PRIVACY and COOKIES
POLICY OF THE WEBSITE

Dear User,

with the final entry into force of the new General Data Protection Regulation (GDPR) 2016/679, starting from 25 May 2018 in Europe – for the protection of individuals – we deem important for you to be aware of your rights in relation to your data when you decide to access our online services.
Here is how and why we use your data and how you can control such use. The new information statement below has the following sections:

  • Data Controller: Who processes your data
  • Legal bases: The reason why you provided us with your data
  • Category of data processed: Which data we process
  • Purpose of the processing: What we process your data for
  • Method of Processing: How we process your data
  • Duration of Processing: How long we keep your data
  • What cookies are
  • Summary table of the cookies used
  • Guarantee of security of your data: How we protect your data
  • Exercise of the data subject’s rights: What rights you have

We invite you to read the following information statement


INFORMATION STATEMENT PURSUANT TO ARTICLES13-22 OF REG.(EU) 2016/679

Pursuant to Article 13 of Regulation (EU) 2016/679, we inform you that the personal data acquired will be processed, even in an automated way, for the purposes of:
access to our online services, also in case of request of a reservation for a visit to the new RBM research and development centre dedicated to experiential training in the plumbing and heating sector;
sending, in general, any information requested by customers and/or suppliers in order to contact you again, even in relation to the lodging of a complaint;
access to the Reserved page of the website by means of your credentials, after user Registration;
sending newsletters

Data Controller

Company Name: RBM S.P.A.
Administrative headquarters address: VIA S. GIUSEPPE, 1 – 25075 NAVE (BS)
Telephone contact information: +39 030 2537211
Email contact information: [email protected]

Data recipients and persons authorised to the processing

In addition to employees and collaborators of RBM S.P.A. the processing of personal data may be carried out by third parties, to which the company decides to entrust specific activities (or part of them) that are connected or instrumental to the processing or to the provision of the requested services. In such case, the aforementioned parties will operate as independent Data Controllers or will be appointed as Data Processors which may carry out technical and organisational tasks of the website on behalf of the Data Controller.

Legal basis and possible consequences in case of failure to provide the data

The personal data collected through the Website are processed on the basis of your consent, pursuant to Reg. (EU) 2016/679, art. 6, paragraph 1, letter a). In case you refuse it will be impossible to contact you again, to book visits to the new RBM research and development centre and/or to provide you with any information, and/or to send you any commercial communications.

Compulsory data provision

Some personal data are strictly necessary for the operation of the Website, whereas others are used for the sole purpose of obtaining anonymous statistical information in relation to the use of the Website and checking its correct functioning, thus they are deleted immediately after processing.

Categories of data processed

a) DATA PROVIDED BY THE USER

The data collected are personal and are provided by the data subject spontaneously, by filling in the specific contact forms or by sending emails.

b) NAVIGATION DATA/DATA PROCESSED FOR THE PURPOSE OF THE WEBSITE’S OPERATION

During their normal operation, the computer systems and software procedures used for the operation of this website acquire some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified data subjects but, by its very nature, such information could lead to the identification of users through processing and association with data held by third parties. This category of data includes the IP addresses or domain names of the computers used by the users who connect to the website, the Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. Such data are used for the sole purpose of obtaining anonymous statistical information in relation to the use of the website and checking its correct operation and they are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical cyber crimes against the website: except for this possibility, data on web contacts are not kept for more than seven days.

c) DATA DERIVING FROM CONTENT SHARING ON SOCIAL NETWORKS

In case you activated the sharing of data of your account or profile with third-party applications, sharing some content through one or more social networks may involve access to some information stored in your account or profile.

d) LOCATION DATA

The Website may collect location data through IP address masking (that is to say in anonymous form)

e) RESERVED AREA DATA

The reserved area may be accessed by users with a valid username and password. Access to the reserved area requires the submission of a request by filling in a data form. The data requested in the form are stored in the website’s DB and are not sent by email.
The reserved area allows the user to access non-public technical information and services provided.
Purpose of the processing
The processing has the purpose of accessing our online services, of contacting you again after your request to receive newsletters and/or information, by filling in the related online forms “Contacts”, “Book a visit”, “Registration”. Specific information is published on the pages of the Website for the provision of said services.

Method of processing

The personal data will be processed in paper, computerised and telematic form and inserted in the relevant databases (customers, suppliers, users, etc.) which the persons expressly designated by the Data Controller as Data Processors and Persons in charge of the processing may access and, therefore, become aware of; such persons may carry out consultation, use, processing, comparison operations and any other appropriate operation, even in an automated way, in compliance with the provisions of the law that are necessary to guarantee, among other things, data confidentiality and security, as well as the accuracy, updating and relevance of such data with respect to the declared purposes.

Personal data retention period

For the data provided through the “Contacts” Contact Form: 5 years from last contact
For the data provided through the activation of the RESERVED AREAservice: 10 years from last access
For the data provided through the activation of the BOOK A VISITservice: 5 years from last access
For data provided by subscribing to the newsletter: 24 months from consent

WHAT COOKIES ARE

Cookies are small text files that may be used by websites to make the user’s experience more efficient.
According to the law, we can store cookies on your device in case they are strictly necessary for the operation of this site. For all other types of cookies, on the other hand, we need your consent.
This website uses different types of cookies. Some cookies are set by third-party services appearing on our pages.
At any time you can change or withdraw your consent from the Cookies Declaration on our website.
Find out more about who we are, how you can contact us and how we process personal data in our Privacy Information Statement.
Specify the ID of your consent and the date on which you contacted us to give your consent.

Name of the organiser (RBM, Google, FB, etc.) Name of the cookie Duration Scope

/purpose

Origin (first or third party) Technical, analytical, marketing or profiling, etc. Anonymised or non-anonymised Link to the organiser’s privacy/cookie policy
Cloudflare __cfduid 29 days Used by the content network, Cloudflare, to identify reliable web traffic. Third party Technical Yes https://www.cloudflare.com/it-it/privacypolicy/?utm_referrer=https://support.cloudflare.com/
RBM cf_ob_info 1 day Used to detect whether the website is inaccessible, in case of maintenance and updates. The cookie allows the site to display a warning to the visitor relating to the problem in question. First party Technical Yes /
RBM cf_use_ob 1 day Used to detect whether the website is inaccessible, in case of maintenance and updates. The cookie allows the site to display a warning to the visitor relating to the problem in question. First party Technical Yes /
CookieBot CookieConsent 1 year It stores the user’s consent status to cookies for the current domain Third party Technical Yes https://www.cookiebot.com/it/privacy-policy/
RBM what-intent Session It determines the device used to access the website. This allows the website to be formatted accordingly. First party Technical Yes /
YouTube yt-player-bandaid-host Persistent Used to determine the optimal video quality on the basis of the visitor’s device and network settings. Third party Preferences No https://policies.google.com/privacy
YouTube yt-player-bandwidth Persistent Used to determine the optimal video quality on the basis of the visitor’s device and network settings. Third party Preferences No https://policies.google.com/privacy
YouTube yt-player-headers-readable Persistent Used to determine the optimal video quality on the basis of the visitor’s device and network settings. Third party Analytical No https://policies.google.com/privacy
Google IDE 1 year Used by Google DoubleClick to register and report on the user’s actions on the website after his/her viewing or clicking one of the advertisements, in order to measure the effectiveness of an advertisement and provide the user with targeted advertising. Third party Marketing No https://policies.google.com/privacy
Google test_cookie 1 day Used to check whether the user’s browser supports cookies. Third party Marketing No https://policies.google.com/privacy
Facebook fr 3 months Used by Facebook to provide a series of advertising products, such as real-time offers, from third-party advertisers. Third party Marketing No https://www.facebook.com/policies/cookies/
Facebook tr Session Used by Facebook to provide a series of advertising products, such as real-time offers, from third-party advertisers. Third party Marketing No https://www.facebook.com/policies/cookies/
Google pagead/1p-user-list/# Session It controls whether the user showed interest in specific products or events on multiple websites and detects how the user navigates among websites. It is used to assess advertising activities and it facilitates the payment of fees for website redirecting. Third party Marketing No https://policies.google.com/privacy
Google Tag Manager _fbp 3 months Used by Facebook to provide a series of advertising products, such as real-time offers, from third-party advertisers. Third party Marketing No https://policies.google.com/privacy
YouTube VISITOR_INFO1_LIVE 179 days It tries to estimate the user’s connection speed on pages with embedded YouTube videos. Third party Marketing No https://policies.google.com/privacy
YouTube YSC Session It registers a unique ID for statistics related to the YouTube videos that the user viewed. Third party Marketing No https://policies.google.com/privacy

Data localisation, data disclosure and data transfer to non-EU third countries
The personal data collected are stored in the servers of RBM S.P.A., located in ITALY, and in Servers located in Frankfurt and Amsterdam
The disclosure of data to third parties will occur only if such disclosure is necessary to comply with the received request
RBM S.P.A. does not transfer personal data to non-EU territory.

 

How we protect your data

We design our systems and devices giving due consideration to your security and privacy. The personal data are processed through automated tools in compliance with the principle of necessity and proportionality, thus personal data are prevented from being processed in case the operations may be carried out through the use of anonymous data.
In compliance with the GDPR, we adopt physical, electronic and organisational security measures in relation to the collection, retention and disclosure of our customers’ personal data, for the purposes of preventing the loss, unlawful use of personal data and unauthorised access. We remind you that it is good practice for the security of your data to carry out the appropriate checks on your device, so that it is endowed with periodically updated antivirus tools and so that the Internet Service Provider providing you with the Internet connection guarantees the secure transmission of data through firewalls, anti-spam filters and/or other similar guarantees.

Data subjects’ rights

Data subjects, in relation to the personal data covered by the policy herein, are entitled to exercise the rights below, envisaged by the EU Regulation:
· data subjects’ right to access [art. 15 of the EU Regulation] (possibility to be informed about the processing carried out on their Personal Data and possibility to receive a copy);
· right to request rectification of their Personal Data [art. 16 of the EU Regulation] (data subjects have the right to request rectification for any inaccuracy in relation to their personal data);
· right to erase their Personal Data without undue delay (“right to be forgotten”) [art. 17 of the EU Regulation] (data subjects have and will have the right to have their data erased);
· right to request restrictions to the processing of their Personal Data in the cases envisaged by art. 18 of the EU Regulation, including unlawful processing or calling into question the accuracy of the Personal Data by the data subjects [art. 18 of the EU Regulation];
· right to data portability [art. 20 of the EU Regulation], the data subjects may request to obtain their Personal Data in a structured format in order to transmit them to another Data Controller, in the cases envisaged by the same article;
· right to object to the processing of their Personal Data [art. 21 of the EU Regulation] (the data subjects have and will have the right to object to the processing of their personal data);
· right not to be subject to automated decision-making processes, [art. 22 of the EU Regulation] (the data subjects have and will have the right not to be subject to a decision that is based only on automated processing).
Further information about data subjects’ rights may be found on the website www.garanteprivacy.it or by asking the Data Controller for a verbatim extract of the aforementioned articles.
The aforementioned rights can be exercised free of charge according to what is established by the Regulations, by sending an email to: [email protected]
The Data Controller, in compliance with art. 19 of the EU Regulation, informs the data recipients to which the personal data have been disclosed of any requested corrections, erasure or restrictions to the processing, where possible.
With reference to the aforementioned purposes, the data subjects have the right, at any time, to withdraw their consent for the processing of identification and personal data by sending an email to [email protected] 
Pursuant to Article 7 of the EU Regulation, the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal.

Right to lodge a complaint

Should the data subjects deem that their rights were compromised, they have the right to lodge a complaint with the Italian Data Protection Authority, in accordance with the methods provided by the same Authority at the following internet address: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9041356

Amendments and updates

The Information Statement herein is valid from 29/07/2020 until the next update