Privacy policy
Information provided pursuant to articles 13 and 14 of EU Regulation 2016/679 (hereinafter referred to as the “GDPR” for brevity)
1. Data controller
The Data Controller is RD24 S.r.l., VAT no./Tax Code IT02595310208, with registered office at Via Principe Amedeo 37, 46100 Mantua (MN), in the person of its legal representative pro tempore, e-mail address privacy@johix.com (hereinafter also the “Controller”).
The Data Controller has appointed, pursuant to and for the purposes of art. 37 GDPR, a Data Protection Officer, who can be contacted at the following email address: dpo@johix.com.
RD24 S.r.l. decides autonomously on the purposes and methods of the processing of personal data (hereinafter, “Data”), as well as on the security procedures to be applied to ensure the confidentiality, integrity and availability of the Data.
2. Purposes of the Processing and data subjects of the Processing, Data Source
The Data will be processed (hereinafter, the “Processing”) for the purposes of requesting a quote for the signing of a contract with the Data Controller (hereinafter, the “Contract”) and, possibly, the signing and execution of the Contract.
Data subjects (hereinafter, the “Data Subjects”) may be natural persons acting as customers and users of the Data Controller's Website, as well as partners, directors, attorneys and legal representatives of legal persons acting as applicants for a quote for the signing of a Contract and, possibly, for the signing and execution of the Contract.
In relation to the aforementioned purposes of processing, the following types of data may be processed: personal details, contact details, company information, financial information, tax information and information from databases of the credit system (“SIC Databases”) that may be consulted by the Data Controller to evaluate, assume or manage a credit risk towards the interested party, as well as to assess the reliability and timeliness of payments made by the interested party, in accordance with the purposes set out in art. 3 of the Code of Conduct for information systems managed by private entities regarding consumer credit (“SIC Databases”), data relating to recovery or litigation activities, the transfer of credit or exceptional circumstances affecting the subjective situation or assets of companies, legal persons or other entities.
The Data may be collected directly from the Data Subjects, if so indicated in the forms available in relation to the request for a quote for the signing of a Contract; certain Data may also be acquired by the Data Controller from the commercial information databases and the SIC Databases available pursuant to law.
3. Legal basis of the Data Processing
The legal basis of the Data Processing is the consent of the Data Subject for the Data Controller to fulfil its pre-contractual and contractual obligations, pursuant to art. 6, letter b), of the GDPR; the provision of Data is optional, but failure to provide such Data will not allow the Data Subject to request quotes from the Data Controller or to sign the Contract.
With particular reference to the access by the Owner to the SIC Databases, it is specified that the legal basis lies in the legitimate interest of the Owner pursuant to art. 6, lett. f) of the GDPR.
The Data Controller's Data Processing does not involve any automated decision-making process.
The Data Subjects' Data Processing will be based on the principles of correctness, lawfulness and transparency and will take place both in paper form and with the aid of electronic tools, in a lawful manner and in compliance with the rules of confidentiality and security.
4. Processing methods
Data Processing is carried out mainly by electronic means by the Data Controller and by other parties who, having been suitably selected for their reliability and expertise, carry out operations that are instrumental to the pursuit of the Data Controller's business purpose.
5. Scope of Data Communication
The Data Controller's employees and/or collaborators in charge of managing the Data may become aware of the Data. These subjects, who have been instructed to do so by the Data Controller pursuant to art. 29 GDPR, will process the Data exclusively for the purposes indicated in this statement and in compliance with the provisions of the applicable legislation.
We also inform you that, for the purposes of requesting quotes and entering into a contract with the Data Controller, the Data Subjects may be asked to provide Data directly to third-party operating rental companies and online payment management companies that work in collaboration with the Data Controller: these subjects will process the Data of the Interested Party as autonomous Data Controllers, providing the Interested Party with suitable information and requesting express consent to the Processing of Data.
Furthermore, third parties may become aware of the Data and may process the Data on behalf of the Data Controller as external processors, such as, for example, IT and logistics service providers, outsourcing or cloud computing service providers, professionals and consultants.
The Data will not be disclosed to third parties, except in cases where disclosure is required by law or is necessary for purposes established by law, the pursuit of which does not require the consent of the Data Subject; in such cases, the Data may be made available to third parties who will process them independently and solely for the aforementioned purposes (for example, in the case of requests made by the police or judiciary or other competent bodies).
Furthermore, some of the information provided by the interested party, together with the information originating from his/her payment behavior regarding the relationship that may be established with the Data Controller, may be communicated by the Data Controller to the SIC Databases, according to the principle of reciprocity and exchange to which the Data Controller adheres for the purposes of processing through the SIC Databases.
6. Data Retention
Your Data will be retained for the time strictly necessary for the purposes of the processing. The Data Retention Policies adopted by RD24 S.r.l. are summarized in the following table:
| Type of Data | Purpose | Effect | Data Retention | Regulatory source |
| Personal and contact details | Preliminary contract preparation | Sending a quote request | 24 months from the sending of the request in case of failure to sign the Contract | Articles 1337- 1338 of the Italian Civil Code. |
| Personal and contact details | Execution contract | Contract subscripion | 10 years | Article 2220 of the Italian Civil Code |
| Personal and contact details | Newsletter | Registration | Withdrawal of consent | art. 5 lett. e) and 8 GDPR; art. 21 GDPR |
The SIC Databases consulted provide the following storage times:
| Financing request | No later than 6 months, if the preliminary investigation requires it, or no later than 3 months in case of rejection of the request or renunciation of the same |
| Default on two installments or two months, then remedied | 12 months from regularization |
| Longer delays also remedied by means of a transaction | 24 months from regularization |
| Negative events (i.e. arrears, serious defaults, non-performing loans) not resolved | No later than 36 months from the contractual termination date of the relationship or from the date on which the last update was necessary (in the case of subsequent agreements or other significant events in relation to the reimbursement). In any case, no later than 60 months from the termination date of the relationship, in the case of other significant events in relation to the payment. |
| Reports of those that took place in a positive manner (without delays or other negative events) | No later than 60 months from the date of termination of the relationship or expiry of the contract, or from the first update made in the month following these dates (in the case of simultaneous relationships with positive events and other relationships with unregularized negative events, the retention period for relationships with unresolved negative events applies). |
7. Data Transfer
The Data are processed by the Data Controller within the European Union; in the event that a transfer outside the European Union is necessary, it will take place in compliance with the rights and guarantees provided for by current legislation, and in particular in the presence of the conditions of adequacy of the country of transfer or in any case subject to the signing of agreements containing adequate contractual standards containing clauses approved by the European Commission for the protection of data.
8. Data Security
Specific security measures are observed by the Data Controller to prevent, in addition to unauthorized access to the Data, also its loss and illicit or incorrect use.
9. Your Rights
You have the right to:
- ask the Data Controller for access to the Data, to update, correct or delete the same, or limit or oppose their Processing;
- with regard to Processing based on the legal basis of consent, to revoke your consent at any time, without prejudice to the lawfulness of the Processing based on the consent given before the revocation;
- to lodge a complaint with the National Supervisory Authority, Garante per la Protezione dei Dati Personali;
- where applicable, to receive the personal data you have provided in a structured, commonly used and machine-readable format for the purposes of data portability.
To exercise the above rights, or for any other request concerning data processing, please contact us at the following email address: privacy@johix.com.
AUTHORIZATION TO PROCESS PERSONAL DATA
The interested party, having read the above information, consents to the processing of data by the Data Controller (in case of lack of consent it will not be possible to send the request for a quote to sign a contract or sign the contract)