The document concerns the privacy policies on the processing of personal data performed by RX Italy S.r.l.., with registered offices in Milano, Via Marostica n. 1, as the Data Controller (hereinafter the “Controller” or “REI”) and owner of VISCOM ITALIA brand, which runs the website http://www.viscomitalia.it.
The document describes, according to applicable law and EU Regulation 2016/679 (hereinafter “GDPR”), the management procedures with regard to the personal data of users and visitors of our website, as well as the processing of personal data carried out by the Controller. For contacts you can present yourself, by prior appointment, at the company offices, or use the following contact information: Tel. +39 02 4351701.
The DPO is available at e-mail address: firstname.lastname@example.org.
The Data Controller also uses this online space also to provide interested parties with further legal information reported immediately after the Information on the processing of personal data; therefore, the navigator is asked to pay particular attention to these documents, among which, for example: use of images obtained by photos and/or videos, intellectual property, liability, information on personal data processing following informal contacts - commercial or institutional as the case may be).
Information on data processing
The Controller adopts this policy as required by art. 12 GDPR, to provide the information included in art. 13 GDPR and communication under artt. 15 to 22 and 34 GDPR, related to the processing of the data provided. This policy shall be read as general, given to everyone who interact with the website, by browsing the site, accessible by electronic means and corresponding to the official web-site home page. This policy is not applicable for other web-sites possibly accessible through our links, of which the Controller shall not be deemed liable.
The Controller informs the data subject that the personal data provided through the connection with the Controller (therefore both through the mere navigation of the site that using the services on the site or filling in our online forms or writing to the addresses indicated in the web pages), all data not belonging to special categories under art. 9 GDPR, shall be processed according to the provisions of GDPR. Data processing is carried out on the basis of lawfulness conditions under art 6 GDPR, for the purposes concerning the relationship established with the Controller and, therefore, its legal basis, as required by art. 13 lett. (c) GDPR, is grounded on the reasons of the contact with the Controller. Data processing shall include: management, organization, use, storage, creation of database, processing in EU and extra EU territories (in the cases set forth by art 45 and 46 GDPR), statistical anonymous survey, communication to partners with which the initiatives will be developed – subjects that will be appointed as external bodies according to art. 28 GDPR, Authorities, Institutions, ICE. The Data will be communicated and processed also within the RELX Group, of which it is party. The Controller informs the visitors of the website that the Data provided for various activities e.g. by filling in online forms, might be shared with its partners, in full compliance with applicable privacy regulations. It is further recalled that the processing of Data shall be carried out by the Controller only in the interest of the user, without aggressive marketing purposes, The processing shall include the destruction and alteration of the data processed, as the result of the reporting of the Data subject, the consultation, the communication of future initiatives, the elaboration, the sending of promotional material as well as the use to promote conferences and meetings, light marketing (processing based on the legitimate interest of the Data Controller keeping in mind the interests, expectations and rights of the data subject and to which it will be possible to oppose by sending e- mail to our DPO or following the instructions provided in the communications’ footer), the soft spam via e-mail (to which it is possible to oppose at any time pursuant to Art 130 Privacy Code by sending e-mail to our DPO or by following the instructions provided for by the communications’ footer) and , cancellation. It is further recalled that the processing of Data connected with the web services, offered by this web-site physically “in hosting” by AWS (Amazon Web Services) in the Irish Data Center via AMS (Adobe Managed Services), are performed at the Controller’s premises and handled only by employers, collaborators or third parties duly authorized, or charged with occasional maintenance duties.
Data processing shall be carried out by paper and/or electronic means, by subjects specifically appointed. Provision of Data is optional, except from those automatically acquired by the system. It is intended that continuing with navigation, and by not turning off cookies (see cookies policy), the consent will be considered as given according to art. 4 para 11 GDPR. The Controller does not perform any processing through automated decision-making process. The Data will be stored for five years and anyway for the period necessary to meet the purposes of Data collection.
The Controller informs that the rights of rectification ex art 16 GDPR, to erasure ex art 17 GDPR, to restriction of processing ex art 18 GDPR and of access to personal Data supplied and consequential information as described in art. 15 GDPR are guaranteed.
The Data subject has also the right to object pursuant to art. 21 GDPR and the following rights:
1) to require to the Controller the access to its own personal Data, the relevant rectification, or the erasure or the restriction of the treatment concerning it, or to object to the processing;
2) to data portability, ex art 20 GDPR;
3) should be Data processing based on art. 6, para. 1, lett. (a) GDPR or art. 9, para. 2, lett. (a) GDPR, to revoke the consent at any moment, without prejudice of lawfulness of data processing based on the previous consent;
4) to lodge a complaint with a supervisory authority.
In order to exercise such rights or require further information, please send an e-mail to the DPO at the following e-mail address: email@example.com, by indicating as object: exercise of rights under the GDPR, and as content the right that is intended to exercise. The Controller shall process the request and send the relevant reply within the timing according to art. 12 GDPR.
The Controller informs you that should the Controller decide to carry out further Data processing for other purposes, different from those for which they were collected, it shall previously inform the Data subject with any relevant information.
Please note that users, by sending e-mail to the addresses indicated in this website, for the purposes specified for each case, authorize the acquisition and the consequent processing of their e-mail address and other personal Data possibly contained in the e-mail, to be carried out with the procedures and purposes mentioned above. The sending also involves the awareness and the approval of the privacy information note.
The Communications on Controller’s activities is reserved only to specific categories of registered users. To provide and manage this service, the Controller uses services and tools offered by MailUp website. For more details on the processing of personal Data by MailUp, the Controller recommend to carefully consult the following link: http://www.mailup.it/informativa-privacy.htm. The failure to provide personal Data will not result in any consequence against the user other than, in the event of failure to provide necessary personal Data, the lack of opportunity for the user to benefit from the services required, from which it is possible to cancel by the use of “unsubscribe”, that is footnoted in every communication.
Data Breach: In the event that the Data Controller suffers a violation as configured in art. 33/34 GDPR involving a risk to the rights and freedoms of individuals (data breach) will be activated - if necessary - to make the notification to the Guarantor Authority and the communication of the incident to all data subject.
We inform you that the Data Controller uses specific and appropriate information for the acquisition of data in particular contexts, to which reference is made for the processing in the specific cases (e.g., participation to a fair, a competition, a conference etc.).
Use of images obtained by photos and/or videos
During our public events (exhibitions, fairs, conventions, parties, meetings) it’s possible that several photos and videos will be taken in the location to support and promote our events. Images and videos will be posted on this Website or on the group's website and through our social profiles and they won’t injure individual’s honour and respectability; The Controller won’t give any payment for these images or videos. It’s important to remember that your images obtained during our public events don’t request a specific consent from photographed individuals. However, the Controller complies with all provisions concerning photos and videos processing set forth by the Data Protection Authority. Anyone who wants to cancel or remove personal images can contact us at the following address firstname.lastname@example.org and, after examination of the request, images may be cancelled/removed. In the event that photos or video will be taken during private events and/or including foreground of minors or people with handicap, the Controller will give the suitable information and will ask individuals’ consent.
Information on the processing of personal data following informal contacts (commercial or institutional)
RX Italy S.r.l. thanks you for giving us your personal data in order to keep in touch, so please be informed that the Controller, according to art. 4 GDPR, is RX Italy S.r.l., with registered offices in 20146 Milan, via Marostica n. 1, available at the following number: +39 02 4351701; email: email@example.com.
The Controller appointed a Data Protection Officer - DPO - available at the following email address: firstname.lastname@example.org.
The personal data provided, data not belonging to special categories under art. 9 GDPR, concerning you - the “Data”- shall be processed according to the provisions set forth by the GDPR, in accordance with the principles relating to the processing of personal data described in article 5 of the GDPR (i.e. the principles of fairness, relevance, transparency, adequacy, protection of confidentiality and rights, etc). The Controller carries out data processing according to lawfulness conditions as per art 6 GDPR, for the purposes related to the relationship from time to time established with the Data Controller; therefore, the relevant legal basis under art. 13 lett. c GDPR is grounded on the reasons of the contact with the Controller, in this case the conferment of your personal data made us to stay in touch with the Controller after the informal commercial or institutional relations with us for example contacts via e-mail or telephone, business cards. (art. 4 paragraph 11 GDPR - consent given through unequivocal positive action).
In this perspective, the processing shall include management, organization, use, storage, processing in EU and extra EU territories (in the cases set forth by art 45 and 46 GDPR), conservation, database’s creation, extraction, comparison, dismissal, consultation, registration, communication of our future initiatives, elaboration, modification, light marketing (legal basis: legitimate interest of the Data Controller keeping in mind the interests, expectations and rights of the interested party and to which it will be possible to oppose by sending an e-mail to our DPO or following the instructions provided in the communications footer) soft spam (it is possible to oppose at any time to this soft spam with the function “unsubscribe” following the instructions on footer e-mail, as per art. 130 paragraph 4 Privacy Code), anonymous statistics, destruction or modification of personal data processed after subject’s advisory and the erasure after expiration data retention period, the communication to members of the Controller’s organizational structure
or to consultants in the context of business activity management, the communication to the partners with whom the initiatives will be developed, which will be appointed “Processor” as per art. 28 GDPR.
Furthermore, the Controller informs you that your personal data will be communicated, processed and managed inside the RELX Group business, to which the Controller belongs.
Data processing shall be carried out electronically or in paper form by subjects specifically appointed. These methods will be used in accordance with specific security measures to prevent data’s loss, illegal uses and non-authorized access. The Controller does not perform any processing through only automated decision-making process, and does not perform profiling.
The Controller reminds you that you gave us spontaneously your personal data based on your expressed willingness to stay in touch with us.
Personal Data shall be processed for the time required to fulfil the purposes of the collection.
The Controller informs you that, in conformity with art. 13 paragraph 2 GDPR, you have also the following rights:
- the right of access to personal data and to related information as listed under art. 15 of the GDPR;
- the relevant rectification, or the erasure or the restriction of the treatment concerning it;
- right to data portability, as per art 20 GDPR;
- right to oppose to the processing;
- should be Data processing based on art. 6, paragraph 1, lett. (a) GDPR or art. 9, paragraph 2, lett. (a) GDPR, to revoke the consent at any moment, without prejudice of lawfulness of data processing based on the previous consent;
- the right to object pursuant to art. 21 GDPR
- right to file a complaint with a supervisory authority (in this case it’s recommended to verify the procedure that you can find on Data Protection Authority’s website: for Italy https://www.garanteprivacy.it).
The Controller confirms that you can withdraw your consent at any time and exercise your rights by sending an e-mail at email@example.com with object “Exercise of rights ex GDPR” and containing the right to be exercised and the contact address for reply. The Controller shall reply within the time limits set forth under art 12. Paragraph 3 GDPR.
Please be informed that should the Controller decide to carry out further Data processing for other purposes, it shall previously inform the Data subject with any relevant information, obtaining – where necessary - specific consent.
Processing of candidates’ personal data:
In compliance with current privacy regulations, the candidate who spontaneously sends his CV will receive suitable information on personal data processing at the time of the first contact that follows receipt of the CV spontaneously sent by the candidate. During the hiring process, the employer may examine candidates’ “social profiles” where the latter do not have private purposes. Data acquired from these profiles will be collected and subsequently processed only to the extent in which such collection is required and relevant to performance of the job for which the application is submitted; therefore, data collected during the hiring process shall be erased as soon as it is clear that no job offer will be made or that the offer made will not be accepted by the candidate. During the internship period, RX Italy S.r.l. reserves the right to monitor the interns’ “social profiles” on a non-generalised basis.
Informatics systems and software procedures of this web site collect certain Personal Data, which transmission is implicit in the use of internet protocols. Such Data are used only to obtain anonymous statistic information on the use of the web site and to control the correct performance. They are cancelled immediately after the elaboration. The Data may be used in investigations on possible cybercrimes against the web site.
Cookies are small text files, deposited by a web site on the user’s hard disk, to identify the navigation browser. Cookies do not damage the system and do not contain malicious files. Cookies are intended to speed up the analysis of web traffic or to signify the access to a specific web site, and allow to web applications to send information to each user.
For further information, please visit our cookies policy.
All contents in this web site are protected by rules of law concerning intellectual property. Any reproduction, also partial, is forbidden. In any case, the Controller does not permit any license on copyright, patents or any other intellectual property right.
No liability is assumed by the Controller towards web-site users in reference to the content of what is published (accuracy and completeness of the provided information) or to the use made by third parties. Materials and information of the website are subject, without prior notification, to changes or updates by the Controller.
Laws and regulations
The Controller regularly verifies the respect of these privacy rules, updating them with new issued laws and regulations. The DPO may be contacted at any time for questions by writing to: firstname.lastname@example.org.
It is our policy to reply to users sending requests and/or formal complaints to the address above, to solve the signified problem. We undertake to cooperate with the competent authorities, to solve possible complaints concerning Personal Data, which cannot be solved directly by the Controller and private individuals.
Last updated: March 2020