Privacy Policy of Realia S.r.l.
Realia S.r.l. collects some Personal Data from its Users through the managed websites [**].
Data Controller
Realia S.r.l.
S.L. Via Vittorio Emanuele II, 26 – 20039 – Monza
P.I. and C.F. 10451370968
Email address of the Owner: info@realia.srl
The person in charge of personal data protection is the internal officer of the company that can be contacted at the email address dpo@realia.srl
Types of Data collected
Among the Personal Information collected by Realia, either independently or through third parties, there are: email, first name, last name, Usage data, phone number, profession, province, state, country, postal code, gender, date of birth, city , address, company name, website, cookies and various types of data.
Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data are collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of Realia.
All data requested by Realia are mandatory and, in the absence of their contribution, it could be impossible for Realia S.r.l. provide the service. In cases where Realia indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the service or on its operation.
Users who have doubts about which data are mandatory, are encouraged to contact the owner.
Any use of Cookies – or other tracking tools – by Realia or third party service providers used by Realia, unless otherwise specified, is intended to provide the service requested by the User, in addition to the additional purposes described in this document and in the Cookie Policy, if available.
The User assumes the responsibility of the Personal Data of third parties published or shared through Realia and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.
Mode and place of processing of collected data
Treatment mode
The Data Controller processes the Personal Data of Users by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out by means of computer and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may have access to the Data subjects of the persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.
Place
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the owner.
Times
The data will be processed for the entire duration of the contractual relationships established or required by the purposes described in this document and also subsequently, for the fulfillment of all legal obligations and in any case for a period not exceeding 10 years from the signing of the contract, which prescription period from contractual liability, or beyond in cases expressly required by law.
Purpose of processing the collected data
The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Managing contacts and sending messages, Contacting the User, Interaction with data collection platforms and other third parties, Heat mapping and session recording, interaction with online survey platforms, tag management, remarketing and behavioral targeting, hosting and backend infrastructure, statistics and displaying content from external platforms.
The types of Personal Data used for each purpose are indicated in the specific sections of this document.
Details on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
Contact the user
Mailing list or newsletter (Realia S.r.l.)
By registering with the mailing list or the newsletter, the User’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to Realia can be transmitted. The email address of the User may also be added to this list as a result of registration in Realia or after making a purchase.
Personal Data collected: ZIP code, city, surname, date of birth, Usage data, email address, country, name, phone number, profession, province, company name, gender, website and state.
Compilation of the contact form
By completing the contact form the User allows the Application to identify it and give it access to dedicated services.
Manage contacts and send messages
This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User.
These services may also allow us to collect data relating to the date and time the messages are displayed by the User, as well as to the User’s interaction with them, such as information on clicks on the links inserted in the messages.
MailChimp (The Rocket Science Group, LLC.)
MailChimp is an address management and email message service provided by The Rocket Science Group, LLC. Personal Data collected: email.
Place of processing: USA – Relative Privacy Policy https://eepurl.com/dyiknH
Tag management
This type of services is functional to the centralized management of the tags or scripts used on Realia.
The use of these services involves the flow of User Data through them and, if necessary, their retention.
Google Tag Manager (Google Inc.)
Google Tag Manager is a tag management service provided by Google LLC. Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy https://policies.google.com/privacy
Cloud Services
Realia S.r.l. it uses Service cloud platforms that can potentially allow access to the data registered in it to the granting authority.
Drive (Google Inc.)
Google Drive is a service in cloud computing, storage and synchronization online managed by the company Google Inc.
Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy https://policies.google.com/privacy
Hosting and back-end infrastructure
This type of service has the function of hosting data and files that allow Realia to work, allow distribution and make available a ready-to-use infrastructure to provide specific features of Realia.
Some of these services work through geographically dispersed servers in different locations, making it difficult to determine the exact location where Personal Data is stored.
Aruba (Aruba S.p.A ..)
Aruba is a hosting service provided by Aruba S.p.A.
Personal Data collected: various types of Data as specified in the privacy policy of the service. Place of processing: Italy and EU – Privacy Policy https://cloud.it/gdpr-protezione-dati-normativa-ue.aspx
Amazon Web Services
AWS is a hosting and infrastructure service provided by Amazon Web Services Inc. Personal Data collected: various types of Data as specified in the privacy policy of the service. Place of processing: USA and EU. Privacy Policy:
(EU) 2016/679 (c.d. GDPR)
AWS conditions
Security of Personal Data
During our GDPR service readiness audit, our security and compliance confirm that AWS has in place effective technical and organizational measures for data processors to secure personal data in accordance with the GDPR. Security remains our highest priority, and we continue to innovate and invest in a high bar for security and compliance. Our industry-leading functionality provides the foundation for our long list of internationally-certified certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalog (C5). AWS continues to pursue the certifications that assist our customers.
Compliance-enabling Services
GDPR focus on effective control and protection of personal data. AWS services give you the ability to implement your own security measures in order to enable your compliance with the GDPR, including specific measures such as:
Compliance-enabling Services
GDPR focus on effective control and protection of personal data. AWS services give you the ability to implement your own security measures in order to enable your compliance with the GDPR, including specific measures such as:
Encryption of personal data
Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
Ability to restore the availability of a physical or technical incident
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures
This is an advanced set of security and compliance services that are specifically designed to handle the requirements of the GDPR. There are numerous AWS services that have a special meaning for customers focusing on GDPR compliance, including:
Amazon GuardDuty – a security service featuring intelligent threat detection and continuous monitoring
Amazon Macie – A machine learning tool to assist discovery and securing of personal data stored in Amazon S3
Amazon Inspector – an automated security assessment with the best security practices
AWS Config Rules – a monitoring service that dynamically checks cloud resources for compliance with security rules
Additionally, we have published a whitepaper, “Navigating GDPR Compliance on AWS,” dedicated to this topic. GDPR concepts to specific AWS services, including those related to monitoring, data access, and key management. Furthermore, our GDPR Center will give you access to up-to-date resources that you need to tackle that directly support your GDPR efforts.
Compliant DPA
We offer a GDPR-compliant Data Processing Addendum (DPA), enabling you to comply with GDPR contractual obligations.
Conformity with a Code of Conduct
GDPR introduces adherence to a “code of conduct” as a mechanism for demonstrating sufficient proof of requirements that the GDPR places on data processors. In this context, we previously announced compliance with the CISPE Code of Conduct. The CISPE Code of Conduct provides customers with additional assurances regarding their ability to fully control their data in a safe, secure, and compliant environment when they use services from providers like AWS. CISPE Code of Conduct can be found at: https://aws.amazon.com/compliance/cispe/
Training and Summits
We can provide you with training on navigating GDPR compliance using AWS services via our Professional Services team. This team has a GDPR workshop offering, which is a two-day facilitated session tailored to your specific needs and challenges. We are also providing GDPR presentations during our AWS Summits in European countries, as well as San Francisco and Tokyo.
Additional Resources
Finally, we have teams of compliance, data protection, and security experts as well as the APN, helping customers across Europe prepare for running regulated workloads in the cloud as the GDPR becomes enforceable. For additional information on this, please contact your AWS Account Manager.
As we move towards May 25 and beyond, we’ll post a series of blogs to dive deeper into GDPR-related concepts along with how AWS can help. Please visit our GDPR Center for more information. We’re excited about being your partner in fully addressing this important regulation.
Complete information on: https://aws.amazon.com/it/pl/gdpr-center/
Remarketing and behavioral targeting
This type of services allows Realia and its partners to communicate, optimize and serve advertisements based on the past use of Realia by the User.
This activity is carried out through the tracking of Usage Data and the use of Cookies, information that is transferred to the partners to whom the activity of remarketing and behavioral targeting is connected.
In addition to the possibility of making the opt-out offered by the services listed below, the User can opt for the exclusion from the receipt of cookies related to a third party service, by visiting the opt-out page of the Network Advertising Initiative.
Facebook Remarketing (Facebook, Inc.)
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects Realia’s business with the Facebook advertising network.
Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy – https://it-it.facebook.com/about/basics/privacy-principles
Facebook Custom Audience (Facebook, Inc.)
Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook, Inc. which connects Realia’s business with the Facebook advertising network.
Personal Data collected: Cookies and e-mails.
Place of processing: USA – Privacy Policy – https://it-it.facebook.com/about/basics/privacy-principles
Statistics
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.
Google Analytics with anonymized IP (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses Personal Data collected for the purpose of tracking and examining the use of Realia, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network. This integration of Google Analytics makes your IP address anonymous. Anonymisation works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries participating in the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google’s servers and shortened within the United States.
Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy https://policies.google.com/privacy
Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of Realia and interact with them.
In the event that a service of this type is installed, it is possible that, even if the Users do not use the service, the same collect traffic data relating to the pages in which it is installed.
YouTube Video Widget (Google Inc.)
YouTube is a video content visualization service managed by Google Inc. that allows Realia to integrate such content within its pages.
Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy https://policies.google.com/privacy
Cookie Policy
Realia S.r.l. uses cookies. To learn more and for detailed information, you can consult the Cookie Policy on each Realia website.
Mobile application for iOS [App Store Apple] and Android [Play Store Google] named: Relia – Made in Italy Experience
Realia Srl is the owner of the mobile device application called Relia – Made in Italy Experience
The application carries out verification functions for the authenticity of Made in Italy products through the visual recognition of the packaging or EAN codes or QR codes present on the product.
The user can use the application both anonymously and after logging in, in this case the user can decide whether to access the system through Google, Facebook or their email.
The external platforms involved for profiling data are:
Google (Google Inc.)
Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy https://policies.google.com/privacy
Facebook (Facebook, Inc.)
Personal Data collected: Cookies and e-mails.
Place of processing: USA – Privacy Policy https://it-it.facebook.com/about/basics/privacy-principles
The collected data perform the function of making the user accessible to his position registered in the system, through which the user can contribute to the project by signaling, for example, the products traced in the points of sale and acquiring points for discounts and promotions granted according to the own position.
The login also allows the user to save the favorite products, in this case the system will create a combination between the user and the potentially exploitable product also in future commercial and promotional terms. Personal data collected through the application are only name, surname and email address, location, favorite products.
More information on treatment
Defense in court
The User’s Personal Data may be used by the Owner in court or in the preparatory stages for its possible establishment to defend against abuse in the use of Realia or related services by the User.
The User declares to be aware that the Data Controller may be required to disclose the Data at the request of the public authorities.
Specific information
At the request of the User, in addition to the information contained in this privacy policy, Realia may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.
System logs and maintenance
For needs related to operation and maintenance, Realia and any third party services used by it may collect system logs, which are files that record the interactions and that may also contain Personal Information, such as the IP address of the User.
Information not contained in this policy
More information in relation to the processing of Personal Data may be requested at any time to the Data Controller using the contact information.
Exercise of rights by Users
The subjects to whom the Personal Data refer have the right at any time to obtain confirmation of the existence or otherwise of the same with the Data Controller, to know its content and origin, to verify its accuracy or request its integration , the cancellation, updating, rectification, transformation into anonymous form or blocking of Personal Data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, to their processing. Requests should be addressed to the Data Controller.
With regard to the data themselves, the interested party, or subject delegated in writing, can exercise the following rights:
the right of access, expressly provided for by art. 15 of Regulation 679/2016, ie the ability to access all personal information concerning him;
the right of rectification, expressly provided for by art. 16 of Regulation 679/2016, ie the possibility of obtaining the updating of inaccurate personal data concerning him without justified delay;
the right to be forgotten, expressly provided for by art. 17 of Regulation 679/2016, consisting of the right to cancel personal data concerning the individual concerned;
the right to limit processing when one of the hypotheses provided for by art. 18 of Regulation 679/2016;
the right to data portability, expressly provided for by art. 20 of Regulation 679/2016, ie the right to obtain, in an interoperable format, your personal data and / or the right to have your personal data transmitted to another data controller without impediments by this Company;
the right of withdrawal of consent at any time, expressly provided for by art. 7 of Regulation 679/2016;
the right to lodge a complaint with the Guarantor in the event of a breach in the processing of data pursuant to art. 77 of Regulation 679/2016;
the right to bring a judicial remedy in case of unlawful processing of data, even against the actions taken by the Guarantor pursuant to art. 78 of Regulation 679/2016.
Realia S.r.l. does not support “Do Not Track” requests.
To know if any third-party services used support them, the User is invited to consult their respective privacy policies.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by giving publicity to Users on this page. Please therefore consult this page often, referring to the date of the last modification indicated at the bottom. In case of non-acceptance of the changes made to this privacy policy, the User is required to cease using the Realia websites and services and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected until then.
Information on this privacy policy
The Data Controller is responsible for this privacy policy.
Definitions and legal references
Personal Data (or Data)
It constitutes personal data any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.
Usage Data
This information is collected automatically by Realia S.r.l. (or from third party applications that Realia uses), including: IP addresses or domain names of the computers used by the User that connects with Realia, addresses in URI (Uniform Resource Identifier) ??notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (good order, error, etc.) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages consulted, to the parameters related to the operating system and the user’s IT environment.
User
The individual who uses the sites managed by Realia, which must coincide with the interested party or be authorized by him and whose Personal Data are being processed.
Interested
The natural or legal person to whom the Personal Data refers.
Data Processor (or Manager)
The natural person, legal person, public administration and any other body, association or body appointed by the Data Controller to process Personal Data, as prepared by this privacy policy.
Data Controller (or Holder)
The natural person, legal person, public administration and any other body, association or body to which they are bound, together with another holder, the decisions regarding the purposes, the methods of processing personal data and the tools used, including the profile of the security, in relation to the operation and use of Realia. The Data Controller, unless otherwise specified, is the owner of the company.
The hardware or software tool through which the Personal Data of Users are collected.
Cookie
Small portion of data stored in the User’s device.
Legal references
Notice to European Users: this privacy statement is prepared in fulfillment of the obligations under Art. 10 of the Directive n. 95/46 / EC, as well as the provisions of Directive 2002/58 / EC, as updated by Directive 2009/136 / EC, concerning Cookies.
EU regulation 2016/679 otherwise called G.D.P.R.
This privacy statement only concerns Realia s.r.l.
[**]
www.realia.srl, www.realia.app, www.proteggiilmadeinitaly.it, www.realia.app/restaurants, www.realiasrl.it, www.reliabitaly.com, www.reliabitaly.com/discover.
Last modification: 07/07/2018
