This personal data processing disclosure is provided in accordance with Art. 13 of Regulation (EU) 2016/679 (GDPR), to users visiting the website of River Systems srl, which can be accessed online at the landing page, corresponding to the home page of the company’s official site.

This policy only describes the management of the company’s official website and does not apply to external websites that the user may visit through links. Additional information can be obtained from various channels, divided according to topic. Other information about specific services may be obtainable on the website.


River Systems srl: Via Marco Polo, 33 – 35011 Campodarsego (PD)
Contact data:

PurposeLegal standingTime for which the data are kept
Administrative and accounting activities in general and for the fulfilment of legal obligations, regulations and the applicable national and supranational legislationNeed to fulfil legal obligations 
If necessary, to establish, exercise or defend the rights of the Data controller in courtLegitimate interest 
Possible contact request, thereby sending information you requestedPerformance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract [art. 6(1)(b) of Regulation]Contractual period and, after termination, for the ordinary statutory period of 10 years. In case of judicial litigation, and for the entire duration of the same, until clearance of the terms of practicability of the appeals.

After the expiry of the time limits above mentioned, the data are going to be destroyed, cancelled or anonymized, in accordance with the technical procedures for cancellation and backup.


Browsing data – Log files
You can access the website without having to provide any personal data. The information systems and applications on this website will, during the course of their normal functioning, record certain data (the transmission of which is implicit in the use of internet communication protocols) but which is not associated to directly-identifiable users. This data includes the IP addresses of users logging on to the site, URI (Uniform Resource Identifier) addresses, the time of the request and the numerical code indicating the status of the reply from the server (successful, error, etc.).

This information does not provide the user’s personal details and is not collected for the purposes of matching to identified data subjects. It is technical/digital data that is collected and used in aggregate, anonymous form to verify the proper functioning of the website and monitor its security, to improve service quality and to provide statistics about the use of the website, to verify responsibility for computer crimes against the website.

Data given voluntarily by the user
The voluntary, express sending of emails to the addresses indicated on the various channels on this website will mean that the sender’s/user’s address and data are stored in order to respond to the enquiry or provide the requested service. However, the data will be processed in accordance with the principles of fairness, lawfulness, transparency and protection of privacy, as indicated in the GDPR. In any case, before activating a certain service, appropriate information will be given and consent to the use of personal data will be obtained if required. This consent may be revoked at any time, whereupon the service in question may not be used. Failure to provide consent or revocation of consent will have no consequences except the impossibility of using the website and/or of accessing the required service or of obtaining more detailed information about the company’s activities. In any case, personal data may be processed if necessary to pursue a legitimate interest of the Data Controller or on the basis of a legal obligation. The obtaining of consent for the processing referred to above in relation to browsing data and log files is not necessary, as the data will be processed as a response to a legitimate interest (Recital 47 GDPR).

Conferment of the data
Apart from the information given in relation to browsing data, the provision of personal data by the data subject for the purposes described in the above paragraph, is optional. Non-provision of this data may result in the impossibility of using certain services supplied by the website.

Methods of data processing
The personal data will be processed by automated means for the time strictly necessary to fulfil the purpose for which it was collected, in accordance with the principles of legality, limitation of purpose and minimisation of data (Art. 5 GDPR) and in accordance with the obligatory periods prescribed by law. Specific safety measures will be observed to prevent the loss of data, illegal or unauthorised use, and unauthorised access.

Disclosure and/or dissemination of data
Your processed data will not be disseminated but may be disclosed to companies with legal connections to the company, in accordance with the limits of the GDPR. Personal data will be stored on servers within the European Union. In any case, it remains understood that the data controller, if necessary, can change the location of the server also outside Europe. In that case, the data controller can already assure that the transfer of the personal data outside Europe will be carried out in accordance with the provisions of the law, and only in accordance with the standard terms and conditions proposed by the European Commission and the user will be informed about that. Your data may be disclosed to third parties in the following categories:
– providers of services for the management of the information system used by the company and telecommunications networks (including email);
– service and consulting firms or companies;
– the competent authorities, to fulfil legal requirements and/or orders by public bodies, on request.

The parties mentioned in the above categories will act as Data Processor, or alternatively in full autonomy, as separate Data Controllers. A list of the data processors is kept up to date at all times and can be obtained from the Company’s offices. Any other communications or disclosures will only take place with your express consent

Possible existence of an automated decision process
The data controller informs the data subject that this website does not contain any automated decision-making processes, and in particular there is no profiling system.

This website and the Data Controller’s services are not intended for children under 16 and the Data Controller does not deliberately collect the personal details of minors. If the personal details of minors are involuntarily recorded, the Data Controller will promptly delete them at the user’s request.

Data subject’s rights
Data subjects have the right to receive information from the Company about the processing of their personal data, by sending an email to:

  • Right of access: we are clear and open about the data we collect and how we use it. You can contact us at any time by sending us an email to access the information in our possession.

  • Right of rectification: you have the right to obtain the rectification of any inaccurate or incomplete data, and to request its updating and/or modification.

  • Right to erasure (‘right to be forgotten’): send a request for the erasure of all your data and we will process your request within 30 days.

  • Right of limitation: you have the right to request that the data controller limits the processing of your data.

  • Right to data portability: at your request, we can export your data in a structured, commonly used and machine-readable format so that it can be transferred to a third party.

  • Right to object: you can unsubscribe at any time, from any of the specific uses that we make of your data (newsletters, automatic emails etc.).

  • Right to lodge a complaint: if you consider that your rights have not been respected, you can complain to the relevant authority according to the instructions published on the website or by mail to