Privacy Policy for Users of the www.mobilirebecca.it Website
(art. 13-14 EU Reg. 679/16 “ GDPR”)
Ohme Group Srl (hereinafter also “the Owner”, “Ohme Group”, “Mobili Rebecca”) is constantly committed to adopting technical and organizational solutions aimed at guaranteeing high standards of protection in the processing of personal data.
This policy describes the extent, when, why, and how we collect and use your personal data when you use our website www.mobilirebecca.it, how we protect it, and how you can exercise your rights in relation to it.
1. Data Controller and Data Protection Officer
The Data Controller is Ohme Group srl, Tax Code and VAT No.: 02484770694, with registered office at Via GB Pirelli 14 - 62012, Civitanova Marche (MC), Tel.: 0733672081, email: privacy@mobilirebecca.it. The Data Protection Officer (DPO) can be contacted at dpo@mobilirebecca.it.
The Data Controller delegates, under its own responsibility, certain processing operations and the management of certain purposes to external parties. In these cases, the relationship with the third party is governed by a specific "Data Processor" contract pursuant to Art. 28 of the GDPR.
As required by the Transparency Guidelines WP 260/2017, if the Data Controller chooses to indicate the data processors and, more generally, the data recipients by category, he must justify why he believes this approach is correct. In any case, the reference to the category must not be generic but specific, referring to the activities carried out, the sector, the industry, and the territorial location of the recipients identified by category.
From this perspective, the Data Controller believes that the approach based on categories of recipients of the communication is correct in this case, since the indication of the names of suppliers and subcontractors would be excessive and liable to obsolescence.
The Data Processors appointed by the Data Controller are entities that provide services instrumental to the performance of the activity and mainly belong to the following categories: IT and management service providers, Shopify e-commerce platform, hosting services such as (currently Cloudflare ), Google , Meta Inc. , SmartsUpp ), marketing platforms, CDN platforms, administrative and management service providers, external professionals and consultants (accountants, labor consultants, webmasters), payment gateways (e.g. Paypal), where they do not act as independent Data Controllers.
The list of data controllers is available from the Data Controller.
3. Authorized to process
The Data Controller, within its organization, has authorized and instructed certain individuals to process data under its authority, assigning them specific tasks, in compliance with the principles of "purpose limitation and data minimization" pursuant to Article 5, paragraph 1, letters b) and c) of the GDPR.
4. Data recipients
In addition to data processors and internal authorized persons, the Data Controller, pursuant to the legal bases indicated in this policy, may disclose personal data to third parties who, outside the cases described above, will act as independent data controllers, such as, for example, public administrations, banks, payment services, couriers and freight forwarders, marketing platforms, CDN platforms, law firms, and consulting firms.
In any case, personal data will not be disclosed.
5. Interested parties and categories of data processed
This notice is addressed to registered and unregistered users of the e-commerce site www.mobilirebecca.it, for whom the Data Controller will process the following categories of data for the purposes set out in this notice:
1. identification data: name, surname, date and place of birth, address, and, where applicable, tax code.
2. contact details: email address, landline number, mobile phone number, fax number, email address;
3. Shopping cart and purchase data : information relating to purchases, orders, returns, complaints, payments, invoicing, shipping, and warranties. Warranty fulfillment.
4. Payment data : amount, payment method, reference, and transaction status. The payment process takes place on the Shopify Inc. platform, which is PCI-DSS Level 1 certified. Complete payment method data (card number, expiration date, CVV) is managed exclusively by Shopify and payment gateways (e.g., PayPal, Fondy) and is never transmitted or stored in Ohme Group Srl's systems.
5. Browsing data (IP address, country, browser, device information, web beacons, consent to the use of cookies and similar technologies). Please refer to the cookie policy .
6. Purpose - Legal basis - retention period and nature of the provision
Request information about items, add items to your cart, select items from your favorites.
- Data categories processed: identifiers, cart/purchase data.
- Legal basis: pre-contractual measures.
- Duration of processing and retention period: six months from collection or, if earlier, until the transaction is completed, without prejudice to the retention of data relating to the transaction.
- Nature of the provision: necessary (failure to provide it will prevent the related activity from being carried out).
This purpose includes the data processing required to create an account on the website www.mobilirebecca.it to manage your preferences and purchases made or to be made. You can also sign up for the reserved area using your Google account.
- Data categories processed: identifiers, contact details, shopping cart/purchase data, payment data.
- Legal basis: contract/pre-contractual measures.
- Duration of processing and retention period: until the account is deleted.
- Nature of the provision: necessary (failure to provide it will prevent the related activity from being carried out).
This purpose includes the data processing necessary for the management, completion and execution of the sales contract between the Customer and the Data Controller, including the purchase procedure (inserting items in the cart, selecting the payment method, invoicing, chatting with customer support, entering identification and delivery data, etc.) and all activities necessary for the execution of the sale of the products and related to them (post-sales, customer care, etc.).
- Data categories processed: various types of identification data, contact data, cart/purchase data, payment data, browsing data.
- Legal basis: contract.
- Duration of processing and retention period: for the entire duration of the contractual relationship and for the following 10 years (order history).
- Nature of the provision: necessary (failure to provide it will prevent the related activity from being carried out).
Processing related to the fulfillment of administrative, fiscal, and legal obligations (management of invoicing and payments, withholdings, tax obligations, financial statements).
- Categories of data processed: identification, contact, payment, purchase-related.
- Legal basis: legal obligation.
- Retention period: until the expiration of the legal deadlines for compliance, including late compliance (e.g., until the expiration of the deadline for any late disclosures and declarations), generally no longer than ten years. The data is then retained for the duration of legal obligations related to the preservation of proof of such compliance.
- Nature of the provision: necessary (failure to provide it will prevent the related activity from being carried out).
Retention of records and documents where legally required, e.g., retention of accounting records to fulfill civil obligations (Articles 2214 and 2220 of the Italian Civil Code) and to fulfill tax control powers (e.g., II. DD. Article 43 of Presidential Decree 600/73, for VAT Article 57 of Presidential Decree 633/72, Article 76 of Presidential Decree No. 131/86 for registration tax, Article 17 of Legislative Decree 347/90 for mortgage and land registry taxes, Article 1, paragraph 161 of Law 296/06 for local taxes, etc.).
- Categories of Data Processed: All data collected for other purposes.
- Legal basis: legal obligation.
- Retention period: ten years from the last recording (for accounting records) or from the date of the document.
- Nature of the provision: necessary (failure to provide it will prevent the related activity from being carried out).
Processing related to fulfilling data protection obligations (e.g., responding to requests to exercise data subjects' rights).
- Categories of Data Processed: All data collected for other purposes.
- Legal basis: legal obligation.
- Retention period: ten years from the last data recording.
- Nature of the provision: necessary (failure to provide it will prevent the related activity from being carried out).
Processing related to technical support and monitoring of the Company's IT infrastructure, in order to maintain its integrity and system protection. During these activities, individuals performing support activities may come into contact, even through mere viewing, with data relating to interested parties such as the Customer.
- Categories of Data Processed: All data collected for other purposes.
- Legal basis: legitimate interest. The Data Controller's interest in being able to perform interventions on its systems, even if they involve data processing, must prevail over the interest in confidentiality and data minimization, where such interventions are deemed necessary for the security of the systems, the company's assets, and, ultimately, the data subjects' data.
- Retention period: duration of the intervention.
Processing related to the purpose of taking action or resisting, both in extrajudicial proceedings (including conciliation) and in court, in disputes that may arise with the Customer or with third parties.
- Categories of Data Processed: All data collected for other purposes.
- Legal basis: legitimate interest. The Data Controller's right to defense, guaranteed by the Constitution, must prevail over the user's right to privacy, especially given the security measures the Data Controller adopts and which allow processing in accordance with the principles set forth in Article 5 of the GDPR.
- Retention period: ten years from the last activity related to the contract, coinciding with the ordinary limitation period, unless the law provides for shorter periods of action, limitation, or forfeiture (art. 112, paragraph 5 of Presidential Decree 1124/55, arts. 2946, 2947, 2948 of the Civil Code, art. 3, paragraphs 9 and 10 of Law 335/95).
With your optional consent, which can be expressed by selecting the appropriate consent box in the dedicated sections of the Website (opt-in), including the "Subscribe to our newsletter" section, we will process your data for marketing purposes (sending, via the chosen communication channels, advertising material, offers, promotions, discounts, etc.). In relation to promotional communications sent by email, you may withdraw your consent to the processing of your email address for marketing purposes (newsletter, etc.) at any time, including by clicking the unsubscribe link (opt-out) in each promotional email.
- Categories of data processed: identification data, contact data.
- Legal basis: consent.
- Retention period: until consent is revoked, which will in any case be requested again after 24 months and, subsequently, for 10 years in order to demonstrate compliance with personal data protection obligations.
- Nature of provision: optional. Failure to provide consent will not affect contractual performance.
As provided for by the WP259 Guidelines on consent and Recital 32 of the Regulation, a single consent can be applied to all processing activities carried out for the same purpose or purposes. The purposes specifically indicated above can objectively be traced back to the pursuit of a single purpose, despite the different processing operations, which is commercial promotion and marketing in the broadest sense. Consequently, by providing a single consent to Processing for Marketing Purposes, the interested party specifically acknowledges the homogeneous and different promotional, commercial, and marketing purposes specified above (including the resulting management and administrative activities) and expressly authorizes said processing and purposes, whether the means used are telephone with an operator or other non-electronic, non-telematic means or not supported by automatic, electronic, or telematic mechanisms and/or procedures, or whether the means used are email, fax, SMS, MMS, automatic systems without operator intervention, and similar, including electronic platforms and other telematic means.
The definition of Processing for Marketing Purposes includes both the processing and purposes specified above pursued by the Data Controller during the term of the contractual relationship, as well as those specific ones following the termination of the Contract, for whatever reason, and aimed at sending the interested party unsolicited communications to invite them to renew the contract by each of the means indicated above.
Pursuant to the General Provision of the Italian Data Protection Authority dated 15 May 2013 ("Consent to the processing of personal data for direct marketing purposes through traditional and automated contact tools"), the Customer's attention is drawn to the fact that: (i) consent given for sending via automated tools will imply receipt also via traditional methods (postal mail or operator-assisted phone calls); (ii) the right to object will also extend to traditional methods, without prejudice to the possibility of exercising it in part.
For the purposes of fulfilling privacy obligations in accordance with the principles of simplification, the Data Controller informs that the specific consent form will be uniform and comprehensive and will refer to all possible means of marketing processing, without prejudice to the possibility for the data subject to express a different wish regarding the use of certain means and not others for receiving marketing communications, subject to consent, by sending an email to the addresses indicated in Article 14 of this policy.
Furthermore, the specific consent form will be uniform and comprehensive and will also refer to all the different and possible marketing purposes explained herein, without prejudice to the possibility for the interested party to notify a different selective will regarding consent/denial/revocation for individual marketing purposes by sending an email to the addresses indicated in this notice
Through this page you can contact the Data Controller either via WhatsApp messaging or via an HTML form where you can enter your details and the reason for your request, in order to request information and assistance on purchases, or make complaints.
- Categories of data processed : identification data, contact data, data relating to purchases
- legal basis: contract / pre-contractual measures
- Retention period : six months.
- Nature of provision : Necessary. Providing the data is necessary to provide the service.
For remarketing and service improvement purposes, the Data Controller intends to process so-called "profiling" data through its website. This occurs primarily through the use of activity tracking tools on the website www.mobilirebecca.it, such as profiling cookies and its own or third-party pixels, such as Meta Pixel, which allows the use of Facebook services such as Facebook Custom Audiences, Facebook Lookalike, and Facebook Remarketing. For further information, please refer to the specific information on cookies and similar technologies.
- Categories of data processed : identification data, contact data, data relating to purchases
- legal basis: consent
- Retention period : twelve months.
- Nature of provision : optional. Providing the data is not necessary to provide the service.
Here, we briefly remind you that with the help of this service, we can target our customers (always with their specific and separate consent) by activating (for example, via Facebook) so-called Facebook Ads for visitors to our websites or Google Analytics. To this end, we have implemented Facebook remarketing pixels on our websites. These are code snippets that can identify your browser type using your browser ID, or your browser's "fingerprint," and recognize whether you have visited our websites and what exactly you viewed. When you visit our websites, the pixel establishes a direct connection to Facebook's servers. Facebook can identify you based on your browser ID, as it is linked to other data stored by Facebook and your user account. Facebook then provides you with personalized, needs-based ads in your Facebook timeline or elsewhere on Facebook. The Data Controller itself is not able to personally identify you via the Facebook pixel, as no other personal data, other than your browser ID, will be stored by us via the Facebook remarketing pixel.
Further information about Facebook Custom Audiences, details on data processing by this service, and Facebook's privacy policy can be found at https://www.facebook.com/about/privacy/ .
In general, for such processing, and for the purposes of complete information, reference is made to the definition in art. 4, paragraph 1, no. (4) of the GDPR, which defines "profiling" as "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements".
Pursuant to the WP 251 Profiling Guidelines of 3 October 2017, as issued by the European Data Protection Authority (EDPA), we provide transparent information on the logic, methods, and mechanisms of profiling, and clarify below and separately the cases in which the Data Controller may make decisions based on fully automated processing.
Profiling may involve "individual" personal data or "aggregated" personal data derived from detailed individual personal data. To clarify what "profiling" consists of, the following parameters can be considered as examples:
- the data is structured and coordinated based on predefined parameters identified from time to time, depending on the company's needs (regardless of marketing, contractual, administrative purposes, etc.);
- The initial data, considered individually, may include a variety of personal information, including data on browsing experiences, types of consent given to receive specific commercial communications and not others, data on browsing and/or gaming habits to reconstruct the user's tastes and habits, identifying their profile as a potential consumer/gamer, in order to send them newsletters, commercial communications, offers and promotions consistent with the identified profile, etc.;
- Only following profiling (i.e., structuring according to pre-established parameters) is it possible to deduce further information relating to each interested party, further information (i.e., the "profile", for example, market segment, active marketing communications services, commercial aptitude, etc.) that would not derive from the mere informative aptitude of the data considered individually or separately.
In other words, profiling in the strict sense can result in the availability of a wealth of information that goes well beyond the information considered individually and relating to each data subject; furthermore, profiling in the strict sense provides added value given the multiple correlations that can be established between the individual data collected, in order to derive additional useful information.
Regarding the Data Controller's obligations to provide—pursuant to Article 13, paragraph 2, letter f) of the GDPR—information on the logic behind profiling processing, as well as the significance and consequences of such processing, the following is further clarified. The fundamental elements of profiling processing will be:
- 1) the predetermination of the parameters for the structuring of the data considered individually;
- 2) the comparison, cross-referencing, correlation of such data with each other and the comparative analysis carried out on the basis of predefined parameters, also through automated processes (i.e. the cataloguing of individual data into clusters);
- 3) obtaining a profile through the preceding activities and which allows for the identification of a consumer profile and additional analytical indications with respect to individual data and allows for the generation of mapping/segmentation into homogeneous behavioral groups (dynamic creation of behavioral profiles).
The Data Controller may proceed with the following Profiling Processes, such as in the case of detection of:
- number and type of requests for information on products and services offered made within a predetermined time frame;
- number and type of expenses incurred for products and/or services within a predetermined time horizon;
- number and type of new contracts possibly signed within a predetermined time horizon;
- number and type of information requests sent within a predetermined time frame;
- number and type of visits to the Website within a predetermined time frame, including through profiling cookies.
To proceed with Profiling Processing, it is mandatory to obtain specific, separate, express, documented, prior, and entirely optional consent.
Consequently, where the interested party decides to provide specific consent, they must be informed in advance and aware that the purposes of the processing pursued are of a specific commercial, advertising, promotional, and marketing nature in the broad sense based on Profiling Processing.
In any case, even if the data subject has given consent to authorize the Data Controller to pursue all the purposes of Processing for Profiling Purposes, they will still be free to withdraw their consent at any time, through the Data Controller's website www.mobilirebecca.it, by logging into their personal area with their credentials or, if they do not have a personal profile, by accessing the "Manage cookies" section. We specifically and separately inform you, as required by Art. 21 of the GDPR, that the data subject has the right to object at any time to the processing of their personal data for profiling purposes by simply sending an email to privacy@mobilirebecca.it (even if they have previously given their consent). If the data subject objects to profiling processing, their personal data will no longer be processed for these purposes, without prejudice to the lawfulness of the processing carried out until consent is withdrawn.
The Customer is then free to consent to Processing for Profiling Purposes, but not to further consent to disclosure to third parties who wish to process their data for Profiling Purposes. Should the Customer not consent to disclosure of their data to third parties for Processing for Profiling Purposes, the Data Controller will not communicate their data, and the data will be processed solely and exclusively by the Data Controller, where the user has provided separate consent to Processing for Profiling Purposes.
The data subject to Profiling Processing and the related authorized profiles will not be subject to any dissemination.
for this type of processing, please refer to thespecific information on cookies and similar technologies.
7. Data source
The data is normally provided directly by the Customer.
However, the Data Controller may collect data present in public databases (Chamber of Commerce, INI-PEC, Revenue Agency, Bank of Italy) primarily for the purposes of fulfilling legal obligations such as invoicing or for legal defense.
8. How and where we process data
The Data Controller will process the data in both paper and electronic form. They are stored and processed in electronic and paper archives located at the Data Controller's registered and operational headquarters (in Italy) and at the offices and servers of the data processors, limited to the purposes assigned to them. Given the importance of the Site to the Data Controller's business (e-commerce), please note that the www.mobilirebecca.it site is hosted on the Shopify Inc. platform and the domain is managed by Cloudflare Inc. The servers are located in Canada, as can be verified here.
9. Transfer of data outside the European Economic Area
The processing of the data subject's personal data carried out during use of the website www.mobilirebecca.it involves the transfer of data outside the European Economic Area. Therefore, the Data Controller will ensure that this occurs in the presence of an adequacy decision or, in the absence of one, in the presence of adequate safeguards pursuant to Articles 46 et seq. of the GDPR. Please note that the website operates on servers located outside the European Economic Area, as indicated above, specifically in Canada. With respect to this country, the transfer occurs pursuant to an adequacy decision of the European Commission dated 20 December 2001 , as amended by European Commission Implementing Decision (EU) 2016/2295 dated 16 December 2016 . The Data Controller may also transfer the data subject's data outside the European Economic Area, for example, in relation to the use of the services of Google Inc. or Meta Platforms Inc. (Facebook/Instagram/WhatsApp), and only to the extent that these entities store said data on servers located outside the EEA.
With regard to Google Inc. and Meta Platforms Inc., the transfer of data is made lawful by the adequacy decision with which the European Commission implemented the Data Privacy Framework.
Please consult the following links for more information:
The companies mentioned above have also agreed, in providing their services, to comply with the standard contractual clauses, for which we invite you to consult this link for Google Inc. and this link for Meta Platforms Inc..
10. Security measures
The Data Controller processes personal data in accordance with the data security obligations pursuant to Art. 32 of the GDPR. To ensure an adequate level of data protection to mitigate the risk of improper or unlawful use of data, the Data Controller constantly strives to implement physical, organizational, and IT security measures that meet current data security standards. These measures include, among others, the use of https/tls protocols, payment encryption, appropriate supplier selection, appointment of a Data Protection Officer (DPO), ongoing monitoring of privacy compliance, use of internal policies, backup procedures, disaster recovery, locked cabinets, authorization profiles, strong passwords with periodic changes and secure storage, written authorization and ongoing training for designated personnel, and monitoring of compliance with these measures. The complete list of security measures is available at the Data Controller's headquarters.
11. Children's privacy
Minors are defined as all persons under the age of 18. Pursuant to art. 2-quinquies of Legislative Decree 196/03 and subsequent amendments, in relation to the provision of information society services, minors are defined as all persons under the age of fourteen.
The Data Controller does not intentionally request or collect personal data from or relating to minors under the age of 18 without the consent of a parent or guardian.
If the Data Controller becomes aware that personal data relating to a minor has been submitted without the consent of a parent or guardian, it will make every reasonable effort to delete such personal data from its records as soon as possible and ensure that such personal data is not further used for any purpose, nor is it further disclosed to third parties.
12. Rights of the interested party
Right of access (Art. 15 GDPR)
You may request: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
You have the right to request a copy of the personal data undergoing processing.
- Right to rectification
You have the right to request the rectification of inaccurate personal data concerning you and to obtain the integration of incomplete personal data.
- Right to erasure
You have the right to obtain from the Data Controller the erasure of your personal data if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent, if there are no overriding legitimate grounds for profiling, if the data has been unlawfully processed, or if there is a legal obligation to erase it.
- Right to restriction of processing
You have the right to obtain from the Data Controller restriction of processing when you have contested the accuracy of the personal data (for a period enabling the Data Controller to verify the accuracy of the personal data) or if the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead, or if the personal data are necessary for the establishment, exercise, or defense of legal claims, but the Data Controller no longer requires them.
- Right to portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit that data to another controller if the processing: (i) is based on consent, (ii) on a contract and (iii) if the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority and such transmission does not infringe the rights of a third party.
Data portability includes the right of the data subject to receive a subset of their personal data processed by the Data Controller and to retain it for further use for personal purposes. This storage can take place on a personal medium or in a private cloud, without necessarily involving the transmission of the data to another controller.
Data portability complements and strengthens the right of access to personal data, also provided for in Article 15 of the Regulation.
If the data subject requests data portability along with the direct transmission of their data to another data controller, please note that this right is subject to technical feasibility: Article 20, paragraph 2 of the Regulation provides that data may be transmitted directly from one data controller to another at the data subject's request, and where technically feasible. The technical feasibility of data transmission from one data controller to another must be assessed on a case-by-case basis.
Recital 68 of the Regulation clarifies the limits of what is technically feasible, specifying that it should not require data controllers to adopt or maintain technically compatible processing systems. Therefore, direct data transmission from a data controller to another data controller may occur if secure communication between the systems of the two controllers (transferring and receiving) is possible, and if the receiving system is technically capable of receiving the incoming data. If technical impediments prevent direct transmission, the data controller will provide training and a detailed explanation to the data subject. With regard to the interoperability of formats to ensure portability, the Data Controller will comply with the provisions of paragraph 1021, letter (b) of Law 205/2017 (“presence of adequate infrastructures for the interoperability of the formats with which the data are made available to data subjects”) within the limits of what is clarified by the WP242 Guidelines (“The expectation is that the controller transmits personal data in an interoperable format, but this does not impose any obligation on other controllers to support this format”).
Please note that, pursuant to the WP242 Guidelines, data controllers who comply with a data portability request are not specifically required to verify the quality of the data before transmitting it.
Furthermore, data portability does not impose any obligation on the Data Controller to retain data for a period longer than necessary or beyond that specified. Above all, it does not impose any additional obligation to retain personal data for the sole purpose of fulfilling a potential data portability request.
The exercise of the right to data portability (or any other right under the Regulation) does not affect any of your other rights.
The data subject may continue to use and benefit from the service offered by the Data Controller even after data portability has been completed. Portability does not entail the automatic deletion of data stored in the Data Controller's systems and does not affect the original retention period for the data transferred. The data subject may exercise these rights as long as the data processing by the Data Controller continues.
- Right to object
You have the right to object at any time, in whole or in part, to the processing of your personal data if the processing is carried out for the purposes of the Data Controller's legitimate interest. In this case, the personal data will no longer be processed for these purposes.
- Right not to be subject to a decision based solely on automated processing, including profiling
- Right to lodge a complaint with the Guarantor Authority
Without prejudice to any other administrative or judicial remedy, if the data subject believes that the processing of his or her personal data violates the provisions of EU Regulation 2016/679, pursuant to art. 15, letter f) of the aforementioned EU Regulation 2016/679, and if the data subject believes that the Data Controller has violated his or her rights, he or she has the right to lodge a complaint with the Italian Data Protection Authority (Supervisory Authority www.garanteprivacy.it).
- Right to withdraw consent
How to exercise your rights:
- registered mail to Ohme Group Srl, Via GB Pirelli 14 - 62012, Civitanova Marche [MC], VAT number 02484770694, tel.: 0733 672081,
- email: privacy@mobilirebecca.it;
- pec: mobilirebeccasrl@pec.it
- form available on the website www.mobilirebecca.it or available at the office.
The Data Controller will normally process requests within 30 days.
However, this period may be extended for reasons relating to the specific right of the data subject or the complexity of your request.
In certain situations, due to legal obligations, we may not be able to provide you with information about all of your data.
If we are forced to decline your request for information in this case, we will at the same time explain the reasons for our denial.
Version of 17.2.26.
Previous versions





























