Privacy Policy

CaSRevolution S. r. l.

The terms in the list below shall have the meanings defined therein.

“Cookies”:

cookies are small text files that the Website sends to the User terminal (usually to the browser), where they are stored in order to be retransmitted to the same website on the next visit of the same User. When browsing this Website, the User could also receive on his terminal cookies from other websites or web servers (so called “third-party cookies”): this is because the website could include elements such as, images, maps, sounds, specific links to web pages of other domains found on other servers, different from the one of this Website. In other words, they are the cookies which are set by a website different from the Website itself.

“Company”:

CaSRevolution S.r.l., with registered office in Via Vincenzo Monti, 15 – 20123 – Milano (MI), Italia, tax code and no. of inscription with the Business Register of Milano 10636030966, owner of the Website.

“Data Controller”:

pursuant to Article 4 of the GDPR, a natural or legal person who, individually or together with others, determines the purposes and means of Personal Data Processing.

“Data Processors”

pursuant to article 4, n.7 of the GDPR, the natural or legal person, public authority, service or other body that processes data on behalf of the Data Controller.

“GDPR” or “Regulation”:

Regulation (EU) No 2016/679.

“CaSRevolution”

is a duly registered trademark owned by the Company[GG1] 

“Personal Data”:

pursuant to Article 4 of the GDPR, means any information concerning an identified or identifiable natural person (“ Data Subject”); the natural person whose identity can be directly or indirectly traced is considered identifiable, with particular reference to an identifier such as the name, the identification number, location data, an online identifier or one or more characteristic elements of his physical, physiological, genetic, psychic, economic, cultural or social identity.

“Privacy Code ”:

Legislative Decree no. 196 of 30 June 2003.

“Privacy Policy”:

terms and conditions here regulated according to Italian law and, in particular, to the GDPR.

“Processing”:

pursuant to Article 4 of the GDPR, means any operation or group of operations, carried out with or without the use of automated processes and applied to personal data or groups of personal data, such as gathering, recording, organizing, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparing or inter-connecting, limiting, cancelling or deleting.

“User”:

natural or legal person who browses the Website.

“Website”:

www.casrevolution.com. This web site owned by the Company

INTRODUCTION

Dear User, in compliance with the obligations established by the Privacy Code and the GDPR, we hereby intend to inform You that the Company, as Data Controller, will process the Personal Data concerning You, which may be collected by us, provided by You and/or communicated by other subjects, while browsing and using our Website and that this activity will be compliant with the GDPR and the legal requirements applicable each time.

    AMENDMENTS TO THE PRIVACY POLICY

    1. Our company may fully or partially amend and/or update the Privacy Policy.
    2. Such amendments shall be effective as soon as they are published on the Website.
    3. Amendments and/or updates to the Privacy Policy are highlighted and available on the Home Page.
    4. The User who disagrees with the Privacy Policy and subsequent amendments, may interrupt the use of the Website at any time.

    DATA CONTROLLER

    1. The Company is the Data Controller of the Personal Data collected through the Website. The processing related to the services of the Website takes mainly place at the Company registered office and is carried out by the staff in charge of Processing.
    2. Our Company adopts safety procedures to ensure confidentiality, integrity and availability of data.

    COLLECTED DATA AND LEGAL BASIS

    1. The Company may process the following personal data of the User, according to the following legal basis.

Categories of personal data

Purpose

Legal basis

Name and surname, address, telephone number, e-mail address, age, gender.

To fulfill the legal and tax obligations of the Company and other obligations arising from the instructions given by the authorities.

Fulfillment of a legal obligation to which the Company is subject (Article 6, paragraph 1, letter c), GDPR).

Name and surname, address, telephone number, e-mail address, age, gender, payment methods.

To fulfill the obligations connected with the execution of a contract entered into between the parties.

Execution of a contract to which the data subject is a party or execution of pre-contractual measures adopted at the request of the data subject (Article 6, paragraph 1, letter b), GDPR).

The Company may also process the User’s personal data relating to the online browsing history collected during his visits to the Website (regardless of whether you are a registered customer or not), using tracking technologies such as “cookies” (for information on the collection of data through cookies, consult the information on Cookies on the Website.

    PURPOSE OF THE PROCESSING

    1. The Company processes the User’s Personal Data, mainly with computer systems and electronic devices of its property or of third parties, selected by ensuring their reliability, expertise and professionalism.
    2. The User must give express consent for the Processing of some specific data, or for certain purposes, for example when the creation of a user profile based on the User’s preferences is required, in order to send information related to the User’s interests and inclinations.
    3. In all other cases where an expressed consent is not required, our Company may freely process the User’s data without any further authorization, considering this Privacy Policy read and accepted in all its parts.
    4. Data Processing may be carried out on our Company’s behalf also by third parties that provide data processing services or carry out activities complementary to or necessary for the performance of the requested services and operations, which are appointed Data Processors on behalf of the Company on each occasion. The updated list of Data Processors may always be requested to the Data Controller.
    5. The User’s personal data may be transferred and/or visible to subjects connected to the Company, without the need for specific consent, to the extent that this is necessary for the management of the services of the Website.
    6. The Company may process personal data of third parties, that the User disclosed to our Company, even if not directly acquired from them. In case the User provides the data of another subject, the User must have previously obtained the data subject’s consent and, in any case, agrees to acquire it, holding the Company harmless from any burden or liability.

    PERSONAL DATA STORAGE PERIOD

    1. The Personal Data collected to fulfill a legal obligation and to execute a contract will be stored for a period not exceeding the time necessary for these purposes and, in any case, not exceeding 3 years after the termination of the contract (for example, following the withdrawal of the registration on the Website), after which they will be destroyed or rendered unusable or made anonymous. The storage of such Data takes place on third-party servers, located in Europe, which guarantee levels of security and stability according to standards generally applied and recognized as reliable by the state of the art.
    2. In any case, Personal Data will be stored for a period not exceeding the time necessary for the purposes for which they were collected in accordance with the provisions of art. 5 co. 1 letter e) of the GDPR.

    ART. 6 - USER RIGHTS

    1. Pursuant to the provisions introduced by the GDPR, the User has the following rights:

·         right of access: pursuant to Article 15 GDPR, the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: a)the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;

·         right to rectification: pursuant to Article 16 GDPR, The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement;

·         right to erasure: pursuant to Article 17 of the GDPR, The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing; c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. The right to erasure does not apply in the cases expressly provided for by art. 17 par. 3 GDPR such as for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims;

·         right to restriction of Processing: pursuant to Article 18 of the GDPR, the data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;

·         right to data portability: the right to request at any time and receive, in accordance with Article 20, paragraph 1 of the Regulation, all Personal Data processed by the Data Controller and/or by the Data Controllers in a structured format, of common and legible use or request its transmission to another Data Controller. In this case, it will be the Data Subject’s responsibility to provide us with all the exact details of the new Data Controller to whom he intends to transfer his Personal Data giving us written permission;

·         right to object: pursuant to Article 21, paragraph 2 of the Regulation, you can object, at any time, to the processing of your Personal Data if these are processed for direct marketing purposes, including profiling in so far as it is related to such direct marketing;

·         right to lodge a complaint with the supervisory authority: without prejudice to the right to appeal to any other administrative or judicial body, if it is deemed that the Processing of Personal Data carried out by the Data Controller is in violation of the Regulation and/or applicable legislation, it is possible to lodge a complaint with the competent Authority for the Protection of Personal Data.

    ADDITIONAL INFORMATION

    1. The Company shall have the right to delete the accounts and all related data in the event that any illegal content, damaging Company’s reputation and/or its products or of third parties, or content in any way offensive or promoting illegal or defamatory activities, that incites violence, promotes discrimination related to race, sex, religion and sexual orientation is found.

    LINKS TO OTHER WEBSITES

    1. Our Website may contain links to other websites that may have no connection with our Company, by way of example the e-commerce websites of Company’s commercial partners
    2. The Company does not control or monitor such websites and their contents and cannot be held responsible for the contents of these websites and the rules adopted by them, also with regards to the User’s privacy and the processing of Personal Data during browsing operations. Therefore, please pay attention when connecting to these websites, using the links on our Website and carefully read their terms and conditions of use and privacy policies. The Company’s Privacy Policy does not apply to third parties’ websites. Our Website provides links to these websites solely to help the users in their research and browsing and to allow hyperlinking to other websites on the Internet. The activation of these links does not imply any recommendation or notice by The Company for accessing and browsing these websites, nor any guarantee as to their content, services or goods they provide and sell to Internet users.

    CONTACTS

    1. If you wish to receive more information on how the Company processes your Personal Data or to exercise your rights as aforementioned, please write an e-mail to the address info@casrevolution.com. The request shall be signed and accompanied by a copy of an identity document bearing the signature of the Data Subject and shall indicate the address to which the reply shall be sent. The reply shall be sent within one month of receiving the request.
    2. For information concerning your rights and for updates on legislation concerning the protection of individuals with regards to the processing of personal data please visit the Data Protection Authority’s website at: http://www.garanteprivacy.it/.

    APPLICABLE LAW

    1. This Privacy Policy is governed by the GDPR and, as far as applicable by the Privacy Code, which regulate the Processing of personal data – including data stored abroad – carried out by any party residing or based in Italy.