Skip to main content

Web Privacy & Cookie Policy

Information for website users Concerning the protection of personal data pursuant to art. 13 of the 2016/679 EU regulation 

Dear Website Users,

in compliance with the provisions of art. 13 of the EU Regulation 2016/679 (the “GDPR”) and in application of the principles set out by the GDPR itself, we invite you, before navigating our website (the “Website”) to read this information on the processing of personal data to make you aware of characteristics and methods our processing’s (the “Processing”) concerning any information infomation acquired by us as a result of navigation by any person (the ” Website User”) on the Website, as well as provided by it to us through the Website itself and concerning a natural person (the “Data Subject”) who is identified or identifiable (the “Personal Data”), expressly including your employees and collaborators. In accordance with art. 4.1. of the GDPR, “”an identifiable natural person is one who can be identified, directly or indirectly, by referring to an identifier such as a name, an identification number, location data, an online identifier or by one or more features specific to the physical, physiological, genetic, mental, economic, cultural or social identity.”

  1. Data Controller (the “Data Controller”).

The Data Controller is the RINDI S.P.A. company fiscal code/VAT number 04217420480, registered office in Via del Pian Carpini Nr. 96, postcode 50127, Florence (FI) Italy, headquarters in Via Perlarsca Nr. 23, postcode 59100 – PRATO (PO), in the person of its legal representative, Mr. Brunello Rindi, tel. +39 0574 817 101, fax +39 0574 661 382, registered email address:, e-mail:, website:

Any communications concerning the Processing, also pursuant to the following articles, must be sent by you and/or by the Data Subject, by registered letter with a return receipt, registered email or email to the addresses indicated above.

  1. Purposes of the Processing (the “Purposes”) and legal basis.

Personal Data, whether collected from the Data Subject (article 13 of GDPR) or not (article 14 of GDPR), will be used exclusively for the following purposes:

  • allow the use of the Website;
  • fulfilling pre-contractual and contractual obligations related to you;
  • fulfilling and demanding the fulfillment of specific obligations set out by laws and regulations.
  • sending business offers for the purpose of selling products and/or services similar to those already purchased (softspam);
  • send newsletters
  • with regard to registration in the “B2B Showcase” Area, carry out marketing activities (via paper mail, calls with operator, calls without operator, e-mail, fax, MMS, SMS) and market research;
  • with regard to registration in the “B2B Showcase” Area, carry out profiling activities pursuant to art. 4.4. GDPR;

The legal basis of the Processing entails:

  • our need to execute a contract of which the Data Subject is part of, namely pre-contractual measures adopted at the request of the Data Subject itself;
  • our need to fulfill a legal obligation;
  • the legitimate interest on the part of the Data Controller (Art. 6 letter “f” of the GDPR);
  • for points 5 and following only, by the express consent that will be freely released from time to time by the interested party (Art. 7 of the GDPR), including by sending e-mails, filling in the appropriate forms and affixing the required flags.

With reference to point 4, the Data Controller specifies that within the sale of a product or service, the e-mail of the Data Subject may be used by the Data Controller without prior consent from the Data Subject, for the purpose of offering and selling services similar to those that have already been sold (Article 130, 4 Legislative Decree 196/2003. The Data Subject may object to this Processing at any time, free of charge, by making a simple written request to the addresses indicated above.

With reference to point 6, the Data Controller specifies that the Data Subject may at any time indicate the contact method they prefer from those listed above and may oppose the receipt of promotional communications through all or only some of the communication channels indicated above.

  1. Compulsory or optional provision of personal data.

The communication, on your part, of Personal Data to us is optional, however it is necessary since any refusal to release them, as well as any communication of incorrect data, makes it impossible for the Controller to establish the relationship or to implement the various purposes for which the Personal Data are collected.

For the same reasons, as well as for the purpose of correct management of the existing relationship, we kindly ask you to inform us immediately about any changes to the Personal Data we have already collected.

  1. Communication of personal data

The Personal Data are processed internally by persons who are authorized to process them (the “Authorized Individuals”). Such operations are under the responsibility of the Data Controller, for the purposes indicated above.

Your personal data may be communicated to individuals or entities external to us, who are tasked with fulfilling instrumental and/or accessory functions to our business activity. Such individuals or entities will process said data on our behalf.

These individuals or entities, in accordance with the provisions of art. 28 of the GDPR, will be appointed by us as External Managers of the Processing (the “External Managers”). An updated list of the External Managers, which is available at the registered office of the Data Controller, will be provided to the Data Subject upon written request to the aforementioned addresses.

Apart from the aforementioned cases, the Personal Data may also be disclosed to further recipients and/or categories of recipients (the “Recipients” and the “Categories of Recipients”), only for the performance of activities under the per-contractual and/or contractual relationship between us, and/or to fulfill legal obligations, and/or upon requests from the Authorities. Such communications will, in any case, be performed in compliance with the guarantees provided by the GDPR, the guidelines of the Italian Authority, as well as the Commission established, pursuant to the aforementioned GDPR.

Without prejudice to the foregoing, the Personal Data will in no case be disclosed and/or communicated to third parties, unless specifically agreed by the Data Subject and, in any case, only when necessary for the fulfillment of the Purposes.

  1. Processing of “special categories of Personal Data” and “Personal Data relating to criminal convictions and offenses.”

If, as part of the processing, the Data Controller becomes aware of Personal Data relating:

(i) to “special categories” pursuant to art. 9 of the GDPR (i.e. those “that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, and those concerning genetic and/or biometric data intended to identify an individual, and data concerning the health or sex life or sexual orientation of an individual“). Such data will be processed exclusively for the purposes indicated, only prior to agreement from the Subject Data or, anyway, because the Processing is necessary for carrying out the obligations and specific rights of the Data Controller or of the Data Subject in the context of labor law, social security and social protection, in so far as it is authorized by the law of the European Union, the Member States or by the collective agreement under the laws of the Member States, in the presence of appropriate safeguards for fundamental rights and interests of the Data Subject;

(ii) to “criminal convictions and offenses or related security measures” pursuant to art. 10 of the GDPR, the Processing will take place only under the control of the Italian Public Authority or if the Processing is authorized by the laws of the European Union or of the Member States, which provides the appropriate guarantees for the rights and freedoms of the Data Subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.

  1. Processing of data

The Processing is performed with the aid of electronic and/or paper tools and, in all cases, by adopting organizational and IT measures and procedures suitable to protect the security, confidentiality, relevance and non-excessive nature of the data.

  1. Territorial application.

The Personal Data will be processed within the territories of the European Union.

If, for technical and/or operational reasons, it becomes necessary to rely on individuals or entities located outside of this territory, they will be appointed as External Managers. The transfers of Personal Data to such individuals or entities will be limited to performing specific processing activities, in compliance with the provisions of the GDPR, with all the necessary precautions taken to ensure total protection of the personal data. The transfer will only take place after an evaluation of the appropriateness of the guarantees (including, for example, an assessment, which is expressed by the European Commission, on whether the country of the recipient is deemed appropriate for such processing, or whether adequate guarantees are provided by the recipient, pursuant to Article 46 of the GDPR, etc.).

In all cases, the Data Subject may request more information from the Data Controller if the Personal Data have been processed outside the European Union. The Data Subject may also request evidence of the specific guarantees adopted.

  1. Retention period.

The Personal Data will be retained by the Data Controller for a period of time strictly necessary for pursuing the Purposes, and in particular, until the termination of pre-contractual and contractual relationships between us, subject to a further retention period that may be imposed by the law.

With regard to the CVs spontaneously transmitted, they will be kept for a period not exceeding 3 years from sending, or the different maximum period indicated by the Guarantor Authority for the protection of personal data.

In relation to marketing purposes, the data will be kept, unless consent is revoked, for the period necessary to achieve the Purposes and, in any case, not exceeding 24 months, or the different maximum period indicated by the Guarantor for the protection of personal data.

In case of release of consent with reference to the profiling purposes, the data will be kept, unless consent is revoked, for the period necessary to achieve the purposes and, in any case, not exceeding 12 months, or the different maximum period indicated by the Guarantor for the protection of personal data.

In order to manage any contentious claims or disputes, and in any case for the assessment, exercise or defense of a law in court, the Personal Data may be kept for a further period of time, which is equal to the prescription period established by the same right.

  1. Issuing of information and subsequent amendments.

This information is provided exclusively with reference to the Website and not with regard to any other websites that may be consulted by the User via links or which can be accessed via social buttons on the Website, for which the Data Controller assumes no responsibility. Any changes or updates to this information will be available to Users in the appropriate section of the Website and will apply from the date of its publication. If the Website User does not intend to accept any changes, he or she may stop using the Website. Therefore, Website User does are invited to periodically consult the aforementioned section.

  1. Rights of the Data Subject and how to exercise them.

The Data Subject, at any time, can exercise the rights recognized by the GDPR (the “Rights of the Data Subject”), and in particular:

  • 15 – Right of access of the Data Subject: the Data Subject has the right to access their data and related Processing. This right allows to obtain confirmation of whether or not one’s Personal Data is being processed, thus the possibility to request and receive a copy of the data being processed;
  • 16 – Right of rectification: the Data Subject has the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning themselves, without undue delay. In light of the Purposes of the processing, the Data Subject will have the right to have incomplete personal data made complete, by providing a supplementary statement.
  • 17 – Right to cancellation (“right to be forgotten”): the Data Subject has the right to request from the Data Controller the deletion of their personal data, which will no longer be subject to the Processing. In some cases, among which are the completion of the purpose for the processing, revoked consent, opposition to the processing or when the processing of the personal data is otherwise not compliant with the GDPR, the Data Subject may request immediate cancellation of their data;
  • 18 – Right to limit the Processing: the Data Subject has the right to limit the processing of their Personal Data in case of inaccuracies, disputes or as an alternative measure to cancellation;
  • 20 – Right to data portability: the Data Subject, except when the data are archived by means of non-automated processing (e.g. in paper format), has the right to receive personal data pertaining to them in a structured format that is commonly used and readable by automatic devices, referring to data supplied directly by the Data Subject with express consent or on the basis of a contract. Furthermore, if technically feasible, the Data Subject may request the transmission of such data to another Data Controller;
  • 21 – Right to object: the Data Subject has the right to object to the processing of personal data concerning themselves, at any time, for reasons related to a particular situation of theirs.

If the Data Subject wants to exercise one of the rights listed above, they must address the request directly to the Data Controller at the addresses indicated above. Should the Data Subject wish to exercise the right to lodge a complaint, the pertaining communication must be sent to the Guarantor Authority or, alternatively, an appeal must filled before the competent Court.

The Data Controller’s period for replying to the Data Subject is, for all of the rights (including the right of access) and also in case of denial, 1 month, extendable up to 3 months in case of extreme complexity.

In any case, art. 12 of the GDPR shall apply.

  1. Minors

The Data Controller does not process personal data relating to minors. By accessing the Website and using the services, the User declares to have reached the age of majority.

  1. Withdrawal of consent

In cases where the Processing should only take place after the consent of the Data Subject, and if, in such scenario, the latter has provided it, they have the right to revoke the consent they have given at any time, by sending a written request to the Data Controller, at the addresses indicated above. The withdrawal of the consent will not affect the lawfulness of any Processing arising from the previously given consent.

  1. Right to object

The Website User has the right to object at any time to the processing of personal data for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing, by simple written request to the addresses indicated above.

  1. Cookies

The Site uses cookies. Cookies are text files recorded on a computer support, which allow you to record some parameters and data communicated to the computer system, through the browser you use. These tools therefore allow an analysis of your habits in using the Site, for different purposes: execution of computer authentication, monitoring of sessions, storage of information on specific configurations concerning users who access the server, storage of preferences (etc.) .

This site contains only analytical cookies, which allow us to count visits and determine the sources of traffic, so that we can measure and improve the performance of our site. They help us to understand which pages are most successful and which are less successful and to see how many visitors go to our site. All information collected by these cookies is in aggregate and therefore anonymous form. If you do not accept these cookies, we will not be able to know when you have visited our site.

For more information on the cookies used, the duration, the purposes, and how to disable cookies please see the following cookie list.

Category Name Typology Duration Purpose PRIVACY
Analytical cookie _ga Third party analytical cookie 2 years Users activity tracking through Google Analytics  

For more information click on

To disable cookies

Analytical cookie _gat Third party analytical cookie Session cookie Users activity tracking through Google Analytics  

For more information click on

To disable cookies


Analytical cookie _gid Third party analytical cookie 24 h Users activity tracking through Google Analytics  

For more information click on

To disable cookies



Effective from 25/05/2018