Privacy policy

  1. Home
  2. Privacy policy

REDAELLI TECNA S.p.A. Privacy Policy 

This document concerns the privacy policies regarding personal data processed by REDAELLI TECNA S.p.A., with registered offices at 2 Piazzale Libia, Milan, Italy, the Data Controller (hereinafter the Data Controller or Redaelli), which, through the company Wellnet S.r.l. in Milan - the Processor pursuant to Article 28 GDPR - manages the website 

https://www.redaelli.com

In accordance with applicable regulations regarding the protection of personal data and EU Regulation 2016/679 - GDPR, what follows describes the methods of managing the processing of personal data of the users of and visitors to our website, as well as the processing of personal data carried out by the Data Controller whom it will be possible to contact in person, by appointment, at the registered office or by 

e-mail: privacy@redaelli.com 

The Data Protection Officer (hereinafter DPO) can be contacted at:  dpo@redaelli.com. 

The information provided herein is not valid for other websites which can be consulted through our links and for which the Data Controller is in no way responsible. 

Pursuant to Art. 12 GDPR, the Data Controller adopts the following disclosure as a means to provide the data subject with information pursuant to Art. 13 GDPR and the communications pursuant to Art. 15-22 and 34 GDPR concerning the processing of data provided. This disclosure is to be understood as general and as provided to anyone who interacts with the website, accessible electronically and corresponding to the homepage of the official website. 

Information Data Processing The Data Controller informs the data subject of the personal data they provide by initiating contact with the Data Controller which does not fall into particular categories of personal data as listed in Art. 9 GDPR, concerning the data subject (even if the data subject is operating as an individual company, small business or professional) or their employees, agents, representatives or collaborators (the data), shall be used in compliance with the provisions pursuant to the GDPR. Data is processed, on the basis of the conditions of lawfulness pursuant to Art. 6 GDPR, for the purposes inherent to the relationship entered into with the Data Controller. Therefore, its legal basis, pursuant to Art. 13 letter c) GDPR, is justified by the reasons for which the relationship with the Data Controller is entered into and, in this specific case, with regard to browsing this website. The data will be acquired and processed following the data subject’s visit to www.redaelli.com and pages visited, beginning with the homepage , including any communications sent by the user. The data processing the Data Controller is permitted to do includes managing, organising, using, storing, creating databases, processing throughout and outside the EU (countries falling within those cases pursuant to Art. 45 and 46 GDPR), collecting statistics, sending our newsletter from which the user can unsubscribe either on initial receipt or at any time thereafter, communicating to partners with whom initiatives are developed (entities who will be appointed as processors pursuant to Art. 28 GDPR in cases where personal data is communicated to them). Data will also be communicated and processed within the Group company Teufelberger GmbH, sole shareholder of the Data Controller. It is vital to remember, however, that the processing carried out by a partner of the Data Controller or within the Group is always and only ever to benefit the user, without aggressive marketing purposes and with the ability of subsequently not subscribing to the proposed initiative. Processing shall also include the erasure and the correction of the data processed following a report from the data subject, consultation, communicating our initiatives, processing, soft spam via email and light marketing (to which it will be possible to object at any moment pursuant to Art. 130, comma 4 of the Privacy Code, by using the “unsubscribe” function in the footer of the email that will be sent), producing anonymous statistics, sending promotional material, as well as the use thereof for promoting conventions and meetings. It is understood that communications on the part of the Data Controller shall occur exclusively with data subjects who have expressly provided their personal data.

Moreover, it should be noted that processing data connected to the web services offered by this site and physically hosted by the company AWS is carried out and handled only by employees, collaborators, authorised third parties (for occasional maintenance) or by our provider. 

Data processing shall be carried out in hard copy and/or electronic form by parties appropriately authorised to do so. Providing personal data is optional. Some browsing data (see our cookies policy) are instead acquired automatically by the system where they are necessary for the operation of the website. The website www.redaelli.com does not use any other cookies. The Data Controller does not do any processing based on automated decision-making processes. The data shall be stored for a maximum of 5 years and, in any case, for the time necessary to satisfy the purpose of its collection. 

The Data Controller does not use the website to request the personal data of minors under 18 years of age. 

Rights of Data Subjects The Data Controller hereby states that the right to rectification pursuant to Art.16   GDPR, the right to erasure pursuant to Art. 17 GDPR, the right of restriction of processing pursuant to Art. 18  GDPR, as well as the right to access personal data provided and to all consequential information as listed in Art. 15 GDPR, are guaranteed. 

The Data subjects also have the right: 

  1. to ask the Data Controller for access to personal data or to rectify or delete said data or to restrict processing thereof when it concerns them, or 
  2. to object to their processing; 
  3. to data portability pursuant to Article 20 of the GDPR; 
  4. to withdraw consent at any time, without calling into doubt the lawfulness of processing based on the consent given before its withdrawal in cases where the processing is based on Art. 6, paragraph 1, letter a) or on Art. 9, paragraph 2, letter a) GDPR. 
  5. to lodge a complaint with a supervisory authority. 

In order to exercise the above rights or for further information, it is sufficient for the data subject to email dpo@redaelli.com indicating in the subject, “Exercising rights pursuant to the GDPR” and, in the main body of the email, the right(s) to be exercised, as well as the name, surname and email address to which Redaelli should reply. Having processed the information received, the Data Controller will send the reply within the terms indicated in Art. 12 GDPR. 

The rights listed and guaranteed by Articles 15-22 GDPR cannot be exercised by means of a request to the Data Controller or by way of complaint pursuant to Art. 77 GDPR when, exercising them may result in effective and concrete prejudice in relation to certain categories of interest and/or certain activities listed under Article 2 undecies of the Privacy Code. This point is without prejudice to comma 2 and 3 of the article cited above.

In particular situations, the Data Controller uses specific disclosures together with the consents to be obtained in order to allow personal data processing. Furthermore, the Data Controller advises that, whenever they intend to further process data for reasons other than those for which the data was originally given, they shall provide the data subject with information concerning these different purposes, as well as further pertinent information, to obtain consent for the specific case. 

Sending completed communication forms or email messages to addresses indicated for purposes explicated from the to time implies that contact on the part of visitor to the site amounts to consent to the acquisition and subsequent processing of the sender’s address and of other personal data entered with the methods and purposes already indicated in the disclosure provided above. Such actions shall also imply knowledge and acceptance of this privacy notice 

Employment Candidate Data With regard to the data that the user provides by sending us their CV or by completing one of our employee candidate forms available directly on the website in the area dedicated to open positions, we hereby inform you that, in our capacity as Data Controller, we shall use data contained in the form or the CV sent to us to verify its correspondence with the ideal candidate for which we are searching, and we likewise specify that, for this type of processing, the information pursuant to Art. 13 GDPR will be provided on the first contact made subsequent to sending the CV. It should further be noted that data marked with an asterisk in the application form is required for the purpose of considering the candidate’s suitability for the open position, while it is not required to provide further data. However, if data is provided partially or incorrectly, it might be impossible to evaluate it for the position requested.   In order to evaluate the job opening, some information regarding candidates must be processed and, to that end, candidates are asked to provide only personal details that we reasonably require. 

In relation to data storage, as described in the guidelines of WP29 dated June 8,2017, we hereby inform that data collected during the candidate selection phase will be deleted as soon as it is made clear that the candidate will not be offered the job or that they will not accept it. For CVs sent independent of whether or not there are any positions open at our company, if we find it relevant, the CV will be filed for 2 years. Otherwise, it will be deleted within 1 year of receipt. Candidates are also informed that the Data Controller can check the candidate's social media profile if it is not solely private one and/or it is strictly personal. 

Browsing Data During their normal operation, IT systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of internet communications protocols. This data is used in order to obtain anonymous statistical information on the use of the website and to check the correct operation thereof. It is deleted immediately after processing. The data may be used to determine liability in the event of alleged cybercrimes that damage the website. 

Cookies  A cookie is a small text file which is saved by a website on the hard disk of the user’s device, allowing the navigator's browser to be uniquely identified. Cookies do not damage the computer and do not contain viruses. Cookies help to streamline the analysis of web traffic or report when a specific site is visited and do not allow the web applications to send information to individual users.  Only the user can decide whether to delete the cookies manually from their device or to allow for their automatic deletion upon closing the browser installed. 

For further information, please read our cookie policy. 

Copyright All the contents of this site are protected by copyright and intellectual property laws. Reproduction thereof, even partial and in any form, is prohibited. Therefore, the Data Controller does not concede any licence on copyright, patents or any other right of intellectual property. 

Liability The Data Controller does not assume any liability in relation to website navigators as regards what is published (accuracy and completeness of information provided) or the use that third parties may make of the content. The Data Controller may update or change the material and the information contained on the website without notice . 

The Data Controller assumes no liability for errors, omissions, interruptions, deletions, defects, delays in transmission, breakdowns in communication lines, theft or destruction or unauthorised access to the contents or unauthorised changes. Likewise, the Data Controller is not liable for any technical malfunctions or other problems with any telephone network or service, IT systems, servers, IT equipment or mobile phones, websites, email or reader equipment breakdowns, breakage or damage to the computer, to the mobile phone or to other hardware components or websites belonging to anyone in relation to or deriving from use when uploading or downloading materials to or from our website. Under no circumstances will the Data Controller be liable for any loss or damage, including damage or personal injury, deriving from the use of the website by anyone or for any interactions between users of the website whether online or offline.

Application of Regulations The Data Controller regularly updates this information and, in general, its own observance of privacy regulations, making them compliant with new provisions issued. For any questions of doubts in relation to the current privacy regulations, it is possible to contact the DPO at any time at dpo@redaelli.com. 

Complaints We shall reply to users who send formal written questions and/or complaints to privacy@redaelli.com and will look further into the problem raised. We undertake to collaborate with the competent authorities to resolve any complaints concerning the processing of personal data which are not resolved directly between the Data Controller and private individuals.

Information concerning the processing of personal data addressed to all data subjects with whom the Data Controller comes into contact by rapid means and/or as part of occasional commercial/institutional relationships (i.e. the exchange of business cards)

If the data subject has provided the Data Controller with their personal data as part of occasional commercial or institutional relationships, or at any rate by rapid means, the Data Controller provides the information that follows pursuant to Art. 13 and the communications pursuant to Articles 15-22 GDPR. The personal data provided, which do not fall under the particular categories of personal data pursuant to the list in Art. 9   GDPR, shall be processed in compliance with the provisions pursuant to the GDPR and the to the Privacy Code, on the basis of the principles applicable to processing personal data as described in Art. 5 GDPR (i.e. principles of correctness, relevance, transparency, compatibility, protection of confidentiality and of rights etc.). 

Processing is carried out on the basis of the conditions of lawfulness pursuant to Art. 6 GDPR with regard to the purposes inherent to the relationship entered into with the Data Controller. Consequently, its legal basis, pursuant to Art. 13, letter c) of the GDPR, is justified for the reasons for which a relationship with the Data Controller is initiated including, in the specific case, the transfer of data in order to keep in touch with the Data Controller (pursuant to Art. 4, comma 11 GDPR regarding consent through clear affirmative action).

With that end in mind, he data processing the Data Controller is permitted to do , pursuant to Articles 45 and 46 GDPR, includes managing, organising, using, storing, creating databases, processing throughout and outside the EU (in those countries falling within cases pursuant to the GDPR), collecting statistics, sending our newsletter from which one can unsubscribe either on initial receipt or at any time thereafter, communicating to partners with whom initiatives will be developed (hence entities who will be appointed as data processors pursuant to Art. 28 GDPR in cases where personal data is communicated to them. Data will also be communicated and processed within the Group company Teufelberger GmbH, sole shareholder of the Data Controller. It is vital to remember, however, that the processing carried out by a partner of the Data Controller or within the Group is always and only ever to benefit the user, without aggressive marketing purposes and with the ability of subsequently not subscribing to the proposed initiative. Processing shall also include the erasure and the correction of the data processed following a report from the data subject, consultation, communicating our initiatives, processing, soft spam via email and light marketing (to which it will be possible to object at any moment pursuant to Art. 130, comma 4 of the Privacy Code), by using the “unsubscribe” function in the footer of the email that will be sent), producing anonymous statistics, sending promotional material, as well as the use thereof for promoting conventions and meetings.

Data will be processed in hard copy and/or electronic form only by individuals specifically authorised to process the data. The Data Controller does not process data solely based on automated decision-making processes.

Data Subjects are reminded by the Data Controller that they provide their data voluntarily with the express will to remain in contact with the Data Controller.

The data will be stored for 10 (ten) years for administrative purposes and, in any case, for the time necessary to satisfy the purposes for which the data was collected. 

Rights of Data Subjects The Data Controller hereby states that the right to rectification pursuant to Art.16  GDPR, the right to erasure pursuant to Art. 17 GDPR, the right of restriction of processing pursuant to Art. 18  GDPR, as well as the right to access personal data provided and to all consequential information as listed in Art. 15 GDPR, are guaranteed. 

The Data subjects also have the right: 

  1. to ask the Data Controller for access to personal data or to rectify or delete said data or to restrict processing thereof when it concerns them, or 
  2. to object to their processing;
  3. to data portability pursuant to Art. 20 GDPR; 
  4. to withdraw consent at any time, without calling into doubt the lawfulness of processing based on the consent given before its withdrawal in cases where the processing is based on Art. 6, paragraph 1, letter a) or on Art. 9, paragraph 2, letter a) GDPR. 
  5. lodge a complaint with a supervisory authority. 

In order to exercise the above rights or for further information, it is sufficient for the data subject to email dpo@redaelli.com indicating in the subject, “Exercising rights pursuant to the GDPR” and, in the main body of the email, the right(s) to be exercised, as well as the name, surname and email address to which Redaelli should reply. 

Having processed the information received, the Data Controller will send the reply within the terms indicated in Art.12 GDPR. 

The rights listed and guaranteed by Articles 15-22 GDPR cannot be exercised by means of a request to the Data Controller or by way of complaint pursuant to Art. 77 GDPR when, exercising them may result in effective and concrete prejudice in relation to certain categories of interest and/or certain activities listed under Article 2 undecies of the Privacy Code. This point is without prejudice to comma 2 and 3 of the article cited above.

In particular situations, the Data Controller uses specific disclosures together with the consents to be obtained in order to allow personal data processing. Furthermore, the Data Controller advises that, whenever they intend to further process data for reasons other than those for which the data was originally given, they shall provide the data subject with information concerning these different purposes, as well as further pertinent information, to obtain consent for the specific case.