DATA POLICY STATEMENT

R.E TE. Imprese Italia, with registered office at Corso Vittorio Emanuele II, 284, 00186 Rome (Italy), Tax Code and VAT no. 97602530582 in the person of the acting Data Controller delegated by the Board of Directors, hereby informs you as follows.
This information relates only to this website (“Website”) and not to any other sites which may be accessed by the user (“User”) via hyperlinks.
The identification data supplied by the User at the time of registration on the website and/or registration for the services, programmes and offers publicised on it will be processed by R.E TE., also through disclosure to third parties, in accordance with the data protection principles established by Italian Legislative Decree 196/2003- Personal Data Protection Code (“Code”) – and Regulation EU 679/2016 (General Data Protection Regulation – GDPR), as well as the other relevant legislation.

1. Purposes of the data processing
The said data will be processed by R.E TE. Imprese Italia:
a) for the purposes of supplying the services requested, verifying the quality of the services offered and fulfilling any accounting and fiscal obligations imposed by law;
b) only with specific, clearly stated consent, for commercial, promotional and marketing purposes, using both online and offline channels, and for the performance of market surveys and the production of statistics, such as monitoring of the degree of customer satisfaction with the services offered.

2. Information concerning the use of cookies
Users are informed that R.E TE: Imprese Italia uses “cookie” technology with the aim of providing a more enjoyable navigation experience for all Users visiting the Website.
Cookies are small files that the Website the User visits sends to the browser, where they are stored to be retransmitted to the same Website the next time the same User visits it.
Cookies are used for a variety of purposes, such as IT authentication, session monitoring, and the storage of data on specific configurations relating to users who access the server.
They enable the Website to remember the User’s data throughout the duration of the visit or subsequent visits, allow the User to navigate the pages efficiently, save their preferences, enable them to interact with social networks such as Facebook, Google +, Instagram and provide the Google Maps services.
Visitors’ data are also processed in anonymous, aggregated, non-persistent form and will not be used for sending information of a personal nature or the dispatch of personalised advertising, and nor are visitor tracing or profiling systems used.
Users are informed that some operations might not be possible without the use of cookies, (“technical cookies”), which in some cases are technically necessary.
Cookies may be used to save the User’s login data and thus recognise them automatically (meaning that there is no need for the User to enter their username and password every time they access the website).
Data are processed with the aid of electronic or other automated, IT or computerised tools, by procedures in strict compliance with the purposes stated above, and in such a way as to ensure the security and confidentiality of the data.
Under current legislation, the User’s specific consent is not always required for the use of cookies. In particular, this consent is not required for “technical” cookies, used for the sole purpose of transmitting a message on a digital communications network, or to the extent strictly necessary for the provision of a service specifically requested by the User. In other words, these cookies are essential for the functioning of the website or necessary for the performance of activities requested by the User.
In order to regulate cookies correctly, and provide users with the information they need to express or withhold their consent to their use, below we set out our cookie policy statement and a list of the different categories of cookies used by the website.

a. Technical cookies
According to the Italian Data Protection Authority, technical cookies, the use of which does not require specific consent, also include:
– “analytical cookies”, when they are used directly by the site’s manager to collect information in aggregate form on the number of users and how they access and use the website;
– navigation or session cookies, (used for login, for making purchases, etc.);
– function cookies, which allow users to navigate on the basis of a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided.
The following is a specific list of the technical cookies used by the website, for which specific consent of the data subject is not required:
– SESSION TECHNICAL COOKIES
Necessary for the functioning of the site and to enable you to access its functions.
• uncodeAI.css SESSION DURATION
• uncodeAI.images SESSION DURATION
• uncodeAI.screen SESSION DURATION
– TECHNICAL COOKIES
Cookie source and origin: IUBENDA
Allows functioning of the Iubenda service.
• _hp2_id.# DURATION 2 YEARS
• _iub_cs-# DURATION 1 YEAR
• _pk_id# DURATION 1 YEAR
• _pk_ref# DURATION 6 MONTHS
• ajs_anonymous_id DURATION 1 YEAR
• ajs_group_id DURATION 1 YEAR
• ajs_user_id DURATION 1 YEAR
• mp_#_mixpanel DURATION 1 YEAR
• __ar_v4 DURATION 2083 DAYS
• __distillery DURATION 1 YEAR
• __vero_visit SESSION DURATION
• __veroc4 SESSION DURATION
• _iubenda_session SESSION DURATION
• _ok SESSION DURATION
• _okbk SESSION DURATION
• _okdetect SESSION DURATION
• _oklv SESSION DURATION
• country DURATION 1 YEAR
• hblid DURATION 2 YEARS
• locale DURATION 1 YEAR
• muxData DURATION 240 MONTHS
• olfsk DURATION 2 YEARS
• uvts DURATION 1 YEAR
• wcsid SESSION DURATION

b. Third-party cookies
When the User is browsing the Website, their terminal may also receive cookies belonging to other websites or web servers (“third-party” cookies), which may carry materials (such as images, maps, sounds, specific links to pages in other domains, etc.) present on the website they are visiting. These cookies are set by a website other than the one currently being visited.
Some of these third-party cookies have been anonymized by activating the specific IP function provided by Google – and, therefore, do not require specific consent of the data subject – including specifically the cookies listed below:
– (ANONYMIZED) THIRD-PARTY TECHNICAL COOKIES
Cookie source and origin: GOOGLE
Required by the Google Analytics third-party service
The IP anonymization function provided by Google has been activated.
• _ga EXPIRY AFTER 2 YEARS
• _gat EXPIRY AFTER 10 HOURS
• _gid EXPIRY AFTER 24 HOURS

Users will give their consent to non-anonymized third-party cookies by selecting the virtual acceptance button (for example an OK, a check, etc.) or by continuing to navigate the website (for example, by ignoring the banner/pop-up and proceeding to use the website); specifically, these cookies comprise those listed below:
– THIRD-PARTY TECHNICAL COOKIES
Cookie source and origin: GOOGLE
Required by the Google Maps third-party service.
• 1P_JAR EXPIRY AFTER 1 MONTH
• CONSENT EXPIRY AFTER 1 MONTH
• NID EXPIRY AFTER 6 MONTHS
• _ga is a persistent cookie which expires two years after the date of writing.
It distinguishes unique users, assigning them a randomly generated number. It is included on every page of the website and is used to create analyses of the navigation behaviour of visitors to the website, session data and campaign reports.
• _gat is a cookie which expires after ten minutes. It speeds up access requests.

3. Data processing procedures
The processing of your personal data takes place through the operations specified in art. 4 of the Personal Data Protection Code and art. 4, comma 2 of the GDPR, and specifically: collection, recording, organisation, storage, consultation, treatment, alteration, selection, retrieval, alignment, use, combination, freezing, disclosure, erasure or destruction of data. Your personal data are processed both on paper and by electronic and/or automated means.
The Data Controller will process personal data for the time needed to fulfil the above purposes and in all cases for a period of time not exceeding that necessary for the purposes for which they were collected, or the time enforced by civil and fiscal law.
– Data of children
R.E TE. Imprese Italia does not allow children below the age of 16 years to provide personal data.
The personal data of Users between 16 and 18 years of age will only be processed by R.E TE. Imprese Italia with the consent of the holder of parental responsibility.
– Geolocation data
With the User’s prior consent, the Website may process location data, in a non-continuous manner, for the provision of the services requested by the User.

4. Access to data
Your data may be rendered accessible for the purposes set out in art. 1.A) and 1.B):
– to the Data Controller’s employees and associates in Italy and abroad, in their capacity as data processors and/or persons in charge of the processing and/or system administrators;
– external companies or other entities (such as banks, professional practices, consultants, insurance companies for the provision of insurance services, etc.) which provide outsourced activities to the Data Controller, in their capacity as entities in charge of external data processing.
5. Disclosure of data
With no need for the specific consent of the data subject (art. 24 commas a), b) and d) of the Personal Data Protection Code and art. 6 commas b and c) of the GDPR), the Data Controller may disclose your data, for the purposes stated in art. 2.A), to supervisory bodies (such as insurance supervisory body IVASS), judicial authorities, insurance companies for the provision of insurance services, and the entities to which disclosure is compulsory by law for the fulfilment of the stated purposes. The said entities will process the data in their capacity as independent data controllers.
Your data will not be generally disseminated.

6. Rights of the data subject
In your capacity as data subject, you hold the rights specified in art. 7 of the Personal Data Protection Code and art. 15 of the GDPR, and specifically the rights to:
i. obtain confirmation as to whether or not personal data concerning you exist, regardless of their being already recorded, and disclosure of such data in intelligible form;
ii. to obtain the following information: a) the source of the personal data; b) the purpose and processing methods; c) the logic applied to the processing, if the latter is carried out with the help of electronic means; d) the identification data concerning data controller, data processors and the representative designated as per article 5, comma 2 of the Personal Data Protection Code and art. 3, comma 1 of the GDPR; e) the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing;
iii. to obtain: a) the updating, rectification or, where interested therein, integration of the data; b) the erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
iv. to object, partially or entirely: a) on legitimate grounds, to the processing of personal data concerning you, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning you, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys, with the use of automated systems not involving an operator, by email and/or by traditional marketing means using the telephone and/or paper mail. It should be noted that the data subject’s right to object, as per point b) above, with regard to direct marketing by automated means, also extends to traditional means, and that in all cases the data subject retains the right to exercise the right to object even only partially. Therefore, the data subject may decide only to receive communications by traditional channels, or only automated communications, or neither of the two types of communication.
Where relevant, the data subject also has the rights set out in art. 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability and right to object) and the right to complain to the Data Protection Authority.

7. Dissemination of data
The User’s personal data will not be disseminated or disclosed to other entities other than those listed in this privacy policy statement.

8. Amendments and updates to the Privacy Policy
R.E TE. Imprese Italia may amend or simply update all or part of this Privacy Policy, also in response to changes in the legal or regulatory framework which govern this topic and protect your rights. Users of the Website Homepage will be notified of amendments and updates to the Privacy Policy as soon as they are adopted, and any such changes will become binding immediately on publication in this section of the Website. Users are therefore urged to visit this section regularly to check for publication of the latest, most updated Privacy Policy.

9. Data controller, data processor and persons in charge of data processing
The Data Controller is R.E TE. Imprese Italia, with registered office at Corso Vittorio Emanuele II, 284, 00186 Rome (Italy), Tax Code and VAT no. 97602530582.
The updated list of the persons in charge of data processing and data processors is conserved at the registered office of the Data Controller.

TEXT OF ARTICLE 7 OF THE PERSONAL DATA PROTECTION CODE
Art. 7
(Right of access to personal data and other rights)

1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form.
2. A data subject shall have the right to be informed of:
a) the source of the personal data;
b) the purpose and processing methods;
c) the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) the identification data concerning data controller, data processors and the representative designated as per article 5, comma 2;
e) of the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. The data subject is entitled to obtain:
a) the updating, rectification or, where interested therein, integration of the data;
b) the erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

4. The data subject is entitled to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.