Pursuant to the General Data Protection Regulation (EU Regulation 2016/679)
Dear data subjects, based on the legislation indicated, our processing will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and rights. Therefore, according to article 13 of GDPR 2016/679, Giusto Manetti Battiloro SpA provides the following information:
Website Browsing, E-Commerce Customer Data Management, Generic Marketing and Newsletter, Profiling for marketing purposes.
The categories of data subjects: Customers, Potential customers.
The categories of recipients:
The Data Subject’s data will be processed by the employees of the company appointed who are adequately trained on correct and legitimate data processing.
The Data Subject’s data will not be disclosed but may be communicated to third parties that provide services necessary for the fulfilment of the order (by way of example: consultants and freelancers in single or associated form, banks and credit institutions, other public administrations, Suppliers, Insurance Institutions, Shipping Companies, Associated and/or Subsidiary Companies) who, if needed, are appointed as External Data Processors. The complete list of External Data Processors is available at the company headquarters and/or at the request of the data subject.
Credentials to access the website (Personal data), Browsing data (Personal data), Customer identification data (Personal data), CRM data: Sector of interest/activity, type of intervention/application technique (Personal Data), Customer Contact Data (Personal Data), Electronic Mail – Mail Data – Address Book (Personal Data), Bank/Customer Payment Data (Personal Data).
The data is processed with the following methods:
Electronic and paper format.
Purpose of the processing:
Browsing the Website
E-Commerce Customers’ Data Management
Through the “E-Commerce Customers’ Data Management”, Giusto Manetti Battiloro SpA processes the data mentioned above for:
– registration or authentication of the Customer/Data Subject for access to the Website and the use of the related services, including the possibility of purchasing online through the Website (for the use of browsing data, see specific cookie information).
– the formalisation, management and execution of the purchase order and/or the requested Service and/or Provision, through the e-commerce platform;
– the performance of any pre-contractual activity such as providing estimates and/or any other information requested;
– the sending of the products;
– the relative invoicing and management of payments. In case of payment by credit card and/or Paypal, the data used for payment will be acquired directly by the service manager. The credit card data can be saved on the customer’s account and will be processed by Giusto Manetti Battiloro SpA exclusively for the management of payments also in relation to future orders;
– handling complaints and requests for assistance;
– for any communication (by e-mail. Post, sms, telephone contacts) to the data subject and/or to third party suppliers concerning the performance of the service;
– the management of any disputes;
– the fulfilment of accounting and tax obligations;
– the fulfilment of any other obligation deriving from the Contract; – the fulfilment of any obligation deriving from the law or from any Court Orders or orders from any other Authority.
– archiving for statistical purposes in the interest of the company’s business.
Generic Marketing Purposes – Newsletter
By processing for “Generic Marketing Purposes – Newsletter”, Giusto Manetti Battiloro SpA, after acquiring consent from the User/Data Subject, will process the aforementioned data to send information and promotional communications, including the sending of newsletters, coupons or special offers, relating to the products and/or services marketed by it for direct sales purposes and for carrying out market research, by sending e-mails and/or through ordinary means of communication (fax, ordinary mail, etc.).
The user can withdraw his or her consent at any time and/or object to the processing of his or her data for marketing purposes through the appropriate link found in each promotional communication sent or by contacting the Data Controller.
The Data Controller also informs the data subject that the e-mail address provided by the latter during the purchase of a product, may in any case be used – without the need to obtain the data subject’s consent – for the sending information and promotional communications concerning services and products similar to those already sold, without prejudice to the data subject’s right to oppose such use at any time through the link made available in each communication and/or by sending a specific written communication to the Data Controller.
Profiling for Marketing purposes
Through the “Profiling for Marketing Purposes”, Giusto Manetti Battiloro SpA processes the data mentioned above in an automated way to:
– monitor and track User behaviour on the website, by collecting and recording browsing data (e.g. pages visited, categories of products viewed, wish lists, etc.);
– analyse and process data such as, by way of example: gender, order status, postcode, date of birth, sector of interest, type of product purchased, frequency of purchases, expense amounts, etc., in order to identify correlations between user behaviours and inserting them in sets of types of customers that may have common characteristics;
– send by e-mail and/or display on the website offers matched to the cluster in which the user has been inserted and therefore that of presumed specific interest.
The Data Processor and the Data Controller supervise to ensure the data subjects that the data will be processed only for the declared purpose and only for the part strictly necessary for the processing. They also undertake, within the limits of reasonableness, to modify and correct all data that have changed from the data originally provided, to keep the data updated, and to delete all data that exceed the declared processing.
With the exception of the “Generic Marketing – Newsletter” and “Profiling for marketing purposes”, processing for which the express consent of the data subject is required, the remaining processing referred to in this statement are based on:
– fulfilment of contractual obligations;
– fulfilment of the obligations prescribed by law, or any obligation deriving from the law, regulations, community regulations, orders and prescriptions of the competent authorities, with particular reference to the administrative, accounting and tax obligations;
– prevalent legitimate interest of the data controller, pursuant to Art. 6, letter f), refers to any processing necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, in particularly if the person concerned is a minor. In this case, we refer to the data controller’s interest in handling any complaints, disputes and, more generally, the interest of the same in defending his or her rights in court.
Since this processing is founded on a legal basis as indicated above, it is specified that the data subject’s consent will not be required.
The data subject’s provision of data is not mandatory although it is still necessary for the execution of the requested service and in order to allow the company to fulfil the legal obligations to which it is subject and to execute the contract. Any refusal to provide data for this purpose will make it impossible to conclude the contract with the company.
Data of minors (pursuant to Art. 8 GDPR): Data of minors is not processed.
Particular Data (pursuant to Art. 9 GDPR): Health, biometric and judicial data is not processed.
Duration of the processing:
Processing for the purposes referred to in this statement will take place for the time strictly necessary to fulfil the data subject’s requests, without prejudice to the conservation of the same to allow the Data Controller to cope with the fulfilment of legal, tax, and accounting obligations that could exist even after the termination of the relationship.
Regarding the data collected for generic marketing and profiling purposes, Giusto Manetti Battiloro SpA will process the data for a period not exceeding two years after which it will be required to acquire the data subject’s consent again.
The Data controller and Data processor will ensure that the data subjects can be guaranteed that their data will be deleted once the processing purposes have been achieved.
Data Transfer: The data is not transferred to countries outside of the European Union
DATA CONTROLLER: Giusto Manetti Battiloro SpA (email@example.com)
DATA PROCESSOR: Pietro Pugi (firstname.lastname@example.org)
Rights of the data subjects
You have the right at any time to obtain confirmation of the existence or not of your data and to know its content and origin, verify its accuracy or request its integration, updating, or rectification. You also have the right to request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and, in any case to oppose processing for legitimate reasons.
The requests must be addressed to the Data Controller Giusto Manetti Battiloro SpA at its headquarters at Via Tosca Fiesoli 89/m, 50013 Campi Bisenzio (fi) or its e-mail address email@example.com. You have the right to lodge a complaint to Italy’s personal data protection authority if the controller does not respond to your requests. The GDPR EU 2016/679 Regulation grants the following rights to the data subject (http://www.garanteprivacy.it/web/guest/home/autorita): Right of access (Art.15); Right to rectification (Art.16); Right to erasure (right to be forgotten) (Art.17); Right to limitation of processing (Art.18); Right to receive notification in case of rectification or cancellation of data or limitation of processing (Art.19); Right to data portability (Art.20); Right to object (Art.21); Law relating to automated decision-making, including profiling (Art.22). You can at lodge a complaint to Italy’s personal data protection authority at any time by sending a registered letter with return receipt addressed to: Italy’s personal data protection authority, Piazza Venezia 11, 00186, Rome. or by certified e-mail message (pec) addressed to: firstname.lastname@example.org