Disclosure pursuant to Articles 13 and 14 of EU Regulation 2016/679

With this document (the Disclosure”), the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data and the rights afforded by EU Regulation 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).

This disclosure applies only to online activities performed on this website and is valid for users of the site. It does not
apply to information collected through channels other than this website. In compliance with the obligations deriving
from national and EU legislation on the protection of personal data, this site respects and protects the privacy of
visitors and users.

1. Identity of the Data Controller

The Data Controller is Ri.Mos. Srl (“Ri.Mos.” or the “Controller”), with offices at Via Manuzio, 15 Mirandola

To exercise your rights, as well as to receive any information relating to the same and/or this Disclosure, contact the Controller via the email address privacy@rimos.com or by phone at the numbers indicated below.

2. What personal data is processed

2.1 Common personal data

For the purposes indicated in this Disclosure, the Controller processes common personal data such as: name, surname, tax code, address, telephone number, e-mail address and other contact details. In the case of online product purchases, data relating to credit cards and/or bank details may also be acquired.

2.2 Browsing data

This website acquires some personal data the transmission of which is implicit in the use of Internet
communication protocols.

This category of data includes the IP addresses or domain names of computers used by users connecting to the site, the addresses of the requested resources in Uniform Resource Identifier (URI) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server and other parameters relating to the user's operating system and IT environment.

2.3 Cookies

Please refer to our cookie policy for information on the cookies processed by this site.

3. Purpose of the processing

The collection and processing of personal data is carried out, subject to specific consent, not only for access to services and/or content offered by this site, but also to permit sending by e-mail, post, text message and/or telephone of our newsletter, commercial communications and/or advertising material on products or services offered by the Controller, and in order to measure the degree of satisfaction with the quality of services. The data may also be used for the purpose of carrying out market surveys.

Please note that, if you are already our customer, we may send you commercial communications relating to services and products of the Controller similar to those you have already used, unless you withhold your consent (Article 130, paragraph 4 of the Privacy Code).

Browsing data is acquired by the IT systems and by the software procedures of this website in the course of its normal operation. This information is not collected to be associated with identified data subjects, but by its very nature could allow users to be identified through processing and association with data held by third parties.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. Pursuant to Art. 7 of Regulation 679/2016, consent can be revoked at any time, just as easily as it was granted.

4. Processing methods

Processing will be performed using manual, computerized and telematic tools with logic strictly related to the purposes for which the data is collected, in compliance with the principles set out in Article 5 of Regulation 679/2016, in this case:

1. the principle of lawfulness, fairness and transparency: the data is processed lawfully, fairly and transparently to
the data subject;

2. the principle of limitation of purpose: the data is processed for specific, explicit and legitimate purposes, and subsequently processed so that it is not incompatible with these purposes; further processing of personal data for the purposes of archiving in the public interest, scientific or historical research, or for statistical purposes is not, in compliance with Article 89, paragraph 1, considered to be incompatible with the initial purposes;

3. data minimization principle: data is processed in an appropriate, relevant way, only as necessary for the purposes
of the processing;

4. principle of accuracy: the data is accurate and, if necessary, updated. The data controller must adopt all the
measures necessary to promptly erase or correct data which is inaccurate in relation to the purposes for which it is

5. principle of limitation of conservation: data is stored in a form that permits identification of the data subject for a period of time not exceeding the exceeding the achievement of the purposes for which it is processed; personal data may be retained for a longer time on the condition that it is processed exclusively for the purposes of archiving in the public interest scientific or historical research of for statistical purposes in accordance with Article 89, paragraph 1, without prejudice to the implementation of appropriate technical and organizational measures required by this regulation for the protection of the data subject's rights and freedoms;

6. principle of integrity and confidentiality: data is processed in such a way as to guarantee adequate security of personal data, including protection, through appropriate technical and organizational measures, from unauthorized or unlawful processing and from accidental loss, destruction or damage.

5. Place of processing

The data is processed and archived at the company's registered offices and business premises at Via Manuzio, 15 - 41037 Mirandola (MO).

Data is also processed on the company's behalf by professionals and/or companies entrusted with carrying out technical tasks for the management and maintenance of the site, such as Quantility srl, Stagi Punto Net di Stagi Matteo and Studio PA di Pozzetti Alessandro at their respective offices.

6. Nature of the provision of data and consequences of refusal to provide data

Data must be provided to allow the Data Controller to provide the requested services.

If consent for the processing of data is withheld, the Controller will be unable to provide these services.

7. Communication and dissemination of data

In addition to the controllers, the following may have access to the data: categories of employees involved in the organization of the site (administrative, marketing, system administrator personnel), third parties and external service providers (Stagi Punto Net, Quantility, Studio PA, MailChimp) acting in the name or on behalf of Ri.Mos. Srl, duly appointed as Data Processors, who will process data in accordance with the purpose for which the data was originally collected.

Your personal data is transferred to third party countries such as the United States in the performance of the work of
suppliers of external services (MailChimp).

The data may, in addition, be communicated to all the parties to whom transmission is required due to legal obligations.

The list of subjects processing personal data is available by making a request to Ri.Mos. Srl, Via Manuzio 15, 41037
Mirandola (MO), or via email to privacy@rimos.com.

8. Data subjects' rights

Users (data subjects) have a series of rights according to EU Regulation 2016/679:

- right to access their own personal data (once they have confirmed that their data is subject to processing
by the controller);
- right to obtain the correction and integration of their own data;
- right to obtain the deletion of their own data;
- right to be forgotten;
- right to obtain the limitation of processing of their own personal data in the presence of certain conditions;
- right to receive the personal data provided to controllers in a structured and commonly used format, as well
as to transmit it to a different controller;
- right to oppose the processing of personal data for reasons connected to their own personal situation;
- right not to be subject to an automated decisional process;
- right to obtain prompt communication in the event of a serious breach of personal data;
- right to revoke consent for processing at any time;
- right to lodge a complaint with a Supervisory Authority.

Requests should be addressed to the Data Controller, who undertakes to make it as easy as possible for data subjects to exercise their rights, at the e-mail address: privacy@rimos.com. The aforementioned rights are valid if not contrary to the legal obligations regarding use and conservation of data, as indicated in Point 10.

9. Data retention

The data provided by the user will be retained by the Controller and the Processors for the time strictly necessary to fulfil the purposes indicated or for the period imposed by civil and fiscal provisions.

In any case, the user will be able to revoke consent to the processing of data at any time, as described above.

10. Updates

Starting from 22/05/2018, the Privacy Policy of the site may be subject to periodic updates. Each substantial change will be published at this address, and the user is responsible for periodically monitoring this website to enquire about the validity or modification of these conditions.