Privacy Policy on the processing of Personal Data relating to browsing on the Giberto.it website.
Dear User
We consider your Personal Data an asset to be safeguarded and protected.
We would therefore like to give you some clear, simple information on how we will process Personal Data collected through the www.giberto.it (“Site“) Internet site, provided directly by you or, generated in any way by use of the Site, in compliance with provisions set forth in Art. 13 of European Regulation no. 679/2016 “General Data Protection Regulation” (“GDPR“). This information constitutes an integral part of the Site and the services offered through it.
In order to make this information easier to consult, we have arranged it into sections, each of which explains a specific relevant aspect.
CONTENTS
- Terms and Definitions
- Data Controller
- Which Personal Data are collected and for what purposes are they processed?
- How are Personal Data processed?
- Who processes the Personal Data? Who are they communicated to? Are Personal Data transferred outside the EU?
- How long will Data be stored?
- Data Subject’s rights
- Contact the Controller
- Cookie Policy
Terms and Definitions
Term |
Definition |
---|---|
Supervisory Authority | For Italy, the Supervisory Authority is the Data Protection Officer (Guarantee) with headquarters at Piazza Venezia no. 11, Rome. |
Italian Privacy Code | Refers to Legislative Decree 196/2003 and as amended from time to time. |
Personal Data | Refers to any information concerning an identified or identifiable natural person that may provide details about their physical characteristics, habits, lifestyle, health status, political orientation, financial situation, etc. |
Data Subject’s Rights | Refers to the Rights afforded to Data Subjects by the GDPR. |
Data Subject | Indicates the natural person to whom the Personal Data being processed refer. |
Data Processor | The entity that processes Personal Data on behalf of Data Controller in accordance with Art. 28 of the GDPR. |
GDPR | Stands for the General Data Protection Regulation of the European Parliament and of the EU Council 2016/679. |
Privacy Contact Officer | Indicates the business entity appointed by the Data Controller to monitor performance with regard to the protection of personal data. |
Data Controller or also just Controller | Indicates the entity that establishes the purposes and means by which Personal Data are processed, in this case Giberto S.r.l. |
User | Indicates the natural person who visits and interacts with the Site. |
Data Controller
The Data Controller is Giberto S.r.l. (“Giberto” or the “Company“), with headquarters in Venice (VE), Sestiere San Polo 1364.
The company website is managed also with the support of specialised third-party providers, duly appointed by Giberto as “Data processors” in accordance with Art. 28 of GDPR.
For any further information about the processing of Personal Data and Data Processors, the Data Controller may be contacted directly at the email address of the Giberto Privacy Contact Officer: [email protected].
Which Personal Data are collected and for what purposes are they processed?
-
- Simply browsing the Site does not cause Giberto to collect any type of Personal Data
The Site’s IT systems collect only a number of technical data the transmission of which is implicit in the use of Internet communication protocols. This is information collected not to be associated with you, but which because of its very nature, could through processing and associations with data held by third parties, enable to you be identified only if this becomes necessary in relation to offences being committed.
This data is used for the purpose of obtaining anonymous statistical information on the use of the Site and to check that it is working properly; to allow – seeing the architecture of the systems used – the correct provision of the various functionalities requested by you, for security reasons and for ascertaining responsibility in the case of alleged computer crimes to the detriment of the Site or third parties and shall be stored for the period of time necessary to achieve the purposes for which they were collected, unless it is necessary to store them for a longer period for the defence of or exercising of rights. - Through the Site, you also have the opportunity to voluntarily provide Personal Data, and in particular:
- Data used for the purchase and delivery of Giberto products including identifying data (name and surname), contact data (telephone number, e-mail address, home address or delivery address if different from home address, billing address), data relating to payments and other bank information which shall be acquired by the Data Controller only if payment is made by bank transfer (as these are contained on the payment receipts/accounting), other data (eg. Name of reference company, VAT no.).
- Identifying data (name and surname) and contact data (e-mail address) used for subscribing to the newsletter, through the forms present on the Site’s web pages.
- Simply browsing the Site does not cause Giberto to collect any type of Personal Data
We point out that, as part of the procedure for purchasing products on the Site, you may freely provide consent for Personal Data provided being processed for the following purposes:
-
-
- registering for the newsletter service to receive promotional notifications and updates on the activities of Giberto.
- communicating your e-mail address to third parties for the sending of “personalised” commercial communications based around advertising relevant to your interests through social media networks.
-
Giberto shall process this Personal Data in compliance with applicable legislation, assuming that they either refer to you or third party subjects who have expressly granted you the authorisation to provide it.
- Information on the use of Cookies is available in the Cookie Policy set out in the specific section dedicated to it in this privacy policy.At any time, you may modify/manage your preferences with regard to expressing your consent for the purposes set out in this privacy policy or exercise the Rights conferred by the GDPR, according to the procedures set out in the “Contact the Data Controller” section of this privacy notice.The Personal Data of Users subject to processing by Giberto are collected for the following purposes:
PURPOSE OF PROCESSING
LEGAL BASIS
To allow browsing of the Site Processing is necessary in order to implement pre-contractual measures taken on request of the data subject (Art. 6, 1. (b) GDPR) To fulfil obligations provided for by legal provisions and regulations in force, both at national and at EU level (eg. tax obligations) Processing is necessary in order to comply with a legal obligation (Art. 6. 1. (c) GDPR) To obtain information necessary to identify anomalies, fraudulent activity and/or abuse of use of the Site or to exercise the rights of the Company in legal proceedings Legitimate interest of the Controller pursued for the proper functioning of the Site and preventing unlawful behaviour, as well as asserting his rights (Art. 6, 1. (f) GDPR) To receive and manage purchase orders, manage delivery activities, communicate with you regarding your orders on the Site Processing is necessary in order to implement pre-contractual and contractual measures taken on request of the data subject (Art. 6, 1. (b) GDPR) To manage the request to subscribe to the newsletter service to receive communications about promotions and updates on the Company’s activities Processing is carried out on the basis of express consent from the data subject (Art. 6, 1. (a) GDPR) To send you commercial communications regarding products similar to those purchased through the Site (unless such communications have been expressly refused, which may be done during the purchase stage or on subsequent occasions) – a.k.a. “Soft Spam” Legitimate interest of the Controller pursued for the management and monitoring of direct marketing activities (Art. 6, 1. (f) GDPR and Art. 130 Italian Privacy Code) To send you commercial communications regarding the Controller’s new products and activities (unless refused or consent given is subsequently revoked) Processing is carried out on the basis of express consent from the data subject (Art. 6, 1. (a) GDPR) To measure, also with the support of third parties (social network managers), the effectiveness and improve the relevance of commercial adverts published using activities for the “personalisation” of the adverts proposed (unless refused or consent given is subsequently revoked) Processing is carried out on the basis of express consent from the data subject (Art. 6, 1. (a) GDPR)
How is Personal Data processed?
Personal Data may be freely provided by you or, in the case of browsing data, automatically collected during use of the Site. Where specified on forms present on the Site web pages (data marked with an asterisk), the provision of Personal Data is necessary to provide the service requested (eg. purchasing a product): if you refuse to give this data, it may be impossible to fulfil your request. On the contrary, in reference to Personal Data not marked as compulsory, you are free to refrain from providing these, without affecting the availability of the services or operations of the Site.
Providing your Personal Data to subscribe to the Newsletter service and the sending of promotional communications, including personalised ones, are optional: you may decide not to give your express consent, or to revoke it at any time. If you do not give specific consent to processing, Giberto will not be able to carry out the aforesaid activities.
It may also occur that the Personal Data of third party subjects provided by you to Giberto are accidentally processed. In such instances, you may qualify as an independent data controller, and assume all the legal obligations and responsibilities connected with this. In this sense, you undertake henceforth to indemnify Giberto against all complaints, claims, requests for compensation for damage, etc. which may reach Giberto from third-party subjects whose Personal Data have been processed due to your spontaneously sending them, in breach of applicable legislation on the protection of Personal Data. In any case, should you provide or in any other way process third party Personal Data, you are bound to guarantee henceforth – assuming all consequent liability – that this particular instance of processing is based on a proper legal framework in accordance with Art. 6 of the GDPR, which legitimises the processing of the information in question.
Your Personal Data is processed by the Controller in compliance with legal provisions in force, in respect of the principles of lawfulness correctness, transparency, purpose and conservation limitation and, data minimisation, accuracy, integrity and confidentiality afforded by the GDPR. Technical and organisational measures sufficient to guarantee the security of your Personal Data have been adopted bearing in mind the state of the art and implementation costs, as well as of the nature, scope, context and purposes of processing, and of the risks (of varying likelihood and severity) for the rights and liberties deriving from the processing activities described in this Privacy Policy.
Who processes the Personal Data? Who is it communicated to? Is Personal Data transferred outside the EU?
Your Personal Data provided through the Site are processed by Company staff expressly authorised to process and sufficiently trained on the correct procedures of processing for the purposes indicated in the section “Which Personal Data is collected and for what purposes is it processed?”
Personal Data subject to processing is not circulated but may be communicated to third parties appointed by the Controller to carry out activities necessary for the provision of services offered by the Site, including, by way of example: subjects appointed to manage the delivery of products purchased through the Site, or appointed to carry out technical maintenance activities, including the maintenance of network equipment and electronic communication networks, providers of platforms for sending e-mails. These subjects have been nominated by the Data Processor Company in accordance with Art. 28 of the GDPR and have received specific instructions from the Controller on the correct processing of Personal Data. The list of Data Processors may be requested from the Controller following the procedures indicated in the “Contact the Controller” section.
After expressing your consent, the e-mail address you have provided in order to purchase the products through the Site and/or to subscribe to the Giberto newsletter may be made available to third parties, managers of social media services, to improve the relevance of advertising directed towards you.
Lastly, Personal Data may be communicated to private subjects and public authorities that have access to these on the basis of legal provisions issued by the competent authorities.
Personal Data may be transferred outside of the European Economic Area only for subjects bound by standard European contractual clauses permitted in accordance with Art. 26(2) of Directive 95/46/CE or in the event that the territory in which processing is carried out has an adequacy assessment in place in accordance with Art. 25(6) of Directive 95/46/CE by the European Commission, or in other instances provided for by Art. 44 and thereafter of the GDPR.
How long will Data be stored?
The Personal Data provided for the purchase of products through the Site shall be retained for a period of no longer than 11 years starting from the date they were provided, subject to the fulfilment of legal obligations and the need for the Controller to safeguard his own interests.
The Personal Data provided for subscribing to the Newsletter service and the sending of commercial communications shall be retained for 24 months from the date of the last contact, unless consent is revoked earlier or consent is renewed when the aforesaid term expires.
When the periods indicated expire, the data shall be deleted or anonymised, unless the Company is bound to retain the Personal data for longer periods to fulfil legal or regulatory regulations or if necessary for the settlement of disputes/pre-disputes or ascertainment proceedings in a court of law.
Rights of the Data Subject
As the Data Subject, you have the right to ask the Data Controller for:
Access to Personal Data | to obtain confirmation that Personal Data concerning you are being processed, more information about processing activities and a copy of the Personal Data processed. |
Rectification of Personal Data | you can ask for the rectification of Data that are wrong or out of date to guarantee that the Personal Data processed are correct. |
Erasure of Personal Data | you can obtain erasure of Personal Data if you consider processing non necessary or unlawful |
Restriction of processing of Personal Data | you can ask for processing to be restricted if you believe Personal Data to be inaccurate, processing to be unlawful, Personal Data are necessary for ascertaining a right in a court of law, if you have exercised the right to object |
Data portability (with reference to Personal Data processed using automated means) | you have the right to receive Personal Data in a format that is structured, commonly used and legible by an automatic device, for them to be transferred to a different controller |
Objection to processing of Personal Data | you have the right to object to processing for reasons connected with particular situations, unless the Controller demonstrates the existence of compelling legitimate reasons for proceeding with processing. You also have the right to object to processing when personal data are used for direct marketing purposes (a.k.a. soft spam). |
Revocation of consent (where consent of the data subject constitutes the legal basis for processing) | you have the right to revoke express consent at any time without affecting the lawfulness of the processing based on consent expressed before revocation. |
Contact the Controller
You can exercise your rights, or request information from the Controller by sending an email to the Giberto Privacy Contact Officer at the e-mail address: [email protected] or by sending a letter in a sealed envelope to the Company headquarters in Venice (VE), Sestiere San Polo 1364, for the attention of the Giberto Privacy Contact Officer.
We also remind you that the data subject has, in all cases, the right to lodge a complaint with the controlling Authority, or the Data Protection Officer (Guarantee). For further information on the right to lodge a complaint with the Data Protection Officer, you can visit the following web page: https://goo.gl/GLbTN9
Cookie Policy
This Cookie Policy refers exclusively to the Site and must be deemed an integral part of the Personal Data Privacy Policy through the Giberto Website.
What is a Cookie?
Cookies are small text files that the sites visited by the user send and register on his computer or mobile device, to be then sent back to the same sites the next time they are browsed. Precisely because of cookies, a site remembers the user’s actions and preferences (such as, for example, login data, language chosen, size of characters, other viewing settings, etc.) so that they need not be indicated again when the user returns to visit the said site or browse another page on it. Cookies therefore are used for IT authentication, monitoring sessions and storing information about the activities of users who access a site and may also contain a unique identification code that allows the user’s browsing of the website to be tracked for statistical or advertising purposes. Whilst browsing a website, the user may also receive on his computer or mobile device cookies from different sites or web servers to those he is browsing (known as “third party” cookies). Some operations could not be carried out without the use of cookies, which in some cases are therefore technically necessary for the site to function.
Various types of cookies exist, depending on their characteristics and functions, and these may remain in the user’s computer or mobile device for different lengths of time: so-called session cookies are automatically deleted when the browser closes; so-called persistent cookies instead remain on the user’s device for a pre-determined length of time.
Technical cookies do not require the consent of the user for their use. These cookies are essential to allow a website to be browsed and all its functionalities to be used. Without these cookies, which are strictly necessary, a website could not provide any services or functions and browsing would not be as convenient and easy as it should be. One of these cookies is also used to store the user’s decision regarding the use of cookies on the website.
So-called performance cookies, which are also sometimes called analytics cookies, belong to this category. These cookies collect information on the use a user makes of a website and enables its functioning to be improved. For example, performance cookies show which pages are most frequently visited, they enable the recurrent usage patterns of a website to be verified, they help to understand all the difficulties that the user encounters during use and show the effectiveness of advertising published on the site.
Profiling cookies, on the other hand, are designed to create profiles of users and are used for the purpose of sending advertising messages in line with the preferences users show whilst web-browsing. To collect these cookies, express prior consent of the user is required.
Cookies used on the Site
The Site uses different types of cookies and allows these to be de-selected, except for third-party cookies. Regarding this second category, the user must refer directly to the relevant selection and de-selection modalities provided by the third parties involved and indicated below through links. Disabling technical and/or functional cookies could make the Site impossible to consult or some services or certain functions on the Site might not be available or function correctly and the user could be forced to modify or enter some information or preferences manually every time he visits the Site.
Technical Cookies – navigation or session cookies – strictly necessary for the Site to function and to allow users to make use of the contents and services they request.
Analytics Cookies – provide an understanding of how users use the Site. These cookies do not collect information on the identity of the user, nor any personal data. The information is processed in aggregate and anonymous form.
Functionality Cookies – used to activate specific functionalities of the Site and a series of selected criteria (such as language, products selected for purchase) in order to improve the service provided.
In detail, the cookies in the aforesaid categories used through the Site are the following:
Google Analytics: this is an analytics tools from Google which uses cookies (performance cookies), to collect browsing data in order to examine how users use the Site, to compile reports on the Site’s activities and to provide other information, including the number of visitors and the pages visited. The Site does not use (and does not allow third parties to use) the Google analytics tools to monitor or collect personal identification information. Google does not associate your IP address to any other data held by Google nor does it seek to connect an IP address with the identity of a user. Google may also pass on this information to third parties when required to do so by law or when such third parties process information on behalf of Google. For further information on modalities of use and management of cookies associated with Google Analytics, you can consult the Google cookie policy at the following link: https://policies.google.com/technologies/cookies?hl=it&gl=it.
You may find WooCommerce’s privacy policy at the following link: https://automattic.com/privacy/
You may find WordPress’ privacy policy at the following link: https://it.wordpress.org/about/privacy/
Profiling Cookies – The Facebook pixel indicated below is configured on the Site and this allows the social network manager to identify users and store information on the use of the Site on its profile, for its own purposes as well as to allow Giberto to measure effectiveness and improve the relevance of commercial adverts published p.
The User may view information concerning how Facebook manages this type of cookie on the following link: https://www.facebook.com/policy.php
How can I disable Cookies?
Most browsers (Internet Explorer, Firefox, etc.) allow you to check and also disable cookies through their settings. We remind you however that disabling technical cookies may cause the Site to malfunction and/or restrict the services we offer.
How to modify settings for:
Internet Explorer: https://support.microsoft.com/it-it/topic/eliminare-e-gestire-i-cookie-168dab11-0753-043d-7c16-ede5947fc64d
Mozilla Firefox: https://support.mozilla.org/it/kb/protezione-antitracciamento-avanzata-firefox-desktop?redirectslug=Attivare+e+disattivare+i+cookie&redirectlocale=it
Google Chrome: https://support.google.com/chrome/answer/95647?hl=it&topic=14666&ctx=topic
Safari: https://support.apple.com/kb/index?page=search&fac=all&q=cookies%2520safari
For other browsers, please refer to their technical documentation.
To disable analytics cookies and prevent Google Analytics from collecting your browsing data, you can download the Google Analytics Opt Out Browser Add-On: tools.google.com/dlpage/gaoptout
Giberto reserves the right to modify or update this privacy policy, also in order to comply with new obligations imposed by legislation in force or due to technical requirements.