Rokh s.r.l., with registered office in Milan, Viale Monte Nero 82, VAT No. 10013720965 (“Rokh”), as Data Controller (“Controller”), wishes to inform users of this website (the “Website”) that browsing the Website and the “ROKH” service platform (the “Platform”), use of its functionalities, registration and access to reserved areas involve the processing directly by Rokh or through third parties of personal data such as: personal details, contact data, browsing data, access credentials and, where communicated by the ROKH Member, payment data (the “Personal Data”).
Specific policies regarding the processing of Personal Data related to the use of digital products offered by Rokh and the processing of Personal Data by third parties, are available to each ROKH Member in accordance with the “Membership Agreement” that will be signed with Rokh in order to access the Platform and its services.
Personal Data is processed exclusively to provide the user with a more fluid browsing experience of the Website, or to allow the user to use Rokh's services through the Website and, in the case of Membership, through the Platform (the “Services”). In particular, the processing purposes are the following: creation of credentials for access to reserved areas, user registration and authentication, contact in relation to issues closely related to the provision of Services (e.g. establishment of a pre-contractual relationship, technical support) and, with the user's consent, for marketing purposes, mailing list management and sending newsletters, payment management, management of contact and support requests, monitoring Service operation, the Website and, in the case of Membership, the Platform, as well as statistical browsing analysis.
Under no circumstances and for no reason will Personal Data be transferred or transmitted to third parties other than for that which is strictly necessary for provision of the Services, pursuit of the purposes set out above and/or provided for by law.
Personal Data may also be used by the Controller to defend a right in court or in preliminary stages related to the same, or provided to public authorities in response to a specific request.
Data acquisition and processing
Where the Personal Data requested from the user are identified as mandatory, failure to provide it will not allow provision of the Services. Failure to provide data indicated as optional, on the other hand, will not affect provision of the Services.
Personal Data acquired is processed through both automated and telematic systems as well as manually, in any case with methods and rationale strictly related to the purposes for which it was acquired. Processing by automated means - which do not include profiling - does not have any consequences other than those that data subjects can expect when providing their Personal Data when using the Website and/or the Platform, as well as express consent to use the Services.
Personal Data may be processed not only by the Data Controller but also by third parties (internal or external to the organisation of the Data Controller and in any case involved in provision of the Services) specifically appointed for this purpose and that put in place adequate technical and organisational measures for the protection of personal data. The complete list of data processors may be requested at any time from the Controller in the manner indicated below.
Without prejudice to the Controller's right to communicate Personal Data to its parent, subsidiary, associated and affiliated companies for the performance and/or optimisation of the Services and related ancillary services, Personal Data will be processed at the Data Controller's premises and in other places where activities instrumental to provision of the Services are carried out; in any case, the data will not be transferred and/or communicated outside the European Union. Further information may be requested at any time by contacting the Controller in the manner specified below.
Without prejudice to the rights of data subjects specified below, Personal Data will be retained for the period strictly necessary for performance of the activities instrumental to provision of the Services and, subsequently, for archive purposes for the Controller, in any case for a period not exceeding that provided for by the applicable legislation (e.g. with reference to technical browsing data, 7 days; with reference to marketing activities and sending newsletters, 24 months - it being understood that, in case of subscription to Membership, this period will start from the expiry, without renewal, of such Membership).
Rights of Data Subjects and user responsibilities
Those to whom the Personal Data refers (“Data Subjects”) have the right at any time to obtain confirmation of the existence of their data from the Controller, to access it and to request its correction or integration. Data Subjects also have the right to request the restriction, suspension or interruption of processing or deletion of their personal data where the processing is carried out in violation of the applicable legislation or where the data is no longer necessary for the purposes for which it was acquired. In the presence of legitimate reasons, Data Subjects may also object to the processing of their personal data or obtain the restriction thereof. Data Subjects have the right to the portability of their personal data.
All requests can be forwarded to the Data Controller at the following e-mail address firstname.lastname@example.org;
Data Subjects also have the right to lodge a complaint against the processing of their personal data with the data protection authority in accordance with the procedures established by the latter.
Users are responsible for the accuracy of the data of third parties that they provide and guarantee that they are fully entitled to communicate or disseminate it, releasing Rokh from any liability towards third parties and undertaking to hold Rokh fully harmless from any damage, burden, cost and/or penalty that it may incur due to violation by users of the above mentioned provisions.
Further policies regarding the processing of personal data may be provided to the user in relation to specific services or personal data processing activities.