Dear User, this policy describes, pursuant to Art. 13 of the EU Regulation 2016/679 (General Data Protection Regulation, hereinafter GDPR), the modalities of processing of personal data provided by the User during the navigation and use of this website. The processing will be based on the principles of lawfulness, transparency, fairness and protection of the confidentiality and rights of the User, always in accordance with national and European legislation currently in force.
The Data Controller, pursuant to Articles 4 and 24 GDPR, is Cavalleria Toscana S.p.a., with registered office in Via Celio Bottai 11 – 51015, Monsummano Terme (PT).
phone: +39 0572 1906490
The Joint Controllers, pursuant to Article 26 GDPR, are the Companies of Cavalleria Toscana Group (RG Italia S.r.l), with registered office in Via Celio Bottai 11 – 51015, Monsummano Terme (PT) - e-mail email@example.com and CT Academy S.a.r.l., with registered office in Monaco (Principality of Monaco), Les Abeilles 7-9, Boulevard d'Italie – e-mail firstname.lastname@example.org
Type of data collected
- Navigation data. The IT systems and software procedures used for the operating of the websites may acquire, during their normal functioning, some data whose transmission is implicit in the use of Internet communication protocols. This category of data could include IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. This data is used solely for the purpose of receiving anonymous statistical information on the use of the site and to check the correct functioning and is deleted immediately after processing.
- Contact Us section. In addition to the data collected when the User sends an e-mail message to the e-mail addresses indicated on the site, the following data is collected through the contact form: name/surname, e-mail, telephone number and any other data indicated in the message section.
- Data provided for Newsletter subscription, such as name, surname, e-mail address, month and day of birth.
- Data provided for website Registration, such as name, surname, e-mail. Social login. The registration procedure can be bypassed by social login. This is an alternative registration procedure that allows you to use your Facebook or Google account to log in. Using the Facebook or Google API, you can transfer your profile information and wait for the page to load: the profile will be created automatically. If you register using one of these social networks, we will receive the following information:
- Facebook Inc.: first and last name, e-mail address, gender, date of birth, profile picture.
- Google Inc.: first and last name, e-mail address, gender, date of birth, profile picture.
- Data related to the order history and the items saved in the Cart or Wishlist.
- Data provided through the e-commerce section, such as name, surname, e-mail, address, telephone number, company if any, and shipping, payment and billing data.
- Personal data, including " special " data, contained in CVS's receivedat the e-mail addresses indicated on the site. In this case, the Data Controller - in accordance with the provisions and guidelines of the Supervisory Authority - will provide information on the processing of the data contained in the CV at the time of the first useful contact with the applicant.
Purpose and legal basis of processing
Data are processed for the following purposes:
- to execute the User's requests and to answer questions formulated through the Contact Us section or through the e-mail addresses; including sending information on goods or services similar to those already purchased - soft spam -, unless the User objects to the processing. The legal basis is the legitimate interest of the Data Controller (Article 6(f) GDPR) to be more efficient, to give information about the services offered, as well as to improve and develop new products and services;
- to deliver products, to accept payments and make returns and refunds, to provide customer service and support. The legal basis is the performance of the contract or pre-contractual measures (Article 6(b) GDPR).
- for marketing and advertising purposes, in order to send news about products, services or promotions of Cavalleria Toscana and the Joint Controllers, by e-mail, phone or other digital communication tools. In this case the legal basis is the consent of the User (Article 6(a) GDPR).
- the processing of data contained in the CVs received is lawful because it is necessary to implement pre-contractual measures (Article 6(b) GDPR) taken at the request of the data subject. The processing of "special" data is lawful because of the Supervisory Authority's Provision of 5 June 2019 supplementing and amending General Authorisation No. 1/2016.
- in order to comply with legal obligationsto which the Data Controller is subject in the administrative-accounting area (Article 6, (c), GDPR).
Provision of data
The provision of the data requested in the fields marked with an asterisk (*) is mandatory. Refusal to provide the data marked as mandatory may make it impossible to perform the contract and provide the services available. The provision of further data is optional.
Modalities and place of processing
The processing of personal data is carried out using electronic and telematic methods by the Data Controller and the Joint Controllers, with the assistance of specially authorised internal staff. They adopt adequate security measures in order to minimise the risks of destruction or loss - even accidental - of the data, unauthorised access or processing that is not allowed or does not comply with the purposes of collection. The data are processed at the offices of the Data Controller and the Joint Controllers and at any other place where the parties involved in the processing are located, as well as at the host servers. For further information, please contact the Controller.
The data are processed for the time necessary to carry out the service requested by the User or in general as long as the purpose for which they were collected is achieved. The User can always request the interruption of the processing or the cancellation of the data. Some data will be kept for longer periods because of fiscal-administrative-accounting obligations. For marketing purposes, the retention period is 24 months from the last useful interaction. After that, personal data will be automatically deleted or permanently anonymised.
Communication of personal dataThe User's personal data may be communicated to professionals, collaborators or legal persons who provide technical and organizational services to the Joint Data Controllers.. These external parties will process the data as data controllers or data processors duly appointed. A complete list of the data processors is available upon request.
The transfer of personal data to the Joint Controller CT Academy S.a.r.l., based in the Principality of Monaco, is carried out in accordance with Articles 44 et seq. of the GDPR, with specific instruments to ensure adequate data protection guarantees. Any further transfer to third countries that may be necessary in order to implement the contract in place with the User will be carried out in accordance with the same principles.
Links to other websites
This information is provided only for this website and not for other websites that may be consulted through links. Cavalleria Toscana cannot be responsible for personal data provided by users to external parties or to any websites linked to this site.
The site allows to interact with social networks through a direct link to Facebook, Instagram, Pinterest, YouTube and Twitter using social buttons, special buttons available on the site that show the icons of social networks and allow users who are browsing to interact with a "click" directly with social platforms. The Controller collects the data that the User agrees to share on the company's social pages.
Rights of the data subject
At any time, pursuant to Articles 15 et seq. of EU Regulation 2016/679, the User may exercise the following rights:
- access your processed data, obtain information on certain aspects of the processing and receive a copy.
- verify the fairness of your data and request its updating or rectification.
- obtain the deletion or removal of your personal data.
- obtain the limitation of the processing of your data, when certain conditions are met.
- to receive your data in a structured, commonly used and machine-readable format and, where technically possible, to obtain its transfer to another data controller.
- object to the processing of your data when it is done on a legal basis other than consent.
- to lodge a complaint with the competent Data Protection Authority (for Italy, Garante per la protezione dei dati personali, www.garanteprivacy.it).
The exercise of rights, except for letter g), may take place by sending a request to the following e-mail address email@example.com
Updates and modifications