Privacy Policy

CaSRevolution S. r. l.

The terms in the list below shall have the meanings defined therein.

INTRODUCTION

Dear User, in compliance with the obligations established by the Privacy Code and the GDPR, we hereby intend to inform You that the Company, as Data Controller, will process the Personal Data concerning You, which may be collected by us, provided by You and/or communicated by other subjects, while browsing and using our Website and that this activity will be compliant with the GDPR and the legal requirements applicable each time.

AMENDMENTS TO THE PRIVACY POLICY

1. Our company may fully or partially amend and/or update the Privacy Policy.
2. Such amendments shall be effective as soon as they are published on the Website.
3. Amendments and/or updates to the Privacy Policy are highlighted and available on the Home Page.
4. The User who disagrees with the Privacy Policy and subsequent amendments, may interrupt the use of the Website at any time.

DATA CONTROLLER

1. The Company is the Data Controller of the Personal Data collected through the Website. The processing related to the services of the Website takes mainly place at the Company registered office and is carried out by the staff in charge of Processing.
2. Our Company adopts safety procedures to ensure confidentiality, integrity and availability of data.

COLLECTED DATA AND LEGAL BASIS

1. The Company may process the following personal data of the User, according to the following legal basis.

The Company may also process the User’s personal data relating to the online browsing history collected during his visits to the Website (regardless of whether you are a registered customer or not), using tracking technologies such as “cookies” (for information on the collection of data through cookies, consult the information on Cookies on the Website.

PURPOSE OF THE PROCESSING

1. The Company processes the User’s Personal Data, mainly with computer systems and electronic devices of its property or of third parties, selected by ensuring their reliability, expertise and professionalism.
2. The User must give express consent for the Processing of some specific data, or for certain purposes, for example when the creation of a user profile based on the User’s preferences is required, in order to send information related to the User’s interests and inclinations.
3. In all other cases where an expressed consent is not required, our Company may freely process the User’s data without any further authorization, considering this Privacy Policy read and accepted in all its parts.
4. Data Processing may be carried out on our Company’s behalf also by third parties that provide data processing services or carry out activities complementary to or necessary for the performance of the requested services and operations, which are appointed Data Processors on behalf of the Company on each occasion. The updated list of Data Processors may always be requested to the Data Controller.
5. The User’s personal data may be transferred and/or visible to subjects connected to the Company, without the need for specific consent, to the extent that this is necessary for the management of the services of the Website.
6. The Company may process personal data of third parties, that the User disclosed to our Company, even if not directly acquired from them. In case the User provides the data of another subject, the User must have previously obtained the data subject’s consent and, in any case, agrees to acquire it, holding the Company harmless from any burden or liability.

PERSONAL DATA STORAGE PERIOD

1. The Personal Data collected to fulfill a legal obligation and to execute a contract will be stored for a period not exceeding the time necessary for these purposes and, in any case, not exceeding 3 years after the termination of the contract (for example, following the withdrawal of the registration on the Website), after which they will be destroyed or rendered unusable or made anonymous. The storage of such Data takes place on third-party servers, located in Europe, which guarantee levels of security and stability according to standards generally applied and recognized as reliable by the state of the art.
2. In any case, Personal Data will be stored for a period not exceeding the time necessary for the purposes for which they were collected in accordance with the provisions of art. 5 co. 1 letter e) of the GDPR.

ART. 6 - USER RIGHTS

1. Pursuant to the provisions introduced by the GDPR, the User has the following rights:

·         right of access: pursuant to Article 15 GDPR, the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: a)the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;

·         right to rectification: pursuant to Article 16 GDPR, The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement;

·         right to erasure: pursuant to Article 17 of the GDPR, The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing; c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. The right to erasure does not apply in the cases expressly provided for by art. 17 par. 3 GDPR such as for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims;

·         right to restriction of Processing: pursuant to Article 18 of the GDPR, the data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;

·         right to data portability: the right to request at any time and receive, in accordance with Article 20, paragraph 1 of the Regulation, all Personal Data processed by the Data Controller and/or by the Data Controllers in a structured format, of common and legible use or request its transmission to another Data Controller. In this case, it will be the Data Subject’s responsibility to provide us with all the exact details of the new Data Controller to whom he intends to transfer his Personal Data giving us written permission;

·         right to object: pursuant to Article 21, paragraph 2 of the Regulation, you can object, at any time, to the processing of your Personal Data if these are processed for direct marketing purposes, including profiling in so far as it is related to such direct marketing;

·         right to lodge a complaint with the supervisory authority: without prejudice to the right to appeal to any other administrative or judicial body, if it is deemed that the Processing of Personal Data carried out by the Data Controller is in violation of the Regulation and/or applicable legislation, it is possible to lodge a complaint with the competent Authority for the Protection of Personal Data.

ADDITIONAL INFORMATION

1. The Company shall have the right to delete the accounts and all related data in the event that any illegal content, damaging Company’s reputation and/or its products or of third parties, or content in any way offensive or promoting illegal or defamatory activities, that incites violence, promotes discrimination related to race, sex, religion and sexual orientation is found.

LINKS TO OTHER WEBSITES

1. Our Website may contain links to other websites that may have no connection with our Company, by way of example the e-commerce websites of Company’s commercial partners
2. The Company does not control or monitor such websites and their contents and cannot be held responsible for the contents of these websites and the rules adopted by them, also with regards to the User’s privacy and the processing of Personal Data during browsing operations. Therefore, please pay attention when connecting to these websites, using the links on our Website and carefully read their terms and conditions of use and privacy policies. The Company’s Privacy Policy does not apply to third parties’ websites. Our Website provides links to these websites solely to help the users in their research and browsing and to allow hyperlinking to other websites on the Internet. The activation of these links does not imply any recommendation or notice by The Company for accessing and browsing these websites, nor any guarantee as to their content, services or goods they provide and sell to Internet users.

CONTACTS

1. If you wish to receive more information on how the Company processes your Personal Data or to exercise your rights as aforementioned, please write an e-mail to the address info@casrevolution.com. The request shall be signed and accompanied by a copy of an identity document bearing the signature of the Data Subject and shall indicate the address to which the reply shall be sent. The reply shall be sent within one month of receiving the request.
2. For information concerning your rights and for updates on legislation concerning the protection of individuals with regards to the processing of personal data please visit the Data Protection Authority’s website at: http://www.garanteprivacy.it/.

APPLICABLE LAW

1. This Privacy Policy is governed by the GDPR and, as far as applicable by the Privacy Code, which regulate the Processing of personal data – including data stored abroad – carried out by any party residing or based in Italy.