Privacy

Information on the processing of personal data

In this document, ‘Company’ means Renvico Holding S.r.l., Renvico Italy S.r.l., Renvico France and their subsidiaries. If you come into contact with one of the above-mentioned ‘Companies’, you may be asked for some personal data, which is why we are providing the following information:

Data Controller
The Data Controllers for the processing of the personal data of those concerned are

  • Renvico Holding, with head office at Via San Gregorio 34, 20124 Milan,
  • Renvico Italy, with head office at Via San Gregorio 34, 20124 Milan,
  • Renvico France with head office at 22, rue Guynemer, 78604 Maisons-Laffitte, Cedex, France

in the person of their pro tempore legal representatives.

Recipients of the data
The personal data handled by the Data Controllers is not distributed, i.e. knowledge of it is not given to unspecified persons in any possible form, including making it available or for simple consultation. It may be transferred to the employees of the Data Controllers and some external persons who work with them. It may also be transferred, within strictly necessary limits, to persons who, at the assignment of the Data Controllers, have to supply goods or provide services for the fulfilment of your requests. Lastly, it may be notified to persons authorised to access it in accordance with the law, regulations and Community legislation. In detail, according to the roles and tasks performed, workers are authorised to process your personal data within the limits of their skills and in compliance with the instructions given to them by the Data Controllers.
The external persons operating under the authority of the Data Controllers have also been appropriately authorised according to the type of service provided, processing carried out and the nature of the data processed. The external persons to whom the Data Controllers have entrusted processing of personal data have been designated Data Processors.

Transfer of data
The Data Controllers do not under any circumstances transfer your personal data to other countries or international organisations. Nevertheless, cloud services may be used; in this case, the suppliers of the services shall be selected from those who give adequate guarantees, as set out by Art. 46, GDPR 679/16.

Data storage
The Data Controllers process and store your personal data for the time necessary to fulfil the purposes indicated. Subsequently, the personal data shall be stored, and not processed further, for the time set out by the civil and tax laws in force.

Rights of the interested party
With reference to Arts. 15 Right of access, 16 Right to rectify, 17 Right to cancel, 18 Right to limit processing, 20 Right of portability, 21 Right of opposition, and 22 Right of opposition to the automated decision-making process of GDPR 679/16, you may exercise your rights by writing to the Data Controllers at the addresses indicated above, or by sending an email to privacy@renvico.it, specifying the purpose of your request, the right you intend to exercise and enclosing a photocopy of an identity document certifying the legitimacy of the request.
Further information on the rights of the interested party are shown at the end of this section.

Complaints
Each of you has the right to complain to the control body of the country of residence.

Automated decision-making processes
The Data Controllers do not under any circumstances carry out processing of your data that consists of automated decision-making processes.

You can interact with one of the Data Controller ‘Companies’ and their organisations by visiting the website, via email or telephone for many reasons:
• asking for information or informative material;
• asking for contact;
• forwarding reports and complaints;
• spontaneous despatch of your CV;
• registering for the newsletter.

In these cases, you should know:
Data sources: the personal data processed is supplied by you when making your request.
Purpose of processing: your personal data is always processed to:
1) fulfil or follow up your requests;
2) send you the newsletter;
3) send further information, notifications and informative material on the work and initiatives of the ‘Companies’ and their partners by email.
Legal base for processing: the legal base for processing is:
- fulfilment of a contractual or precontractual compliance or for the purposes at Point 1;
- the consent, through unmistakeable positive action, for the purposes at Point 2;
-    the legitimate interest of the Data Controller, in the balancing of interests, for the purposes at Point 3.
Revocation of consent: with reference to Art. 6, GDPR 679/16, the person concerned can revoke any consent given at any time. The revocation of consent will mean that the newsletter, information and notifications will no longer be sent by email.
Refusal to provide data: making the requests listed above is always voluntary; as a result, refusal to provide data may impede or compromise the fulfilment or follow-up of your requests.
Further information on the recipients of the data: the personal data acquired through reception of a CV is entered in a ‘candidate’ database of the Data Controllers and processed by those authorised in connection with the assessment and selection of candidates or the possible offer of alternative jobs consistent with the professional profile.

In addition, if you visit our website, you should know:
Data collection: for easier site management and statistical purposes, some information is collected anonymously. The IT system supporting the site produces general, anonymous statistics with aggregated data through special programs; these are used to establish what information is of greater or lesser interest, monitor the performance of the system and find any crisis areas. In addition, for security reasons, and to ensure the full availability of the service to all users, traffic control software programs are used on the site so that unauthorised attempts to include or vary the information, or any other attempt at intrusion or damage, can be identified. The site asks the browser for some information, such as navigation preferences, log-ins and frequently-visited pages, to offer a quality service. This information assists clearer understanding of users’ needs so that an increasingly better service can be offered.
Use of cookies: the site of the joint data controllers uses third party ‘technical cookies’. These are text files deposited in the user’s computer to enable navigation and the use of the site to be analysed. At times, the third parties may use these cookies to publish announcements based on previous visits made by site users. The information generated by the cookies on the use of the site is sent to the corresponding third parties and deposited in their servers. Generally, third parties use this information to produce reports on the activity of the site, intended for the Data Controllers’ operators, and do not associate the IP address with other data they hold thus, in effect, processing anonymous data. The provision of navigation data can be refused by selecting the appropriate setting in the browser. On this point, see the information published on the sites of the corresponding third parties such as:
https://www.google.it/intl/it/policies/privacy/ for the information leaflet, and https://tools.google.com/dlpage/gaoptout?hl=it, for the deactivation.
Nevertheless, deactivation may, in some cases impede use of all the functions of the site. On the contrary, by accepting the use of the cookies as described above and continuing to navigate, the user gives free and unconditional consent to the processing of personal data by the Data Controller ‘companies’ and third parties in the ways and for the purposes indicated above. Lastly, if the user reaches the site after clicking on a banner published on another site, they should know that the manager of the advertising network, designated external data controller, assigned the cookies necessary to detect the throughput and total of any purchases made. The manager of the advertising network is responsible for the management of these cookies and their information can be consulted on the institutional site. Under no circumstances does the site use cookies for customer profiling.
Confidentiality of the data: the Data Controller ‘companies’ do not notify any personal identification data or information to third parties except to those who operate as suppliers for the provision of services or management of the contractual relationship and the resulting administrative compliance, if necessary and only to the extent strictly necessary.


We tell the professionals and sole proprietors who operate as our suppliers in person, and establish relationships and communications with the Data Controllers’ organisation of processing:
Data sources: your personal data is collected at your premises by our employees and co-workers during commercial visits or telephone calls, direct contact to take part in meetings, seminars, courses, fairs, our requests for offers, order confirmations and transmissions and transactions after the order confirmations.
Purpose of processing: your personal data is processed in connection with the management of the current contractual relationship or that under negotiation, including the work set out for the contact, formalisation, management and control of the relationship without suppliers, and also to comply with requirements and administrative, Customs, legal or tax obligations relating to the supply.
Legal base for processing: the legal base for processing is the fulfilment of a contractual or precontractual requirement.
Revocation of consent: with reference to Art. 6, GDPR 679/16, the person concerned can revoke any consent given at any time.
The processing indicated is, however, carried out on a legal basis different from the acquisition of consent.
Refusal to provide data: professionals or sole proprietors who are suppliers cannot refuse to provide the data necessary for the accounting, administrative and tax management of the established contractual relationship or provision of the service. Additional provision of personal data is necessary for the correct and efficient management of the contractual relationship. As a result, any refusal to provide may compromise it.
Processing of criminal records: we may need to process ‘criminal records’, as defined by Art. 10, GDPR, of the people who represent or act in the name or on behalf of suppliers and potential suppliers in application of specific laws. In such cases, the ‘criminal records’ will be processed to comply with what is specifically set out by the applicable laws and subsequently stored in a way which prevents involuntary or unauthorised access.


Information for people working on customers’ or suppliers’ premises
The management of the contractual relationship with customers and suppliers necessarily leads to the processing of personal data (identification, telephone numbers and email) relating to the people with whom contact is made. This information leaflet is therefore given pursuant to Art. 13, GDPR 679/16 – “European Regulations on the Protection of Personal Data” to the individuals who work on the premises of customers and suppliers.
Given the difficulty in ensuring that the people concerned receive the information leaflet directly, it is made available to customers and suppliers with the request to advise those concerned.

Data sources
The personal data processed is that supplied by the person concerned during:
• visits or telephone calls;
• contacts to take part in exhibitions, fairs, etc.;
• offers;
• transmissions and transactions after the order.
Purpose of processing
The personal data of the contact individuals is processed to:
• forward notifications of various types and by different communication methods (telephone, mobile phone, text messages, email, fax, and ordinary mail);
• make or deal with requests and offers received;
•  exchange information for the performance of the contractual relationship including pre- and post-contractual activities.
Legal base for processing
The legal base consists of the need to follow up the pre-contractual, contractual and post-contractual duties.
Revocation of consent
With reference to Art. 7, GDPR 679/16, the person concerned can revoke any consent given at any time. Nevertheless, the processing indicated in this information leaflet is licit and permitted, even without consent, as it is necessary for the fulfilment of a contract to which the person concerned is party (the relationship of supply of products and services).
Refusal to provide data
The person concerned can refuse to provide his/her personal data to the Data Controllers. However, provision of personal data is necessary for the correct and efficient management of the contractual relationship. As a result, any refusal to provide may wholly or partly compromise it.

Information for visitors
This information leaflet is made available to guests and, generally, to all the people temporarily in the offices of the Data Controller ‘Companies’ pursuant to Art. 13 GDPR 679/16 – “European Regulations on the Protection of Personal Data”.
Data sources
The personal data processed is that supplied by the person concerned during:
• visits to or operations in the offices;
• interviews or work sessions in the offices;
• delivery or collection of goods, packages and correspondence.
Purpose of processing
The personal data indicated above is processed for the following reasons:
• a check on accesses to the offices;
• survey of the duration of stays in the offices;
• indication of those present for the management of emergency situations.
Legal base for processing
The personal data of guests is legally processed for:
• the fulfilment of a legal requirement (management of emergencies);
• the legitimate interest of the Data Controller (check on accesses and survey of the duration of stays in the offices).
Data storage
The data recorded shall be cancelled one year after access.
Revocation of consent
With reference to Art. 7, GDPR 679/16, the person concerned can revoke any consent given at any time. However, it is stressed that the processing indicated in this information leaflet is licit and permitted, even without consent.
Refusal to provide data
The person concerned can refuse to provide his/her personal data to the Data Controllers since its provision is optional. Nevertheless, such refusal will make it impossible for him/her to gain access to the offices.


Information for directors, auditors and members of the supervisory body
This information leaflet is made available to members of the Board of Directors, auditors and members of the supervisory body pursuant to Art. 13 GDPR 679/16 – “European Regulations on the Protection of Personal Data”.
Data sources
The personal data is provided spontaneously by the person concerned on acceptance of the appointment.
Purpose of processing
The personal data is processed to convene the corporate and supervisory bodies, pay fees and salaries and comply with the legal requirements on tax and welfare matters, carry out accounting and reimburse expenses, and draft documents, reports and other formal deeds.
Legal base for processing
The processing is carried out as a legal requirement and to fulfil a contract to which the person concerned is party or performance of precontractual measures adopted at his/her request.
Data storage
The Data Controllers of the processing store and process personal data for the time necessary to comply with the purposes indicated. In any case, documents with administrative relevance shall be stored for ten years.
Revocation of consent
With reference to Art. 23 of Legislative Decree 196/2003 and Art. 6 of GDPR 679/16, the person concerned can revoke consent at any time. Nevertheless, it is stressed that the processing indicated in this information leaflet is licit and permitted, even without consent so the revocation of consent would not have any effect on the processing.
Refusal to provide data
The provision of some data (name and tax data) is obligatory for the assumption of the position, administrative and tax. Some additional data (telephone number, email address, etc.) is essential for the management of the organisational aspects. This is why their partial or incomplete notification may compromise the effective management of the relationship.


Lastly, we advise all recipients of email messages that their content is confidential. As a result, the data and information contained in them or any attachments is exclusively for the recipients. Persons other than the recipients, also pursuant to Art. 616, Criminal Code, are not authorised to read, copy, modify or broadcast the message to third parties. Whoever receives one of our notifications by mistake must not use it or make it known to anyone but cancel it from his/her mail box and advise the sender.
The authenticity of the sender and the contents are not guaranteed, except for digitally signed documents. Further, pursuant to Art. 13, GDPR 679/16, please note that our archives include email addresses relating to individuals, companies and bodies with which there have been prior communications by email or other means or which have spontaneously provided their email address during direct contacts. Such addresses are used by us respecting the desire and willingness of the persons concerned to receive notifications from our company by email. We would also like to advise you that all the mailboxes of the dominion ".....@renvico.it, @renvico.fr and @renvico.com" are company mailboxes and, as such, are used for notifications in the work context. Therefore, any outgoing or incoming messages may be read by persons other than the sender/recipient for requirements connected to the business.


List of the rights of the person concerned
Pursuant to GDPR 679/16, the person concerned can exercise specific rights, by contacting the Data Controllers,
including: the right to ask for access to his/her personal data, the right to ask for the rectification of his/her personal data, the right to ask for the cancellation of his/her personal data, the right to ask for the limitation of the processing of his/her personal data, the right to ask for the portability of data, and the right to make a complaint to the relevant Data Protection Control authority.
Please remember that if the person concerned wishes to have further information on the processing of his/her personal data, i.e. exercise the above rights, s/he can write to privacy@renvico.it
Right of access. Each person has the right to have confirmation of the existence or not of personal data concerning him/her and, in that case, ask for access to such data. The access information includes, inter alia, the processing, categories of personal data concerned, and the recipients or categories of recipients to whom the personal data has been or shall be notified.
The person concerned also has the right to obtain a copy of the personal data subjected to processing. The Data Controller may charge a reasonable cost based on administrative expenses for additional copies requested.
Right to rectification: each of you has the right to have inexact personal data concerning you rectified. Depending on the purposes of processing, you may have the right to complete personal data that is incomplete, also by the presentation of a supplementary declaration.
Right to cancellation ("right to be forgotten"): in certain circumstances, you have the right to have the personal data concerning you cancelled.
Right to limitation of processing: in certain circumstances, you have the right to the limitation of the processing of the personal data. In this case, the data shall be tagged and can only be processed by the Data Controller for certain purposes.
Right to portability of the data: in certain circumstances, you have the right to receive the personal data concerning you in a commonly used, legible format; you also have the right to send it to another entity without obstacles.