Dear Data Subject, Riva Industria Mobili S.p.a. has great respect for the privacy of Users. The data that will eventually be communicated by the User through the Site will be treated with the utmost care and with all the tools designed to guarantee their security, in full compliance with current legislation protecting the confidentiality of data. We wish to inform you that the “European Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data, as well as the free flow of such data” (from now on “GDPR”) provides for the protection of individuals with regard to processing of personal data as a fundamental right. Pursuant to article 13 of the GDPR, therefore, we inform you that:

A. CATEGORIES OF DATA: the subject of the treatment may be your personal data such as:

a. Data collected automatically. The computer systems and applications dedicated to the operation of this website detect, during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable Users. The data collected includes the IP addresses and domain names of the computers used by Users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system, browser and IT environment used by the User, internet name service provider (ISP), date and time of visit, web page of origin of the visitor (referral) and exit.

b. Data provided voluntarily by the User. The voluntary and explicit sending of e-mails to the addresses indicated in the various access channels of this site does not imply a request for consent and involves the acquisition of the sender’s address and data, necessary to respond to requests, as well as any other data personal data included in the message. These data are intended to be voluntarily provided by the User at the time of requesting service provision. By inserting a comment or other information, the User expressly accepts the privacy policy, and in particular agrees that the contents inserted are freely disclosed to third parties as well. On the contrary, specific summary notice will be reported or displayed on the pages of the site set up for particular services on request (form). The User must therefore explicitly consent to the use of the data contained in these forms in order to send the request.

c. Cookies. The site uses cookies. The data collected thanks to cookies can be used to access parts of the site or for statistical purposes or to make the browsing experience more enjoyable and more efficient in the future, trying to evaluate User behavior and modify the offer proposition of content based on their behavior. For more information, a specific cookie policy is available.

d. Plug-ins. The site also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on your favorite social networks. These plug-ins are programmed so as not to set any cookies when accessing the page, to safeguard User privacy. Eventually cookies are set, if so provided by social networks, only when the User makes effective and voluntary use of the plug-in. Keep in mind that if the User browses being logged into the social network then he has already consented to the use of cookies conveyed through this site when registering with the social network. The collection and use of the information obtained through the

plug-in are governed by the respective privacy policies of the social networks, which you are kindly requested to refer to.

B. DATA CONTROLLER: the Data Controller is Riva Industria Mobili S.p.a. located in Via Milano, 137, 22063 Cantù (CO), VAT number 01404340133 and can be contacted by phone 0039 031.733094 or by email at privacy@riva1920.it.

C. SOURCE OF PERSONAL DATA: personal data owned by the Data Controller are collected directly from the Data Subject.

D. PURPOSE OF DATA PROCESSING AND LEGAL BASIS: the processing of your data has the following purposes and legal basis:

1.  For data collected automatically, the legal basis is the legitimate interest of the owner and the purpose is to guarantee and improve the web browsing experience.

2. For data provided voluntarily by the User, the legal basis is consent and, for sending emails to our addresses, the purpose is to be able to send responses to specific requests made by the User; for forms, the purpose is indicated in the specific notice.

3. For cookies and plug-ins: compare the specific cookies policy.

E. RECIPIENTS OF DATA: according to the listed purposes, your data may be disclosed to partners, consulting firms, private companies, third party technical service providers, hosting providers, IT companies, communication agencies,…

F. TRANSFER OF DATA TO THIRD COUNTRIES: this site may share some of the data collected with services located outside the European Union area. In particular through social plug-ins and the Google Analytics service. The transfer is authorized and strictly regulated by article 45, paragraph 1 of EU Regulation 2016/679, therefore it does not require specific authorizations

G. DATA RETENTION PERIOD: according to the “Retention limitation principle”, Article 5 of the GDPR, a check on the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically. In particular:

– the data collected automatically is processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular functioning, also for security purposes or according to the deadlines established by law.

– the data provided voluntarily by the User will be kept for a period of time not exceeding the achievement of the purposes for which they are processed or on the basis of the deadlines established by law.

H. RIGHTS OF THE DATA SUBJECT: each Data Subject  is always entitled to request the Data Controller to access, correct or delete his/her data, limit the processing or the possibility of objecting to the processing, requesting data portability, revoking consent to the processing of data, claiming these and other rights provided by the GDPR through a direct communication to the Data Controller. The Data Subject can also lodge a complaint with a supervisory authority.

I. OBLIGATION OR NOT TO PROVIDE PERSONAL DATA: the provision of your data is mandatory while browsing our website with regard to points D.1 and D.2 of the aforementioned purposes, to allow the correct provision of the service. The granting of consent for your data for point D.3 is optional and will not compromise the provision of the service in any way.

J. METHODS OF PERSONAL DATA PROCESSING: the personal data you provide will form the subject of processing operations in compliance with the aforementioned legislation and the confidentiality obligations which inspire the activity of the Data Controller. The data will be processed both with IT tools and on paper and on any other type of suitable support (eg. cloud systems, archiving systems and digital replacement storage, …), in compliance with adequate technical and organizational security measures provided for by GDPR.

K. FINAL NOTES AND UPDATE METHODS: the notice is provided only for this website and not for other websites that may be consulted by the User via links contained on this site. The notice may undergo changes due to the introduction of new regulations in this regard, the User is therefore invited to periodically check this page to stay updated on the latest legislative news. The previous versions of this notice can always be requested from the Data Controller.

L. AUTOMATED DECISION-MAKING: we do not use automatic decision-making processes.