Privacy Policy

STATEMENT ON THE PROCESSING OF PERSONAL DATA

With reference to the methods used for the management and processing of your personal data, as a user who consults this site, the Joint controllers providing the following information pursuant to Article 13 of EU Regulation No. 679/2016:

1. Types of data collected, purposes and legal basis for the processing operations

Browsing data

The information technology systems and software procedures that enable the functionality of the https://www.sustainableeurice.eu/ site acquire, during their normal utilisation, certain personal data the transmission of which is implicit in the use of internet communication protocols. This category of data includes the IP addresses or domain names of the computers used to access the site, the MAC (Media Access Control) addresses, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s information technology environment. These data are used for the sole purposes of compiling anonymous statistical information on the use of the site and to check its correct functionality, and are deleted immediately after processing. The data may be used to ascertain liability in the event of cybercrimes that cause damage to the site. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Article 6, section 1, letter b) of EU Regulation No. 679/2016 – i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The same data may also be used to ensure compliance with legal obligations or requests on the part of the judicial authorities. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Article 6, section 1, letter c) of EU Regulation No. 679/2016 – i.e. processing is necessary to comply with a legal obligation to which the Data Controller is subject.

Data that you supply voluntarily

Following the voluntary sending of email messages to the email addresses found on the site, the Joint controllers may process your email address (as the sender), and any additional personal data contained in the message, in order to respond, again by email, to the requests you have submitted. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Article 6, section 1, letter b) of EU Regulation No. 679/2016 – i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The same data may also be used to ensure compliance with legal obligations or requests on the part of the judicial authorities. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Article 6, section 1, letter c) of EU Regulation No. 679/2016 – i.e. processing is necessary to comply with a legal obligation to which the Data Controller is subject.

As the Data Subject, you are asked not to enter or send via the instruments provided on the site any “special data”, “biometric data”, “genetic data”, “data concerning health” or “data relating to criminal convictions and offences” as defined by the current legislation.

Any such data, if supplied by you, as the Data Subject, shall be immediately deleted.

Cookies

The site uses technical (session and browsing) cookies for the purposes of enabling the normal browsing and utilisation of the website (allowing, for example, authentication in order to access reserved areas). The site also uses third-party profiling cookies. For all information relating to the processing operations carried out on personal data through cookies, please see the full cookies statement, which can be reached on every page of the portal.

2. Period of data storage

Any personal data of yours that are collected and processed as a result of you browsing the site https://www.sustainableeurice.eu / shall be stored for the entire period of delivery of the service and shall be, in any case, deleted or rendered anonymous within 7 days. Any personal data that you send of your own volition through the instruments on the site shall be deleted after the requested service has been delivered or a response has been provided, and in any case within the maximum term of 15 days from the completion of said operations, with the exception of those data that are necessary to ensure compliance with fiscal, accounting and administrative regulations, or to comply with other legal obligations, and to document the operations carried out.

3. Methods of processing

Any personal data collected shall be processed, retained and analysed using electronic tools and shall be stored both in electronic format and in hard copy, organised into databases, and on any other appropriate type of media.

Specific security measures are implemented to prevent the loss, illegal or unfair use of the data, or unauthorised access to them.

The processing of your personal data carried out by Joint controllers does not involve any automated decision-making.

4. Disclosure of your personal data

The disclosure of the browsing data is required in order to supply the requested service (browsing of the site) and is, therefore, compulsory for that purpose. Failure/refusal on your part to provide your personal data shall make it impossible for Joint controllers to allow you to browse the site https://www.sustainableeurice.eu. The disclosure of your data for other purposes is optional: failure/refusal to provide your data for said other purposes shall not have consequences for you, but may make it impossible to provide you with the requested responses.

5. Parties to which your personal data may be disclosed

Any personal data of yours that have been collected shall not be disclosed indiscriminately, but may be communicated to those parties that have the right to access your personal data to ensure compliance with legal and secondary and/or EU regulations, and to the Joints controllers own personnel, and also to companies, associations or professional firms that provide services and operations on behalf of the Joint controllers, operating as Data processors, to ensure compliance with legal obligations, and for every other organisational and/or administrative requirement that is necessary to provide the requested services.

The names of the additional parties to which your personal data may be disclosed, operating as Data processors, are shown in an up-to-date list that can be requested from the Joint controllers (using the data indicated at Point 9).

6. Transfer of data outside the European Union or to international organisations

The Joint controllers shall not transfer your personal data, collected through https://www.sustainableeurice.eu site and the tools contained therein, to countries situated outside the European Union or to international organisations.

7. Links to third-party sites or services

This informative statement is applicable only to the processing operations carried out on personal data through this site or the instruments set aside for that purpose by the site, but it is not applicable to other sites that you may consult through links on this site; the managers of said linked sites operate as independent Data Controllers, responsible for the relevant processing operations. You are, therefore, invited – before accessing the services of third parties –to read their privacy statements carefully.

8. Your rights as the Data Subject

In relation to the aforementioned processing operations carried out on your personal data, you are entitled to exercise at all times those rights set out by EU Regulation No. 679/2016 (GDPR), including, for example, the right to be informed as to:

– the origin of any personal data held that concerns you;

– the purposes and methods of the processing operations;

– the logic applied in the case of processing operations carried out using electronic instruments;

– the identification of the Data Controller, the Data Processors and the designated representative.

As the Data Subject, you have the right to obtain:

– access to the data, and their updating, rectification or (where in your interest) completion;

– the erasure, transformation into anonymous form or blocking of access to any data processed in breach of the law;

– the limitation of the processing of those data that concern you, or to request that the Data Controller or the Data Processor reduce the purposes and/or methods for/with which your data are being processed.

You can also request a copy of your data in a standard format (the so-called “Right to data portability”).

As the Data Subject, you also have the right to object, at any time and at no cost, wholly or partially:

– for legitimate reasons, to processing of your personal data, even if the processing operations are still relevant to the purpose for which the data were collected in the first place;

– to processing of your personal data carried out pursuant to Article 6, Paragraph 1 of the GDPR, Letters e. (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) or f. (“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”) including profiling on the basis of these provisions;

– to processing of your personal data for the purposes of sending advertising or direct sales material or for the completion of market research or commercial communications (direct marketing), including any relevant profiling operations.

You have the right to withdraw your consent for the processing operations when that consent is based on the circumstances described  by Article 6, Paragraph 1, Letter a. (when “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), or by Article 9, Paragraph 2, Letter a. (when “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”) of EU Regulation No. 679/2016, at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Should you consider the processing operations to have been carried out in breach of current legislation, you have the right to lodge a complaint with a supervisory authority, specifically in the Member State in which you habitually reside or work, or the Member State where the alleged breach has taken place. The Italian supervisory authority can be contacted using the contact data on its own website.

9. Joint Controllers– Contact data

Joint controllers are Ente Nazionale Risi, with its registered offices at Italy, San Vittore 40, 20123 Milano (MI), Italian VAT Registration no. 03036460156, in the person of its pro tempore legal representative, Casa do Arroz with its registered offices at Portugal Paul De Magos, Salvaterra De Magos 2120-014 in the person of its pro tempore legal representative, and Syndicat de Rizicolteurs de France with its registered offices at France, Mas Du Sonnaillier, 80, VC 108 Route De Gimeaux, Arles 13200 in the person of its pro tempore legal representative.

A copy of the abstract of the joint controller agreement is available upon request.

Ente Nazionale Risi can also be contacted at the following e-mail address info@enterisi.it and at the certified email address entenazionalerisi@cert.enterisi.it.

In order to exercise the rights listed above, the interested party may make a request using the e-mail account rpd@enterisi.it.

Casa do Arroz can also be contacted at the following e-mail address casadoarroz.oi@gmail.com.

Syndicat de Rizicolteurs can also be contacted at the following e-mail address srff@riziculture.fr

The Joint controllers reserve the right to update this statement on the processing of personal data.

10. Data protection officer

Ente Nazionale Risi has appointed a Data Protection Officer (hereinafter also referred to as ‘DPO’) can be contacted, also for the exercise of the data subject’s rights, at the following addresses. mail: rpd@enterisi.it – tel: +39.02-8855111.