Pursuant to art. 13 of European Regulation No. 679 of 2016 (the “General Data Protection Regulation [GDPR]”), and Recommendation No. 2 of 2001 adopted under art. 29 of Directive 95/46/EC, GAMMA ARREDAMENTI INTERNATIONAL SPA hereby informs all users and/or visitors to the website https://www.gammarr.com (rispettivamente gli “Utenti” e il “Sito”), (respectively "Users" and the "Website"), regarding the use of personal data, log files and cookies collected through the Site.
- Data Controller, Data Processor and Data Protection Manager
The Controller of the personal data is GAMMA ARREDAMENTI INTERNATIONAL SPA (Tax code and VAT No. 00664360401), with registered offices at Via Pitagora 3, 47100 FORLI’ (FC), e-mail [email protected], (hereinafter “Data Controller”).An updated list of designated data processors can be supplied on request from data subjects and/or Users. The company has not appointed a Data Protection Officer.
- Information collected automatically by the Website - Cookies
- a) Information collected automatically
Like all websites, our site also uses log files in which information is automatically collected and stored during visits. During use, the computer systems and software procedures used for the functioning of this website automatically acquire certain information, the transmission of which is implicit in the use of Internet communication protocols. The following information is collected:
- - Internet Protocol (IP) address or the domain name of the device being used;
- - browser type and device parameters used to connect to the Website;
- - the addresses in the Uniform Resource Identifier (URI) notation of the requested resources or the method used to submit the request to the server;
- - name of the Internet Service Provider (ISP);
- - date and time of the visit;
- - the User's webpage of origin (referral) and of exit;
- - number of clicks, where applicable;
- - size of the file obtained in response;
- - numerical code indicating the status of the response given by the server (success, error, etc.);
- - other parameters relating to the operating system and the IT environment of the device.
This information is processed by automated means and collected only in aggregate form in order to verify the correct functioning of the Website.
- b) Cookies
Cookies are used in the Website. Cookies are text files stored on a computer and allow the recording of certain parameters and data communicated to the IT system, through the browser being used. These tools thus allow the analysis of the user's habits on the Website for various purposes: the execution of IT authentication, monitoring of sessions, storage of information on specific configurations regarding users who access the server and the storing of preferences, etc. Cookies are categorised as follows:
- Technical cookies: used to execute browsing or to provide a service requested by the user. Without the use of these cookies, certain operations could not be performed or would be more complex and/or less secure.
- Profiling cookies: these are used to track the user's web browsing and create profiles based on their tastes, habits, choices, etc. They can be used to transmit advertising messages to the user's device in line with preferences expressed by the user when browsing online.
- Google Analytics whose disclosure can be found here https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
- a) Information collected automatically
- 3. The personal data that you provide by using the site: the purpose of its processing.
The personal information requested and provided are necessary in order to allow access to the https://www.gammarr.com (hereinafter “Website”) and to use the following services (the “Website Services”):
- - refer to catalogue/products/services;
- - access the reserved area;
- - be contacted;
- - access the NEWSLETTER SERVICE;
- - use the DOWNLOAD service.
The data is processed for the following purposes:
- - to execute the technical management of the Website; (ALL)
- - the filling in of the appropriate form for acquisition of website user details to fulfil information/business contact requests (CONTACTS)
- - contact subscribers by sending a periodic newsletter on company activities; (NEWSLETTER)
- - analyse user preferences, habits, interests and consumption choices, including type, frequency and location of purchases, in order to predict the user’s future consumption (profiling activities)
- - distribute commercial and technical information (PRODUCT/SERVICES CATALOGUE)
- - inform customers of the authorised persons to contact if they are interested (DEALERS);
- - allow access to material exclusively reserved for registered persons (RESERVED AREA);
- - allow the download of technical information about products or services (DOWNLOAD)
The processing of data for the above purposes will be performed in compliance with the Privacy Code, the GDPR and all the industry-specific regulations including the requirements of the "Guarantor Rules for loyalty programmes" of 24 February 2005 and the "Guidelines on the processing of personal data for online profiling” of 19 March 2015. In accordance with the "Guidelines on marketing and combating spam" of 4th July 2013, we underline that the consent you may provide for the sending of commercial, promotional and marketing communications by automated means will also extend to traditional methods of contact. The data supplied shall be processed mainly using IT tools under the authority of the Data Controller, by persons specifically appointed, authorised and instructed to process in accordance with articles 28 and 29 of the GDPR. Please note that suitable security measures pursuant also to articles 5 and 32 of the GDPR are observed in order to prevent the loss of data, its illicit or incorrect use and unauthorised access.
- Obligatory or optional nature of consent for the provision of data, the consequences of a refusal and the legal basis of the processing
Please note that for the purposes referred to in points (i), (ii) and possibly following, of art. 3 above, the transfer of personal data is obligatory as failure to comply means you will not be able use the Services offered by the Website. The provision of your personal data is, however, not obligatory but optional for the purposes referred to in points (iv) and (v) of art. 3 above. Failure to provide data for the purposes indicated above will prevent us from providing the Newsletter and Marketing Services or carrying out Profiling Activities. To this end, you can voluntarily decide whether or not to give your consent for such purposes, without this affecting your ability to access the Website Services. Please note that you may, in any case and at any time, ask the Data Controller that your data be deleted, via a simple request to be sent without any particular formalities to the addresses referred to in art. 1 above.
With reference to the purposes referred to in points (i), (ii), and possibly following, of art. 3 above, the legal basis of the processing is the execution of the services provided through the Website and requested by you (pursuant to article 6, paragraph 1, letter b of the GDPR; whereas, with reference to the purposes referred to in points (iii) and (iv) of art. 3 above, the legal basis of the processing is your eventual voluntary consent to the processing (pursuant to article 6, paragraph 1, letter a of the GDPR).
- To whom and in what context we may transmit the data
Within the EU, the data may be communicated in full compliance with the provisions of the Privacy Code and the GDPR, to the following entities:
- - (i) the financial administration and/or other public authorities, where required by law or at their request;
- - (ii) the structures, entities and external companies used by the Data Controller for the performance of activities connected, instrumental or consequent to the execution of the Website Services – including cloud computing storage, transport, sending the Newsletter and Profiling Activities;
- - (iii) external consultants (for example, for tax compliance management), if not designated in writing to the Data Processors.
- - (iv) banks, for purposes related to the potential purchase of goods/services if provided in any part of the website.
The information collected automatically by the Website, as per paragraph 2, along with certain anonymous data pertaining to the number and type of interactions on activities combined with loyalty purposes in the strictest sense, may also be transferred to third-party Cloud servers located outside the EU, if such processing is necessary for the execution of the Website Services requested. The legal basis of this processing is therefore constituted by art. 49, paragraph 1, letter b of the GDPR.
Note that you may at any time exercise your rights under articles 15, 16, 17, 18, 20 and 21 of the GDPR by sending a written communication to the addresses of the Data Controllers referred to in art. 1 above and consequently obtain:
- - confirmation of the existence or otherwise of personal data with an indication of its origin, verify its accuracy or request its updating, correction or extension;
- - access, correction or deletion of the data provided or limitation of the processing;
- - deletion, anonymisation or the blocking of data processed unlawfully.
You may also object to the processing of personal data previously provided. With reference to the Newsletter, we underline that your right to request the cessation of processing carried out through automated means of contact also extends to traditional methods. Furthermore, you may also partly exercise this right by requesting the interruption, for example, of the sending of promotional communications, via one or some of the contact methods for which you have previously given consent.
- Duration of the Processing
Except where required by law, personal data will be stored for a specified period, based on criteria related to the nature of the services provided. Please note that the data stored for Profiling or Marketing purposes will be kept for a period not exceeding 12 and 24 months respectively from the time of registration.
- Security Measures
Through the Website, the data is processed in compliance with the applicable laws and using appropriate security measures in compliance with current legislation also pursuant to articles 5 and 32 of the GDPR. In this regard, we also confirm the adoption of appropriate security measures to prevent unauthorised access, theft, disclosure, alteration or destruction of the processed data.
Last update: 2021-07-20 10:47:45