CIRCULAR ABOUT PERSONAL DATA PROCESSING – ART. 13 REG. (CE) 27 APRIL 2016 N. 2016/679/UE
This circular has been issued according to the Regulation (EU) 2016/679 carrying the “General Regulation for personal datas protection” (hereinafter “Regulation”) and it concerns the ways in which GI.MA. Srl intends to process the personal data that you wish to provide us. This information may undergo changes over time – also connected to the possible entry into force of new sector regulations, to the updating or provision of new services or to technological innovations – therefore the visitor is invited to periodically consult the https website: / /www.gimacaffe.it/. This page describes how to manage the website https://www.gimacaffe.it/ (the “Site” hereinafter), with reference to the processing of personal data of the users who consult it. This circular is pursuant to art. 13 of the Regulation, which is dictated regarding the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data for users of the services of our site, which are provided via the internet.
IDENTITY OF THE DATA CONTROLLER
The data controller is GI.MA. S.r.l., , with registered office in Via di Tor Chiesaccia n. 20 Rome, Tel + 06.5062912, C.F. 01999741000, email@example.com, https://www.gimacaffe.it/, in the person of its pro tempore legal representative
CATEGORIES OF PROCESSED DATA
– Personal data
– Contact details (email, address or location, telephone number)
– Database useful for the management of the commercial relationship
GI.MA. Srl does not collect or process sensitive data on the website such as, for example, those suitable for revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, unions, associations or religious, philosophical, political or trade union organizations, as well as personal data suitable for disclosing health and sexual life. GI.MA. Srl only requests the personal data which are strictly necessary to provide the services requested by users. The provided data will be processed for the purposes related to the site’s activity and they will be stored in order to guarantee full privacy respect.
PURPOSE OF DATA COLLECTION AND LEGAL BASIS OF THE PROCESSING
The personal data you provide will be collected and processed, with your consent and when necessary, for the following purposes:
– Registration on the Site for the creation of a consumer database and customer master data: registration on the Site by creating an account or using an existing social network account allows you to use the Site as a “Registered User”; purchase procedure will thus be simplified and it won’t be necessary to re-enter all the personal data required for the completion of an order for each purchase, but only few of them. Data provision is optional; in the event that consent is not given, you will not be able to access the site as a “registered user”, but it will still be possible to proceed with the purchase of products without registration.
– Activation and management of purchase orders, contractual and commercial relationships and related activities (in compliance with the conditions of the Service). The legal basis of data processing is the execution of the Contract.
– Management of requests of technical / informative nature, relating to your purchases (i.e. information on the progress of your orders, any other requests in a broad sense concerning the Site and the goods and services accessible through it). The legal basis of data processing is the execution of the Contract / Request of the interested party.
– Payments and products purchased through the Site deliveries management (subject to the conditions of the Service). The legal basis of data processing is the execution of the Contract.
DATA RETENTION PERIOD
The data useful for registering on the site will be kept for the whole duration of its registration on the site and for the additional period of time necessary to guarantee the fulfillment of legal obligations, in relation to the purpose of the data collection.
Billing data will be kept for a period of time suitable to guarantee the correct execution of the contract and the fulfillment of the related administrative and fiscal obligations.
Personal data may be communicated to:
GI.MA. S.r.l. employees and collaborators, primary third-party companies or other subjects carrying out outsourcing activities in Italy on behalf of the Owner, while duly appointed by GI.MA. Srl as external data processors.
The list of data processors will constantly be updated by the owner.
DATA DISCLOSURE OR TRANSFER ABROAD
In no case will personal data be subject to diffusion or transferred outside the European Union.
We strongly recommend that parents actively monitor the online activities of their children under the age of sixteen. GIMA S.r.l. does not normally intend to collect minors personal data nor deliberately establish a communication with them. Nonetheless, in the event that we have to get in touch with a minor, we will take every possible measure to offer parents or to whom exercises the parental authority the possibility of granting consent before using the minor’s personal data, except in the case of answering his/her questions or to manage his/her request.
RIGHTS OF THE INTERESTED PARTY
The interested party, pursuant to art. 15 of the Regulation, has the right to obtain confirmation that a processing of data concerning him is in progress. In this case, he has the right to obtain a copy of the collected data and the access to the data and to the following information:
– the purposes of the treatment;
– the categories of personal data in question;
– the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organizations;
– when possible, the personal data expected retention period or, if not possible, the criteria used to determine this period;
– all available information about the origin of the data if not collected by the interested party;
– the existence of an automated decision-making process, including profiling.
The interested party also has the right to:
– obtain from the data controller the correction without undue delay of inaccurate personal data concerning him (Article 16 of the Regulation);
– obtain from the data controller the cancellation without undue delay of personal data concerning him (i.e.”right to be forgotten”, art. 17 of the Regulation);
– obtain the limitation of data processing from the data controller (art.18 of the Regulation);
– receive the personal data concerning him in a structured format in common use and readable by automatic device, if applicable (art.20 of the Regulation);
– object at any time, for reasons related to your particular situation, to the processing of personal data (art. 21 of the Regulation);
– withdraw his/her consent any time without prejudice to the lawfulness of data processing carried out before the revocation (art.7 of the Regulations);
– be informed of the existence of adequate guarantees, if personal data are transferred to a third country or to an international organization (art. 46 of the Regulation);
– propose a complaint to a supervisory authority (art. 77 of the Regulation);
– be informed whether the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract. Be informed whether the interested party has the obligation to provide personal data as well as the possible consequences of the failure to communicate such data.
To exercise these rights, please contact the Data Controller at the contact points indicated in the “Identity of the Data Controller” section.
NATURE OF THE PROVISION
The provision of personal data is optional, however it may be necessary to achieve some of the indicated purposes (e.g. the activation of contractual and commercial relationships; the sending of newsletters, etc.), in which case the failure to provide mandatory data will not allow the pursuit.
The mandatory or optional nature of data provision is indicated from time to time through the use of symbols (e.g. “*”) placed alongside the information whose provision is mandatory to pursue the respective purpose.
In any case, GIMA S.r.l. will process your personal data only on the following legal bases, which will be identified from time to time based on each purposes:
– the interested party has given consent to the processing of its personal data for one or more specific purposes;
– processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at its request;
– processing is necessary to fulfill a legal obligation to which the data controller is subject.
The processing of your personal data is carried out in accordance with the provisions of the Regulation and any other applicable regulation. It is carried out both with the aid of electronic and automated means and in manual mode, all of which are capable of guaranteeing maximum security and confidentiality. The access to personal data is granted only to those in charge of data processing and within the scope of the assignment. The Data Controller will implement adequate technical and organizational measures to guarantee an adequate level of security to the risk of the treatments.
Our site uses technical and analytical cookies, while it does not use profiling cookies aimed at creating user profiles for commercial communications purpose.
Technical cookies are necessary to allow the correct functioning of some sections of the site. They include session cookies, which are destroyed every time the browser is closed, and persistent cookies, which remain installed until a preset deadline. Technical cookies are always used unless the user modifies the settings in his browser (see next paragraph) to the detriment of the site proper functionality.
Analytical cookies are used to collect information about the use of the site. This information (e.g. visited pages and session time) is used only in anonymous and aggregate form. For this purpose, our site uses the Google Analytics service, in the anonymous information process mode only. Analytical cookies also allow the integration of features developed by third parties for the purpose of sharing site content (i.e. icons and preferences expressed on social networks), or for the use of services offered by third parties (such as maps generator software and other additional services). These cookies are sent from third-party domains offering their functionality from the pages of the Site.
TOTAL OR PARTIAL DISABLING OF COOKIES
The total or partial disabling of technical cookies can compromise the use of the site features reserved for registered users.
Disabling the “analytical / third-party” cookies does not affect browsing in any way.
We indicate how to disable cookies through some browsers here below:
– Select the Chrome menu icon.
– Select Settings.
– At the bottom of the page, select Show Advanced Settings.
– In the Privacy section, select Content Settings.
– Select Block Sites From Setting Any Data.
– Select Finish.
– Go to the Safari menu (browser top right icon) and select Preferences.
– In the pop-up window, select the Security icon (padlock-shaped).
– Under the Accept Cookies item, tick the Never button.
– Click on the menu button and select Options.
– Select the Privacy panel.
– Under History Settings: select Use Custom Settings.
– To activate cookies, mark Accept Cookies From Sites; to deactivate them, remove the mark from the item.
– From Explorer menu click on the Settings button and then on Advanced Options.
– Click on the Cookies tab, move the slider upwards to block all cookies or downwards to allow them all and then click OK.
RIGHTS EXERCISE METHODS – DATA PROCESSING CONTROLLER CONTACTS
In case you wish to exercise the aforementioned rights or you want to receive further clarifications regarding your personal data processing, you can write to the Data Controller at the address of its registered office or to the e-mail address: firstname.lastname@example.org