Information pursuant to privacy policy.
(Art. 13 of European Regulation no. 679 dated 2016.)

Premise.
The following information is intended for all those who visit and interact with this e-commerce site of the company Rino GREGGIO Argenterie S.p.a., the so-called web store (“e-shop”), in which it is possible to purchase products online

Dear User,
The company Rino GREGGIO Argenterie S.p.a with registered office in Via Della Provvidenza 7/a 35030 Sarmeola di Rubano (PD), Fiscal Code and VAT Number 00891080285, as “Data Controller”, informs you, pursuant to Articles 13 and 14 of European Regulation no. 679/2016 (hereafter “EU Regulation”), that your data will be processed as indicated below:

1. Subject of processing

The Data Controller informs you that your personal and identification data (for example, name, surname, company name, address, telephone number, email address, bank and/or payment details, etc.), hereafter called “personal data” or even simply “data”, also acquired verbally, directly or through third parties in the past, as well as in the future, may undergo processing in full compliance with the EU Regulation. The Data Controller processes data legally, and specifically for the implementation of a contract of which you are part, or for the implementation of pre-contractual measures (e.g. preparation of an offer, etc.) requested by you (Art. 6 of the EU Regulation).

The processing of data implies any operation or set of operations concerning the collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. 

2. Legal basis and purposes of processing
Legal basis: EU Regulation no. 679/2016

A) Without your express consent (Art. 6 Letters b), c) and e) of the EU Regulation, for the following purposes:
– manage access to the e-shop services and facilitate the purchase of products online as well as to allow your registration to the e-shop and the possible conclusion of the purchase contract through the e-shop ;
– Fulfil pre-contractual, contractual and tax obligations arising from existing relationships with you;
– allow you to access the e-shop, even as a user who is not logged in, and to browse the e-shop;
– allow you to register on the Site, creating an account, and to use the services reserved for registered users, including, in particular, the ability to purchase through the e-shop;
– allow you to access the e-shop and browse the e-shop as a logged in user;
– maintain and manage your account;
– store data and information in your account, such as, by way of example, your personal data, the history of your orders and any returns, your preferred delivery and / or billing addresses;
– allow you to put the products in the cart and to conclude the purchase contract through the e-shop.
– execute the obligations arising from the purchase contract concluded through the e-shop, such as, by way of example, the delivery of the products sold;
– allow you to fulfill your obligations arising from the purchase contract concluded through the e-shop, such as, by way of example, the payment, including online, of the products purchased;
– for general assistance and customer care activities and therefore to respond to requests for information from users or to respond to complaints, reports and disputes;
– Fulfil obligations imposed by law, by a regulation, by EU legislation or by order of the Authorities (for example, anti-money laundering);
– Exercise the rights of the Data Controller, for example the rights to legal defence;
– For the keeping of general accounts;
– For administrative purposes (invoicing, document management, etc.);
– For credit management;
– For statistical and quality control analysis;
– For insurance operations;
– For technical assistance.
Specifically, your details will be processed for purposes connected with the fulfilment of the following requirements, related to legislative or contractual obligations:
– Technical and functional access to the website (no data is kept after closing the browser);
– Advanced navigation or personalised content management purposes;
– Navigation and user statistics and analysis.

B) Only with prior specific and clear consent (Art. 7 of the EU Regulation), for the following commercial and/or marketing and/or profiling purposes:
– The sending, by email, post and/or text message and/or phone, of newsletters, commercial communications and/or advertising material about products and services offered by the Data Controller and/or monitoring of the level of satisfaction on the quality of what was done at your request;
– The sending, by email, post and/or text message and/or phone, of commercial and/or promotional communications of third parties (for example, business partners).

3. Methods of data processing

The processing of your data is carried out by means of the operations indicated in Art 4 no. 2) of the EU Regulation, namely: the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, blocking. Your personal data is processed in both in paper and electronic and/or automated form (in any case suitable for ensuring the safety and confidentiality of data).

4. Duration of data retention and other information.

The Data Controller will process personal data for the time necessary to fulfil the above purposes and in any case not beyond the date provided for by the law for the discontinuation of the relationship for the purposes under the existing relationship (eg: the data necessary for the execution of the purchase contract up to the delivery of the product or, in case of non-delivery, up to the termination of the contract).
Personal data processed for Marketing and Commercial Purposes is stored in compliance with the principle of proportionality and in any case until the processing purposes have been pursued or until the person concerned revokes specific consent.
More specifically, the Data Controller will keep the data for no more than 2 years from the collection of data for Marketing Purposes and one year for the data collected for profiling Purposes.
The personal data provided by you will be processed “in a lawful manner according to the principles of correctness and transparency”, protecting your privacy and rights.
It is expected that a periodic check will be carried out on an annual basis on the data processed and on the possibility of being able to delete them if no longer necessary for the intended purposes.

5. Access to data

For the purposes under points 2.A) and 2.B) above, your data may be made accessible:
– To members, employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and/or internal data processing managers and/or system administrators;
– To third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processing managers (including: associated firms, lawyers, data processing companies, certification boards, accounting/tax consultants and in general any other body responsible for verifying and checking the proper fulfilment of the purposes indicated above, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, financial offices, municipal authorities and/or municipal offices, consultants and service companies and workplace safety companies who in turn may disclose the data, or provide access to the data in the context of their members, users and related assignees for specific market research. The data collected and processed may also be disclosed, in Italy and abroad, to subcontractors, suppliers, for the management of information systems, to transporters, freight forwarders and customs agents).
For the sake of brevity, the detailed list of the above entities is available at our offices and is at your disposal.

6. Data communication

Without the need for express consent (Art. 6, letters b) and c) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in paragraph 2.A) above to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as those parties to whom disclosure is mandatory by law to achieve the above-indicated purposes.
These parties will process the data in their capacity as independent data controllers.
During and after browsing, your data may be disclosed to third parties, in particular to:
– Google: Advertising Service, Advertising Coverage, Analytics/Measurement, Content Personalisation, Optimisation;
– Google AdWords: Advertising service, Advertising target, Analytics / Measurement, Content customization, Optimization;
– Google Analytics: Advertising Coverage, Analytics/Measurement, Optimisation.

Your data will not be disclosed.

7. Data transfer

Personal data is stored on devices located at the premises of the Data Controller or at providers within the European Union. In any case, it is understood that the Data Controller, if necessary, will also have the right to move data to non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
As regards the data present on its devices, and any data present at the provider, the Data Controller has implemented appropriate technical and organisational measures to ensure a suitable level of security, in full compliance with the provisions of Art. 32 of the EU Regulation.
Navigation: Your browsing data may also be transferred, limited to the purposes indicated above, to the following territories: – EU countries, – United States.
Cookie management: If you have doubts or worries concerning the use of cookies, you can always prevent them from being set or read, for example by modifying your browser’s privacy settings to block certain types of cookies.
Since each browser, and often different versions of the same browser, also differ significantly from each other, if you prefer to act independently through the preferences of your browser, you can find detailed information on the necessary procedure in your browser guide and in the Privacy Policy and Cookie Policy in the footer of our website.

8. Nature of data provision and consequences of refusal to answer 

The provision of data for the purposes under point 2.A) above is mandatory. Without this data, we cannot guarantee the services as indicated in point 2.A). (example: failure to communicate the data will therefore make it impossible for the user to conclude this contract and therefore to purchase through the e-shop).
Instead, the provision of data for the purposes under point 2.B) is optional. You may therefore decide not to provide any data and subsequently deny the possibility of processing data already provided. In this case, you will not receive newsletters, commercial communications and advertising material and/or anything else related to the services offered by the Data Controller.
You will still have the right to the services under point 2.A).

9. Rights of the interested party

As an interested party, you have the rights pursuant to Art. 15 of the EU Regulation as set out below and precisely:
1. The right to obtain from the Data Controller confirmation of whether or not your personal data is being processed, and in this case, to obtain access to the personal data and the following information:
a) The purposes of processing;
b) The categories of personal data concerned:
c) The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular if the recipients are from third countries or international organisations;
d) Where possible, the retention period of the personal data or, if this is not possible, the criteria used to determine this period;
e) The existence of the right of the concerned party to ask the Data Controller to rectify or erase the personal data or restrict processing of the personal data concerning you or oppose their processing;
f) The right to lodge a complaint with a supervisory authority (the Data Protection Authority);
g) If the data is not collected from the interested party, all information available regarding their origin;
h) The existence of an automated decision-making process, including profiling under Art. 22, Paragraphs 1 and 4 of the EU Regulation, and, at least in these cases, significant information about the logic used, as well as the importance and expected consequences of this processing for the interested party.
2. If your personal data is transferred to a third country or an international organisation, you have the right to be informed of the existence of adequate guarantees pursuant to Art. 46 of the EU Regulation concerning the transfer of data.
3. Upon your request, the Data Controller will provide you with a copy of your personal data being processed.
If you request further copies, the Data Controller may charge you a reasonable fee based on administrative costs. If you submit the request by electronic means, and unless you specify otherwise, the information will be provided to you in a commonly-used electronic format.
4. The right to obtain a copy pursuant to paragraph 3 shall not adversely affect the rights and freedoms of others.
Moreover, where applicable, you have the rights pursuant to Articles 16 to 21 of the EU Regulation and precisely have:
– The right to rectify personal data;
– The right to be forgotten (right to erasure);
– The right to restriction of processing;
– The right to data portability;
– The right to object;
– The right to complain to the Privacy Authority.
You also have the right to revoke at any time consent already given without prejudice to the lawfulness of processing based on the consent given prior to revocation.

10. Procedures for exercising rights

You can exercise your rights at any time by sending:
– a registered letter with return receipt to the writer (see the address indicated on the letterhead);
– an e-mail to info@greggio.it

11. Minors

What is offered by the Data Controller and the subject of the existing relationship with you does not provide for the intentional acquisition of personal information relating to minors. In the event that information on minors is unintentionally registered, the Data Controller will delete it in a timely manner, at the request of the interested party.

12. Personal data not obtained from the interested party

It may happen that the writer is not the Data Controller to whom you have given your personal data, but is the co-owner of data processing or is responsible for external processing, and therefore your data has ultimately come into the possession of the writer due to a contract that regulates the parties. In this case, it should be noted that the undersigned company will do everything possible to ensure that you have been informed and have given consent to processing. You can ask the writer at any time about how your data was acquired.

13. Data Controller and Persons in Charge

Below we provide you with information that we are required to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness towards people who visit our website is a fundamental part of our business.

Data Controller. The Data Controller of your personal data is Rino GREGGIO Argenterie s.p.a, on behalf of the legal representative, responsible towards you for the legitimate and correct use of your personal data, whom can be contacted for any information or request at the following addresses: phone +39 0498686299 email address: info@greggio.it
Persons in Charge. The updated list of persons in charge of processing is kept at the premises of the Data Controller.