Privacy Policy

The purpose of this privacy policy is to provide all the information on the processing of personal data by Refine Direct S.r.l. when Users browse this website (as defined below).


1. INTRODUCTION – WHO ARE WE?
Refine Direct S.r.l. cwith registered office in Viale Monza, no. 265, 20126 – Milan, Tax Code/VAT no. 09419240966 (hereinafter, the “Data Controller“), owner of the website https://refine.direct (hereinafter, the “Website“), in its capacity as data controller of the personal data of the users that browse the website (hereinafter, the “Users“) hereby provides the following privacy policy pursuant to art. 13 of Regulation EU 2016/679 of 27 April 2016 (hereinafter, the “Regulation” or “Applicable Law“).

2. HOW CAN YOU CONTACT US?
The Data Controller will take utmost account of the right to privacy and the protection of the personal data of its Users. Users can contact the Data Controller at any time for any information on this privacy policy, using the following methods:
– by sending a registered letter with return receipt to the registered office of the Data Controller: Viale Monza, no. 265, 20126 Milan;
– by sending a certified email to: pec@pec.refine.direct;
– by using the contact form, which can be found by clicking here.

Users can also contact the Data Protection Officer (DPO) of the Data Controller at the following email address: dpo@refine.direct

3. WHAT DO WE DO? – PURPOSES OF PROCESSING
When browsing the Website, the User can request information on the services offered by the Data Controller. The Data Controller collects the personal data of Users in relation to the activities that can be carried out through the Website.

This Website and any services that may be offered through the Website are reserved for individuals of 18 years of age or older. The Data Controller therefore does not collect the personal data of individuals under 18 years of age. On the request of Users, the Data Controller will promptly delete all the personal data involuntarily collected and relating to individuals under 18 years of age.

In particular, the personal data of Users will be lawfully processed by the Data Controller for the following purposes:

a) To allow Users to browse the Website:the data of Users collected by the Data Controller for this purposes includes all the personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and software procedures that control the functioning of the Website acquire during their normal course of operation: the IP addresses or URI (Uniform Resource Identifiers) addresses of the requested resources, the time of the request, the method used to make the request to the server, the size of the file obtained in response and other technical parameters. This data is used for the sole purpose of allowing the proper and secure use of the Website.
b) Contractual obligations and fulfilling the request of the User: the personal data of Users is collected and processed by the Data Controller for the sole purpose of managing the contractual relationship with the Data Controller and responding to the specific requests of the User. The User data collected by the Data Controller for this purpose includes: name, surname, email address, telephone number and all the personal information that the User may have provided voluntarily. The personal data of the User will be used by the Data Controller for the sole purpose of verifying the identity of the User, thus avoiding possible scams or abuse, and for contacting the User for service reasons only (e.g. to respond to the request). Without prejudice to any other provisions of this privacy policy, under no circumstances will the Data Controller make the personal Data of Users accessible to other Users and/or third parties;
c) administrative and accounting purposes: i.e. to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities necessary for the fulfilment of contractual and pre-contractual obligations;
d) legal obligations: i.e. to comply with obligations laid down by law, by an authority, by a regulation or by European law.

The provision of personal data for the processing purposes stated above is optional but necessary, as failure to provide such data will make it impossible for the User to send a request to the Data Controller.

The personal data required for the pursuit of the processing purposes described in this paragraph 3 are indicated with an asterisk on the Website’s contact form.

4. LEGAL BASIS
To allow Users to browse the Website (as described in paragraph 3, letter a) above): the legal basis of the processing is art.6 , paragraph 1, letter b) of the Regulation: i.e. the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract.

Contractual obligations and provision of the Service (as described in paragraph 3, letter b) above): the legal basis of the processing is art.6 , paragraph 1, letter b) of the Regulation: i.e. the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract.

Administrative and accounting purposes (as described in paragraph 3, letter c) above): the legal basis of the processing is art.6, paragraph 1, letter b) of the Regulation: i.e. the processing is necessary for the performance of a contract and/or in order to take steps at the request of the User prior to entering into a contract.

Legal obligations (as described in paragraph 3, letter d) above): the legal basis is art.6, paragraph 1, letter c) of the Regulation, i.e. the processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

5. PROCESSING METHODS AND DATE RETENTION PERIOD
The Data Controller will process the personal data of Users using manual and IT tools, with systems strictly related to the purposes themselves and, in any case, in a manner that ensures the security and confidentiality of the data.

The personal data of the Users of the Website will be retained for the time strictly necessary to fulfil the main purposes illustrated in paragraph 3 above, or in any case as long as necessary to protect the interests of both the Users and the Data Controller in civil law.
In particular:
– the personal data of the User collected to allow the proper browsing of the Website (paragraph 3, letter a)) will be processed for a period of 90 days;
– the personal data of the User collected for the purposes stated in paragraphs 3 letters b), c) and d) will be retained by the Data Controller for the entire duration of the contractual relationship between the parties and thereafter, in accordance with the time limits provided for by law.

6. SCOPE OF DISCLOSURE AND DISSEMINATION OF THE DATA
The personal data of Users may be transferred outside the European Union and, in this case, the Data Controller will ensure that the transfer is carried out in compliance with Applicable Law and, in particular, in accordance with articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation.

The personal data of Users may be disclosed to employees and/or collaborators of the Data Controller appointed to manage the Website and requests from Users. These parties, who have been instructed by the Data Controller pursuant to art. 29 of the Regulation, will process the data of Users exclusively for the purposes indicated in this privacy policy and in compliance with the provisions of Applicable Law.

The personal data of Users may also be disclosed to third parties appointed to process personal data on behalf of the Data Controller in their capacity as Data Processors, such as, for example, suppliers of IT and logistics services functional to the operation of the Website, providers of outsourcing or cloud computing services, CRM software providers, professionals and consultants.

Users have the right to obtain a list of all the data processors that may have been appointed by the Data Controller by sending a request to the Data Controller using the methods indicated in paragraph 7 below.

7. RIGHTS OF DATA SUBJECTS
Users may exercise the rights guaranteed to them by Applicable Law, by contacting the Data Controller, using the following methods:
– by sending a registered letter with return receipt to the registered office of the Data Controller: Viale Monza, no. 265, 20126 Milan;
– by sending a certified email to: pec@pec.refine.direct;
– by using the contact form, which can be found by clicking here.

Users can also contact the Data Protection Officer (DPO) of the Data Controller at the following email address: dpo@refine.direct

In accordance with Applicable Law, the Data Controller informs Users that they have the right to be informed about: (i) the origin of personal data; (ii) processing purposes and methods; (iii) the logic applied in the event of processing carried out with the aid of electronic tools; (iv) the identification details of the data controller and processors; and (v) the parties or categories of parties to whom personal data may be disclosed or which may become aware thereof, in their capacity as authorised parties or processors.

In addition, Users have the right to obtain:
a) the access to, updating, rectification or, where applicable, the integration of the data;
b) the deletion, transformation into anonymous form or restriction of the data processed in breach of law, including data which does not need to be stored in relation to the purposes for which it has been collected or subsequently processed;
c) proof that the procedures, as well as their content, under sections a) and b) have been brought to the attention of those to whom the data has been communicated or disclosed, except in the case where this obligation is impossible or involves the use of means clearly disproportionate to the right being protected.

Furthermore, Users have:
a) the right to withdraw consent at any time, where processing is based on consent;
b) the right (where applicable) to data portability (the right to receive all personal data concerning them in a structured, commonly-used and machine-readable format);
c) the right to object:
i) in whole or in part, for legitimate reasons to the processing of personal data, even if pertinent to the collection purposes;
ii) in whole or in part, to the processing of personal data for the purpose of sending advertising material or direct sales, or for the purpose of market research or commercial communications;
iii) if personal data is processed for direct marketing purposes, at any time, to the processing of personal data for this purpose, including profiling to the extent to which it is connected to such direct marketing;
d) if Data Subjects consider the processing of their data to be in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they usually reside, in the Member State in which they work or in the Member State in which the alleged infringement took place). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, with headquarters in Piazza Venezia no. 11, 00187 – Rome (https://www.garanteprivacy.it/).
***
The Data Controller is not responsible for the updating of all the links that can be viewed in this Privacy Policy. Therefore, whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to in these links.