ROKH s.r.l., with registered office in Milan, Viale Monte Nero 82, VAT No. 10013720965, (“Rokh” or “Controller”), in its capacity as data controller, wishes to inform the Rokh Member that the execution of the Membership Agreement entails the processing by Rokh, directly or through third parties, of personal data, namely: personal information, contact data, payment and invoicing data, job title, employment status and corporate powers (“Personal Data”). .

 

Purposes and legal basis of processing

Personal Data are processed for:

1. using services provided by Rokh and governed under the Membership Agreement, including the management of contact and support requests, as well as payments.
   For such processing, the legal basis is the performance of the Membership Agreement;
2. monitoring of the performance of the Platform through which the services subject-matter of the Membership Agreement are provided, including updates and implementation of security improvements and new functionalities on a continuous basis.
   For such processing, the legal basis is the legitimate interest of Rokh to implement improvements to the tools through which it provides the services subject-matter of the Membership Agreement; such interest does not violate the rights and freedoms of the Rokh Member, who can have a reasonable expectation of the proper functioning of the platform;
3. purposes of marketing, mailing list and sending of newsletter and “Rokh Tips” (legal updates and juridical best practice).
   For such processing, the legal basis is the consent by Rokh Member.
4. For the fulfilling of legal obligations, including upon request by public authorities.
   For such processing, the legal basis is the performance of legal obligations;
5. Personal Data may be processed also for the purposes of judicial defence or preparatory activities.

Under no circumstances the Personal Data will be assigned or communicated to third parties unless strictly necessary for the performance of the Services, the fulfilment of the purposes above and/or as required at law.

 

Modalities of collection and processing

Personal Data can be freely communicated by the Rokh Member.
Lack of communication of Personal Data will prevent the provision of Services or the execution of the Membership Agreement.
Personal Data are collected through both automated and telematic systems as well as manually, in any case through modalities and logics strictly related to the purposes for which they are collected. Processing through automated means – which does not include profiling – has no consequences for the data subject other than those the data subject may expect against communication of Personal Data in the context of use of the Platform, and upon agreement to use the Services. Personal Data can be processed by the Controller and by third parties (both internal and external to the organization of the Controller and anyway involved in the performance of the services, including, by way of example, IT service providers, accountants, legal and financial consultants) to such purposes individually tasked and which implement adequate technical and organizational measures for the protection of personal data. The full list of data processors can in any moment be requested by the Controller through the modalities indicated below.
Without prejudice to the Controller’s right to communicate data to its controlling, related or affiliate companies for the performance and/or improvement of the Services and services ancillary thereto, Personal Data will be processed within the Controller’s office and other premises wherein activities functional to Services are performed; in any event, the data will not be transferred and/or communicated outside European Union. Further information can be requested at any time by contacting the Controller in the modalities indicated below.
Without prejudice to the data subject rights as below, the Personal Data will be retained only for the period strictly necessary for the activities required for the performance of the Services and, afterwards, for archival purposes for the Controller, in any event for no longer than as set forth under applicable laws (e.g., with regards to the purposes under par. 2, let. C) above, 24 months, and for the purposes under par. 2, let. a) and let. e) above, the statutes of limitations at law.)

 

Rights of the data subject and responsibilities of the user

Rokh Member, as data subject, as the right to obtain confirmation on the existence of its data with the Controller, to access them and request correction or integration. The data subject has the right to request limitation, suspension or interruption of processing or cancellation of its personal data in case processing is performed against applicable law or in the event the data are not necessary anymore for the purposes they have been collected for. The data subject, in case legitimate grounds exist, can object the processing of data or request limitation thereof. The data subject has right to portability of its personal data. The data subject has the right to withdraw any consent given, without prejudice to the processing activities performed before the withdrawal. All requests to Controller can be sent at the following address:
e-mail privacy@rokh.it;
The data subject has also the right to raise a claim against its personal data processing with the Data Protection Authority (Autorità Garante per il Trattamento dei Dati Personali) according to the modalities set forth thereby.
Rokh Member is responsible for the correctness of third party data provided by it and warrants to be fully authorized to communicate and disseminate them, relieving Rokh from any liability towards third parties and undertaking to keep Rokh harmless and fully indemnified against and damage, charge, cost and/or sanction that may derive from breach by the user to the above.