Privacy Policy
R2M SOLUTION SRL provides the following information to
WEBSITE USERS, CLIENTS, and INTERESTED PARTIES
in relation to the obligations regarding the protection of personal data
The EU Regulation n. 679/2016 (General Data Protection Regulation, GDPR) stipulates the regulation of the protection of individuals with respect to the processing of personal data. In compliance with the indicated legislation, R2M SOLUTION srl processes personal data according to the principles of correctness, lawfulness, transparency and protection of your privacy and your legal rights.
The processing of your data may be carried out using both Information Technologies (IT) and manual tools, in compliance with all technical and organizational measures prepared by R2M SOLUTION SRL as the Data Controller to guarantee the security of people and the privacy of their personal data.
The Data controller is R2M SOLUTION SRL
Address: Registered office PAVIA – Via Fratelli Cuzio 42
Certified E-mail: r2msolution@legalmail.it
Subjects
Why are these data processed (purpose and legal basis)?
What happens if we cannot process the data?
Natural persons who access the website and/or contact R2M Solution SRL, Clients
1. SITE VIEWING AND NAVIGATION
2. CONTACT MANAGEMENT
3. ASSIGNMENT MANAGEMENT
4. ASSESSMENT, EXERCISE AND/ OR DEFENSE OF RIGHTS
5. ARCHIVING BY LEGAL OBLIGATION
6. COMMUNICATION TO THIRD PARTIES
7. SYSTEM MAINTENANCE
- The provision of personal data that the interested party agrees to provide contractually, or which must be provided by law, is mandatory and can determine legal liability.
- Any other provision of personal data is optional. The only consequence of failure to provide will be the inability to provide or perform the requested services
Data being processed: common data, contact and identification data, geo-location data, images, audio and video recordings may be processed.
Purpose of the treatment, legal bases, and retention period
- Website visualization and navigation
- The visualization of the website and the navigation within it involves, for reasons intrinsic to the use of IT protocols, an exchange of technical information between the IT system of R2M SOLUTION SRL and the website user’s. The data transmitted is for example: operating system used, browser and relative version, time of the request, and size of the data flows. The data collected for this purpose is not intended to identify the website user but may be suitable for doing so in the case of committing violations. There are no banners that require any consent in relation to the cc.dd. cookies because this website, apart from the technical cookies necessary for viewing and navigation, does not use them.
- Legal basis: contract and pre-contractual measures, art. 6.1.b) GDPR.
- Storage: the data are immediately deleted when the website browsing session terminates, unless they are necessary for the exercise or defense of rights, as explained below.
- Contact management
- Sending an email to the R2M SOLUTION SRL address necessarily involves the processing of the personal data contained in the message (for example: name, surname, subject, contact details).
- The above communications and the relative attachments are read by those in charge of R2M SOLUTION SRL, as working tools. Such messages therefore do not have the nature of private correspondence. They are protected by confidentiality obligations and are not disclosed to third parties except for reasons connected with the fulfillment of the assignment, authoritative requests, legal obligations, and the exercise of our defense rights.
- This website does not use https encryption protocol. If you deem it appropriate, you can send encrypted files as collateral, communicating the encryption key in another way.
- Legal basis: contract and pre-contractual measures, art. 6.1.b) GDPR.
- Storage: these data are used to process the request and to verify it and are deleted when the purpose of contact, response or correspondence is definitively exhausted.
- Management of the assignment conferred by clients
- In the event that a client confers an assignment, the personal data (including from third parties) collected for the related performance will be processed for the strict purposes of executing the assignment and in compliance with all applicable legal requirements.
- Legal basis: with respect to the client, the contract and pre-contractual measures, art. 6.1.b) GDPR. In other cases: legitimate interest, art. 6.1.f) GDPR, consisting of carrying out a professional assignment. Where applicable: legal obligation, art. 6.1.c) GDPR, such as anti-money laundering.
- Storage: personal data are kept for the duration of the assignment. Once the assignment is terminated, they will be retained pursuant to the purpose of ascertaining/exercising/defending a right and that of archiving, insofar as applicable.
- Valuation, exercise and/or defense of data privacy rights
- The personal data object of the assignment and those of an extra-contractual origin may be necessary to assert the constitutional rights of data privacy and exercise of those rights both in court (including pre-litigation venue) and in extra-judicial correspondences. The data of website users could for example be used in disputes relating to the correct execution of the assignment in question.
- Legal basis: legitimate interest, art. 6.1.f) GDPR.
- Storage: personal data are kept for 10 years, as required by the regular limitation period (art.2946 of the Italian Civil Code), unless further retention is required in the event of interruption of the limitation period, as per law.
- Archiving by law
- Purpose: the personal data subject to the assignment must be kept for legal obligations that we are required to observe.
- Legal basis: legal obligation, art. 6.1.c) GDPR.
- Storage: personal data are kept for 10 years for mandatory archiving purposes (articles 2220 of the Italian Civil Code; 22, paragraphs 2 and 3 of Presidential Decree 29.9.1973, n. 600), subject to further conservation in the event of interruption of the statute of limitation.
- Establishment of collaboration relationships and curriculum vitae (CV) management
- Purpose: R2M SOLUTION SRL. will analyze, where appropriate, the CVs sent to us for the purpose of establishing collaborative relationships. Interested parties who send a CV is aware that we reserve the right to verify the information presented with third parties or references provided.
- Legal basis: contract and pre-contractual measures, art. 6.1.b) GDPR.
- Storage: the CVs and further information collected in execution of the purpose will be deleted without delay in the event of failure to establish the collaboration relationship. In the event of the establishment of the collaborative relationship, they will be kept for the entire duration of the relationship and in any case no later than 10 years from the date of collection, as information that determined the contractual obligations will be necessary for checks on the correspondence to ensure truthful facts and related circumstances.
- Communication to third parties and other treatments in execution of legal obligation/authoritative orders
- Purpose: where applicable, R2M SOLUTION SRL will process personal data for compliance with legal obligations and/or to process legitimate requests (e.g. requests for access or transmission of information) by authorities and persons authorized to do so. In any case, R2M SOLUTION SRL will do everything necessary to protect data privacy rights and to inform the correct person, where legally and factually possible, of any such request from third parties.
- Legal basis: legal obligation, art. 6.1.c) GDPR and, as appropriate, also legitimate interest, art. 6.1.f) GDPR
- Storage: the personal data transmitted in these scenario are retained for some of the purposes indicated in this privacy policy statement. Therefore, please refer to them.
- Maintenance of IT systems and devices
- Purpose: the persons at R2M SOLUTION SRL in charge of carrying out IT maintenance and repairs may have access to personal data collected by the IT systems and devices. Access will be made exclusively by individuals identified by R2M SOLUTION SRL as the Data Controller and by virtue of a specific act or contract.
- Legal basis: legitimate interest, art. 6.1.f) GDPR.
- Storage: the personal data transmitted in these scenario are retained for some of the purposes indicated in this privacy policy statement. Therefore, please refer to them.
Categories of Third-Party Recipients
- Hosting, housing, cloud, and e-mail service providers (for the needs of publishing the website and managing the email/Certified e-mail service);
- Accountants, experts, and lawyers (within the limits of the fulfillment of legal obligations or the client’s assignment);
- Public entities (within the limits of the execution of legal obligations or the client’s assignment). For example: judicial authorities, independent authorities, police authorities, public institutions;
- Persons authorized or specifically designated and instructed to process data that have committed to confidentiality or who have an adequate legal obligation of confidentiality (e.g. employees and collaborators).
The personal data provided can be transferred to the countries of the European Union (EU) or Non-EU countries, for reasons related to the processing tools used. The transfer may be based on an adequacy decision or on the standard contractual clauses approved by the European Commission. More information is available upon request and would be provided by R2M SOLUTION SRL as the Data Controller.
Rights of Interested Parties
Interested parties may exercise the following rights against R2M SOLUTION SRL as Data Controller (by way of a written request sent to the email address indicated above):
- Access (art.15 GDPR): you can contact R2M SOLUTION SRL as Data Controller to find out if your personal data are being processed and the information on the law of said processing;
- Correction (art. 16 GDPR): for the correction of incorrect data or the integration of incomplete data;
- Cancellation / oblivion (art.17 GDPR): to obtain the cancellation of personal data, in cases of law;
- Limitation (art.18 GDPR): to obtain the submission of data for conservation only, with the exclusion of other activities, in cases of law;
- Portability (art.20 GDPR): to obtain the data in a structured format, commonly used and readable by an automatic device and also to obtain its direct transmission to another data controller, in cases of law;
- Opposition (art.21 GDPR): the right to terminate further processing of personal data for reasons related to a particular situation, except for the prevalence of binding legitimate reasons, in cases of law.
- Revocation of consent (art.7.3 GDPR): the right to withdraw consent at any time.
R2M SOLUTION SRL as Data Controller has not provided means to consent to third-party data sharing on our website. Furthermore, as a rule, none of our processing is based on or requires such consent. The legal bases on which we operate are: contract, legal obligation, and legitimate interest.
R2M SOLUTION SRL as Data Controller does not carry out automated decision-making processes or user profiling towards our clients and users of the website.
Compliance with the Data Protection Authority
Website users also have the right to lodge a complaint before the Guarantor for the protection of personal data. The Guarantor can be reached on the website www.garanteprivacy.it; We remind you that the complaint, pursuant to art. 77.1 GDPR, can be promoted by the interested party at the local authority where the data subject habitually resides, where (s)he works or where the alleged violation has occurred.