Rasolo antichità di Rasolo Veronica (hereinafter "Rasolo Antichità") protects the confidentiality of personal data and guarantees
its necessary protection against any event that may put it at risk of violation.
As provided for by European Union Regulation No. 679/2016 (hereinafter "GDPR") and Article 13 in particular, please find
below the information required by law relating to the processing of your personal data.
Rasolo Antichità, in the person of its legal representative Rasolo Veronica, based in Saletto by Borgo Veneto (PD), Via Roma
n. 58, acts as the Data Controller and can be reached at firstname.lastname@example.org and collects and/or receives information
relating to you, such as:
- Contact details First name, last name, physical address, nationality, residential province and city, landline telephone
number and/or cell number, fax, tax ID number, email address(es)
- Banking information IBAN and banking/postal account information (except for Credit Card number)
- Internet traffic data Logs, originating IP address
Rasolo Antichità does not require you to supply so-called "private" data, that is, according to the provisions of the GDPR
(Art. 9), personal data:
- That identifies race or ethnicity, political opinions, religion or philosophy, or any union affiliation, nor any genetic
or biometric information used to uniquely identify a physical person, data associated with health or one's sex life, or sexual
In the event the services requested from Rasolo Antichità require the processing of this data, you will first receive specific
notification with a request for your consent.
The Data Controller has nominated a Data Protection Officer (DPO) who can be contacted for any information or requests:
Telephone number :
Why we need Your data (Art. 13, paragraph 1 GDPR)
The data is used by the Data Controller to fulfill the registration request and for the supply contract on the preselected
service and/or Product purchase, to manage and execute the contact requests forwarded by you, offer assistance, fulfill legal
and regulatory obligations demanded of the Data Controller in accordance with the activities performed.
In no case will Rasolo Antichità resell any of your personal information to third parties nor use it for any purpose not
In particular, your data will be processed for:
- a) Registration and contact information, and/or informational materials
Your personal data is processed to implement preliminary actions and those following a registration request, tomanage information
and contact requests, and/or to send informational materials, as well as to satisfy any andall other obligations arising
The legal basis for this processing is to provide the services relating to a request for registration, information and contact,
and/or the sending of informational materials, and to comply with legal requirements.
- b) Administering the contractual relationship
Your personal data is processed to implement preliminary actions and those following the purchase of a Service and/or a
Product, to manage the applicable order, to perform the Service itself and/or for production and/or shipping of the purchased
Product, the associated invoicing and payment management, management of any complaints, fraud prevention, as well as fulfillment
of any and all other requirements arising from the contract.
The legal basis for this processing is to provide the services relating to the contractual relationship and to comply with
- c) Promotional activities on Services/Products that are similar to those you have purchased (Clause 47 GDPR)
The Data Controller, even without your explicit consent, may use the contact information you provided for direct sales of
its own Services/Products, limited to those Services/Products that are similar to the ones included in the sale, unless you
- d) Business promotional activities on Services/Products that are different from the ones you purchased
Your personal data may also be processed for business promotional purposes, for market research studies involving the Services/Products
that the Data Controller offers, but only if you have authorized this processing and have not opposed it.
This processing may occur by the following automated methods:
- telephone contact
It can be done :
- if you have not withdrawn your consent for the use of your data;
- if processing is done through contact with a telephone operator, and you are not registered on the noncall registry as outlined
in Presidential Decree No. 178/2010;
The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely
withdraw at any time (see Section III).
The Data Controller, in line with the provisions of Clause 49 of the GDPR and through its providers (third parties and/or
recipients), processes your personal data involving traffic only to the extent strictly necessary and proportional to guarantee
security of the networks and the information. This means the capacity of a network or information system to block, at a given
level of security, any unforeseen events or illegal or malicious acts that would compromise the availability, authenticity,
integrity and confidentiality of the personal data stored or transmitted.
The Data Controller will immediately notify you if there is any risk of violation of your data, except for any obligations
noted in the provisions of Art. 33 GDPR associated with notifications of personal data violations.
The legal basis for this processing is to comply with legal requirements and the legitimate interests of the Data Controller
in undertaking processing for the purpose of protecting corporate assets and the security of the systems.
Your personal data may also be processed for profiling purposes (such as analyzing the transmitted data and the pre-selected
Services/Products, suggesting advertising messages and/or business offers in line with user selections) exclusively when
you have given explicit and informed consent.
The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely
withdraw at any time (see Section III).
- g) Fraud prevention (Clause 47 and Art. 22 GDPR)
Your personal data, except for private data (Art. 9 GDPR) or legal information (Art. 10 GDPR) will be processed to allow
controls for monitoring purposes and prevention of fraudulent payments. A negative result on these checks will render the
transaction impossible; you can, in any case, express your opinion, obtain an explanation or dispute the decision by outlining
your reasons to the email address email@example.com
Personal data collected only for anti-fraud purposes, which differs from the data needed for the proper performance of the
service requested, shall be immediately deleted upon termination of the verification phase.
The Services/Products offered by the Controller are reserved for those entities legally able, based on national regulations,
to satisfy contractual obligations.
The Controller, to prevent illegal access to its own services/products, implements preventive measures to protect its own
interests, such as checking tax identification numbers or, when necessary for specific Services/Products, the accuracy of
the identification data on the identification documents issued by the applicable authorities.
- i) Communication to third parties and categories of recipients (Article 13, paragraph 1 GDPR)
Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary to perform the
activities relating to the contract established, and to meet certain legal requirements, such as:
Categories of recipients Purposes
Categories of recipients Purposes
Third party providers for performance of services (restoration delivery/shipping of products, performance of additional
services, providers of networks and electronic communication services) associated with the requested service
- Credit and electronic payment institutions, banks/post offices
Managing deposits, payments, reimbursements associated with the contractual service
- External professionals/consultants and consulting firms
Fulfillment of legal requirements, exercising rights, protecting contractual rights, credit recovery
- Financial Administration, Public Agencies, Legal Authorities, Supervisory and Oversight Authorities
Fulfillment of legal requirements, protection of rights;
- Lists and registries held by Public Authorities or similar agencies based on specific regulations relating to the contractual
- Formally mandated subjects or those with recognized legal rights legal representatives, administrators, guardians, etc.
The Controller requires its own third party providers and Data Processors to adhere to security measures that are equal
to those adopted for you by restricting the Data Processor's scope of action to processing directly related to the requested
The Controller will not transfer your personal data to countries where the GDPR is not applicable (countries outside the
EU) except where specifically indicated otherwise, in which case you will be notified first, and if necessary asked for your
The legal basis for this processing is fulfillment of the services outlined in the established contract, compliance with
legal obligations, and the legitimate interests of Aruba S.p.a. to perform the processing necessary for these purposes.
- What happens when you do not provide your identification information as needed to perform the requested service? (Article
13, paragraph 2 (e) GDPR)
The collection and processing of your personal data is necessary to fulfill the service requests as well as to perform the
Service and/or supply the requested Product. Should you fail to provide your personal data as expressly required within the
order form or the registration form, the Data Controller will not be able to carry out the processing associated with managing
the requested services and/or the contract and the Services/Products associated with them, nor fulfill the operations dependent
- What happens when you do not provide the consent for processing personal data for the business promotionactivities on Services/Products
that are similar or different from those purchased?
When you do not give your consent to the processing of your personal data for these purposes, the processing will not be
implemented for these specific purposes, but it will not affect the performance of the requested services or those for which
you have already given your consent, if requested.
In the event you have given consent and later withdraw it or oppose the processing for business promotional activities,
your data will no longer be processed for these activities, although this will not create negative effects or consequences
for you or the services requested.
- How we process your data? (Article 32, GDPR)
The Controller makes use of appropriate security measures to preserve the confidentiality, integrity and availability of
your personal data, and requires the same security measures from third party providers and the Processors.
- Where we process your data?
Your data is stored in hard copy, electronic and remote archives located in countries where the GDPR is applicable (EU countries).
- How long is your data stored? (Article 13, paragraph 2 (a) GDPR)
Unless you explicitly express your own desire to remove them, but in compliance with the Public Safety Regulations R.D.
6 May 1940, n.635 (Art 247, Art.16) regarding data in the trade of antiques and precious objects, the personal data of the
interested party will be kept until they are necessary with respect to the legitimate purposes for which they are been collected.
In particular, the data will be stored for the entire duration of your registration and in any case for no longer than a
maximum period of 24 (twenty-four) months of inactivity, that is when, within this period, no access is recorded through
the registry, the data collected throught the website for the use of the same or for commercial promotion but in any case
for different services from purchase.
For data provided to the Controller for the purpose of continuous commercial promotion (sending newsletters, text messages
or other types of information on products / services) will be kept until the explicit request for cancellation by unsubscription
or by writing to firstname.lastname@example.org
and making an explicit request.
- What are your rights? (Articles 15 - 20 GDPR)
You have the right to obtain the following from the Data Controller:
- a) confirmation on whether your personal data is being processed and if so, to obtain access to your personal data and the
b) The right to obtain a copy of the personal data processed, again given that this right does not affect the rights and
freedoms of others; for extra copies requested by you, the Data Controller may assign a reasonable fee based on administrative
c) The right to edit any of your incorrect personal data from the Data Controller without unjustified delay
d) The right to have your personal data deleted by the Data Controller without unjustified delay, if there are the reasons
outlined in the GDPR, Article 17, including, for example, if the data is no longer needed for processing or if the data is
considered illegal, and again, if there are no conditions outlined by law; and in any case, if the processing is not justified
by another equally legitimate reason
e) The right to obtain limits on the processing from the Data Controller, in those cases outlined in Art. 18 of the GDPR,
for example where you have disputed the correctness, for the period necessary for the Data Controller to verify the data's
accuracy. You must be notified, within an appropriate time, even when the suspension period has passed or the cause of limiting
the processing has been eliminated, and therefore the limitation itself has been withdrawn
f) The right to obtain information from the Data Controller on the recipients who have received the requests for any corrections
or deletions or limits on the processing implemented, except when this is impossible or would create a disproportionate effort
g) The right to receive your personal data in a structured format, commonly used and readable by automatic devices
- The purposes of the processing
- The categories of personal data in question
- The recipients or categories of recipients that have received or will receive your personal data, in particular if these
recipients are in third party countries or are international organizations
- When possible, the anticipated storage period of your personal data or, if not possible, the criteria used to determine
- Whether you have the right to ask the Data Controller to correct or delete your personal data or the limits on processing
your personal data or to oppose the processing of the data
- The right to lodge a complaint with a supervisory authority
- In the event the data is not collected from you, all of the information available regarding its origin
- Whether there is an automated decision process, including profiling, and, at least in these cases, significant information
on the logic used, as well as the importance and consequences to you for this processing
- The suitable guarantees provided by the third party country (outside EU) or international organization to protect any
For further information and to send your request, contact the Data Controller at email@example.com
To guarantee that the rights noted above are exercised by you and not by unauthorized third parties, the DataController may
require you to provide other information necessary for this purpose.
- How and when can you oppose the processing of your personal data? (Art. 21 GDPR)
For reasons associated with your particular situation, you may at any time oppose the processing of your own personal data
if it is based on legitimate reasons or if it is done for business promotional activities, by sending a request to the Data
Controller at firstname.lastname@example.org
You have the right to have your own personal data deleted if the Data Controller has no legitimate reason prevailing over
such request (Public Safety Regulations R.D. 6 May 1940, n.635 Art 247, Art.16), and in any case, where you have opposed
the processing for business promotional activities.
- Who can you lodge a complaint with? (Art. 15 GDPR)
Without prejudice to any other ongoing administrative or judicial action, you may lodge a complaint with the applicable
supervisory authority of the Italian territory (Italian Personal Data Protection Authority), that is, with the agency that
performs its duties and exercises its rights within the member country where the GDPR violation occurred.
Any updates to this information shall be communicated in a timely manner and through suitable means, and will be notified
proceeding and after you have given your consent, if necessary.
General information, deactivation and cookie management
Cookies are data sent from the website and stored by the internet browser in your computer or other device (for example,
tablet or cellphone). Technical and third party cookies may be installed from our internet site or associated subdomains.
In any event, you can manage, that is, request general deactivation or deletion of the cookies by changing the settings on
your web browser. However, this deactivation may delay or block access to some parts of the site.
Settings to manage or deactivate cookies can change depending on the internet browser used. Therefore, to get more information
on the methods by which these operations are completed, we advise you to consult the manual for your specific device or the
"Help" function for your specific web browser.
The use of technical cookies, that is, those cookies needed to transmit communications over electronic communication networks,
or those cookies that are strictly necessary for the provider to fulfill the service requested by the customer, allows our
website to be used securely and efficiently.
Session cookies can be installed to allow access and permanence within the portal's reserved area as an authenticated user.
Technical cookies are essential for our website to work properly and are used to allow users to navigate normally and have
the possibility of using the advanced services available on our website. The technical cookies used are considered session
cookies, stored exclusively for the navigation period up until the browser is closed, while persistent cookies are saved
in the user's device until they expire or are deleted by the user. Our site uses the following technical cookies:
- Technical navigation or session cookies, used to manage normal navigation and user authentication;
- Functional technical cookies, used to memorize user personalization, such as, for example, language;
- Technical analytic cookies, used to recognize the way in which the user utilizes our website, in order to evaluate and improve
Profiling cookies may be installed by the Data Controller(s) using so-called web analytics software. These are similar to
those used to prepare detailed reports and real time analyses relating to information on: website visitors, originating search
engines, key words used, user language, and most visited pages.
They can also collect information and data such as IP address, nationality, city, date/time, device, browser, operating system,
screen resolution, navigation origin, pages visited and number of pages, visit duration, and number of visits made.
This data may be forwarded to each of the Aruba Group companies in accordance with and within the limits established by current