Raben logo

Privacy Policy


The interested parties (pursuant to Article 4, paragraph 1 of the GDPR) are informed of the following general profiles, valid for all areas of processing:

  • all data are processed in compliance with current privacy regulations (EU Reg. 2016/679 and Legislative Decree 196/2003, as amended and supplemented by Legislative Decree 101/2018);
  • all data are processed in a lawful, correct and transparent manner towards the interested party, in compliance with the general principles provided for in Article 5 of the GDPR
  • specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access (GDPR, Art.32).


The Data Controller is the undersigned Company (in the person of the pro-tempore legal representative) who can be contacted for any request regarding privacy or to exercise the rights listed below, at the following addresses:



Name: Raben SITTAM Srl

Email: info.rabensittam@raben-group.com



Name: Galli Data Service Srl

Email: dpo@gallidataservice.com


  • Right to request the presence and access to personal data concerning the interested party (Article 15 "Right of access")
  • Right to obtain the rectification / integration of inaccurate or incomplete data (Article 16 "Right of rectification")
  • Right to obtain, if there are justified reasons, the cancellation of data (Article 17 "Right to cancellation")
  • Right to obtain the limitation of processing (Article 18 "Right to limitation")
  • Right to receive the data concerning the interested party in a structured format (Article 20 "Right to portability)
  • Right to oppose the processing and automated decision-making processes, including profiling (Articles 21, 22)
  • Right to revoke a previously given consent;
  • Right to submit, in case of non-response, a complaint to the Data Protection Authority.


4.1 Subject of the treatment

The company processes personal identification data of customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and their operational contacts (name, surname and data contact) acquired and used in the supply of the products / services provided


4.2 Purpose and legal basis of the processing

The data is processed for:

  • conclude contractual / professional relationships and provide the related services;
  • fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
  • fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
  • exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; the ordinary internal needs of an operational, managerial and accounting nature).

Failure to provide the aforementioned data will make it impossible to establish a relationship with the Owner. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes (eg: marketing communications, photo / video content production, etc.), a specific consent will be requested from the interested parties.


4.3 Methods of processing and storage time

The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations (usually coinciding with the relationship with the interested party, without prejudice to the extension in reference to the obligations of conservation of administrative documentation of business correspondence).


5.4 Scope of the treatment

The data is processed by internal subjects duly authorized and trained pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects who operate as managers or autonomous data controllers (eg consultants, technicians, banks, transporters, etc.). The data may be communicated to any subsidiary / associated companies for various reasons.

The data isnot subject to dissemination or transfer outside the EU (they may be subject to transfer outside the EU only in compliance with the conditions set out in Chapter V of the GDPR, aimed at ensuring that the level of protection of data subjects is not adversely affected "Art.45 Transfer on the basis of an adequacy decision, Art.46 Transfer subject to adequate safeguards, Art.47 Binding Corporate Rules, Art.49 Specific exemptions"). The data is not subject to automated processes that produce significant consequences for the data subject.



It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of significant changes, appropriate evidence will be given on the home page of the site for a suitable time. However, the interested party is invited to periodically consult this policy.

Last document update: July 2021.