Informative report on Personal Data Processing
in accordance with art. 13 and 14 of the EU Regulation 2016/679 dated 27/04/2016
RDC WEB srl constantly strives to protect the online privacy of its users and to this end informs you that the personal data you provide, or that it collects from third parties, will be processed in compliance with EU Regulation 2016/679 of 04/27/2016 (General Regulation for the Protection of Personal Data - GDPR), hereinafter referred to as the "Regulation”; RDC WEB provides hereby to the "Data Owner", the information relating to the processing.
The Data Controller (hereinafter "Controller") is RDC WEB srl having its registered office in Ragusa (RG), Piazza Monsignor Arezzi 1, VAT No.: 01550710881, Enterprise Register Number: RG-128584, certified e-mail address: [email protected].
For any information concerning the processing of personal data, you can also contact the Data Processor at the following address: [email protected]
Types of Processed Data
The Controller will process the data included in the definition set out in Article 4 (1) of the Regulation, hereinafter "Personal Data", including, but not limited to: personal data, accounting data, tax data, telephone numbers, e-mail address and other data necessary or related to the provision of the services covered by the activity of the Controller.
Personal Data may be collected by the Controller or by third parties appointed as Persons Responsible or Authorized on the basis of the activity carried out and will be processed in a lawful and correct manner exclusively for the following purposes:
- contractual purposes, connected and instrumental to the enforcement of the sales contract and subsequent management of the services related to the contract;
- fulfilment of legal, accounting and tax obligations;
- information purposes concerning commercial activities carried out directly by RDC WEB srl including the promotion of additional products and services carried out both with automated means (eg electronic mail) and traditional means (eg telephone, mail);
- communication and / or transfer of data to third parties (other than the parties referred to in point c) for the promotion and / or sale of products and services, using traditional and / or automated methods.
The processed data are updated, appropriate, complete and not in excess in relation to the purposes listed above for which they are collected and subsequently processed.
Legal basis of the processing
For the purposes referred to in point 3.a, the legal basis for the processing of Personal Data is based on the activity carried out by the Data Controller: sale of accessories and spare parts for cars through electronic channels and specifically through the website www.autoparts-rdc.com, on the execution of the contracts stipulated on the website and on the provision of information and / or estimates services requested by the Data Owner.
For the purposes referred to in point 3.b, the legal basis for the processing of Personal Data is based on the fulfilment of legal obligations.
For the purposes referred to in point 3.c and 3.d the legal basis for the processing of Personal Data is based on the consent of the Data Owner.
Sources of Personal Data
The personal data necessary for the performance of the services by the Controller and for the achievement of the purposes referred to in paragraph 3 are acquired in the following ways:
- directly from the data owner, at the time of the registration on the website www.autoparts-rdc.com or of the completion of a purchase without registration, or when sending a request for information or quote through the web contact form present on the above said website.
- through third parties (for example Paypal, Ebay and Amazon). In this case the consent to the processing has already been provided by the data owner to Paypal, Ebay and Amazon at the time of registration to the relevant websites.
- Processing methods and web site Safety measures
Personal Data is processed using IT tools, in a manner related to the purposes described above and in such a way as to guarantee safety and confidentiality of the data.
Data will be stored with the necessary technical and organizational measures to minimise the risk of destruction or loss, unauthorized access or unauthorized processing, including but not limited to: SSL certificate on corporate domain, use of secure Amazon Web Service servers in Ireland and proprietary servers protected by firewalls, back-up copies of data, access to data management platforms permitted to Authorized personnel only.
The processing is carried out directly by Controller's organization, by its managers and / or persons authorized to the processing.
Legitimate interests pursued by Data controller
Legitimate interests pursued by Data controller in data processing consist in fulfilling contractual obligations agreed by the parties. Pursuant to art. 6, the lawfulness of the processing is based on the consent expressly given by the data owner through the online platform on the website of the Data Controller.
Provision of data and mandatory or optional nature of the provision of data
Without prejudice to the autonomy of the Data Owner, the provision of data can be:
- strictly necessary to the provision of the service (point 3.a)
- required by law, regulations or European rules (point 3.b)
- optional for the purpose of carrying out information and commercial promotion activities (point 3.c, 3.d)
Failure to provide one or more data whose processing is required for the purposes referred to in points 3.a) and 3.b) will make it impossible to carry out the activities necessary for the provision of the services / products requested by the Data Owner. In case of refusal to provide data, it will be impossible to complete the registration and / or purchase process and the Data Controller will not be able to fulfil the contractual obligations.
Failure to provide the data for the purposes referred to in point 3.c), 3.d) will not entail any consequences on the legal relationships being established or already existing, but precludes the possibility of carrying out the activities specified therein.
Data Owner may withdraw his/her consent at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent prior to revocation.
Communication of your personal data to third parties: categories of recipients of personal data
Personal Data will be processed by the Data Controller, by the Data Processors appointed by the Data Controller and by the specifically authorized data processors. Personal data may not be disclosed, but may be communicated to third parties for specific purposes.
The data you have provided may be communicated for the purposes referred to in points 4.a) and 4.b) to third parties in a contractual relationship with the Data Controller. Such third parties are appointed as Data Processors and include:
- companies, institutions, banks and financial intermediaries for the execution of stipulated contracts or for the provision of related services, including the request for comments and / or feedback;
- companies providing packaging, logistics and shipping / delivery services of the products covered by the stipulated sales contracts;
- professionals, associated professionals, consultants or counterparties who participate in the execution of the assignment;
- persons providing services for the management of the IT system, or for the e-commerce available on the website;
- companies that carry out transmission, transportation and sorting of communications with customers;
- private persons that carry out activities of control, revision and certification of the activities performed by the Data Controller;
The data you have provided may be communicated, as a consequence of inspections or verifications, to all the inspection bodies responsible for checks and controls concerning the regularity of the legal obligations.
The communication of the data to the categories of subjects indicated above is a necessary requirement for the stipulation of the purchase contract, since in the absence of the consent of the data owner to the communication of the same, RDC WEB Srl will not be able to provide the contract services.
Furthermore, for the purposes referred to in points 3.c) and 3.d), the data may be communicated to other third parties with whom the Data Controller has entered into agreements aimed at the commercial offer of goods or services.
The lists of recipients and Data Processors are constantly updated and available at the administrative headquarters of the Company in Piazza Monsignor Arezzi 1, 97100 Ragusa (RG).
Furthermore, some categories of persons, as Authorized Data Processors, will be able to access your personal data for the purpose of fulfilling the tasks assigned to them. In particular, the Data Controller has appointed as authorized data processor of the data concerning data owner: the employees of the Data Controller, including system administrators, for the purpose of fulfilling the tasks assigned to them, temporary workers used by the Data Controller, interns.
The data processed by RDC WEB Srl is not disseminated or transferred to countries outside the European Union or to international organizations.
Time limit for data preservation
With reference to the purposes set out in points 3 a) and 3 b) the data is stored for the period necessary to manage the contract and fulfil legal obligations (10 years).
With reference to the purposes set out in points 3 c) and 3 d) the storage period is 5 years.
Existence of automated making processes
The Data Controller does not carry out any automated decision-making processes such as Profiling.
Data Owner's Rights
The Data Processor designated to provide feedback to the data owner in case he/she exercises his/her rights is: Ms Filì Valeria (Sole Director).
Pursuant to articles 15-23 of the Regulations, the Data Owner has the right to ask the Data Controller:
- the access to personal data both in paper and / or electronic archives,
- the correction, updating, cancellation or integration, if incomplete or incorrect, of the data as well as to oppose their processing for legitimate and specific reasons,
- the cancellation without unjustified delay if one of the reasons set forth in art. 17 (1) of the Rules exists,
- the limitation of processing when one of the hypotheses referred to in Article 18 (1) of the Regulation applies,
- the portability of the data in a structured format of common use and readable by an automatic device pursuant to Article 20 of the Regulation.
To exercise the aforementioned rights, the Data Owner may send a request by registered letter with acknowledgment of receipt to RDC WEB Srl - Piazza Mons. Arezzi 1 - 97100 Ragusa (RG), or by certified e-mail to [email protected], or by email to [email protected].
Without prejudice to any other administrative or judicial appeal, if the data owner considers that the processing that concerns him/her infringes the Regulation, he/she also has the right to lodge a complaint with the Guarantor Authority for the protection of personal data.