Rebecca s.r.l. (hereinafter also called “Data Controller”, “Rebecca”, “Mobili Rebecca”) is constantly committed to adopting technical and organizational solutions aimed at ensuring high standards of protection in the processing of personal data.
To this end, Rebecca s.r.l. has prepared an organizational privacy model (MOP), of which this information constitutes a part, in which the requirements of EU Regulation 2016/679 ("GDPR") and other legal provisions are implemented, including, in particular, Legislative Decree 196 / 03 and following mm. (hereinafter "Privacy Code"), as well as the provisions of the provisions of the Guarantor for the Protection of personal data, including Provision No. 146 of 5.6.19, containing the provisions relating to the treatment of particular categories of data pursuant to 'art.21 co. 1 of Legislative Decree 101/18.
This information describes to what extent, when, why and how we collect and use your personal data when you are our customer, how we protect them and how you can exercise your rights in relation to them.
For the Privacy Policy in summary , please click here
To consult the other information on the Site, please consult the specific "Privacy Area".
INDEX:
|
1. DATA CONTROLLER AND DATA PROTECTION OFFICER (art. 4, n. 7 e artt. 37 e ss. GDPR) |
|
The Data Controller is Rebecca s.r.l., in the person of its pro tempore legal representative, C.F. and VAT number: 02484770694, with headquarters in Porto Recanati (MC) in Via Dell’Industria 17, 62018, VAT number 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. The Data Protection Officer (R.P.D./D.P.O. - Data Protection Officer) is the Avv. Francesco Corallini Garampi, with office in via Lionetta 33, 60027 - Osimo (AN), Tel. And fax: 0712415178 - email: fcg@fcglex.it. |
|
2. DATA PROCESSORS (art. 28 GDPR) |
|
The Data Controller entrusts the management of some purposes to external subjects. In these cases, the relationship with the third party is governed by a specific contract with the Data processors pursuant to art. 28 of the GDPR. As required by the Transparency Guidelines WP 260/2017, if the Data Controller chooses to indicate the data processors and, more generally, the recipients of the data, he must justify why he considers this approach correct and in any case the reference to the category must not be generic but specific, referring to the activities carried out, the sector, industry, and the territorial location of the recipients identified by category. In this perspective, the Data Controller considers the approach by category of recipients of the communication to be correct in that case, as the indication of the names of suppliers and sub-suppliers would be exorbitant.. The Data Processors appointed by the Data Controller are subjects that provide services instrumental to the performance of the activity and belong mainly to the following categories: IT and management service providers (including hosting services such as Netsons srl, where the website is hosted on the server) by Rebecca, Google, Facebook, Instagram WhatsApp, SmartsUpp, Wetransfer, Cloud services, Saas software, where used, also appointed as data processors for the data that flow into their servers), administrative service providers, external professionals and consultants (accountant, job consultant, webmaster), payment gateway (eg Paypal, Fondy). The list of data processors is available from the Data Controller. |
|
3. PROCESSORS UNDER AUTHORITY OF DATA CONTROLLER (art. 29 GDPR) |
|
The Data Controller, within his organization, has authorized and instructed certain subjects to process data under his authority, assigning them specific duties, in compliance with the principles of "purpose limitation and data minimization", set out in 'art. 5 par. 1, lett. b) and c) of the GDPR. These internal subjects will be recipients, each within the limits of their duties, of the data of the interested party. |
|
4. CATEGORIES OF DATA |
|
For the purposes set out in this statement, the Data Controller will process the following categories of data: |
|
1. identification data (name, surname, date and place of birth, tax code, residence, photographic image, entry, signature). |
|
2. contact details (email address, landline number, mobile phone, fax, email). |
|
3. company data: Information relating to purchases and orders and the implementation of the guarantee. |
|
4. bank data (current account number, IBAN, SWIFT, ABI, CAB, Bank, reference branch). |
|
5. data of particular categories (ex "sensitive data"), pursuant to art. 9 GDPR, this is information that reveals ethnic or racial origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data aimed at uniquely identifying a natural person, data on the person's health or sexual life and sexual orientation. In relation to this particular category. These data are not normally necessary for the activities carried out by the Data Controller towards Customers, however the Data Controller may occasionally become aware of them therefore it is considered appropriate to provide adequate information. We refer in particular to the following categories: a) data relating to ethnic or racial origin: the Data Controller will only process these data if they emerge together with the identification data provided by the interested party (e.g. in the case of a passport photo exhibition or an identity document delivered by the interested party to the Data Controller) - In no way this data may affect the Owner's choices, measures or initiatives. |
|
6. navigation data (IP address, country, browser, device information, web beacon). To consult the information on cookies click here and for information on the website click here. |
|
5.1 PURPOSE FOR WHICH CONSENT IS NOT REQUIRED AND LEGAL BASIS OF THE PROCESSING |
|
|
The provision of data by the interested party for the following purposes is necessary for the pursuit of the same: for these purposes, failure to provide the data makes it impossible for the Data Controller to perform the activities requested or agreed with the Customer and to give following some of the related obligations. |
|
|
PURPOSE |
LEGAL BASIS OF THE PROCESSING |
|
1. Commercial negotiations / Pre-contractual phase Categories of data processed: art. 4 nn. 1, 2, 3, 6 of this information. Management of negotiations through meetings and telephone / email / paper / telematic correspondence with the customer, verification of customer needs, presentation of commercial offers and projects. |
(Art. 6, par. 1, lett. b), GDPR) - Pre-contractual measures / fulfillment of a contract in relation to the contract.
|
|
2. Management of the contractual relationship Categories of data processed: art. 4 nn. 1, 2, 3, 4, 6. - Reception and sending of orders, conclusion of commercial agreements, delivery / shipment of goods / customer support services through meetings and / or telephone / email / paper / telematic correspondence with the customer, training on services, payment management, also by means of third-party services (eg Paypal, Fondy) i, complaints, opening of support tickets, configuration of products and services, including third-party services, returns, refunds, reminders. - Activation and use of accounts on the website www.mobilirebecca.it. The navigation of our website is free but the possibility of using our services is allowed after registering the customer exclusively on our site. Registration consists in completing an online form. Therefore further primary purposes of the processing are represented by the need to allow the completion of the required procedures for prior online registration and the creation of an account as well as to allow us to generate and subsequently manage the technical and administrative account, Client ID, activation codes, passwords and similar authentication credentials as created by the Customer as part of the registration process. These primary and main purposes of processing the data of the registered customer also include those of allowing him to access the web pages and, where possible, use of online services and pre and post-contractual assistance for the management of each contractual profile. , administrative, technical or legal consequent. With reference to this last treatment, the purpose is also to manage any type of request for assistance - technical, commercial and / or contractual in nature - received by the Data Controller and provide the relevant answers to customers. In these specific cases, the technical treatments are aimed solely at carrying out the transmission of a communication over an electronic communications network to the extent strictly necessary for the Data Controller to provide the services explicitly requested by the Customer.
- Purchases made from the website www.mobilirebecca.it without prior registration: it is possible to make purchases from the website even without creating a personal profile. - Post-sales management and customer follow-up. - Use of the website tools to contact the Owner (form "Contact us", "chat", WhatsApp "," Call us back ". - Use of the Facebook page, for which reference is made to the specific information available here. |
(Art. 6, par. 1, lett. b), GDPR) for common data - Pre-contractual measures / fulfillment of a contract in relation to the contract.
|
|
3. Tax, contributory and declarative obligations in general Categories of data processed: art. 4 nn. 1, 2, 3, 4, 5 of this information. Tax and social security obligations (unique certifications, tax returns, VAT returns, withholding tax management, mod. 770, intrastat, etc ...).
|
(Art. 6, par. 1, lett. C), GDPR) Treatment necessary to fulfill a legal obligation to which the Data Controller is subject.
(Art. 9 par. 2 letter g) GDPR): Treatment necessary for reasons of significant public interest on the basis of Union or Member State law, which must be proportionate to the aim pursued, respect the essence of the right to protection of the data and provide for appropriate and specific measures to protect the fundamental rights and interests of the data subject. Combined arranged with art. 2-sexies Legislative Decree 196/03. |
|
4. Preservation of documents to fulfill legal obligations (civil, fiscal, labor law, administrative). Categories of data processed: art. 4 nn. 1, 2, 3, 4, 5 of this information. |
(Art. 6, par. 1, lett. c), GDPR) Processing necessary to fulfill a legal obligation to which the Data Controller is subject. (Art. 9 par. 2 lett. g) GDPR): Treatment necessary for reasons of public interest relevant on the basis of Union or Member State law, which must be proportionate to the aim pursued, respect the essence of the right to data protection and provide for appropriate and specific measures to protect fundamental rights and the interests of the interested party.
Combined arranged with art. 2-sexies Legislative Decree 196/03. |
|
5. Dispute management
Categories of data processed: art. 4 nn. 1, 2, 3, 4, 5, 6 of this information. - Purpose of protection and defense of the rights of the Data Controller, of its internal Bodies in case of disputes, management of administrative / jurisdictional procedures in which the Data Controller is a party (e.g. tax assessments, civil, criminal proceedings).
|
(Art. 6, par. 1, lett. f), GDPR) Treatment necessary for the pursuit of a legitimate interest of the Owner. In light of the fact that the Data Controller adopts, from the beginning of the relationship with the interested parties, an approach aimed at minimizing and limiting the processing, the legitimate interest in this case is to be considered proportionate so that the Data Controller, in carrying out its right of defense constitutionally guaranteed by art. 24 of the Constitution, can only use the data necessary to carry it out on a lawful legal basis.
(Art. 9, comma 2 lett. f) GDPR) in relation to particular categories of data: defense of a right.
|
|
6. IT systems maintenance Categories of data processed: art. 4 nn. 1, 2, 3, 4, 6 of this information. Reference is made to the cases in which IT assistance service providers can access the IT archives for assistance (software installation / updating) or maintenance, even remotely (e.g. via TeamViewer) and therefore could, in such cases, enter occasionally in contact with personal data contained in said archives. Normally, in these cases, the treatment will not go beyond an occasional visualization. The same purpose of maintaining the proper functioning of the IT system, in particular of the site, is similarly pursued through the use of technical cookies, for the description of which please refer to the specific cookie information at this link. |
(Art. 6, par. 1, lett. f), GDPR) Treatment necessary for the pursuit of a legitimate interest of the Owner. In this case, the legitimate interest is to keep the IT systems and programs in good working order: an interest which, moreover, indirectly, also benefits the data subjects themselves whose data are also processed by these systems and programs. This, it is believed, constitutes a measure to contain the risk of a possible non-compliant treatment, namely that, more often than not, this purpose aims to enhance the security measures of the IT systems used by the Owner, also for the benefit of the 'interested.
|
|
7. Video surveillance Categories of data processed: art. 4 nn. 1, 5. It consists in making video recordings through CCTV cameras along the external company perimeter for the purpose of protecting the corporate assets from theft and vandalism. For an extended information on video surveillance click here.
|
(Art. 6, par. 1, lett. f), GDPR) Treatment necessary for the pursuit of a legitimate interest of the Owner. In order to clarify the balance of interests carried out before proceeding with this treatment, and in light of the additional information charges requested by the Committee of European Guarantors with the recent guidelines 3/19 of 10.7.19, we inform you that the Data Controller considers the legitimate interest particularly persistent and significant in the specific case since the company is located in an industrial area with little traffic and crossed by a secondary road, and in particular it is located at a considerable distance from the main road. Due to the decentralized position, we inform you that several neighboring companies have suffered vandalism and theft in recent times and that this has contributed to the decision to proceed with the installation of a video surveillance system. Therefore, the provision of data, although not mandatory, is essential for access to the company premises. In relation to this type of treatment, carried out with CCTV cameras, consent is not required according to the provisions of the provision of the Guarantor for the Protection of personal data of 8 April 2010, par. 6.2.2. The treatment in question has undergone an impact assessment and will not begin until the impact assessment is completed. (Art. 9, comma 2 lett. f) GDPR) in relation to particular categories of data: defense of a right. |
|
5.2 PURPOSE FOR WHICH CONSENT IS REQUIRED (art.6 par. 1 lett. A) GDPR) |
|
The provision of data by the interested party for the following purposes is optional and left to his free, informed, specific, express, aware, granular and always revocable choice of the interested party. Failure to provide consent for the following treatments will not in any way affect the processing envisaged on other legal bases nor will it compromise any contractual services. |
|
5.2.1.Purpose - Direct Marketing |
|
Categories of data processed: art. 4 nn. 1, 2, 3, 6 of this information. With your optional consent, which can be expressed by selecting the appropriate consent box present in the dedicated sections of the Website (opt-in), in the cookie manager, or by selecting the appropriate box in the paper information models, we will process your data for the purpose of marketing (sending advertising material, carrying out market research, commercial communication, detecting the degree of customer satisfaction) and sending advertising information by mail, newsletter and / or SMS / MMS, offers and promotions relating to our products and services. In any case, you can freely and freely revoke your consent to the processing of personal data for marketing purposes at any time, even selectively (for example, communicating the desire not to receive communications via email any more, wanting to receive only communications with the other contact methods), by requesting it by email at the addresses indicated in art. 14 of this information. In relation to the promotional communications sent by email, you can withdraw your consent to the processing of the e-mail address for marketing purposes (newsletter, etc ...) also by clicking on the opt-out link present in each email promotional. For transparency of information, and as required by the WP259 Guidelines on consent pursuant to the Regulation issued by the Group of European Guarantors, as an exception to the rule of consent granularity (as many consents to be requested as there are purposes and processing operations, if heterogeneous between of them) it should be noted that these Guidelines authorize a single formula of consent "to cover various processing operations, where such processing operations pursue a series of unitary purposes"; in addition, based on Recital 32 of the Regulation, a single consent can be applied "to all processing activities carried out for the same or the same purposes". The aforementioned purposes are objectively referable to the pursuit of a unitary purpose, although the processing operations are different, which is that of commercial promotion and marketing in a broad sense. Consequently, by giving the unitary consent to the Processing for Marketing Purposes, the interested party specifically acknowledges the homogeneous and different promotional, commercial and marketing purposes specified above (including the consequent management and administrative activities) and expressly authorizes said treatments and said purposes, both in the case in which the means used for the Treatment for Marketing Purposes are the telephone with operator or other non-electronic, non-telematic or non-supported means by automatic, electronic or telematic mechanisms and / or procedures, and where the means used are electronic mail, fax, sms, mms, automatic systems without operator intervention and the like, including electronic platforms and other telematic means. The definition of Treatment for Marketing Purposes includes both the treatments and the purposes specified above pursued by the Data Controller during the duration of the contractual relationship, as well as the specific ones consequent to the termination of the Contract, for any reason occurred, and aimed at transmitting communications to the interested party. unsolicited to invite him to renew the contract with each of the means indicated above (telephone with operator, non-electronic, non-telematic means or not supported by automatic, electronic or telematic mechanisms and / or procedures, e-mail, fax, sms, mms, systems automatic without operator intervention and the like, including electronic platforms and other telematic means). Pursuant to Provv. General of the Guarantor for privacy of 15.5.13 entitled "Consent to the processing of personal data for" direct marketing "purposes through traditional and automated contact tools", the Customer's attention is specifically drawn to the fact that: - any consent given for sending commercial and promotional communications through the use of e-mail, fax, sms, mms, automatic systems without operator intervention and the like, including electronic platforms and other telematic means, will imply the receipt of such communications , not only through these automated contact methods, but also through traditional methods, such as paper mail or operator calls; - the right to object to the processing of their personal data for "direct marketing" purposes through the aforementioned automated contact methods, will in any case extend to traditional ones and, even in this case, the possibility of exercising this remains unaffected right in part, both with respect to certain means and with respect to certain treatments. For the purpose of fulfilling the privacy obligations for the owner in compliance with the principles of simplification of the same obligations pursuant to Provv. General of the Guarantor for privacy of 15.5.13 cited, the Owner informs the Customer that the specific consent formula available according to the procedure for collecting the consent from time to time provided will be unitary and overall and will refer to all possible means of the aforementioned marketing treatment without prejudice to the possibility for the interested party to express a different will as regards the use of certain means and not others for the reception, subject to consent, of the marketing communications by simply sending an email to the addresses indicated in art . 14 of this information. Furthermore, again for the purposes of the principle of compliance with the privacy obligations for the Data Controller in compliance with the principles of simplification of the same obligations, the Data Controller informs the Customer, also pursuant to the Regulations and the WP259 Guide on the consent pursuant to the Regulations issued by the Group of European guarantors that the specific consent formula will be unitary and comprehensive and will also refer to all the different and possible marketing purposes explained here (without multiplying the consent formulas for each distinct marketing purpose pursued by the owner), without prejudice to the possibility for the interested party to notify a different selective will as regards consent or refusal of consent or revocation of consent for individual marketing purposes by simply sending an email to the addresses indicated in art. 14 of this information. To proceed with the Treatment for Marketing Purposes, it is mandatory for each Data Controller to acquire from the data subject an informed, free, unequivocal, specific, separate, expressed, documented, preventive and completely optional consent. With a view to absolute transparency, the Data Controller summarizes in greater detail the purposes of the processing: - send advertising and informative material (eg Newsletters), of a promotional nature or in any case of a commercial solicitation nature; - carry out direct sales or placement of products or services of the Data Controller; - send commercial information or make interactive commercial communications also pursuant to Legislative Decree 206/2005 through the use of email; - elaborate studies, research, market statistics also in identification form. Therefore, by giving optional consent, the interested party specifically acknowledges and authorizes these treatments and / or treatments that pursue the homogeneous different purposes provided herein. In any case, even where the interested party has given consent to authorize the Data Controller to pursue all the purposes of the Processing for Marketing Purposes, he will in any case remain free to revoke it, through our site by logging in with his credentials to his own. personal area. Following the withdrawal of any consent given by the interested party, the Data Controller will promptly remove and delete the data from the databases used for the Processing for Marketing Purposes and will inform any third parties to whom the data have been communicated for the same cancellation purposes. 5.2.2.Purpose - Profiling Categories of data processed: art. 4 nn. 1, 2, 3, 6 of this information. For marketing purposes and to improve services, through its website, the Data Controller also intends to proceed with the processing of so-called "profiling" data, and this occurs mainly through the use of tools for tracking activities on the website www. mobilirebecca.it, such as own or third-party profiling and pixel cookies, such as Facebook Pixel, which allows you to use Facebook services such as Facebook Custom Audiences, Facebook Lookalike, Facebook Remarketing.
For information on the specific technologies used for profiling purposes (e.g. Facebook Pixel), please also refer to the information on cookies and other technologies available here, where the methods for providing / denying consent are also indicated. Here we briefly remind you that with the help of this service we can address our customers (always subject to specific and separate consent) in a targeted manner, activating the so-called Facebook Ads for visitors to our websites, when you visit the Facebook social network. To this end, we have implemented Facebook remarketing pixels on our websites. These are code snippets (code snippets), which are able to identify your type of browser through the browser ID, or "fingerprint" of your browser, and to recognize if you have visited our websites and what exactly you have viewed. When visiting our websites, a direct connection to the Facebook servers is created via the pixel. Facebook is able to identify you on the basis of the ID of your browser, since this is connected with other data stored by you with Facebook with your user account. Facebook then provides you with our personalized advertisements, based on your needs, in your Facebook diary or in other Facebook points. The Data Controller himself is unable to identify you personally via the Facebook pixel, as no other personal data, besides your browser ID, will be stored by us via the Facebook remarketing pixel. Further information relating to Facebook's Custom Audience, details on data processing through this service and Facebook's privacy policy can be found at https://www.facebook.com/about/privacy/. In general, for these treatments, and for the purpose of complete information, reference is made to the definition in art. 4, paragraph 1, no. (4) of the GDPR, which defines "profiling" "any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to professional performance , the economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person ". Based on the provisions of the Guidelines on profiling WP 251 of 3.10.17 as issued by the Group of European Guarantors, transparent information is provided on the logic, methods and mechanisms of profiling and the cases are clarified below and separately in which the Data Controller will be able to make decisions on the basis of completely automated treatments. The profiling activity may concern "individual" personal data or "aggregated" personal data deriving from detailed individual personal data. To clarify what "profiling" consists of, reference can be made to the following parameters: • the data are structured and coordinated on the basis of predefined parameters identified from time to time, according to company needs (regardless of ygfv Q|>ZR6789marketing, contractual, administrative, etc. purposes); • the starting data, considered individually, may include varied personal information, including data on browsing experiences, type of consent given to receive particular commercial communications and not others, data on navigation and / or game habits to reconstruct the tastes and habits of the user, identifying the profile of potential consumer / player, in order to be able to send the same newsletter, commercial communications, offers and promotions consistent with the identified profile, etc; • only after profiling (ie structuring according to predetermined parameters) is it possible to derive further indications referring to each interested party, further indications (ie the "profile", for example, market segment, active marketing communication services, commercial attitude, etc. ) that would not derive from the mere informative attitude of the data individually or separately considered.
In other words, profiling in the strict sense can result in the availability of information assets that go well beyond the information considered individually and relating to each interested party; in addition, profiling in the strict sense provides added value given by the many correlations that can be established between the individual data collected, in order to obtain useful additional information.cn,.§ 04./89+5
As for the obligations for the Owner to provide - pursuant to art. 13, paragraph 2, letter f) of the GDPR - information on the logic of the profiling treatment as well as the importance and consequences of such treatment, the following is further clarified. Fundamental elements of the profiling treatment will be: 1) the predetermination of the parameters for structuring the data considered individually; 2) comparison, cross-referencing, correlation of these data with each other and comparative analysis carried out on the basis of predefined parameters, also through automated processes (i.e. the cataloging of individual data in clusters); 3) obtaining a profile through the above activities and which allows to identify a consumer profile and additional analytical indications with respect to individual data and allows to generate the mapping / segmentation into homogeneous groups of behavior (dynamic creation of behavioral profiles). The treatments described above will be hereinafter collectively referred to as "Profiling Treatment". The Data Controller may carry out the following Profiling Treatments, as in the case of detection of: - number and type of requests for information on products and services offered made over a predetermined time horizon; - number and type of expenses realized for products and / or services in a predetermined time horizon; - number and type of new contracts possibly entered into within a predetermined time horizon; - number and type of requests for information sent in a predetermined time horizon; - number and type of visits to the Website over a predetermined time horizon, also through profiling cookies. To proceed with a Profiling Treatment it is mandatory to acquire a specific, separate consent (also from the marketing consent referred to in art. 5.2.1 above), express, documented, preventive and entirely optional. Consequently, where the interested party decides to give specific consent, it must be previously informed and aware that the purposes of the treatment pursued are of a specific commercial, advertising, promotional and marketing nature in a broad sense based on a Profiling Treatment. With a view to absolute transparency, the Data Controller therefore informs that the data collected on the basis of specific consent may be subject to a Profiling Treatment for the same purposes referred to in art. 5.2 of this information, while the scope of communication will eventually be the same already explained for Marketing Treatments. In any case, even where the interested party has given consent to authorize the Data Controller to pursue all the purposes of the Processing for Profiling Purposes, he will in any case remain free to revoke it, through the Data Controller Website www.mobilirebecca.it, by logging in with your credentials in your personal area or, in the absence of a personal profile, by accessing the "Manage cookies" section. It informs itself specifically and separately, as required by art. 21 of the GDPR, that the interested party has the right to object at any time to the processing of personal data concerning him / her carried out for profiling purposes by simply sending an email to privacy@mobilirebecca.it (even if he has previously given consent) and that if the interested party opposes the profiling treatment, personal data can no longer be processed for these purposes, without prejudice to the legitimacy of the processing carried out until the moment the consent is revoked.
If the interested party does not intend to give consent to the processing for profiling purposes, there will be no consequence or prejudice on the contract possibly existing with the Data Controller. Failure to provide the Treatment for Profiling Purposes will not cause any interference and / or consequence on any other contractual, contractual or other relationships existing with the Customer. The Customer is then free to give consent to the Treatment for Profiling Purposes but also not the further consent to the communication to third parties who in turn wish to proceed with the Treatment for Profiling Purposes. Where the customer does not intend to give consent to the communication of his data to third parties for the processing for profiling purposes, the consequence will be that there will be no communication from the owner and the data will be processed only and exclusively by the owner, where the user has given this separate consent to the processing for profiling purposes. The data subject to the Profiling Treatment and the related authorized profiles will not be disclosed. |
|
7. DURATION OF TREATMENT |
|
|
PURPOSE |
DURATION |
|
Finalità art. 5.1 nn. 1. |
- 6 months in case of non-conclusion of the contract; - for the entire duration of the contractual relationship. |
|
Finalità art. 5.1 n. 2. |
For the entire duration of the contractual relationship. |
|
Finalità art. 5.1 nn. 3, 4. |
For the duration of the relationship and, subsequently, 10 years from the termination of the contractual relationship. |
|
Finalità art. 5.1 nn. 5. |
10 years from the termination of the relationship and, in case of defense of a right, for the duration necessary for its protection (e.g. duration of the possible trial). |
|
Finalità art. 5.1 n. 6. |
Limited to the duration of the system maintenance. |
|
Finalità art. 5.1 n. 7 |
24 hours up to a maximum 48 or 7 days in case of request from the A.G. or closing days, after which the images will be overwritten. |
|
Finalità art. 5.2.1 |
- withdrawal of consent or, in any case, after 24 months from the provision of the same. |
|
Finalità art. 5.2.2. |
- withdrawal of consent or, in any case, 6 months. For the duration of the profiling treatments, please also refer to the cookies policy. |
|
8. RECIPIENTS OF PERSONAL DATAS In all the cases illustrated above, Rebecca s.r.l. may communicate your personal data to the following categories of external recipients. As required by the WP 260/2017 Guidelines where the Data Controller chooses to indicate the recipients of the data by categories, it must justify why it considers this approach correct and the reference to the category must not be generic but specific. In this perspective, the Data Controller believes that the approach by categories of recipients of the communication is correct in that the indication of the names of the suppliers and sub-suppliers would be exorbitant. The third party suppliers are represented by the following categories: companies in the banking and credit sector that provide services for the management of financial transactions (eg Paypal); suppliers of the ICT services sector for the installation, assistance and maintenance services of IT and telematic systems and systems and of all the services functionally connected and necessary for the fulfillment of the services covered by the Contract, people, companies or professional firms, which provide activities assistance, consultancy or collaboration in accounting, administrative, legal, tax and financial matters. As required by the WP 260/2017 Guidelines, therefore, the relevant indications are provided on the recipients of the data communication based on the obligations provided therein (mandatory indication - where possible - of the subjects and entities that receive the data, including external managers, joint controllers, internal managers): - Public Administrations for the performance of institutional functions within the limits established by law or regulations; - Third party service providers to whom the communication is necessary for the fulfillment of the services covered by the Contract or for compliance with legal obligations or for the protection of our rights;
- Authorized personnel. - For the pursuit of the purposes, the data may be communicated to any other external third party when the communication is mandatory by law or to correctly fulfill by Rebecca s.r.l. to contractual services (e.g. credit institutions for the profiles relating to the fulfillment of collections and payments), pre-contractual or post-contractual (e.g. technical assistance and request for support or sending complaints submitted by the Customer). Where necessary, the recipients have been appointed as data processors. Personal data will not be disclosed. |
|
|
INTERNAL RECIPIENTS |
PURPOSE |
|
- Employees; - legal representative. |
- art. 5.1 n. 1, 2, 3, 4, 5, 6, 7 - art. 5.2. |
|
EXTERNAL RECIPIENTS |
PURPOSE |
|
Consultants (e.g. accountant, lawyer). |
- Accountant: purposes ex art. 5.1 nn. 3, 4, 5; - Lawyer : art. 5.1 n. 5 e 7. |
|
Network suppliers, electronic communication services (Google), IT and telematic services for archiving, storage and IT management of data also for marketing and profiling purposes (eg Google Drive, WeTransfer, Drop Box, Facebook), gateways and managers of online payments (Paypal, Fondy), private security company, hosting services, housing, cloud, Saas and other remote IT services necessary for the Data Controller to carry out all purposes. In some cases (e.g. the use of @gmail email, managed by Google, or the use of Cloud services having servers outside the European Economic Area, the Data Controller will identify suitable security measures for the transfer (e.g. Privacy Shield(http://eur-lex.europa.eu/legal-content/IT/TXT/PDF/?uri=CELEX:32016D1250&qid=1488382124070&from=IT) ; https://www.privacyshield.gov/list) |
Purposes pursuant to art. 5.1 nn. from 1 to 7 and art. 5.2, also on the basis of the contracts of appointment as manager. Through the services of these recipients, the Data Controller will carry out a part of the purposes described above if, for example, he decides to archive the employment contract in a digital format in a cloud (e.g. Dropbox) or communicate with the employee through the Google Gmail service or similar.
|
|
Banks or institutions, companies and entities of any type that carry on banking, credit activities. |
Finalità ex art. 5.1 n. 2 (solo dati identificativi, bancari ex art. 4 n. 1 e 4 e, occasionalmente, di contatto). |
|
Public bodies in general (Courts, P.S. Authority, Revenue Agency, Municipalities, Provinces, Ministries, etc ...) |
Finalità ex art. 5.1 nn. 3, 4, 5, 7. |
|
10.TRANSFER OF PERSONAL DATA OUTSIDE THE EEA |
|
The Data Controller transfers personal data abroad only when he uses network suppliers, electronic communication services (e.g. Google services) or IT and telematic services for data storage, storage and IT management (e.g. Google Drive, WeTransfer, Drop Box), hosting, housing, cloud, Saas and other remote IT services useful to the Owner for the pursuit and efficiency of the purposes. In some cases (e.g. the use of @gmail email, managed by Google, or the use of Cloud services), these services may be located or managed outside the European Economic Area. In any case, the Data Controller will take care that this occurs in compliance with the GDPR and the Legislative Decree 196/03 and ss. mm. and to countries where there is an adequacy decision (e.g. Privacy Shield) or another condition of lawfulness provided for in Chapter V of the GDPR. Normally the Data Controller uses services (e.g. Facebook, Google) which are in any case based, if not within the European Economic Area, in the United States, a country subject to an adequacy decision by the European Commission and which adheres to this decision ( this is the so-called "Privacy Shield") available here and here |
|
11.DATA PROTECTION |
|
The Data Controller processes personal data based on the security obligations relating to the processing of data pursuant to art. 32 GDPR.In order to ensure an adequate level of data protection aimed at limiting the risk of their use in an improper or illicit way, the Data Controller pays constant attention in implementing physical, organizational and IT security measures up to current standards on the subject of data security. Measures are used such as, among others, locked cabinets, authorization profiles, robust passwords and their periodic change and secure storage, written authorization and continuous training for the subjects in charge, monitoring of compliance with these measures. The complete list of security measures is available at the headquarters of the owner. |
|
12.CHILDREN’S PRIVACY |
|
All people under the age of 18 are minors. Pursuant to art. 2-quinquies Legislative Decree, 196/03 and ss. mm., in relation to the offer of information society services, all subjects under the age of fourteen are less. The Data Controller does not intentionally request or collect personal data from or relating to minors even under the age of 18, without the consent of a parent or guardian. If the Data Controller learns that personal data relating to a minor have been sent without the consent of a parent or guardian, he will make every reasonable effort to:
• delete, as soon as possible, such personal data from its archives; • ensure that these personal data are not further used for any purpose, nor are they further disclosed to third parties. |
|
13.RIGHT OF THE DATA SUBJECT |
||
|
RIGHT |
DESCRIPTION |
EXERCISE OF THE RIGHT |
|
Right of access (Art. 15 GDPR) |
You can request: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations; d) when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or to limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with the supervisory authority; g) if the data are not collected from the data subject, all information available on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the interested party. You have the right to request a copy of the personal data being processed. |
Alternatively: - registered email to Rebecca s.r.l., Porto Recanati (MC) Via Dell’Industria 17, 62018, VAT 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. - forms present on the website www.mobilirebecca.it or available at the headquarters.
|
|
Right to rectification (Art. 16 GDPR) |
You have the right to request the correction of inaccurate personal data concerning you and to obtain the integration of incomplete personal data. |
Alternatively: - registered email to Rebecca s.r.l., Porto Recanati (MC) Via Dell’Industria 17, 62018, VAT 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. - forms present on the website www.mobilirebecca.it or available at the headquarters.
|
|
Right of cancellation (oblivion) (art. 17 GDPR) |
You have the right to obtain the cancellation of the personal data concerning you if the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed, if you withdraw your consent, if there is no prevailing legitimate reason for proceed with the profiling treatment, if the data have been unlawfully processed, if there is a legal obligation to delete them.
|
Alternatively: - registered email to Rebecca s.r.l., Porto Recanati (MC) Via Dell’Industria 17, 62018, VAT 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. - forms present on the website www.mobilirebecca.it or available at the headquarters.
|
|
Right to limitation of treatment (art. 18) |
You have the right to obtain the limitation of processing from the Data Controller when you have contested the accuracy of your personal data (for the period necessary for the Data Controller to verify the accuracy of such personal data) or if the processing is illegal, but you object to the deletion of personal data and instead requests that their use be limited or if they are necessary for the assessment, exercise or defense of a right in court, while the Data Controller is no longer necessary. |
Alternatively: - registered email to Rebecca s.r.l., Porto Recanati (MC) Via Dell’Industria 17, 62018, VAT 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. - forms present on the website www.mobilirebecca.it or available at the headquarters.
|
|
Right to portability (art. 20) |
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit them to another owner if the treatment: (i) was based on consent , (ii) on the contract and (iii) whether the processing is carried out by automated means, unless the processing is necessary for the execution of a task of public interest or connected to the exercise of public powers and that such transmission does not affect the third party right.
|
Alternatively: - registered email to Rebecca s.r.l., Porto Recanati (MC) Via Dell’Industria 17, 62018, VAT 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. - forms present on the website www.mobilirebecca.it or available at the headquarters. |
|
Right to object (art. 21) |
You have the right at any time to object, in whole or in part, to the processing of your personal data if the processing is carried out for the pursuit of a legitimate interest of the Data Controller. In this case, personal data will no longer be processed for these purposes. Owner does not carry out treatments based on automated decisions. |
Alternatively: - registered email to Rebecca s.r.l., Porto Recanati (MC) Via Dell’Industria 17, 62018, VAT 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. - forms present on the website www.mobilirebecca.it or available at the headquarters. |
|
Right not to be subjected to a decision based solely on automatic processing including profiling (art.22)
|
The Data Controller does not carry out treatments based on automated decisions. |
Alternatively: - registered email to Rebecca s.r.l., Porto Recanati (MC) Via Dell’Industria 17, 62018, VAT 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. - forms present on the website www.mobilirebecca.it or available at the headquarters.
|
|
Right to withdraw consent
|
In cases where the treatment is based on consent (art.6 par.1 letter a) or art. 9 par. 2 lett. a), the interested party has the right to withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent before the revocation. |
Alternatively: - registered email to Rebecca s.r.l., Porto Recanati (MC) Via Dell’Industria 17, 62018, VAT 02484770694, tel. : 0733 672081, email: privacy@mobilirebecca.it. - forms present on the website www.mobilirebecca.it or available at the headquarters. . |
|
Right to contact the Data Protection Supervisor.
|
You have the right to contact the Guarantor authority to exercise your rights. |
|
|
Normally the Data Controller will handle requests within a period of 30 days. However, this period may be extended for reasons relating to the specific right of the interested party or to the complexity of your request. Should we be forced to decline your request for information in this case, we will also clarify the reasons for our refusal. |
||
|
14. WHAT IS THE RIGHT TO PORTABILITY The data subject has the right to receive a copy in a structured and common format of the Data previously provided to the Data Controller. Only personal data that (a) relates to the interested party, and (b) have been provided by the interested party to the Data Controller are portable. Data portability includes the data subject's right to receive a subset of the personal data concerning him / her processed by the Data Controller and to store them for further use for personal purposes. This storage can take place on a personal medium or on a private cloud, without necessarily involving the transmission of data to another owner. Portability is a sort of integration and strengthening of the different right of access to personal data, also provided for by art. 15 of the Regulation. If the data subject requests portability together with the direct transmission of his data to another data controller, please note that this right is subject to the condition of technical feasibility: art. 20, paragraph 2 of the Regulation provides that the data can be transmitted directly from one Data controller to another at the request of the interested party, and where this is technically possible. The technical feasibility of transmission from one owner to another must be assessed on a case-by-case basis. Recital 68 of the Regulation clarifies the limits of what is "technically feasible", specifying that "it should not entail the obligation for the owners to adopt or maintain technically compatible treatment systems". Therefore, the direct transmission of data from the Data Controller to another data controller may take place if it is possible to establish a communication between the systems of the two data controllers (transferring and receiving) and in a secure way, and if the receiving system is technically able to receive the data in entrance. If technical impediments prevent direct transmission, the Data controller will provide the interested party with information and detailed explanation. With regard to the interoperability of formats designed to guarantee portability, the Data Controller will comply with the provisions of paragraph 1021, letter (b) of Law 205/2017 ("presence of adequate infrastructures for the interoperability of the formats with which the data are made available to interested parties ") within the limits of what is clarified by the WP242 Guidelines (" The expectation is that the owner transmits personal data in an interoperable format, but this does not imply any obligation on the other owners to support this format"). We also inform you that pursuant to the WP242 Guidelines, the owners who comply with the portability request have no specific obligation to verify the quality of the data before transmitting it. Furthermore, portability does not impose any obligation on the Data Controller for data retention for a period longer than necessary or further than that specified. Above all, it does not impose any further obligation to keep personal data for the sole purpose of fulfilling a potential portability request. The exercise of the right to data portability (or any other right pursuant to the Regulation) does not affect any of the other rights. The data subject can continue to enjoy and benefit from the service offered by the Data Controller even after a portability operation has been completed. Portability does not involve the automatic deletion of the data stored in the Data Controller systems and does not affect the retention period originally foreseen for the data being transmitted. The interested party can exercise the rights as long as the processing carried out by the Data Controller continues. |
|
15. POSTPONEMENT |
|
The Data Controller then prepared specific information regarding the use of cookies on the website www.mobilirebecca.it , the use of the site itself, the processing of data in the Owner Social Network Pages and the video surveillance of the Data controller and video surveillance. For more information on specific treatments, we therefore refer to the specific information: - Privacy information website; |
Version updated on 20/03/2020
Previous version : version of 20/02/2019
We pack each product with the utmost care, but some unforeseen events may occur during courier shipment.
1)WRITE US
Contact us with a report to our Customer Service.
2)FREE RETURNS
Pack the product using the original shipping packaging.
3)RECEIVE THE GOODS
We will send you the replaced item as soon as possible.
We pack each product with the utmost care, but some unforeseen events may occur during courier shipment.
1)WRITE US
Contact us with a report to our Customer Service.
2)FREE RETURNS
Pack the product using the original shipment packaging.
3)RECEIVE THE GOODS
We will send you the replaced item as soon as possible.
Rebecca Srl is an Italian company specialising in the sale of furnishing accessories, decorative accessories and outdoor furniture, established in 2015 and now a reference point for those looking for home products online on Italian and international sites. We operate in the B2B and B2C e-commerce sector, we do not have physical shops or showrooms but operate exclusively online.
We are a young, flexible but well-structured team. Energy, enthusiasm and creativity are our real strengths! And a keen eye for new trends, to ensure you always have the best in innovation and style. Every day we try to integrate the artisan culture of Le Marche, our land, with the technological imprint typical of our generation, so that novelty and tradition go hand in hand. Many of our products have received FSC certification and are manufactured with quality, ecological and sustainable materials. We have selected around 35 different suppliers, paying the utmost attention to the quality of the goods produced. Furnishing your home with us is simple and convenient! The products are shipped by express courier and the customer receives the ordered goods within 24-48 working hours (in Italy). Before the order is shipped, the customer has the opportunity to change the shipping address of the goods. Once the parcel leaves our warehouse, the customer will receive details so that he can track the shipment in real time.
Our in-house customer care service responds within 24 working hours to all requests from customers thanks to a state-of-the-art management system designed to create and resolve tickets with after-sales issues.
Do you want to renovate your home starting from the furniture but you are not sure where to start? Here are some tips and aspects to keep in mind before choosing the right furniture and furnishing accessories for you!
Free Shipping
Fast delivery in 48/72 h
Safe Payments
en 
it
de
fr
es
