.

Information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree. 101/2018 

Pursuant to Article 13 of Regulation (EU) 2016/679 ('Regulation'), the Joint Controllers, as defined below, hereby wish illustrate the purposes for which they collect your personal data, which will be processed in accordance with the principles of fairness, lawfulness and transparency, protecting your confidentiality and in compliance with the aforementioned legislation. 


1. Contitolari del trattamento 

Retex S.p.A., with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, email info@retexspa.com ('Data Controller')

Digital Retex S.r.l, with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, info@retexspa.com, ('Data Controller')

Venistar S.r.l, with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, info@venistar.com ('Data Controller')

Lem Ict S.r.l, with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, info@retexspa.com, ('Data Controller')

Connexia S.r.l, with registered office in Milan, Via B. Panizza 7, postcode 20144, email info@connexia.retexspa.com (Data Controller')

Witailer S.r.l, with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, info@retexspa.com, ('Data Controller')

 

hereinafter collectively referred to as 'Joint Controllers'.

 

The Joint Controllers have entered into a joint controller arrangement ('Arrangement') pursuant to Article 26 of the Regulation, in order to regulate their mutual roles and responsibilities with regard to their joint control of the personal data of their customers, prospective customers, users of each Joint Controller's websites, subscribers to each Joint Controller's newsletter service, and/or their contact persons.

Any personal data provided to any Joint Controller shall automatically be jointly controlled by the other Joint Controllers. The essential content of the Arrangement, upon specific request, is at your disposal at the office of each Joint Controller.

 


2. Data Protection Officer (DPO)

The Joint Controllers have designated a Data Protection Officer (DPO), appointed at Group level, whom you may contact for all matters relating to the processing of your personal data and the exercise of your rights under the Regulation. The contact details of the DPO are as follows: dpo-retex@retexspa.com.

 

3. Type of data processed

Data processing may concern your common personal, identification and contact data, acquired directly or through third parties, such as – by way of example but not limited to - identification data (name, surname, telephone number, company email, data relating to your company/office, sector, job role, function and other similar data) also concerning any contact persons, employees, collaborators or in any case subjects related to your activity, as well as data relating to interests, preferences and habits.


4. Purposes and legal basis of processing 

4.1  Each Data Controller, except in the case of a joint controller relationship as set out below, shall process the personal data of its customers/users to provide the requested services and for purposes strictly connected with and instrumental to the management and performance of the pre-contractual and/or contractual relationship, as well as for purposes connected with the obligations laid down by laws and/or regulations and by any provisions issued by authorities empowered to do so by law.

The legal basis of data processing for the above-mentioned purposes is Article 6.1 (b), (c) and (f).


4.2 The Joint Controllers shall jointly process the data collected in the performance of their activities for the purposes of:

  • sending advertising material, direct sales, market research and commercial communications, including by automated contact methods;
  • sending newsletters;
  • profiling of data on interests, preferences and habits.

The legal basis of data processing for the above-mentioned purposes is Art. 6.1 (a).

 


5. Required or optional nature of data provision and consequences of refusal to provide data 

The nature of the provision of personal data is mandatory for the purposes set out in point 4.1 above.

The provision of data for the purposes set out in point 4.2 above is optional and processing requires the consent of the data subject; the latter's refusal will have no consequences on the performance of the services requested.

For the purposes referred to in point 4.2 above, the Joint Controllers have also jointly determined in their specific Arrangement the methods of data processing and defined the procedures for providing feedback to the data subject pursuant to Articles 15-22 of the Regulation. Pursuant to Art. 26(2) of the Regulation, the Joint Controllers will make available to the data subjects the essential content of the Joint Controller Arrangement.


6. Methods and duration of processing

6.1 Personal data shall be processed by authorised and specialised personnel, in a lawful and fair manner, with or without electronic or automated means, and shall include all the operations or set of operations necessary for the processing in question, including recording and storage, using security measures that ensure confidentiality and protect personal data against any unlawful use, unauthorised access or disclosure and prevent the loss of such data.

6.2 For the purposes referred to in point 4.1 above, personal data shall be kept for the period of time necessary to achieve the purposes for which they were collected and shall be processed for the period of time necessary to execute the requests of data subjects, for the fulfilment of legal obligations related to administrative, accounting, tax, social security activities (10 years), without prejudice to further obligations provided for by law.

6.3 For the purposes referred to in point 4.2 above, personal data shall be kept for a period of time not exceeding the fulfilment of the purposes indicated therein and, in any case, for a maximum of 24 months, without prejudice to the right to withdraw consent to processing.

 

7. Disclosure of data

Personal data may be disclosed to employees, office workers, collaborators and, in any case, only to personnel authorised by the Joint Controllers, for the purposes indicated in point 4 above.

Personal data may also be disclosed to third parties in order to fulfil legal obligations or to subjects, or categories of subjects, such as, by way of example, external consultants, banks, financial institutions, freelance professionals, computer equipment maintenance companies, providers of services for the management of the information system, including Internet sites, web applications and telecommunications networks, and in any case to all third parties identified for the purposes listed above and for the performance of existing contractual obligations. The aforementioned persons shall act as Independent Data Controllers or Processors on behalf of the Controller and according to its instructions.

The updated list of data processors is maintained by the Joint Controllers and is available upon request.


8. Data transfers  

Personal data will not be processed and transferred outside the European Union. If they are transferred - even for mere archiving purposes - to third countries outside the European Union, the rights provided for in the Regulation will be guaranteed and such transfers will take place in compliance - in all cases - with the applicable legal provisions and the Standard Contractual Clauses approved by the European Commission or other equivalent guarantees.


9. Rights of the data subject 

Pursuant to Articles 15-22 of the Regulation, you are entitled to exercise the following rights:

(a) to access your personal data

(b) to receive confirmation of the existence or non-existence of such data and to know their content and source;

(c) to have them rectified, updated or erased;

(d) to object to the processing or to request its restriction;

(e) to data portability;

(f) to withdraw consent at any time, where applicable: withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal; you may also object to processing for marketing and/or profiling purposes pursuant to Article 21 of the Regulation;

(g) to lodge a complaint with the Data Protection Authority.

These rights may be exercised by sending a written notice to each Controller:

  • Retex S.p.A., with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, or to the email address: info@retexspa.com o dpo-retex@retexspa.com;
  • Digital Retex S.r.l., with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, or to the email address info@retexspa.com
  • Venistar S.r.l., with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, or to the email address info@venistar.com
  • Lem Ict S.r.l., with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, or to the email address info@retexspa.com
  • Connexia r.l, with registered office in Milan, Via B. Panizza 7, postcode 20144, or to the email address info@connexia.retexspa.com
  • Witailer S.r.l, with registered office in Milan, via Gaetano de Castillia 23, postcode 20124, or to the email address info@retexspa.com


10. Changes

The Joint Controllers reserve the right to amend or simply update the content of this information, in part or in full, also due to changes in the applicable legislation. In that case, timely notification will be given.

Partner with Retex

Get in touch

Explore

Orizzonti

Utility

Privacy Cookie Policy Quality Policy Codice etico Modello 231 Politica parità di genere

Careers

Do your best work among a
caring community of
diverse talents.

Join us

General info
info@retexspa.com
+39 02 89 050 792

Warnings
https://grupporetex.whistlelink.com

atoms connexia lem-ict reetx tecno-logica witailer venstar 3esse

© 2023 Retex S.p.A.CF/PI 06054450017R.E.A N. MI-1929001Cap. Soc. 3.000.000€