Article 13 Regulation (EU) 2016/679 of the European Parliament and of the European Council
Recaro Kids S.r.l., with registered office in Padova (PD), via Niccolò Tommaseo n. 68, VAT registration number 04925580286 (hereinafter the “Company” or the “Controller”), as the controller of personal data, hereby provides this privacy notice pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter the “GDPR”), to data subjects (hereinafter the “Data Subjects”).
The Company, in a capacity as controller, undertakes to protect the confidentiality and rights of the Data Subject and, according to the principles of the aforesaid regulation, the processing of data provided will be based on principles of lawfulness, fairness and transparency.
- PURPOSES OF PROCESSING
The personal data of Data Subjects will be processed by the Company for the following processing purposes:
a) fulfilling the pre-contractual and contractual obligations necessary to offer the sales service to the Data Subject if the latter has made a purchase or to offer any further services requested by the Data Subject, including participation in prize contests;
b) carrying out all technical activities related to the purposes set out in letter a), in order to simplify the purchase process;
c) carrying out all administrative, accounting and fiscal activities related to the purposes set out in letter a) above as well as complying with the provisions of domestic and foreign laws and regulations, or executing an order of the judicial authority or other authorities to which the Controller is subject;
exercising the rights of the Controller with particular reference to representation in legal proceedings.;
d) carrying out marketing activities of various kinds (such as, as the case may be, sending email and/or push notifications and/or SMS and/or mobile messaging applications and/or telephone and/or hardcopy communications), including the promotion of products, services, distribution of information, advertising and promotional material, events, sending of newsletters and publications.
Providing data for the purposes under letters a) b) and c) is optional, however, failure to provide the data and/or not consenting to processing will prevent the Controller from providing the services requested. The processing is lawful as it is carried out to meet pre-contract and contract obligations, comply with legal provisions and regulations and exercise the rights of the Controller.
According to the purposes under letter b), during the purchase procedure, the personal data of Data Subjects will be memorized in order to simplify the finalization of the purchase order in case of a further access. Before the finalization of the purchase order, the Data Controller will not process these data for any different reason.
Providing data for the purposes under letter d) is optional. Not consenting to providing the data will only prevent the Controller from carrying out the activities indicated therein.
Data Subjects may also withdraw their consent at any time, as easily as when they granted it.
2. PROCESSING METHODS
Data are processed using electronic and/or hardcopy means, recording, processing, archiving and sending data also using IT tools
The nature of the tools and supports used in the various processing activities enable data to remain secure and confidential.
When engaging in data processing activities, the Company is dedicated to:
- ensuring that the data processed are accurate and up-to-date, promptly accepting any corrections and/or additions requested by the Data Subject;
- adopting appropriate security measures to ensure adequate data protection, taking into account the potential impact of the data processing activities on the fundamental rights and freedoms of the Data Subject;
- Notifying the Data Subject of any breaches of personal data, within the time frames and under the circumstances provided for by mandatory legislation;
- Ensuring that processing operations comply with the applicable legal provisions.
- COMMUNICATION AND DISSEMINATION OF DATA
Without prejudice to communications made to fulfil legal obligations, the personal data of the data subject may be known, in addition to the Controller, by:
- employees and collaborators of the Controller as authorised employees for data processing;
- domestic and foreign companies belonging to the same group as the Controller;
- administrative/accounting consultants;
- authorities in general, administrations, public bodies and agencies, both domestic and foreign;
- business partners of the Controller tasked with the management of points of sales;
- providers of data entry and digital archiving services;
- marketing companies.
Solely for the purposes listed above according to any consent given by the Data Subject. Personal data shall not be subject to dissemination.
- TRANSFER OF DATA ABROAD
Personal data will be filed and processed within the European Union.
If personal data are processed outside the European Union, this will take only place adopting adequate safeguards, as provided for by mandatory legislation.
- DATA STORAGE POLICY
The Company keeps personal data in its systems in a form that allows identification of the persons concerned according to the following criteria:
- for a period of time not exceeding that required in order to achieve the purposes for which this information is processed, unless otherwise provided for by legal or contractual obligations;
- to comply with specific regulatory or contractual obligations;
- where applicable and legitimate, until such time as the data subject requests their removal.
- RIGHTS OF THE DATA SUBJECT
Data Subjects can exercise their rights granted by mandatory legislation and in particular by articles 15 to 22 of the GDPR, such as:
- The right of access by the data subject: the right to obtain confirmation from the Controller as to whether or not personal data concerning him or her are being processed, and where this is the case, to gain access to this personal data along with further information on the source, purposes, and categories of personal data concerned, as well as the recipients of transferred and/or communicated data, etc.
- The right of rectification: the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. This also includes the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, where:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the Data Subject has withdrawn consent on which the processing is based and where there is no other legal ground for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation.
- Right to object: the right to object at any time to processing of personal where a legitimate interest of the Controller exists as a legal basis for this.
- Right to restriction of processing: the right to obtain from the Controller the restriction of processing, in cases where the accuracy of the personal data is contested (for the period necessary for the Controller to verify the accuracy of such personal data), if the processing is unlawful and the Data Subject has objected to the processing, if the personal data are necessary for the Data Subject to ascertain, exercise or defend a right in court, if following the objection to the processing the Data Subject is waiting for the verification whether or not the legitimate interest of the Controller prevails.
- Right to data portability: the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller where the processing is based on consent or contract and is carried out by automated means.
- Right not to be subjected to automated decisions: the right to obtain from the Controller not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning the Data Subject or significantly affect the Data Subject, unless such decisions are necessary for the conclusion or performance of a contract or are based on the consent given by the Data Subject.
- Right to lodge a complaint with a supervisory authority: save for any other administrative or legal remedy, the Data Subject who considers that the processing concerning him/her has breached the GDPR are entitled to file a complaint with the supervisory authority.
At the end of the exercise of the rights provided by the GDPR, the Data Subject may:
(i) send requests to the Controller, by connecting to the website:
(ii) or alternatively contact the Controller at the following address:
Recaro Kids S.r.l.
Legal Affairs – Ufficio privacy
Via Saldarini Catelli 1
22070 Grandate (CO)
indicating in the subject "Privacy".