Privacy Policy

INFORMATION ON THE TREATMENT OF PERSONAL DATA

(European Regulations 2016/679 and Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2018)

The European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and the free circulation of such data (hereinafter "GDPR") and the Italian Legislative Decree of 30 June 2003, n.196 as amended of Italian Legislative Degree 10 August 2018 n.101 (hereinafter, together with the GDPR, "Personal Data Protection Regulations") provide for the protection of natural persons with regard to the processing of personal data. To this end, we inform you, pursuant to art. 13 of the GDPR, that the personal data you have provided to Gieffe Srl on the occasion of the purchase of product or interactions with the web services provided by Gieffe Srl will be processed in compliance with the Personal Data Protection Law and the resulting rights and obligations , and in particular that:

DATA CONTROLLER: the data controller, ("Holder"), is Gieffe Srl, with registered office in Via San Giuliano Nuovo n. 39 / A - Castelceriolo, Alessandria (AL) - Italy, P.I. and C.F. 01762490066, in the person of its legal representative pro tempore, can be contacted at the email address [email protected].

DATA PROTECTION OFFICER (DPO): the data protection officer appointed by the Data Controller is Goodridge Ltd, based in Dart Building Grenadier Road, Exeter Business Park, Exeter, Devon, EX1 3QF, United Kingdom, in the person of Paul Butterworth, contactable to the address [email protected]

TREATMENT: treatment means any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as collection, registration, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

PERSONAL DATA: for personal data ("Personal Data") means any information concerning an identified or identifiable ("interested") natural person that includes information and facts about the customer (for example: name, address, contact details, a identification number etc.), including those of a special nature pursuant to art. 9 of the GDPR (data on the general state of health, political, religious, philosophical or union opinions, membership of a trade union or a political party, information related to racial or ethnic origins, genetic data, biometrics intended to identify a natural person, data relating to the sexual life and sexual orientation of the person), ("Particular Personal Data") as well as those governed by Article 10 of the GDPR (personal data relating to criminal convictions and offenses).

PURPOSE OF THE TREATMENT: the Owner will process the Personal Data, including the Personal Data Details and those governed by the art. 10 of the GDPR, communicated directly by you as interested in the request for the provision of a service offered (product supply) by the Owner, for the purpose of carrying out the activity necessary for the provision of the said service and the management of the related practice , as well as for the fulfillment of the related obligations provided for by the relevant legislation.

METHOD OF TREATMENT: the Personal Data collected are stored, and more generally treated, both with IT and telematic tools, both on paper, and on any other type of suitable support, in compliance with adequate technical and organizational security measures provided by the GDPR . These data will not be transferred abroad and will be processed in compliance with the Personal Data Protection Regulation (GDPR) and the confidentiality commitments to which the activity of the Data Controller is based. We also inform you that such data will be processed and archived with the aid of dedicated software in compliance with the regulations in force.

DATA RECIPIENTS: as part of the aforementioned purposes, they may have access to Personal Data (including Personal Details and data governed by Article 10 of the GDPR) concerning you, the employees or collaborators of the Data Controller who need them performance of their duties, or by virtue of their position, or other suppliers of services who have been appointed as controllers, or have been authorized to do so. The Data Controller remains available to provide, at your request, the names and contacts of the Data Processors and of the independent data holders who may process your Personal Data. Always within the limits relevant to the purposes of processing indicated and based on the type of consent given, your Personal Data may be disclosed to all those subjects whose knowledge is essential for the performance of the service requested (Social Security Bodies, qualified entities in execution of specific legal obligations, judicial and administrative authorities, etc.). Your Personal Data will not be disseminated in any way.

PERIOD OF CONSERVATION: the data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed ("conservation limitation principle", Article 5 of the GDPR) or on the basis of the deadlines established by law, prescription terms and in any case no later than 10 years from the termination of the relationship for the purposes of the treatment indicated above.

RIGHTS OF THE INTERESTED PARTY: the interested party is always entitled to request the Data Controller a) access to his data (art.15 of the GDPR), b) the correction (article 16 of the GDPR), c) the cancellation of the data ( Article 17 of the GDPR), d) the limitation of processing (Article 18 of the GDPR), e) information about the recipients of personal data (Article 19 of the GDPR), f) to request data portability (art 20 of the GDPR), also has the right to oppose the treatment (Article 21 of the GDPR), and h) not to be subjected to a decision based solely on automated processing (Article 22 of the GDPR), relying on these and the other rights provided by the GDPR through a simple communication to the Owner. In any case, the interested party has the right to withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation. The appropriate application must be submitted by contacting the Data Protection Officer (DPO) or directly at the Management of Gieffe Srl through the contacts indicated above for the Data Controller and the DPO. At your request, the Owner remains available to provide you with a copy of the aforementioned articles and explain them in detail. In the event of a dispute, the interested party has the right to propose a complaint to a supervisory authority, for the Italian territory, the Guarantor for the Protection of personal data that can be contacted directly through the website www.garanteprivacy.it.

LEGAL FOUNDATION OF THE TREATMENT AND CONSEQUENCES OF A REFUSAL: provided that you will only be required to provide the Personal Data necessary to perform the provision or service mentioned above the provision of such data is mandatory for these purposes and the lack of authorization to use them the execution and completion of the assignment for the provision of the requested service is impossible. For the processing of Personal Data Particular is asked a specific consent, necessary for the execution and improvement of the said task. The legal basis of the processing of Personal Data for the purposes indicated above, and specified in the paragraph "PURPOSE OF THE TREATMENT" that precedes, resides in the art. 6 paragraph 1. b) of the GDPR and with regard to the Particular Personal Data in the consent pursuant to art. 9 (2) a) of the GDPR. For personal data relating to criminal convictions and offenses governed by Article 10 of the GDPR the legal basis also resides in the other requirements indicated by the said art. 10.

PayPal transactions are subject to PayPal's privacy policy