Home  /  Privacy policy

Privacy policy

DISCLOSURE PURSUANT TO ART. 13 OF REGULATION EU 2016/679

By this document, RIRI SA (hereinafter “the Company” or “RIRI”) as Data Controller, wishes to inform you about the purposes and methods of processing your personal data and the rights recognised by European Union Regulation no. 2016/679 concerning the protection of natural persons, with regard to the processing of personal data as well as their free dissemination (“Regulation” o “GDPR”) and by Italian Legislative Decree 196/2003 (“Privacy Code”) as amended and supplemented by Italian Legislative Decree 101/2018.

1 Data Controller
The Data Controller of the personal data is RIRI, with registered office in Via al gas, 3 – CH 6850 Mendrisio – Switzerland and a Permanent Establishment in Italy with an office in Viale della Regione Veneto 3, in Padua and, in Via Vanoni 40, in Tirano. The Data Controller’s representative in Italy is Mr Michele Perini.

2 Information on processing
The personal data being processed are collected directly by RIRI or by third parties expressly authorised by the latter.

3 Personal data processed
Using computerized methods, the Data Controller will process the personal data transmitted by you to receive feedback to questions or requests for information in the “Contacts” section, as well as upon receipt of your application in the “Work with Us” section, which may be subject to processing in the manner and for the purposes described below.

As part of accessing and browsing this website, the browsing data will be processed as better specified in the dedicated cookie policy.
It should be noted that the personal data subject to processing by the Data Controller are:
Personal data and identifiers (Name, surname)
Contact details (telephone and mobile number, fax, e-mail address)

4 Purpose and legal basis of processing
Your personal data will be collected for the following purposes:
“Contacts” section: if you decide to contact us through the appropriate section of the site, the personal data provided may be processed by the Data Controller to fulfil your request. Within this context, the legal basis of the processing may be found in the interest of the Data Controller to provide you with the requested information.
“Work with us” section: if you decide to send us your application through the appropriate section of the site, you will be automatically directed to the RIRI LinkedIn page in order to allow you to send the aforementioned application. Within this context, the legal basis of the processing may be found in the performance of the evaluation activities of your candidacy and execution of any pre-contractual measures.

5 Nature of processing
The provision of personal data for the aforementioned purposes is necessary. Any refusal and/or provision of incorrect and/or incomplete information may make it impossible for the Company to take charge of your request.

6 Processing and storage of personal data
The processing of personal data is carried out by means of the operations indicated in Article 4, no. 2) of the Regulation, to which reference should be made as needed. The processing will take place with suitable tools to ensure the security and confidentiality of the data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the Regulations, and may also be carried out through automated tools suitable for saving, managing or transmitting the data.

The management and storage of personal data in electronic format will take place on the server of the Data Controller and/or third-party companies, assigned and duly appointed as Data Processors or Sub-processors.

The servers are currently located in Italy and Switzerland. In any case, it is understood that the data may be transferred to the parent company, located in Switzerland, for the management of personnel, IT systems, and for the execution of instrumental and necessary activities to the organisational activities of the company and the group. If necessary, the Data Controller will have the right to move the location of the servers within the European Union and/or to other non-EU countries that ensure an adequate level of protection; the transfer of data is legitimised by the adequacy decision made pursuant to Art. 45 of the Regulation.

7 Data retention period
In relation to the different purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve the latter and, in any case, in compliance with the regulations in force. In any case, the Company will take care to avoid the use of the aforementioned data indefinitely by proceeding, on a periodic basis, to verify the effective persistence of the interest of the subject to which they refer.

8 Recipients or Categories of recipients of personal data
Your data may be made accessible, for the aforementioned purposes, to the following parties:

a) To the employees of the Data Controller, in their capacity as persons authorised to process the data and/or system administrators;

b) To third parties who carry out outsourcing activities on behalf of the Data Controller (as an example, but not limited to: suppliers who support the Data Controller in the development or maintenance of IT systems) in their capacity as external data processors for the time strictly necessary for the optimal execution of the service.

The updated list of Managers and parties authorised to the processing of data is kept at the headquarters of the Data Controller and is available to the party concerned upon request to be made in writing to the following e-mail address: gdpr.so@riri.com

Without your express consent (pursuant to Art. 6 letters b), c) and d) of the Regulation), the Data Controller may communicate your data for the purposes referred to in Art. 5 to Supervisory Bodies and Judicial Authorities, as well as to all other parties to whom communication is compulsory by law for the accomplishment of the aforementioned purposes.

9 Rights of the Data Subject
We inform you that, at any time in relation to your data, you may exercise the rights envisaged within the limits and conditions set forth by Articles 15-22 of the GDPR. In detail:
a) Right to access (Art. 15)
b) Right to rectify (Art. 16)
c) Right to delete (Art. 17)
d) Right to limit processing (Art. 18)
e)Right to portability of data (Art. 20)
f) Right to object (Art. 21)

The party concerned may exercise the aforementioned rights, at any time, in the following manner:
– By sending a registered letter to: Via al gas, 3 – CH 6850 Mendrisio – Switzerland or in Italy with registered offices in Viale della Regione Veneto 3, Padua
– By sending an e-mail to the address: gdpr.so@riri.com

We inform you that RIRI undertakes to respond to your requests within one month of receipt of the request at the latest. Such term may be extended depending on the complexity or number of requests.

In particular the Data Subject will be entitled to:
– Request the Data Controller to access, rectify or delete (“right to be forgotten”) personal data or to limit processing of personal data concerning him/her, or to object to their processing;
– Obtain data portability;
– Lodge a complaint with a supervisory authority.

The Data Controller
RIRI SA

DISCLOSURE FOR CUSTOMERS AND SUPPLIERS PURSUANT TO ART. 13 OF REGULATION EU 2016/679

By this document, RIRI SA (hereinafter “the Company” or “RIRI”) as Data Controller, wishes to inform you about the purposes and methods of processing your personal data and the rights recognised by European Union Regulation no. 2016/679 concerning the protection of natural persons, with regard to the processing of personal data as well as their free dissemination (“Regulation” o “GDPR”) and by Italian Legislative Decree 196/2003 (“Privacy Code”) as amended and supplemented by Italian Legislative Decree 101/2018.

1 Data Controller
The Data Controller of the personal data is RIRI, with registered office in Via al gas, 3 – CH 6850 Mendrisio – Switzerland and a Permanent Establishment in Italy with an office in Viale della Regione Veneto 3, in Padua and, in Via Vanoni 40, in Tirano. The Data Controller’s representative in Italy is Mr Michele Perini.

2 Information on processing
The personal data being processed are collected directly by RIRI or by third parties expressly authorised by the latter.

3 Personal data processed
Using computerized methods, the Data Controller will process the personal data inherent, connected and/or instrumental to your contractual relationship with the Company, which may be processed in the manner and for the purposes described below.

4 Purpose and legal basis of processing
Your personal data will be processed for the following purposes:

  • Establishment, management, and termination of the existing contractual relationship with the Company;
  • Payment and, in general, any administrative, fiscal and accounting fulfilment connected to the aforementioned contractual relationship;
  • Fulfilment of the obligations established by law, regulations and, in general, by the legislation applicable from time to time;
  • In the interest of security.

The legal basis of the processing may be found in the establishment, execution and possible termination of the administration or supply agreement stipulated between you and the Company, and in the obligations connected to said contract and/or directly or indirectly deriving from the same.

5 Nature of processing
The provision of data for the aforementioned purposes is necessary as follows: The acquired data, subject to this disclosure, are essential for the completion of the contractual relationship and for the subsequent execution of the contractual relationship deriving from the same. Any refusal to provide the requested data and/or their inaccuracy may make the following impossible:
a) Compliance with the laws and regulations in force in civil, fiscal and tax matters as well as with the provisions issued by the competent authorities;
b) Ensuring the correct regulatory, technical and economic management of the contractual relationship;
c) Pursuing an action or defence of a right in court or in the appropriate fora envisaged by the laws and regulations in force.

6 Processing and storage of personal data
The processing of personal data is carried out by means of the operations indicated in Article 4, no. 2) of the Regulation, to which reference should be made as needed. The processing will take place with suitable tools to ensure the security and confidentiality of the data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the Regulations, and may also be carried out through automated tools suitable for saving, managing or transmitting the data.

The management and storage of personal data in electronic format will take place on the server of the Data Controller and/or third-party companies, assigned and duly appointed as Data Processors or Sub-processors.

The servers are currently located in Italy and Switzerland. In any case, it is understood that the data may be transferred to the parent company, located in Switzerland, for the management of personnel, IT systems, and for the execution of instrumental and necessary activities to the organisational activities of the company and the group. If necessary, the Data Controller will have the right to move the location of the servers within the European Union and/or to other non-EU countries that ensure an adequate level of protection; the transfer of data is legitimised by the adequacy decision made pursuant to Art. 45 of the Regulation.

7 Data retention period
The data provided will be kept for the time strictly necessary to achieve the purposes for which they are processed and, in particular, for a period of 10 years, after which they will be destroyed.

8 Recipients or Categories of recipients of personal data
The data of the party concerned may be made accessible, for the purposes described in this Disclosure, to the following parties:

a) Employees and collaborators of the Data Controller, in their capacity as persons authorised to process the data and/or system administrators;
b) Persons, companies or professional firms that carry out support and advisory services or activities for the Company, with special but not exclusive reference to accounting, administrative, legal, tax, and financial matters;
c) Banks and insurance companies;
d) In general, to all the parties to whom the communication thereof is necessary for purposes strictly connected and instrumental to the management and execution of the obligations deriving from contractual and pre-contractual relationships with the Company;
e) Rating or auditing companies;
f) Parties entrusted with the computer system maintenance and development service, for the time strictly necessary for optimal performance of such service;

With specific reference to persons, companies, associations or professional firms that provide assistance and consultancy services or activities or provide services to the Company, the latter will be appointed, by the Data Controller, as Data Processors pursuant to Article 28 of the GDPR, by means of a dedicated document of appointment, with an indication of the processing methods and security measures that they must adopt for the management and storage of personal data of which RIRI is the Data Controller.

The updated list of Managers and parties authorised to the processing of data is kept at the headquarters of the Data Controller and is available to the party concerned upon request to be made in writing to the following e-mail address: gdpr.so@riri.com

Without your express consent (pursuant to Art. 6 letters b), c) and d) of the Regulation), the Data Controller may communicate your data for the purposes referred to in Art. 5 to Supervisory Bodies and Judicial Authorities, as well as to all other parties to whom communication is compulsory by law for the accomplishment of the aforementioned purposes.

9 Rights of the Data Subject
We inform you that, at any time in relation to your data, you may exercise the rights envisaged within the limits and conditions set forth by Articles 15-22 of the GDPR. In detail:
a) Right to access (Art. 15)
b) Right to rectify (Art. 16)
c) Right to delete (Art. 17)
d) Right to limit processing (Art. 18)
e) Right to portability of data (Art. 20)
f) Right to object (Art. 21)

The party concerned may exercise the aforementioned rights, at any time, in the following manner:
– By sending a registered letter to: Via al gas, 3 – CH 6850 Mendrisio – Switzerland or in Italy with registered offices in Viale della Regione Veneto 3, Padua
– By sending an e-mail to the address: gdpr.so@riri.com

We inform you that RIRI undertakes to respond to your requests within one month of receipt of the request at the latest. Such term may be extended depending on the complexity or number of requests.

In particular the Data Subject will be entitled to:
– Request the Data Controller to access, rectify or delete (“right to be forgotten”) personal data or to limit processing of personal data concerning him/her, or to object to their processing;
– Obtain data portability;
– Lodge a complaint with a supervisory authority.

The Data Controller
RIRI SA

DISCLOSURE FOR CANDIDATES PURSUANT TO ART. 13 OF REGULATION EU 2016/679

By this document, RIRI SA (hereinafter “the Company” or “RIRI”) as Data Controller, wishes to inform you about the purposes and methods of processing your personal data and the rights recognised by European Union Regulation no. 2016/679 concerning the protection of natural persons, with regard to the processing of personal data as well as their free dissemination (“Regulation” o “GDPR”) and by Italian Legislative Decree 196/2003 (“Privacy Code”) as amended and supplemented by Italian Legislative Decree 101/2018.

1 Data Controller
The Data Controller of the personal data is RIRI, with registered office in Via al gas, 3 – CH 6850 Mendrisio – Switzerland and a Permanent Establishment in Italy with an office in Viale della Regione Veneto 3, in Padua and, in Via Vanoni 40, in Tirano. The Data Controller’s representative in Italy is Mr Michele Perini.

2 Information on processing
The personal data being processed are collected directly by RIRI or by third parties expressly authorised by the latter.

3 Personal data processed
Using computerized methods, the Data Controller will process the personal data acquired during the selection process, which may be processed in the manner and for the purposes described below.

4 Purpose and legal basis of processing
The legal basis for the processing of personal data acquired for the purpose of selecting and hiring personnel may be found under Art. 6 letter f) of the GDPR, or in the legitimate interest of the Data Controller as well as, for particular categories of personal data, in the consent freely given by the party concerned, subject to the possibility of revoking such consent at any time.

5 Nature of processing
The provision of personal data is necessary. Any refusal and/or provision of incorrect and/or incomplete information may make it impossible for the Company to consider your application, as well as making it impossible to adequately assess the candidate’s professional profile.

6 Processing and storage of personal data
The processing of personal data is carried out by means of the operations indicated in Article 4, no. 2) of the Regulation, to which reference should be made as needed. The processing will take place with suitable tools to ensure the security and confidentiality of the data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the Regulations, and may also be carried out through automated tools suitable for saving, managing or transmitting the data.
The management and storage of personal data in electronic format will take place on the server of the Data Controller and/or third-party companies, assigned and duly appointed as Data Processors or Sub-processors.
The servers are currently located in Italy and Switzerland. In any case, it is understood that the data may be transferred to the parent company, located in Switzerland, for the management of personnel, IT systems, and for the execution of instrumental and necessary activities to the organisational activities of the company and the group. If necessary, the Data Controller will have the right to move the location of the servers within the European Union and/or to other non-EU countries that ensure an adequate level of protection; the transfer of data is legitimised by the adequacy decision made pursuant to Art. 45 of the Regulation.

7 Data retention period
Personal data will be retained for the period of time necessary to pursue the purposes described in this Disclosure and, in any case, will be kept for a period of 12 months in Italy and 6 months in Switzerland, after which they will be destroyed.

8 Recipients or Categories of recipients of personal data
Your data may be made accessible, for the aforementioned purposes, to the following parties:

a) To the employees of the Data Controller, in their capacity as persons authorised to process the data and/or system administrators;
b) To third parties who carry out outsourcing activities on behalf of the Data Controller (as an example, but not limited to: suppliers who support the Data Controller in the development or maintenance of IT systems) in their capacity as external data processors for the time strictly necessary for the optimal execution of the service.

The updated list of Managers and the subjects authorised to the processing is kept at the headquarters of the Data Controller and is available to the party concerned upon request made by writing to the following e-mail address: gdpr.so@riri.com
Without your express consent (pursuant to Art. 6 letters b), c) and d) of the Regulation), the Data Controller may communicate your data for the purposes referred to in Art. 5 to Supervisory Bodies and Judicial Authorities, as well as to all other parties to whom communication is compulsory by law for the accomplishment of the aforementioned purposes.

9 Rights of the Data Subject
We inform you that, at any time in relation to your data, you may exercise the rights envisaged within the limits and conditions set forth by Articles 15-22 of the GDPR. In detail:

a) Right to access (Art. 15)
b) Right to rectify (Art. 16)
c) Right to delete (Art. 17)
d) Right to limit processing (Art. 18)
e) Right to portability of data (Art. 20)
f) Right to object (Art. 21)

The party concerned may exercise the aforementioned rights, at any time, in the following manner:
– By sending a registered letter to: Via al gas, 3 – CH 6850 Mendrisio – Switzerland or in Italy with registered offices in Viale della Regione Veneto 3, Padua
– By sending an e-mail to the address: gdpr.so@riri.com

We inform you that RIRI undertakes to respond to your requests within one month of receipt of the request at the latest. Such term may be extended depending on the complexity or number of requests.
In particular, Data Subjects will be entitled to:
– Request the Data Controller to access, rectify or delete (“right to be forgotten”) personal data or to limit processing of personal data concerning him/her, or to object to their processing;
– Obtain data portability;
– Lodge a complaint with a supervisory authority.

The Data Controller
RIRI SA

© 2016-2021 Riri SA via al GAS, 3 - CH-6850 Mendrisio - Privacy policy