Pursuant to and in accordance with Regulation EU 2016/679 (hereinafter “GDPR”), G SHOP S.r.l. (hereinafter the “Company”), with registered office in Casalvieri (FR) - Via Colle Marracone, as the "Controller" of processing, would like to inform you that, in implementation of the obligations deriving from the above Privacy Regulation, it is required to provide you with certain information on the methods and purposes of processing your personal data, which may enter into the Controller's possession.
This information is only provided for the websites shop.gemar.it and www.gemar.it and not for any other websites which may be or are consulted by the user via the links present on the website. The information is intended for anyone who interacts with the pages of the website and, in particular, both those who use the website without registering and those who use the website and intend to register themselves on it.
Source of personal data and legal basis of processing
The personal data in the Company's possession is collected directly from the data subjects who access the website or who intend to register themselves on it. The data acquired will be processed in compliance with the Privacy Regulation, and also according to the principles of confidentiality, related to the performance of the activity, which the Company has always upheld.
The legal basis of processing personal data is the consent of the data subject to processing of his/her data for the purposes indicated hereunder.
Purposes of processing
The user's personal data will be processed for the following purposes:
a) purposes connected with supply of the services requested, including the online purchase of products and management of the order, and also performance of contractual and pre-contractual activities;
b) purposes connected with fulfilment of specific legal obligations;
c) sending of periodic newsletters for promotion of products and services by the Company;
d) invitations to events, workshops and Gemar days, organised by the Company, through the sending of letters, newsletters, advertising material, automatic communication systems, and also published on the Company social media;
Although it is not obligatory for the data subject to provide the data needed to pursue the purposes of points a) and b) above, this is essential and indispensable for the total or partial management of relations with customers and also for the fulfilment of legal obligations; refusal to provide said data will therefore make it impossible for the Company to carry out said activities.
Providing the data for the purposes of points c) and d) above is optional and requires your prior consent. However, your refusal to provide this data will prevent the Company from pursuing the purposes indicated, although this will have no consequences on the pre-contractual and contractual relations.
If the Company intends to use the personal data collected for another purpose incompatible with the purposes for which the personal data was originally collected or authorised, the Company will inform you beforehand, and you may deny or withdraw your consent.
Data processing methods
In relation to the above purposes, the personal data is processed using manual, IT and ICT tools which store, manage and transmit the data, solely for the purposes for which it has been collected and, in any case, in a manner to guarantee its security and confidentiality. In performance of processing activities, the Company undertakes to:
a)ensure that the data processed is precise and up-to-date, and immediately to incorporate any corrections and/or supplements requested by the data subject;
b) inform the data subject of any personal data breaches, in the times and in the cases contemplated by current regulations;
c) guarantee that processing operations comply with applicable laws.
The Company also processes the personal data acquired in accordance with principles of propriety, lawfulness and transparency. In accordance with the Privacy Regulation, the Company configures or, in any case, undertakes to configure the information systems and computer programs to reduce use of the personal data to a minimum, in order to exclude its processing when the purposes pursued could be achieved, respectively, through the use of anonymous data or appropriate methods which allow the data subject to be identified only if the need arises.
Categories of parties to whom the data may be disclosed
In order to pursue the above purposes, the Company may need to disclose your personal data to the following parties:
- parties which perform distribution activities for the Company and also partners of the Company;
- companies supplying marketing consultancy services.
The parties in the above categories may be appointed as data processors or may operate totally independently as separate Data Controllers.
Further information on the third parties in the above categories and also disclosure of the data to them and the methods of obtaining copies of the data is available on request.
Your personal data may also be provided to the judicial authorities and/or law enforcement agencies, on their specific request, for purposes of identification of the authors of any illegal acts committed against the Company.
At the Company itself, only employees and collaborators, including external collaborators appointed to process it, will learn your personal data.
Personal data storage policy
The Company keeps the personal data acquired in its systems in a form which allows identification of the data subjects only for the period of time it takes to achieve the purposes for which it has been processed or to satisfy specific regulatory or contractual obligations and, in any case, it is specified that the personal data of users who have registered on the website will be kept for the entire duration of the contractual relationship and also for 2 years after the last activity performed by the user on the website.
Rights of the data subject
We also inform you that, pursuant to the Privacy Regulation and, in particular, arts. 15-22 of the GDPR, the data subject may exercise specific rights by contacting the Controller, including:
a) Right of access: right to obtain from the Controller confirmation of whether or not processing of the personal data is taking place and, in that case, to obtain access to the personal data and to further information on the origin, purposes, categories of data processed, the recipients and/or transfer of the data, etc.
b) Right of rectification: right to obtain from the Controller the correction of imprecise personal data without unjustified delay, and also supplementing of incomplete personal data, also providing a supplementary declaration.
c) Right of erasure: the right to obtain from the Controller the erasure of the personal data without unjustified delay, if:
- the personal data is no longer necessary for the purposes of processing;
- the consent on which processing was based has been withdrawn and no other legal basis for processing exists;
- the personal data has been processed illegally;
- the personal data must be erased to satisfy a legal obligation.
d) Right to object to processing: the right to object at any time to processing of personal data for which the legal basis is a legitimate interest of the Controller.
e) Right to limit processing: the right to obtain from the Controller limitation of processing, in cases in which the preciseness of the personal data is disputed (for the period necessary to the data processor to check preciseness of said personal data), if processing is performed illegally and/or the data subject has objected to processing.
f) Right to data portability: the right to receive the personal data in a structured, commonly used and machine-readable format and to transmit said data to another controller, only in cases in which processing is based on consent and solely data processed using electronic instruments.
g) Right to submit complaints to a supervisory authority: without prejudice to any other administrative or jurisdictional recourse, a data subject who believes that processing of his/her data breaches the Privacy Regulation is entitled to submit a complaint to the supervisory authority of the Member State in which they reside or habitually work, or the State in which the alleged breach has occurred.
If processing is based on consent, the data subject may withdraw any consent given at any moment, but the processing performed up until that moment remains lawful.
A data subject who wants further information on processing of his/her personal data, or to exercise the rights indicated above, may send a registered letter with acknowledgement of receipt to the Data Protection Officer ( DPO), domiciled for these functions at the registered office in Casalvieri (FR)- Via Colle Marracone. Further information may be requested via e-mail: firstname.lastname@example.org.