Legal notice

The purpose of this document is to inform the natural person (hereinafter the “Data Subject”) regarding the processing of their personal data (hereinafter “Personal Data”) collected by the data controller, B.S.R. S.R.L. - RADA', with registered office at Via Copernico 4, 47122 Forlì (FC), Tax Code/VAT No. IT01872500408, email address rada@rada.it (hereinafter the “Controller”), through the website https://rada.it/it/ (hereinafter the “Application”).

Any amendments and updates shall become binding as soon as they are published on the Application. If the Data Subject does not accept the changes made to this Privacy Policy, they must cease using the Application and may request that the Controller delete their Personal Data.

Categories of Personal Data Processed

The Controller processes the following categories of Personal Data voluntarily provided by the Data Subject:

  • Contact details: first name, last name, address, email address, telephone number, images, authentication credentials, any additional information sent by the Data Subject, etc.

The Controller processes the following categories of Personal Data collected automatically:

  • Technical data: Personal Data generated by devices, applications, tools, and protocols used, such as information about the device used, IP addresses, browser type, Internet Service Provider (ISP) type. Such Personal Data may leave traces which, especially when combined with unique identifiers and other information received by servers, may be used to create profiles of natural persons.
  • Browsing and Application usage data: such as pages visited, number of clicks, actions performed, session duration, etc.

Failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or where such data constitute a necessary requirement for entering into a contract with the Controller, shall make it impossible for the Controller to establish or continue the relationship with the Data Subject.

The Data Subject who communicates Personal Data of third parties to the Controller shall be directly and exclusively responsible for their origin, collection, processing, communication, or disclosure.

Cookies and Similar Technologies

The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect the Data Subject’s Personal Data regarding pages visited, links accessed, and other actions performed when using the Application. Such data are stored and then transmitted during the Data Subject’s next visit. The complete Cookie Policy is available at the following address: https://rada.it/it/cookie-policy/

Legal Basis and Purposes of Processing

The processing of Personal Data is necessary:

For the performance of a contract with the Data Subject, specifically:

  • Fulfilment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject.
  • Registration and authentication of the Data Subject: to allow the Data Subject to register on the Application, log in, and be identified, including through external platforms.
  • Payment management: to manage payments by credit card, bank transfer, or other payment methods.

To comply with legal obligations, specifically:

  • Compliance with any obligation provided for by applicable laws, regulations, and rules, particularly in tax and fiscal matters.

Based on the legitimate interest of the Controller, for:

  • Email marketing relating to the Controller’s products and/or services: to directly sell the Controller’s products or services using the email address provided by the Data Subject in the context of the sale of a product or service similar to the one previously purchased.
  • Statistics using anonymous data: to carry out statistical analyses on aggregated and anonymous data in order to analyse the Data Subject’s behaviour, improve the products and/or services provided by the Controller, and better meet the Data Subject’s expectations.

Based on the Data Subject’s consent, for:

  • Profiling for marketing purposes: to provide the Data Subject with information on the Controller’s products and/or services through automated processing aimed at collecting personal information in order to predict or evaluate preferences or behaviour.
  • Retargeting and remarketing: to reach, through personalised advertising, Data Subjects who have already visited or shown interest in the products and/or services offered by the Application using their Personal Data. The Data Subject may opt out by visiting the Network Advertising Initiative page.
  • Marketing of the Controller’s products and/or services: to send commercial and/or promotional information or materials, conduct direct sales activities concerning the Controller’s products and/or services, or carry out market research through automated and traditional methods.

The Data Subject’s Personal Data may also be used by the Controller to protect its rights before the competent judicial authorities.

Methods of Processing and Recipients of Personal Data

Personal Data are processed using paper and electronic tools, with organisational methods and logic strictly related to the purposes indicated, and through the adoption of appropriate security measures.

Personal Data are processed exclusively by:

  • Persons authorised by the Controller to process Personal Data who have undertaken confidentiality obligations or are subject to an appropriate legal obligation of confidentiality;
  • Entities acting independently as separate data controllers or entities appointed as data processors by the Controller in order to carry out all processing activities necessary to pursue the purposes set out in this policy (for example, commercial partners, consultants, IT companies, service providers, hosting providers);
  • Persons or entities to whom disclosure of Personal Data is mandatory by law or by order of the authorities.

The above-mentioned parties are required to use appropriate safeguards to protect Personal Data and may access only the data necessary to perform their assigned tasks.

Personal Data shall not be indiscriminately disclosed in any way.

Place of Processing

If necessary, Personal Data may be transferred to entities located outside the European Economic Area (EEA). Whenever Personal Data are transferred outside the EEA, the Controller shall adopt all appropriate and necessary contractual measures to ensure an adequate level of protection of Personal Data, including, among others, agreements based on the standard contractual clauses approved by the European Commission for the transfer of data outside the EEA.

To request information regarding the specific safeguards adopted, the Data Subject may contact the Controller at the following email address: rada@rada.it.

Retention Period of Personal Data

Personal Data shall be retained for the period necessary to fulfil the purposes for which they were collected, specifically:

  • For purposes related to the performance of the contract between the Controller and the Data Subject, Personal Data shall be retained for the entire duration of the contractual relationship and, following termination, for the ordinary limitation period of 10 years. In the event of judicial disputes, Personal Data shall be retained for the entire duration of the proceedings until all appeal periods have expired.
  • For purposes related to the legitimate interest of the Controller, Personal Data shall be retained until such interest has been fulfilled.
  • For compliance with legal obligations, orders of authorities, and legal protection, Personal Data shall be retained in accordance with the timeframes established by such obligations and regulations and, in any case, until the applicable limitation period has expired.
  • For purposes based on the Data Subject’s consent, Personal Data shall be retained until consent is withdrawn.

At the end of the retention period, all Personal Data shall be deleted or stored in a form that does not permit identification of the Data Subject.

Rights of the Data Subject

Data Subjects may exercise certain rights with reference to the Personal Data processed by the Controller. In particular, the Data Subject has the right to:

  • Be informed about the processing of their Personal Data;
  • Withdraw consent at any time;
  • Restrict the processing of their Personal Data;
  • Object to the processing of their Personal Data;
  • Access their Personal Data;
  • Verify and request rectification of their Personal Data;
  • Obtain restriction of processing of their Personal Data;
  • Obtain deletion of their Personal Data;
  • Transfer their Personal Data to another controller;
  • Lodge a complaint with the supervisory authority for the protection of Personal Data and/or take legal action.

To exercise their rights, Data Subjects may send a request to the following email address: rada@rada.it. Requests shall be handled by the Controller immediately and fulfilled as soon as possible, in any case within 30 days.

Last updated: 04/10/2024