PRIVACY INFORMATION BRIEFING
EU Regulation 2016/679
(European Regulation on mattes of the protection of personal data)
2) Identifying details of the Data Owner, Data Managers and Data Protection Manager
GENS AUREA SPA (Tax Code, VAT number and registration number on the Business Register 06702220960 with registered office in Osnago 23875, Via Mazzini, 24)
DATA PROTECTION MANAGER (Osnago 23875, Via Mazzini 24) email@example.com
3) Type of data processed
Visiting and consulting of the Website do not generally lead to the collection and processing of the user’s personal data apart from navigation data and the cookies as specified below. In addition to the so-called “navigation data” (see below), personal data voluntarily provided by users when they interact with the functionality of the Website or ask to use the services offered by the Website may be subject to processing. In compliance with the Privacy Code, Gens Aurea S.p.A. users’ personal data may also be collected by third parties in carrying out their activities.
Personal data provided by you
Most of the personal data are provided by you when you carry out searches, bookings, communicate with us through Tawk.to chat and communicate with the client service. For example, you provide personal data when: you search for a product, make a booking, provide personal data for the profile, communicate with us by telephone, email or in another way, fill in a questionnaire or a form to take part in a competition, use our services, compile a Wish List or other gift lists, take part in discussion groups or other community functions, write and assess reviews, request information and/or notification services. This is the data you provide us: your name, address and telephone number, contents of reviews and emails sent to us and conversations via chat.
Data collected automatically
4) Cookies and navigation data
Technical cookies are required for the proper functioning of a website or to enable the user’s navigation; without these, the user would not be able to properly view the pages or use certain services.
Profiling cookies have the task of creating user profiles for the purpose of sending advertising messages in line with the preferences displayed by the user during navigation.
Cookies can also be classified as:
_ “session” cookies, which are deleted immediately after closing the navigation browser;
_ “persistent” cookies, which remain inside the browser for a certain period of time. They are used, for example, to recognise the device that is connected to a site, facilitating the user authentication operations;
- “own” cookies, generated and managed directly by the provider of the website on which the user is navigating;
_ “third party" cookies, generated and managed by subjects other than the provider of the website on which the user is navigating.
5) Cookies used on the website
The Website uses the following type of cookies:
1) own, session and persistent cookies, required to enable navigation on the Website, for purposes of internal security and system administration;
6) How to disable cookies in browsers
Microsoft Internet Explorer 6.0, 7.0, 8.0
Safari on OSX
For all browsers, refer to the in-line help of the browser you are using.
7) Retention of personal data (Monday)
Personal data are retained and processed on computer systems managed by Tech Srl, Lungobisanzio 71 (GE) and 4D Sistemi Informatici Srl, Via F.lli Kennedy, 84 (PV), as providers of technical services; for more details, please refer to the section “Scope of accessibility to personal data" that follows. The data are processed exclusively by specifically authorised personnel, including the personnel assigned to carrying out extraordinary maintenance operations.
8) Purpose and methods of data processing
Gens Aurea S.p.A. may process the ordinary personal data of the user for the following purposes: use by users of services and functions on the Website, management of requests and notifications from its users, the sending of newsletters.
Moreover, with the additional, specific voluntary consent of the user, Gens Aurea S.p.A. may process personal data for marketing purposes, that is, to send the user promotional material and/or commercial communications concerning the products and services of the Company and/or third-party subjects with which the aforementioned Company has stipulated commercial and/or marketing agreements at the indicated addresses, statistical and market surveys, to check the level of user satisfaction and for any activity regarding the loyalty of the clients, both through traditional methods and/or means of contact (such as, snail mail, telephone with operator etc.) and automatic methods (such as, communications via internet, fax, email, SMS, applications for mobile devices such as smartphones and tablets - so-called APPS – social network accounts – for example, via Facebook or Twitter – telephone calls with automatic operator etc.).
Personal data are processed both on paper and in electronic form and entered on the corporate computer system in full compliance with the EU Regulation 2016/679, including the security and confidentiality profiles and following the principles of propriety and legality of the processing. In compliance with the EU Regulation 2016/679, the data are safeguarded and retained until obsolete with regard to the various purposes of use.
9) Security and quality of the personal data
Gens Aurea S.p.A. undertakes to protect the security of the user’s personal data and complies with the measure on security matters laid down by the applicable regulations for the purpose of avoiding loss of data, unlawful or illicit uses and unauthorised access to the data. Moreover, the computer systems and computer programmes used by Gens Aurea S.p.A are configure in such a way as to reduce to a minimum the use of personal and identifying data; these data are processed only for the attainment of the specific aims pursued. Gens Aurea Srl uses multiple advanced security technologies and procedures designed to favour the protection of the users' personal data; for example, personal data are retained on secure servers located in places with protected and controlled access. We undertake to protect the security of your personal data during sending by using the standard cryptographic protocol SSL for the information you enter.
The user can help Gens Aurea S.p.A. to update and keep their personal data correct by giving notice of any changes regarding their address, status, contact information etc.
10) Scope of communication and data access
The user’s personal data may be communicated to:
We use other businesses and physical persons to carry out certain activities on our behalf. For example, to fulfil bookings, deliver packages, send traditional post and emails, remove repetitive information from the client lists, analyse data, provide marketing assistance, provide results of searches and links, implement payments with credit cards and provide services to clients. These suppliers only have access to personal data that are necessary to carry out their tasks. They cannot use these data for other purposes and are also obliged to process the personal data in compliance with this information briefing on privacy and in accordance with the regulations applicable on matters of the protection of personal data.
We communicate data regarding the account and other personal data only in the case in which this is expressly required by law or the Authorities; in order to ensure compliance with or apply our General Condition of use and sale and other agreements; to protect our assets or rights, as well as the security of alfieristjohn.it, our users or other subjects. This includes the exchange of information with other co<mpanies and organisations that prevent fraud or reduce credit risk. Obviously, this does not include the sale, sharing or dissemination in any other way of personal data received from the clients for commercial purposes, in contrast with the undertakings adopted in this information briefing on privacy.
11) Nature of granting the personal data
The granting of certain personal data by the use is mandatory to enable the Company to manage the communications, requests received from the user or to respond to the user’s request that, otherwise, could not be fulfilled. The collection of other data is optional: failure to grant the data shall not lead to any consequences for the user.
The granting of personal data by the user for marketing purposes, as specified in the section "Purpose and methods of the processing", is optional and the refusal to grant them shall not have any consequences. The consent granted for marketing purposes shall be understood to extend to the sending of communications carried out through the contact method and/or means, both automated and traditional, as exemplified above.
12) Rights of the person concerned
12.1 Article 15 (right of access), 16 (right of correction) of the EU Regulation 2016/679
The person concerned has the right to obtain from the Data Controllers confirmation that processing of personal data that concerns them is underway or not and, if it is, of obtaining access to the personal data and the following information:
12.2 Right referred to in article 17 of the EU Regulation 2016/679 – right of deletion (“right to be forgotten”)
The person concerned has the right to obtain from the Data Controller the deletion of the personal data that concerns them without undue delay and the Data Controller is obliged to delete the personal data, without undue delay, if one of the following reasons exist:
a) the personal data are no longer required for the purposes for which they were collected or otherwise processed;
12.3 Right referred to in article 18 Right of limitation of the processing
The person concerned has the right to obtain from the Data Controller the limitation of the processing in the following cases:
12.4 Right referred to in article 20 Right to the portability of the data
The person concerned has the right to receive, in a structured format in common usage and readable by automatic devices, the personal data that concerns them and has the right to transmit these data to another Data Controller without impediment by the Data Controller.
The person concerned has the right to revoke consent to the processing of their personal data by sending a recorded delivery letter to the following address: GENS AUREA SPA, registered office in Osnago, Via Mazzini 24, accompanied by a photocopy of their identity document, with the following text: <<revocation of the consent to the processing of my personal data>>. At this end of this operation, your personal data shall be removed from the archives as soon as possible.
If you want further information on the processing of your personal data, or exercise the rights referred to in the previous point 7, you can send a recorded delivery letter to the following address: GENS AUREA SPA, registered office in Osnago, Via Mazzini 24. Before providing you with or changing any information, it may be necessary to verify your identity and answer certain questions. A reply will be given as soon as possible.
The person concerned has the right to lodge a complaint with the competent authority.