PROTECTION OF PERSONAL DATA
On 27th April 2016, the European Union approved a major reform of the legal framework relating to the protection of personal data by adopting the "General Data Protection Regulation" (GDPR or Regulation), directly applicable in all Member States. The Regulation replaces Directive 95/46 / EC ("Data Protection Directive") and its application becomes mandatory beginning on the 25th May 2018, two years after its entry into force. Rebell understands Data Protection as a set of roles and responsibilities, internal rules, and methodologies, aimed at guaranteeing the management and mitigation of risks of the rights and freedoms of natural persons linked to the handling of personal data.
RIGHTS OF THE INTERESTED PARTY
EU Regulation 2016/679 (articles 15 to 23) gives interested parties the right to exercise specific rights. In particular, in relation to the processing of personal data, subjects have the right to ask Rebell AG:
- Right to access: You may ask Rebell AG to confirm if your personal data is processed and, and if yes, obtain access to your personal data;
- Right of rectification: You can demand that Rebell AG correct any inaccuracies in your personal data as soon as possible;
- Right to cancellation/deletion: You can, under certain circumstances, demand that Rebell AG delete your personal data (if this is in line with laws);
- Right to portability: You can, under certain circumstances, demand to get copy of your personal data in a structured format, commonly used and readable by automatic device from Rebell AG. You also have the right to transmit them to another data controller without asking Rebell AG;
- Right of limitation of handling: You can, under special circumstances, demand that Rebell AG limit the processing of your personal data;
- Right to object to processing: You can object at any time to the processing of your personal data; In this case, Rebell AG must stop any further processing your personal data, unless we prove the existence of binding legitimate reasons for proceeding with the processing that prevail over your interests, rights, and freedoms or, in the event of an investigation, exercise or defend your rights in a court of law.
DATA CONTROLLER AND DATA PROTECTION OFFICER
With this information on the processing of personal data ("Privacy Policy") and on the use of cookies ("Cookie Policy"), Rebell AG, with its registered office at Erlenweg 2, CH-6312 - tax number and VAT identification number CHE-466.057.671, as the data controller (hereinafter "REBELL" or the "Controller"), intends to inform about the methods of processing personal data and the use of cookies and, in particular, about the treatment related to the provision, collection and subsequent operations performed on the personal data of data subjects (hereinafter "Interested Parties"), i.e., the users (hereinafter "Users") who visit the website www.rebellgroup.com and interact with the services available through the websites mentioned. The responsible person in the sense of the EU-DSGVO, other data protection laws applicable in the member states of the EU and other provisions with data protection is:
REBELL AGPursuant to Art. 37 et seq. of the Regulation, the data controller has appointed a data protection officer (also referred to as DPO), who is based for assignment at the data controller's headquarters. Requests to exercise the above rights may be addressed by the data subject to:
Erlenweg 2
CH-6312 Steinhausen
Tax number and VAT identification number: CHE-466.057.671
Email: info@rebellgroup.com
REBELL AG
Erlenweg 2
CH-6312 Steinhausen
Email: data-protection@rebellgroup.com
PURPOSE OF THE TREATMENT
The request for data entry by the user in certain areas of the website entails the subsequent collection of some personal data of the interested party, which are necessary to respond to the requests of the same. Therefore, the personal data are collected directly from the interested party. The personal data of the interested parties are processed for the purpose of managing the services available on the website (such as services on request).
METHODS OF PROCESSING
With regard to the aforementioned purpose, the processing of data by the Data Controller is carried out on the basis of the principles of correctness, lawfulness, transparency and protection of the confidentiality and freedom of the data subject and using manual, information and telematic tools with a logic strictly related to the purposes themselves and, in any case, in order to guarantee their security and always in full compliance with the legislation in force on the protection of personal data.
LEGAL BASIS
The legal basis for the processing of personal data is the performance of a contract and the provision of the requested service.
VOLUNTARY PROVISION OF PERSONAL DATA
The provision of the personal data is voluntary. However, failure to provide the personal data for the purposes referred to above may result in the data controller being unable to provide its services to the data subject.
COMMUNICATION AND DISSEMINATION OF DATA
The personal data of the interested parties will not be disseminated. REBELL will not transfer personal data outside the European Union. In the context of the Data Controller's organization, personal data may only be processed by persons of the competent bodies entrusted with the performance of the individual processing activities. REBELL may only disclose the personal data of data subjects to third parties if this is necessary for the provision of its services. These persons have access to the personal data necessary for the performance of these functions (and cannot use it for other purposes) and are obliged to process the data in accordance with applicable law. The above suppliers will act as data processors appointed by REBELL and will be included in an updated list which can be easily and freely disclosed by sending a request to the address set out in this Privacy Policy. When sharing your personal data, we ensure the highest possible level of security. Therefore, your data will only be passed on to contractually obligated service providers and partner companies. In addition, your data will only be forwarded by us to bodies that are located within the European Economic Area and are therefore subject to strict EU data protection law or that are obliged to maintain a corresponding level of protection. A transfer of data to countries without an adequate level of data protection does not currently take place and is not planned.
PLACE OF DATA STORAGE
The personal data of the interested party will be stored on servers located within the European Union.
RETENTION PERIOD OF PERSONAL DATA
The personal data of the interested party collected for processing for the purposes referred to in paragraph 1 shall be kept for as long as necessary to search for the information requested. Subsequently, the personal data shall be kept for a period not exceeding the statutory limitation period in order to possibly assert or defend a right in court.