Information on data processing, pursuant to the GDPR and the Privacy Code, as amended by Legislative Decree no. 101 of 10 August 2018, (ITALY).

WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation"), this page describes the methods of processing the personal data of users who consult the RIGGEN HEALTH S.r.l. website and make purchases through it.

Purpose of the processing.
The collection and processing of personal data are carried out in order to conduct:
1. the fulfillment of all operations imposed by regulatory obligations;
2. conclude sales contracts and perform the performance thereof;
3. carry out the obligations necessary to execute the contractual relationship established;
The customer's personal data will be processed for the entire duration of the contractual relationships established and also subsequently for the fulfillment of all legal obligations.

Processing methods.
The data is processed for the purposes set out using both automated methods, on electronic or magnetic media, and non-automated methods, on paper media, in compliance with the confidentiality and security rules provided for by law, the resulting regulations and internal provisions.

Place of processing.
The data is currently processed and archived at the undersigned's headquarters in Genoa, Via della Sirena 4-5, cap. 16145.
They are also processed, on behalf of the undersigned, by professionals and/or companies appointed to carry out technical activities instrumental to the services covered by the contract or management and administrative-accounting activities. The above subjects will use the data communicated to them as "owners" or "responsible" for the processing and they are required to use the data, according to current legislation, only to the extent necessary for the collaboration or service performed.

Mandatory or optional nature of the provision of data.
The provision of data is mandatory for the conclusion of the purchase contract, optional in other cases. Failure to provide data for the purposes of the purchase will make it impossible to execute the order placed.

Consequences of a possible refusal to provide data.
In cases where the provision of data is required by a regulatory or contractual obligation, any refusal would put Riggen Healt s.r.l. in the position of not being able to execute or continue the Contract as it would constitute unlawful processing.

Communication of data.
Without prejudice to the communications and disclosures made in compliance with legal obligations, the data relating to you may be communicated in Italy to:
▪Professionals and consultants, consulting firms, credit institutions;
▪Public and private bodies, also following inspections or checks such as, for example: Financial Administration, Tax Police Bodies, Judicial Authorities, Labor Inspectorate, Local Health Authority, Social Security Institutions, Chamber of Commerce, etc.;
▪Persons who can access your data by virtue of the provisions of the law.

Data retention periods:
The data provided will be stored in our archives according to the following parameters:
▪ For the activities of administration, accounting, orders, management of estimates, assistance and maintenance, shipping, invoicing, services, management of any disputes: 10 years as established by law by the provisions of art. 2220 C.C., without prejudice to any delayed payments of the fees that justify the extension;
▪ The data that are not essential for the activities of the preceding point cannot be used for other purposes and will be retained for the period necessary to carry them out. After this period, the data will be deleted or transformed into anonymous form.

Browsing data.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) ​​addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days.

Data provided voluntarily by the user.
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.

Cookies.
No personal data of users is acquired by the site in this regard.
No so-called persistent cookies of any kind, or systems for tracking users, are used.
Use is made of so-called session cookies (which are not stored persistently on the user's computer and disappear when the browser is closed) which is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. The so-called session cookies used on this site avoid the use of other IT techniques potentially prejudicial to the confidentiality of user navigation and do not allow the acquisition of personal data identifying the user.

Rights of the interested party.
At any time, you may exercise, pursuant to articles 15 to 22 of EU Regulation no. 2016/679, the right to:
a) request confirmation of the existence or otherwise of your personal data;
b) obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the retention period;
c) obtain the rectification and erasure of data;
d) obtain the limitation of processing;
e) obtain data portability, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without impediments;
f) object to the processing at any time and also in the case of processing for direct marketing purposes;
g) object to an automated decision-making process concerning natural persons, including profiling.
h) ask the data controller for access to personal data and the rectification or erasure of the same or the limitation of processing concerning him or her or to object to their processing, in addition to the right to data portability;
i) withdraw consent at any time without prejudice to the lawfulness of processing based on consent given before revocation;
j) lodge a complaint with a supervisory authority.

Data Controller and Data Processor.
The data controller is Riggen Healt S.r.l. with registered office in Genoa, Via della Sirena 4-5, cap. 16145.

Competent court.
The Contract is governed by Italian law.