oronzo,139.
    To exercise your rights, you can use the form provided at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924
    The Controller undertakes to respond to the complaint submitted by the data subject within 1 (one) month from the request, even in case of denial. The deadline may be extended up to 3 (three) months in cases of particular complexity.
  9. Consent to Processing and Minors

    The data subject declares to have read the above information, with the communication of personal data freely provided or otherwise collected during navigation, always carried out in compliance with current privacy laws; gives consent to the processing, and thus, by “ticking” the appropriate box, expressly accepts the registration and processing of their data, which will be based on the principles of fairness, lawfulness, and transparency, as indicated above.
    Special conditions are set by EU Regulation 679/ 2016 in the interest of minors in art.8, which clarifies that the processing of personal data of minors under 16 years of age – or, if provided for by the laws of the Member States, of a lower age but not below 13 years – is lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility over the minor. Therefore, actions taken by minors without the authorization of those responsible for supervising them, primarily parents, are contrary to the provisions, and the Controller cannot be held responsible for the minor violating the law by bypassing the provisions in force.
  10. Extended Cookie Information

    By cookies, we mean a textual element that is inserted into the hard disk of a computer only after authorization. If you consent, the text is downloaded into a small file. Cookies have the function of allowing access to the provision of the service by acting as security filters and allowing web applications to send information to individual users. No cookies are used for transmitting personal information. The use of Cookies is optional, and their deactivation does not cause any anomalies in the display of the site’s institutional pages.
    Cookies are small text files sent from the site to the user’s terminal (usually to the browser), where they are stored to be retransmitted to the site during subsequent visits by the same user. A cookie cannot retrieve any other data from the user’s hard drive nor transmit computer viruses or acquire email addresses. Each cookie is unique to the user’s web browser. Some cookie functions can be delegated to other technologies. In this document, the term ‘cookie’ refers to both cookies, properly so-called, and all similar technologies.
    In detail, the site you are viewing uses:
    Essential technical cookies necessary for the correct operation of the site. They allow, for example, browsing pages and storing a user’s login credentials to keep them active during the session while browsing.
    Analytics technical cookies for site optimization, directly from the site’s data processing controller, which may collect information, even in aggregate form, on the number of users and how they visit the site. Interested users can read the privacy information provided by the following entities:
    Users wishing to deny consent to the acceptance of cookies on their device must change the settings of their browser for Internet browsing.