Pursuant to art 13 of Regulation (EU) 2016/679 (hereinafter, the
“GDPR”), you are hereby informed that your data will be processed by the following means and for the following
purposes
1. Data controller and data protection officer
RINA S.p.A., with registered office in Genoa (GE), via Corsica 12, CF and VAT no. 03794120109, and the other
RINA Group Companies are the Joint Data Controllers pursuant to art. 26 GDPR, who can be reached through the
contacts indicated on the website www.rina.org. The Data Protection Officer may be contacted at the e-mail
address rina.dpo@rina.org.
2. Scope of processing
The Controller processes personal data of a common type (name, employing company, town/city, telephone
number, and e-mail address), provided by you by completing the form available in the “Contacts” section of the
website.
In addition, normal operation of the website makes it necessary to obtain some personal data. This is
information that is not collected to be associated with identified data subjects but that, by its very nature,
could make it possible to identify the users by processing and associating the same with data collected by third
parties. This category of data includes cookies, which are small text files that websites visited by the users
send to their terminals, where they are stored to be sent back to the same sites at the time of subsequent
visits. For further information on cookies used by the website go to cookies
page.
3. Purpose of processing
a. Your personal data are processed for the following purposes:
- to
receive and respond to any request for a contact, by sending the information you requested;
- to collect
information necessary for the obligations connected with the pre-contractual phase.
b. In addition, with your explicit consent, your data will be processed
to:
- send you e-mails, post, sms and/or telephone calls, newsletters,
commercial communications,
and/or advertising materials on products or services offered by the Controller, and measure the degree of
satisfaction with the quality of such services;
- analyse your choices and surfing habits, in order to
improve use of the website and choice of the Controller’s services.
4. Processing method
The Controller will process personal data in accordance with the principles of lawfulness, fairness and
transparency.
Your personal data are processed by means of the following operations: collection, recording, organisation,
structuring, storage, consultation, adaptation or alteration, use, dissemination, disclosure by transmission,
retrieval, alignment, combination, restriction, erasure and destruction of the data. Your personal data are
subjected to both hard-copy and electronic processing.
The Controller will process the personal data for the time necessary to carry out the purposes indicated
above and, in any case, for not more than 2 years from collecting the data.
However, the Controller may store the data for longer than 2 years if erasure of the same may compromise its
legitimate right to defence or, in general, to safeguard its company assets. Such storage will take place,
limiting access to the same to heads of departments only, in order to guarantee the legitimate exercising of the
right of defence of the Controller.
5. Access to data
Your data may be made accessible for the purposes indicated in art 3.a and 3.b to the following
recipients:
- affiliate companies or subsidiaries of RINA Group, in Italy and abroad, to the extent to which this is
necessary for processing;
- companies or other third parties (professional firms, consultants, insurance
companies for providing insurance services, suppliers, entities that provide services for managing the computer
system and the telecommunications network for the services, etc.), who act on an outsourcing basis for the
Controller, and who have been formally nominated as the data processor;
- public entities, for fulfilling
legal obligations.
Without requiring your explicit consent, the Controller may communicate your data for the purposes indicated
in art 3.a to supervisory bodies, judicial authorities, insurance companies for providing insurance services, as
well as to entities to which communication is mandatory in terms of the law, for carrying out said purposes.
6. Transfers of data
Personal data are stored on servers located within the European Union. In any case, it is understood that,
should this be necessary, the Controller will have the right to move the servers even outside the EU. In such a
case, the Controller hereby guarantees that transfers of data outside the EU will be done in accordance with the
applicable laws, also by means of including standard contractual clauses provided for by the European
Commission, and adopting binding corporate rules for intra-group transfers.
7. Consent
The provision of data and related processing for the purposes indicated in point 3.a is necessary in order
to guarantee the Controller’s services you have requested, and for executing the requests made. If refused, you
cannot successfully submit requests and cannot receive a response from the Controller.
Providing data for the purposes indicated in point 3.b, on the other hand, is not mandatory. You may,
therefore, decide not to provide any data or subsequently refuse processing of data already provided - the only
consequence of any such refusal will be that receiving newsletters, commercial communications, and advertising
materials related to the services offered by the Controller will not be possible. However, you will continue to
have a right to the services indicated in point 3.a.
8. Rights of the data subject
In your capacity as the data subject in processing of the data in question, you have the rights provided for
in the GDPR, including the right to ask the Data Controller, by contacting the Data Protection Officer for:
access to the personal data, indication of the means, purposes and logics involved in the processing, the right
to object, to request restriction of processing, data portability, rectification and erasure of the same, within
the limits and in the ways provided for in the GDPR.
Where processing of data is based on consent, you have the right to withdraw the same at any time.
In addition, you always have the right to object to the sending of newsletters and processing of all or
several data for marketing or commercial purposes.
Therefore, in your capacity as the data subject, you have the rights pursuant to Arts. 15 - 21 of GDPR, as
well as the right to lodge a complaint with the competent Authority pursuant to art. 77 of GDPR.
9. Procedure for exercising rights and communications
The Controller has appointed a Data Protection Officer, who can be contacted for all matters related to
processing of your personal data and the exercising of related rights.
Therefore, you may contact the Data Protection Officer at any time, using the following procedures:
- by
sending a registered letter with notification of receipt to RINA S.p.A., via Corsica 12, 16128 Genoa (Italy),
for the attention of the Data Protection Officer, or by
- sending an e-mail message to rina.dpo@rina.org.
We wish to state that you have the right to withdraw the consent given at any time by writing to rina.dpo@rina.org.
