Privacy policy

EU Regulation 2016/679

(European Regulation on mattes of the protection of personal data)

1) Introduction  

Gens Aurea S.p.A. takes the user’s privacy into serious consideration and undertakes to respect it. This privacy policy (“Privacy Policy”) describes the processing of personal data carried out by Gens Aurea S.p.A. through the website and the respective commitments assumed in this regard by the Company. Gens Aurea S.p.A. processes the personal data of users when they visit the Website and use the services and functions on the Website. In the sections of the Website where the user’s personal data are collected, a specific information briefing is usually published in accordance with 13/15 of the EU Regulation 2016/679. Where laid down by the EU Regulation 2016/679, the user’s consent shall be required before processing their personal data for marketing purposes. If users provide the personal data of third parties, they must ensure that the communication of the data to Gens Aurea S.p.A. and the subsequent processing for the purposes specified in the applicable privacy information briefing comply with the EU Regulation 2016/679 and the applicable regulations.

2) Identifying details of the Data Owner, Data Managers and Data Protection Manager

Gens Aurea S.p.A. (Tax Code, VAT number and registration number on the Business Register 06702220960 with registered office in Osnago 23875, Via Mazzini, 24)

DATA PROTECTION MANAGER (Osnago 23875, Via Mazzini 24)

3) Type of data processed

Visiting and consulting of the Website do not generally lead to the collection and processing of the user’s personal data apart from navigation data and the cookies as specified below. In addition to the so-called “navigation data” (see below), personal data voluntarily provided by users when they interact with the functionality of the Website or ask to use the services offered by the Website may be subject to processing. In compliance with the Privacy Code, Gens Aurea S.p.A. users’ personal data may also be collected by third parties in carrying out their activities.

Personal data provided by you

Most of the personal data are provided by you when you carry out searches, bookings, communicate with us through chat and communicate with the client service. For example, you provide personal data when: you search for a product, make a booking, provide personal data for the profile, communicate with us by telephone, email or in another way, fill in a questionnaire or a form to take part in a competition, use our services, compile a Wish List or other gift lists, take part in discussion groups or other community functions, write and assess reviews, request information and/or notification services. This is the data you provide us: your name, address and telephone number, contents of reviews and emails sent to us and conversations via chat.

Data collected automatically

We collect and analyse data such as, for example: the Internet Protocol (IP) address, used to connect your computer to the Internet, login, email address, password, information about the computer and connection such as browser type and version and time zone settings, types and versions of “browser plug-in”, operating system and platform, order history, data that we sometimes combine with similar information collected from other clients with the aim of creating functions such as "The most sold", the complete (including data and time) URL pathway (Uniform Resource Locator), the number of cookies, the products you have viewed or searched for, and any telephone number used to contact our client service. We may also use browser data such as cookies, Flash cookies (also known as Flash Local Shared Objects), or data of a similar kind collected through certain parts of our website in order to prevent fraud and other purposes. During some visits, it is possible that we may use software instruments such as Javascript for the purpose of assessing and collecting information on sessions, including page loading times, download errors, the duration of the visits to certain pages, information on the interaction with pages (such as scrolling, clicks and movement of the cursor on the pages) and methods used to leave the page. We may also collect technical information to help us to identify your device for purpose of fraud prevention and diagnostics.

4) Cookies and navigation data

The Website uses “cookies”. By using the Website, the user gives consent to the use of cookies in compliance with this Privacy Policy. Cookies are little files stored on the hard disk of the user's computer. There are two macro-categories of cookies: technical cookies and profiling cookies.

Technical cookies are required for the proper functioning of a website or to enable the user’s navigation; without these, the user would not be able to properly view the pages or use certain services.

Profiling cookies have the task of creating user profiles for the purpose of sending advertising messages in line with the preferences displayed by the user during navigation.

Cookies can also be classified as:

_ “session” cookies, which are deleted immediately after closing the navigation browser;

_ “persistent” cookies, which remain inside the browser for a certain period of time. They are used, for example, to recognise the device that is connected to a site, facilitating the user authentication operations;

- “own” cookies, generated and managed directly by the provider of the website on which the user is navigating;
_ “third party" cookies, generated and managed by subjects other than the provider of the website on which the user is navigating.

5) Cookies used on the website
The Website uses the following type of cookies:
1) own, session and persistent cookies, required to enable navigation on the Website, for purposes of internal security and system administration;

The Website may contain links to other websites (so-called third-party websites). Gens Aurea S.p.A. does not implement any access or control on cookies, web beacons and other tracking technologies of users that could be used by third-party websites that the user may access from the Website; Gens Aurea S.p.A. does not implement any control on contents and materials published by or obtained from third-party websites, nor on the respective methods of processing the user’s personal data, and expressly declines any respective responsibility for such eventualities. Users are obliged to check the privacy policy of third-party websites that they access through the Website and to find out about the conditions applicable to the processing of their personal data. This Privacy Policy is applied only to the Website as defined above.

6) How to disable cookies in browsers

Google Chrome

  • Click on the spanner icon on the browser’s bar
  • Select “Settings”
  • Click on "Show advanced settings"
  • In the “Privacy" section, click on the button “Content settings”
  • To enable cookies, in the “Cookie” section, select “Allow local data saving”. In this way, both first-party and third-party cookies will be enabled. To enable only first-party cookies, activate the item “Block third-party cookies and websites data”.
  • To completely disable cookies, select “Prevent websites from setting data”
  • Note that there are various levels of enabling cookies in Chrome. For more information on the settings of cookies on Chrome, refer to the following Google page:

Microsoft Internet Explorer 6.0, 7.0, 8.0

  • Click on “Tools” in the upper part of the browser window and click on “Internet Options"
  • Move to the “Privacy” tab
  • To enable cookies: Move the cursor on “Media" or lower
  • To disable all cookies: Move the cursor completely to the top
  • Note that there are various levels of enabling cookies on Internet Explorer. For more information on the settings of cookies on Internet Explorer, refer to the following Microsoft page:

Mozilla Firefox

  • Click on “Options” from the browser’s menu
  • Select the “Privacy" panel
  • To enable cookies: Select the item “Accept cookies from websites”
  • To disable cookies: Deselect the item “Accept cookies from websites”
  • Note that there are various levels of enabling cookies on Mozilla Firefox. For more information on the settings of cookies on Mozilla Firefox, refer to the following Mozilla page:


  • Click on “Settings” from the browser’s menu
  • Select “Quick settings”
  • To enable cookies: select “Activate Cookies”
  • To disable cookies: deselect “Activate Cookies”
  • Note that there are various levels of enabling cookies on Opera. For more information on the settings of cookies on Opera, refer to the following Opera Software page:

Safari on OSX

  • Click on “Safari" from the menu bar and select "Preferences"
  • Click on “Security”
  • To enable cookies: In the section “Accept cookies”, select “Only for the website I am navigating"
  • To disable cookies: In the section “Accept cookies”, select “Never”
  • Note that there are various levels of enabling cookies on Safari. For more information on the settings of cookies on Safari, refer to the following Apple page:

For all browsers, refer to the in-line help of the browser you are using.

7) Retention of personal data (Monday)

Personal data are retained and processed on computer systems managed by Tech Srl, Lungobisanzio 71 (GE) and 4D Sistemi Informatici Srl, Via F.lli Kennedy, 84 (PV), as providers of technical services; for more details, please refer to the section “Scope of accessibility to personal data" that follows. The data are processed exclusively by specifically authorised personnel, including the personnel assigned to carrying out extraordinary maintenance operations.

8) Purpose and methods of data processing

Gens Aurea S.p.A. may process the ordinary personal data of the user for the following purposes: use by users of services and functions on the Website, management of requests and notifications from its users, the sending of newsletters.
Moreover, with the additional, specific voluntary consent of the user, Gens Aurea S.p.A. may process personal data for marketing purposes, that is, to send the user promotional material and/or commercial communications concerning the products and services of the Company and/or third-party subjects with which the aforementioned Company has stipulated commercial and/or marketing agreements at the indicated addresses, statistical and market surveys, to check the level of user satisfaction and for any activity regarding the loyalty of the clients, both through traditional methods and/or means of contact (such as, snail mail, telephone with operator etc.) and automatic methods (such as, communications via internet, fax, email, SMS, applications for mobile devices such as smartphones and tablets - so-called APPS – social network accounts – for example, via Facebook or Twitter – telephone calls with automatic operator etc.).
Personal data are processed both on paper and in electronic form and entered on the corporate computer system in full compliance with the EU Regulation 2016/679, including the security and confidentiality profiles and following the principles of propriety and legality of the processing. In compliance with the EU Regulation 2016/679, the data are safeguarded and retained until obsolete with regard to the various purposes of use.

9) Security and quality of the personal data

Gens Aurea S.p.A. undertakes to protect the security of the user’s personal data and complies with the measure on security matters laid down by the applicable regulations for the purpose of avoiding loss of data, unlawful or illicit uses and unauthorised access to the data. Moreover, the computer systems and computer programmes used by Gens Aurea S.p.A are configure in such a way as to reduce to a minimum the use of personal and identifying data; these data are processed only for the attainment of the specific aims pursued. Gens Aurea Srl uses multiple advanced security technologies and procedures designed to favour the protection of the users' personal data; for example, personal data are retained on secure servers located in places with protected and controlled access. We undertake to protect the security of your personal data during sending by using the standard cryptographic protocol SSL for the information you enter.

The user can help Gens Aurea S.p.A.. to update and keep their personal data correct by giving notice of any changes regarding their address, status, contact information etc.

10) Scope of communication and data access
The user’s personal data may be communicated to:

  • all subjects whose right of access to these data is recognised by virtue of regulatory provisions;
  • our collaborators, employees, as part of their respective duties;
  • all those physical and/or legal persons, public and/or private, when the communication is necessary or functional to the conduct of our activities and in the ways and for the purposes illustrated above;

We use other businesses and physical persons to carry out certain activities on our behalf. For example, to fulfil bookings, deliver packages, send traditional post and emails, remove repetitive information from the client lists, analyse data, provide marketing assistance, provide results of searches and links, implement payments with credit cards and provide services to clients. These suppliers only have access to personal data that are necessary to carry out their tasks. They cannot use these data for other purposes and are also obliged to process the personal data in compliance with this information briefing on privacy and in accordance with the regulations applicable on matters of the protection of personal data.

We communicate data regarding the account and other personal data only in the case in which this is expressly required by law or the Authorities; in order to ensure compliance with or apply our General Condition of use and sale and other agreements; to protect our assets or rights, as well as the security of, our users or other subjects. This includes the exchange of information with other co<mpanies and organisations that prevent fraud or reduce credit risk. Obviously, this does not include the sale, sharing or dissemination in any other way of personal data received from the clients for commercial purposes, in contrast with the undertakings adopted in this information briefing on privacy.

11) Nature of granting the personal data

The granting of certain personal data by the use is mandatory to enable the Company to manage the communications, requests received from the user or to respond to the user’s request that, otherwise, could not be fulfilled. The collection of other data is optional: failure to grant the data shall not lead to any consequences for the user.

The granting of personal data by the user for marketing purposes, as specified in the section "Purpose and methods of the processing", is optional and the refusal to grant them shall not have any consequences. The consent granted for marketing purposes shall be understood to extend to the sending of communications carried out through the contact method and/or means, both automated and traditional, as exemplified above.

12) Rights of the person concerned

12.1 Article 15 (right of access), 16 (right of correction) of the EU Regulation 2016/679

The person concerned has the right to obtain from the Data Controllers confirmation that processing of personal data that concerns them is underway or not and, if it is, of obtaining access to the personal data and the following information:

  1. a) the purpose of the treatment;
  2. b) the categories of personal data in question;
  3. c) the recipients or categories of recipients to which the personal data have been or will be communicated, especially in the case of recipients in third-party countries or international organisations;
  4. d) the retention period of personal data envisaged or, if this is not possible, the criteria used to determine this period;
  5. e) the existence of the right of the person concerned to ask the Data Controller to correct or delete the personal data or the limitation of the processing of personal data that concern them or object to the processing;
  6. f) the right to complain to a control authority;
  7. h) the existence of an automated decision-making process, including profiling and, at least in certain cases, significant information on the logic used, as well as the importance and consequences involved in this processing for the person concerned.

12.2 Right referred to in article 17 of the EU Regulation 2016/679 – right of deletion (“right to be forgotten”)

The person concerned has the right to obtain from the Data Controller the deletion of the personal data that concerns them without undue delay and the Data Controller is obliged to delete the personal data, without undue delay, if one of the following reasons exist:
a) the personal data are no longer required for the purposes for which they were collected or otherwise processed;

  1. b) the person concerned revokes the consent on which the processing is based in compliance with article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), and unless another legal basis exists for the processing;
  2. c) the person concerned objects to the processing in accordance with article 21, paragraph 1, and there is no prevailing legitimate reason to continue with the processing, or the person objects to the processing in accordance with article 21, paragraph 2;
  3. d) the personal data have been processed illegally;
  4. d) the personal data must be deleted to fulfil a legal obligation laid down by the law of the European Union or the Member State to which the Data Controller is subject.
  5. f) the personal data were collected with regard to the offer of services of an information company referred to in article 8, paragraph 1 of the EU Regulation 2016/679

12.3 Right referred to in article 18 Right of limitation of the processing

The person concerned has the right to obtain from the Data Controller the limitation of the processing in the following cases:

  1. a) the person concerned disputes the accuracy of the personal data, for the period required for the Data Controller to check the accuracy of these personal data;
  2. b) the processing is unlawful and the person concerned objects to the deletion of the personal data and instead requests the use to be limited;
  3. c) although the Data Controller no longer needs the data for the purposes of the processing, the personal data are required by the person concerned for the confirmation, exercise or defence of a right in a legal forum;
  4. d) the person concerned has objected to the processing in accordance with article 21, paragraph 1, EU Regulation 2016/679 while awaiting the verification of the prevalence of legitimate reasons of the Data Controller over those of the person concerned.

12.4 Right referred to in article 20 Right to the portability of the data

The person concerned has the right to receive, in a structured format in common usage and readable by automatic devices, the personal data that concerns them and has the right to transmit these data to another Data Controller without impediment by the Data Controller.

  1. Revocation of consent to the processing

The person concerned has the right to revoke consent to the processing of their personal data by sending a recorded delivery letter to the following address: Gens Aurea S.p.A., registered office in Osnago, Via Mazzini 24, accompanied by a photocopy of their identity document, with the following text: <<revocation of the consent to the processing of my personal data>>. At this end of this operation, your personal data shall be removed from the archives as soon as possible.

If you want further information on the processing of your personal data, or exercise the rights referred to in the previous point 7, you can send a recorded delivery letter to the following address: Gens Aurea S.p.A., registered office in Osnago, Via Mazzini 24. Before providing you with or changing any information, it may be necessary to verify your identity and answer certain questions. A reply will be given as soon as possible.

  1. Right to apply to the Authority

The person concerned has the right to lodge a complaint with the competent authority.