Extended information in accordance with EU Regulation n. 679/2016 (“GDPR”) and Legislative Decree. 196/2003 as modified by Legislative Decree 101/2018
Andalò Gianni srl – Via Serraglio, 46 – 40026 Imola (BO) , from now on called ” The Company”.
The company pays the maximum attention to the security and confidentiality of its customers’ personal data during its business.
The Company is the controller of the personal data collected on this website (hereinafter the “Site“).
WHAT PERSONAL DATA RELATING TO YOU MAY BE COLLECTED
The Company may collect the following categories of personal data (hereinafter jointly referred to as “Data”):
- Contact data– information relating to name, surname, fiscal code, address, telephone number, mobile phone number, email address, etc:
- Other personal data -information you provide us with regarding your place and date of birth, education or professional situation, etc.
- Social Log-In Data – information relating to your social account as well as other data you provide to the social network used to log-in to the Site, which may be disclosed in accordance with the privacy preferences you have set on that social network.
HOW WE COLLECT YOUR DATA
The Company collects and processes your Data, depending on the service you have requested, in the following circumstances better described in the paragraph on purposes:
- for purchasing our products
- if you register on the Site / download our APP
- if you register for our events
- If you write to our commercial or administrative department
- if you register for our newsletter
- if it responds to our marketing campaign
- whether other companies or business partners legitimately transfer your data to us
Please help us keep your Data up to date by informing us of any changes.
WHAT YOUR DATA MAY BE USED FOR
- a) Establishment and execution of contractual relations and consequent obligations.
The Company may process your Contact Data, Payment Data, and Other Personal Data for the purposes of establishing and executing contractual relationships, providing the services requested, and responding to reports and complaints.
The Company may also use your contact details, in particular your email address, to provide you with information about the service you have requested.
Prerequisite for processing: performance of a contract to which the data subject is party and performance of legal obligations related to that contract.
The provision of this information is obligatory in order to process your order; otherwise, we will not be able to process it
- b) Operational management and purposes strictly related to access to the Site, in particular to the reserved areas of interested part.
The Company may process your Contact Data, Other Personal Data and Social Log-In Data to allow you to complete the registration procedure on the Site and to allow you to access your Personal Area in order to: (i) download documents relating to the services you have purchased; (ii) carry out other requests made through the Site.
Prerequisite for processing: performance of contractual obligations to allow you to register on the Site.
The provision of contact details is compulsory, otherwise, we will not be able to allow you to register on the Site.
- c) Analysis and improvement of services – customer satisfaction
Your contact details may be processed by the Company to analyse, review and improve its services with a view to customer satisfaction.
Prerequisite for processing: legitimate interest of the Company in checking and improving the quality of its services.
- d) Sending periodic newsletters
Your contact data may be used by the Company in order to send you periodic newsletters, at your explicit request by subscribing to the service, containing news and insights on various topics of interest.
Prerequisite for processing: the performance of a contract to which the data subject is a party.
The provision of data is obligatory, otherwise, you will not be able to register and receive the newsletter.
- e) Marketing to meet your needs and Profiled Marketing to provide you with promotional offers also in line with your preferences
With your specific consent, the Company may process your Contact Data for marketing and advertising purposes aimed at informing you about promotional sales initiatives, using automated contact methods (e-mail, SMS, MMS, chat, instant messaging, social networks, and other mass messaging tools, push notifications, etc.) and traditional contact methods (e.g. telephone call with operator, traditional mail, etc.), or for market research. Translated with www.DeepL.com/Translator (free version)
With your specific consent, the Company may also process your Contact Data, Other Personal Data, Interests, Social Log Data and Site Usage Data, through statistical processing, creating an individual profile of you in order to send you commercial communications in line with your preferences, based on the analysis of your purchasing habits and choices. These personalised communications may be carried out by means of automated contact methods (e-mail, SMS, MMS, chat, instant messaging, social networks and other mass messaging tools, push notifications, etc.) and traditional contact methods (e.g. telephone call with operator, traditional mail, etc.).
Prerequisite for processing: the consent
The provision of data is optional and failure to provide it does not have any consequences on contractual relations.
This consent may be revoked at any time with effect for subsequent processing.
- f) Sending communications for the promotion of products and services similar to that of a previous purchase pursuant to and within the limits allowed by Art. 130, clause 4, of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018).
Your contact details relating only to your e-mail address may be used for promotional purposes relating to products and services similar to those you have purchased.
Prerequisite for processing: legitimate interest of the Company to maintain an effective contractual relationship with you.
The conferment of data is optional and failure to provide it does not have any consequences on contractual relations.
This consent may be revoked at any time with effect for subsequent processing.
- g) Execution marketing activities on behalf of third parties on products and services of Group companies and third parties.
Subject to your specific consent, the Company may process, on behalf of third parties, your Contact Data for marketing activities on products and services of companies of the Group and also of third parties belonging mainly to the sectors of publishing, finance, economy, industry, luxury, services, telecommunications, ICT, insurance and non-profit sectors, using automated contact methods (e-mail, SMS, MMS, chat, instant messaging, social networks and other mass messaging tools, push notifications, etc.) and traditional contact methods (e.g. telephone calls with an operator, traditional mail, etc.) or for market research and surveys. ) or for market research and statistical surveys.
Prerequisite for processing: the consent
Failure conferment of the same has no consequences on contractual relations.
This consent may be revoked at any time with effect for subsequent processing.
- h) Defence of rights in the course of judicial, administrative or extrajudicial proceedings and in the context of disputes arising in connection with the services offered.
Your Contact Data and Payment Data may be processed by the Company to defend its rights or take action or even make claims against you or third parties.
Prerequisite for processing: legitimate interest of the Company in the protection of its rights.
The provision of data for this purpose is compulsory, as failure to do so will make it impossible for the Company to defend its rights.
- i) Purposes connected with obligations expected in laws, regulations or Community legislation, with provisions/requirements of authorities empowered to do so by law and/or by supervisory and control bodies.
Your Contact Data and Payment Data may be processed by the Company to fulfill its obligations.
Prerequisite for processing: Fullfilment of a legal obligation
The conferment of Personal Data for this purpose is compulsory as failure to do so will make it impossible for the Company to fulfill specific legal obligations.
HOW WE KEEP YOUR DATA SECURE
The Company uses all necessary security measures to improve the protection and maintenance of the security, integrity and accessibility of your Data.
All Your Data is stored on our secure servers (or appropriately stored hard copies) or those of our suppliers or business partners and is accessible and usable in accordance with our standards and security policies (or equivalent standards for our suppliers or business partners).
Where we have given you (or where you have chosen) a password which enables you to access our Site, applications or services provided by us, you will be responsible for the secrecy of that password and for complying with any other security procedures we give you.
HOW LONG WE STORE YOUR DATA
We store your Data only for as long as necessary to fulfill the purposes for which it was collected or for any other legitimate related purposes. Therefore, if the Data are processed for two different purposes, we will retain the Data until the purpose with the longer retention period ends, but we will no longer process the Data for that purpose for which the retention period has ended.
Your Data that is no longer required, or for which there is no longer a legal basis for storage, will be irreversibly anonymised (and thus can be stored) or securely destroyed.
Below are the retention times in relation to the different purposes listed above:
- Establishment and execution of contractual relations and consequent obligations: Data processed to fulfill any contractual obligation may be retained for the duration of the contract and in any event for no longer than 10 years thereafter, for the purpose of verifying any outstanding debts including accounting documents (e.g. invoices).
- Operational management and purposes strictly related to the access to the Site, in particular to the reserved areas of the same: the Data processed for this purpose may be kept for the entire duration of the contract and in any case no longer than 10 years after the last access to the Site.
- Analysis and improvement of services – customer satisfaction: Data processed for this purpose may be stored for 12 months
- Sending periodical newsletters: the Data processed for this purpose may be kept for the entire duration of the relationship and in any case for no longer than 10 years.
- Marketing to meet your needs and Profiled Marketing to provide you with promotional offers also in line with your preferences: Data processed for these purposes may be kept for 24 months after collection.
- Sending communications for the promotion of products and services similar to those of a previous purchase (pursuant to and within the limits allowed by art. 130, clause 4 of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018): Data processed for the purpose of promoting similar services or products may be stored for 24 months from the date of the previous purchase.
- Execution of marketing activities on behalf of third parties on products and services of companies of the Group and also of third parties: Data processed for marketing purposes may be kept for 24 months after collection.
- Defence of rights in the course of judicial, administrative or extra-judicial proceedings, and in the context of disputes arising in connection with the services offered: in such cases, we will keep your Data for the time strictly necessary to fulfil these purposes.
- Finalità connesse agli obblighi previsti da leggi, regolamenti o dalla normativa comunitaria, da disposizioni / richieste di autorità a ciò legittimate dalla legge e/o da organi di vigilanza e controllo: in tali casi, conserveremo i Suoi Dati per il tempo strettamente necessario alla realizzazione di tali finalità.
WITH WHO WE CAN SHARE YOUR DATA
Your Data may be accessed by duly authorised employees, as well as by external suppliers, appointed as necessary as data processors, who provide support for the provision of services.
The Company’s contact details can be found on the “Contact” page of this website
The Data Protection Officer (DPO) appointed by the Company can be contacted at the following e-mail address indicated on this page.
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY
Under certain conditions you can ask the Company:
- the access to your data
- the copy of the Data you have provided to us (so-called portability),
- rectification of the Data in our possession,
- the deletion of Data for which we no longer have any legal basis for processing,
- revocation of your consent, if the processing is based on consent;
- the restriction of the way we process your Data, within the limits provided for by data protection legislation.
Right to object:in addition to the rights listed above, you may at any time object, on grounds relating to your particular situation, to the processing of your Data by the Controller in pursuit of its legitimate interests. Furthermore, you may object at any time if the Data is processed for marketing and profiled marketing purposes.
The request for the opposition should be addressed to firstname.lastname@example.org.
The exercise of these rights is free of charge and not subject to formal constraints, but is subject to certain exceptions aimed at safeguarding the public interest (e.g. prevention or identification of crimes) and the interests of the Company (e.g. maintaining professional secrecy). If you exercise any of the above rights, it will be the responsibility of the Company to verify that you are entitled to exercise them and to reply to you, as a rule, within one month.
If you believe that the processing of Personal Data relating to you is in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Guarantor of data protection using the references available on the website www.garanteprivacy.it, or to take legal action.
What are cookies?
A cookie is a small text file containing a certain amount of information exchanged between a website and your terminal equipment (usually your browser) and is normally used by the website operator to store the information necessary to improve navigation within the site or to send advertising messages in line with the preferences expressed by the user while browsing the web. When you visit the same site or any other site again, your device checks for the presence of a recognised cookie so that it can read the information it contains. The different cookies contain different information and are used for different purposes (efficient navigation in the pages of the same site, profiling in order to send targeted promotional messages, analysis of the number of visits to the site).
During browsing, the user may also receive cookies sent by different sites or web servers (so-called third parties), on which some elements (e.g. images, maps, sounds, specific links to pages of other domains) present on the site the user is visiting may reside.
More generally, some cookies (called session cookies) are assigned to the user’s device only for the duration of access to the site and expire automatically when the browser is closed. Other cookies (called persistent) remain on the device for an extended period of time.
The specific purposes of the different types of cookies installed on this site are described below.
You can disable cookies by following the information below.
Characteristics and purpose of cookies installed by the site
These are cookies that are used specifically to allow our sites to function and be used correctly. For example, technical cookies are used for the user’s login functionality. They are mainly provided by the site server or, in the case of integration of external services such as social networks, by third parties.
These are cookies used to send advertising messages in line with the preferences expressed by the user while surfing the web. They may be provided by our servers or through our site by third parties. Companies offering or advertising their products through this site may place cookies on your terminal equipment. The categories of cookies used and the type of processing of personal data by these companies are regulated in accordance with the information provided by these companies.
To accept or deny these cookies provided by our servers make your choice directly from the “PREFERENCES” panel of the initial pop-up
These cookies are used for statistical analysis, to improve the site and make it easier to use, as well as to monitor its proper functioning. This type of cookie collects anonymous information about user activity on the site. This type of cookie is exclusively provided by third parties such as Google Ananlytics.
The provision of all cookies, both first and third party, can be deactivated by adjusting the settings of your browser; however, please note that this may render the sites unusable if you block cookies that are essential for the provision of functionality. Each browser has different settings for deactivating cookies; below are links to instructions for the most common browsers.
Third-party sites that can be accessed through this website are not covered by this policy. The Company declines all responsibility for them. The categories of cookies used and the type of processing of personal data by these companies are regulated in accordance with the information provided by these companies.
Further information on the processing of personal data on the site.
Dear User, Thank you for visiting our website.
The COMPANY has always paid close attention to the protection of the personal data it processes, not only because it is subject to specific legislation but above all because data protection is a fundamental asset. It is for these reasons that we constantly strive to provide our users with an Internet experience that fully respects and protects their privacy.
Why this warning
1) PRINCIPLE OF RESPONSIBILITY
The processing of personal data is managed over time by specific responsibilities identified within the company organization.
2) PRINCIPLE OF TRANSPARENCY
3) PRINCIPLE OF RELEVANCE OF THE COLLECTION
Personal data are processed lawfully and fairly; they are recorded for specific, explicit and legitimate purposes; they are relevant and not excessive for the purposes of processing; they store for the time necessary for the purposes of collection
4) PRINCIPLE OF PURPOSE OF USE
The purpose of the processing of personal data is made known to the data subjects at the time of collection Any new processing of data, if unrelated to the stated purposes, shall be activated subject to new information to the data subject and possible request for consent, when required by the GDPR.
5) PRINCIPLE OF VERIFIABILITY
Personal data is accurate and up-to-date over time They are also organised and stored in such a way that the data subject is given the opportunity to know, if he/she so desires, which data have been collected and recorded, as well as to check their quality and request their possible correction, integration, cancellation due to violation of the law or opposition to their processing and to exercise all the other rights provided for by the GDPR at the addresses indicated in the Notices on this page. Translated with www.DeepL.com/Translator (free version)
6. SAFETY PRINCIPLE
Personal data are protected by technical, IT, organisational, logistical and procedural security measures against the risks of destruction or loss, even accidental, and against unauthorised access or unauthorised processing. These measures shall be updated periodically according to technical progress, the nature of the data and the specific features of the processing, constantly monitored and verified over time.
Third parties carrying out support activities of any kind for the provision of services by companies, in relation to which they perform personal data processing operations, are designated by the latter as Data Processors and are contractually bound to comply with measures for security and confidentiality of processing. The identity of these third parties is disclosed to users. With the consent of the interested parties, if required by law, and in any case subject to adequate information specifying the various purposes, personal data may be communicated to third parties, public or private, unrelated to the company, which will process them as autonomous data controllers. The Company is in no way responsible for the processing of personal data carried out by these third-party data controllers. The Company doesn’t assume any responsibility for:
- the rules and procedures for handling personal data of other websites, which can be reached from our pages through links and cross-references;
- the contents of any e-mail services, web spaces, or chat forums provided to users.
The processing operations connected to the web services offered by this site take place at the offices of the companies and possibly at the offices of the external data processors and are carried out by data processors appointed to manage the services requested, marketing activities – where requested by the user -, data storage activities and occasional maintenance operations.
Scope of data communication
The personal data provided may be communicated to third parties in order to comply with legal obligations, in execution of orders from public authorities legitimated to do so, or to assert or defend a right in court. If necessary in relation to particular services or products requested, personal data may be communicated to third parties who perform, as independent data controllers, functions strictly connected and instrumental to the provision of services or supply of products. Without communication, these services and products could not be provided. Personal data will not be disclosed, unless the requested service requires it.
Types of data collected, purposes and methods of processing
It is good for you to know that your professional and personal interests may be detected while browsing the site: this information, however, is collected for the sole and exclusive purpose of providing the services requested and possibly to control the quality of the services offered.
Only with the express consent of the user in the forms required by law, activities of analysis and profiling related to purchasing and professional choices are carried out with electronic instruments in order to improve the offer of services and commercial information, direct sales, market research on products, services and events by the company in accordance with the interests of users.
Personal data will also be processed for sending commercial and promotional information, direct sales, market research on products, services and events (hereinafter collectively referred to as “marketing activities”) of the company, and for marketing activities, directly by the company, on behalf of companies of the company
Data provided voluntarily by the user
The types of personal data collected and processed on the site are those necessary for the provision of the various services provided. The data collected are processed on paper, by automated and telematic means and with logic strictly related to the purposes of the processing. Your fax and telephone numbers and your e-mail address may also be used to provide you with services. It is evident that if you do not provide this data, we will not be able to provide you with services that require the use of these tools. If you do not consent to the use of e-mail and telephone for the purposes of advertising, direct sales or interactive commercial communication, these tools will not be used for this purpose. Specific information will be provided on the pages of the site set up for the possible provision of personal data. Any voluntary sending of electronic mail to the addresses indicated on the site entails the acquisition of the sender’s address as well as any other information contained in the message; such personal data will be used for the sole purpose of performing the service or provision requested.
It is useful to know that the site’s software procedures acquire, in the course of their normal operation, certain personal data (navigation data) whose transmission is implicit in the use of Internet communication protocols. Although this information is not intended to be associated with identified users, by its nature, if it is associated with other data held by third parties (e.g. your internet service provider), it may allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URL (Uniform Resource Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. Translated with www.DeepL.com/Translator (free version) These data are used solely for the purpose of anonymous statistics on the use of the site and to check its correct functioning.
The Data Controller and, depending on the service requested, the designated Managers shall keep, for a limited period of time in accordance with the law, the trace (LOG) of the connections/navigations made in order to respond to any requests from the judicial authorities or other public body entitled to request said trace for the purpose of ascertaining possible liability in the event of computer crimes. Translated with www.DeepL.com/Translator (free version)
Apart from what is specified for navigation data, the user is free to give or not to give the personal data requested in the registration forms for the services. On these forms, however, some data may be marked as compulsory; it must be understood that these data are necessary for the provision of the requested service. If you do not provide this information, the requested service cannot be provided and you will not be able to take advantage of the related opportunities.
At the time of any provision of data, the data subject will be provided with information containing all the requirements of the GDPR. The person concerned is therefore called upon to give his or her informed, free, express and documented consent in the form provided for by law, where required by that law. If personal data are provided at a later stage, additions may be made to the information previously provided and new consents to processing may be required.
Security measures taken to protect collected data
The company uses “secure” architectures and technologies to protect personal data against undue disclosure, alteration or misuse. The protections put in place for personal data aim, in particular, to minimize the risks of destruction or loss, including accidental loss, of data, unauthorized access or processing not allowed or not in accordance with the purposes of collection. Data subjects have the right at any time to exercise their rights as set out in the GDPR. Requests should be sent to the e-mail address listed on the “Contacts” page or to the specific addresses indicated in the information provided to users at the time of any personal data collection.
Third-party sites that can be accessed through this website are not covered by this policy. The company declines all responsibility for them. The categories of cookies used and the type of processing of personal data by these companies are regulated in accordance with the information provided by these companies.
Use of IP addresses
An IP address is a number automatically assigned to your computer every time you connect to the Internet through your Internet provider or from a company LAN/WAN using the same Internet protocols. Like your home address, to which others can send you material, the IP address is used by the website to send you its own pages.