Privacy Policy



This document governs the processing of personal data of natural persons who receive a service from the Data Controller, as defined below, in the context of a commercial relationship with the same (hereinafter, ” Interested in the processing “). The personal data relating to the Data Subjects of which the Data Controller becomes aware (hereinafter, ” Personal Data “) are processed in accordance with Regulation (EU) 2016/679 on the processing of personal data (hereinafter, ” Privacy Regulation “Or ” GDPR “), to the national legislative measures adopted in execution of the Privacy Regulation, to the measures and codes of conduct issued by the European Committee for the protection of data and by the Italian Guarantor for the protection of personal data and by any other legislative provision in force and / or which should be subsequently issued (hereinafter, collectively, the ” Privacy Law “). 


Personal Data : these are data relating to natural persons communicated to the Company. By way of example but not limited to: name, surname, place and date of birth, address of residence and domicile, place of work, company name, VAT number, tax code, landline or mobile phone number, fax number , e-mail address, PEC address, employer company, role and / or company classification, bank details, etc. It should be noted that Personal Data may relate to natural persons connected to the Entity and to subjects connected to it (eg customers, suppliers, employees, etc.)

Particular data : data relating to criminal convictions and offenses: these are the so-called “judicial” data, ie those that can reveal the existence of certain judicial measures subject to registration in the criminal record (for example, definitive criminal convictions, conditional release, prohibition or obligation to stay, alternative measures to detention) or the status of accused or suspected person.

Data Controller: natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data.

Data subject : the natural person to whom the personal data being processed refer 

  • What data is collected and how

Data subject to processing and methods of acquisition

RIVEMAC Srl  processes your personal data voluntarily provided by you (verbally, by business card, e-mail, delivery of documents, through the website of the owner, etc.).

The Company will process your personal data in compliance with the GDPR, assuming that they refer to you, your company or third parties, including your family members, who have expressly authorized you to provide them on the basis of an appropriate legal basis that legitimizes the processing of data in question. With respect to these hypotheses, you act as an independent Data Controller, assuming all the consequent legal obligations and responsibilities. 

In this sense, you undertake to indemnify and hold RIVEMAC Srl harmless from any dispute, action or claim made against it by third parties whose personal data have been processed at your request and / or in execution of the mandate given to you.

Processing methods

The collection and processing of your personal data by the Data Controller takes place in compliance with the principles of lawfulness, correctness and transparency and in order to guarantee adequate security, including protection, by means of adequate technical and organizational measures, from unauthorized processing or tort and accidental loss, destruction or damage.

The data collected will be processed using electronic or in any case automated, IT and telematic tools, or using paper tools, with logic strictly related to the purposes for which such data were collected and, in any case, in order to guarantee their security in any case and to the time strictly necessary to achieve the purposes for which they were collected, without prejudice to the need to keep the data to respond to the obligations established by current legislation even after the termination of the processing operations or up to the time allowed by Italian law to protect the interests of the Owner.

Please see our page dedicated to cookies .

More information on the processing methods and storage times of your Personal Data can be obtained by writing to the Company at the addresses indicated in the following point 4. 

  • Who can receive, process or use personal data

 Data Controller

The Data Controller pursuant to the Privacy Law is RIVEMAC Srl 

Via San Gaetano, 10 – 31044 Montebelluna

+39 0423 600174

 Data Processors and other subjects to whom the Personal Data is disclosed

Without prejudice to the communications made in fulfillment of legal and / or contractual obligations, all your data collected and processed may be shared, exclusively for the purposes specified below, with the following categories of recipients:

  • employees and collaborators of the Data Controller, in their capacity as persons authorized to process personal data, who are committed to confidentiality or have an adequate legal obligation of confidentiality;
  • persons, companies, professional firms or other third parties with whom the Data Controller has relations necessary for the performance of its business for the purposes indicated above or by law, to whom a specific mandate has been entrusted and for the time necessary to achieve the purposes for which the data was collected, who typically act as the Company’s data processors;
  • Judicial or supervisory authorities, administrations, public bodies and organizations, in the exercise of their functions.

The Data Controller ensures that the processing of your personal data by the recipients indicated above takes place in compliance with current legislation.

Without the need for express consent, the Data Controller may communicate your data for the purposes listed above to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, banks and credit institutions, consultants and professionals, third parties in general. , including platforms that offer data storage and exchange services specifically indicated by you, as well as to those subjects to whom the communication is a legal or contractual obligation or is the fulfillment of your specific request, with the specification that these subjects will process the data in the their capacity as independent data controllers.

Place of data processing and any transfers

The processing of Personal Data takes place at the Company’s headquarters, as indicated in point 4 of this document and is handled by the Company’s staff in charge of processing. Personal data are not disclosed.

Legal basis and purpose of the processing

Your personal data will be processed for the purposes and related legal bases summarized in the following scheme.




Section I – Data processed without explicit consent

Fulfill the pre-contractual and contractual obligations deriving from the conferment of a professional assignment; as well as to satisfy any other request made by the customer; acquire preliminary information to the conclusion of the contract; fulfill the obligations deriving from the concluded contract; Provide a service or allow the supply of the same to Alacritas srl

The execution of a contract of which you or the company you represent is a party or the execution of pre-contractual measures adopted at your request, therefore the execution of pre-contractual and contractual obligations with respect to legal relationships established and / or being established with you ( article 6, par 1, letter b) GDPR).

Administrative and management purposes and for the fulfillment of obligations established by law (such as for example those of an accounting and tax nature or in the field of anti-money laundering), by a regulation, by community legislation or by an order of the Authority, to which the Data Controller is subject;

Fulfillment of a legal obligation to which the Data Controller is subject (articles 6, par 1, letter c) and 10 GDPR).

Purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their judicial functions;

Pursuit of the legitimate interest of the Data Controller (Article 6, par 1, letter f), GDPR).

Section II – Data

optional  conferment

  1. Logos of the Entity and personal data of the Entity’s employees for advertising purposes
  2. Use of anonymous data in aggregate form for statistical purposes, 

The interested party has given consent to the processing of his / her personal data or of the Entity represented for one or more specific purposes; pursuit of the legitimate interest of the Data Controller (article 6, par 1, letter a), GDPR).

The provision of your personal data or the Organization you represent for the purposes indicated in Section I) of the previous Table is mandatory . Any failure, partial or incorrect provision of data and / or any express refusal to their processing, will make it impossible for the Data Controller to follow up on your requests, to fulfill the contractual obligations deriving from the mandate given to him or from an obligation the law to which the Data Controller is subject or to the requests of the competent Authorities.

The provision of data for the purposes indicated in Section II) of the previous Table is optional , with the consequence that you may decide not to provide your consent, or to revoke it at any time after the provision.

On the occasion of the processing of your personal data, or of the Entity you represent, for the purposes illustrated in Section I) of the table above, the Company may become aware of particular categories of personal data. For these reasons, we ask you to give your explicit consent in writing to the processing of such data, specifying that you will have the right to withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation.

Data retention and transfer

Your personal data are stored on servers located at the headquarters of the Data Controller indicated in point 4, within the European Union. 

In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures from now on that the transfer of data to non-EU countries will take place in compliance with the applicable legal provisions.

The rights of the interested parties to the treatment

In accordance with the provisions of the GDPR, you have the right to exercise the following rights:

  1. right of access – obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, receive information relating, in particular, to: purposes of the processing, categories of personal data processed and retention period, recipients to whom the data can be communicated (article 15, GDPR);
  2. right of rectification – obtain, without undue delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data (Article 16, GDPR);
  3. right to cancellation – obtain, without undue delay, the cancellation of personal data concerning you, in the cases provided for by the GDPR (article 17, GDPR);
  4. right of limitation – obtain from the Data Controller the limitation of data processing, in the cases provided for by the GDPR (article 18, GDPR);
  5. right to portability – receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller, as well as obtain that the same are transmitted to another Data Controller without impediments, in the cases provided for by the GDPR (article 20, GDPR);
  6. right to object – oppose the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue the processing (Article 21, GDPR);
  7. right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal;
  8. right to lodge a complaint with the supervisory authority – lodge a complaint with the Guarantor Authority for the protection of personal data, based in Piazza di Montecitorio n. 121, 00186, Rome (RM).