Privacy policy
This is an official information statement drafted in accordance with Article 13 of Legislative Decree no. 196 of 2003 and EU Regulation 2016/679.
Maglificio Gran Sasso Spa, in its capacity as Data Controller, invites you to carefully read this Privacy Policy before providing any personal information, as it contains important information regarding the protection of your personal data.
This Privacy Policy:
- Is intended specifically for the websites https://shop.gransasso.it and https://www.gransasso.it
- Shall be regarded as an integral part of this Website and of the services we offer
- Applies to information we collect as you browse and explore the Website, as well as the information requested when using specific services made available by the Website, such as purchasing products, filling out online information request forms or subscribing to the newsletter service, pursuant to Article 13 of the Code and Article 13 of the GDPR.
Any processing of your personal data shall adhere to the principles of correctness, lawfulness, transparency, purpose and retention limitation, minimization, accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to Article 5 of the GDPR.
Your personal data will therefore be processed in accordance with the legislative provisions set out in the Regulation and the confidentiality obligations contained therein.
Personal data processing means any operation or set of operations which is carried out on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Index
Below is the index of this Privacy Policy that can help you find relevant information regarding the processing of your personal data.
- Data controller and data protection officer
- Personal data subject to processing
- Web browsing data
- Data provided voluntarily by user
- Third-party personal data provided voluntarily by user
- Special categories of personal data
- Cookies
- Purpose of data processing
- Legal basis and mandatory or optional nature of processing
- Recipients of personal data
- Transfer of personal data
- Retention of personal data
- Data subject’s rights
- Amendments
- Contact us
1. Data controller and data protection officer
The Data Controller is Maglificio Gran Sasso Spa, having its registered office in Sant'Egidio alla Vibrata (TE, Italy), Via Isaac Newton no. 2, tax code 00061560678.
The Data Protection Officer appointed by Maglificio Gran Sasso Spa can be contacted at the headquarters of the Data Controller at the address specified above and by e-mail at: [email protected].
2. Personal data subject to processing
As you use the Website, we inform you that Maglificio Gran Sasso Spa may collect and process information related to you as an individual, such as your name, identification number, online ID or one or more characteristic elements of your physical, physiological, mental, economic, cultural or social identity, which allows you to be identified, either directly or together with additional information.
This information is hereinafter referred to as “Personal Data”.
Personal Data which may be processed through the Website are as follows:
Web browsing data
During their normal operation, the computer systems and software procedures used to operate this Website acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified users, though, by its very nature, it could allow users to be identified through processing and association with data held by third parties.
This category of data includes IP addresses or domain names of computers used by users who connect to the Website, URI addresses of requested resources, time of the request, method used in submitting the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server and other parameters related to the user's operating system and computer environment.
This data is used solely to obtain anonymous statistical information concerning the use of the Website and to check its correct operation. This data may also be used to ascertain responsibility in the case of hypothetical computer crimes to the detriment of the Website and may be communicated to the Judicial Authority if explicitly requested.
Data provided voluntarily by user
The optional, voluntary and explicit transmission of personal data, including e-mail address, required in the Website-related web services, such as subscribing to newsletters and purchasing products, entails the subsequent acquisition of such data for the sole purpose of replying to users’ requests and managing the web services.
You are invited not to submit Personal Data which may fall under the special categories of Personal Data referred to in Article 9 of the Regulation, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Third-party personal data provided voluntarily by user
When using the services offered by the Website, personal data relating to third parties may be processed, for example when purchasing products to be sent to third parties.
In any situation where you decide to share Personal Data related to other persons through the Website, you will be considered as an independent data controller regarding such Personal Data and must assume all inherent legal obligations and responsibilities.
To this end, you shall fully indemnify Maglificio Gran Sasso Spa against any complaints, claims or demands for compensation for damages which may arise from the processing of such Personal Data, initiated by third parties whose personal data have been processed through the use of the Website in violation of applicable personal data protection rules.
In any case, if you provide or otherwise process Personal Data of third parties while using the Website, you guarantee, assuming all related responsibilities, that this specific processing is grounded on an appropriate legal basis in accordance with applicable law.
Special categories of personal data
When using the services on the Website, there are no parts or procedures that require the provision of data classified as “special categories of personal data”, previously referred to as “sensitive data”.
Such data includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a person, data relating to health, sex life or sexual orientation, and data relating to criminal convictions, crimes or security measures.
If voluntarily entered by the user, such data may be processed only with the user’s free and explicit consent, expressed in writing pursuant to Articles 9 and 10 of EU Regulation 2016/679. Otherwise, such data will not be stored nor taken into consideration by our systems.
Cookies
Cookies are small text strings that are sent from our Website to your device, such as a personal computer, tablet or smartphone, and are stored in order to enable you to be redirected back to the same Website during future visits.
During navigation, your device may receive cookies from other websites or servers, known as “third parties”, which may include different elements, such as images, maps, sounds, specific page links and other domains present on our Website.
Cookies allow a device to be identified and recognised as it accesses the Website; however, they cannot identify the person using that device.
Cookies enable access and navigation on a website and assist the correct functioning of the Website, facilitating access to authentication services, statistical purposes, understanding which areas of the Website have been visited and better managing pages and marketing activities.
3. Purpose of data processing
The purposes of the processing of your personal data, following your explicit consent where necessary, are the following:
- 3.1. To enable the use of the Website, allow the delivery of services and manage the Website's security
- 3.2. To answer specific requests addressed to Maglificio Gran Sasso Spa, including any Customer Care requests submitted by filling out the “Contact Us” form
- 3.3. To fulfill obligations provided for by law, regulations, EU legislation or requests from competent Authorities
- 3.4. To carry out, by e-mail, marketing activities related to products similar to those you have already purchased, pursuant to Article 130, paragraph 4 of the Code, where applicable
- 3.5. To submit promotional and marketing communications, including newsletters and market research, through automated and traditional methods
- 3.6. To create user profiles by analyzing preferences, habits, interests and consumption choices expressed through the use of the Website and the services offered
- 3.7. To communicate your personal data to other companies belonging to Maglificio Gran Sasso Group for promotional, marketing and market research purposes, subject to your consent
- 3.8. To carry out statistical analysis without the possibility of identifying the user
Specific security measures are implemented to prevent data loss, unlawful or incorrect use and unauthorized access.
4. Legal basis and mandatory or optional nature of processing
The legal basis for the processing of personal data for the purposes set out in sections 3.1 and 3.2 is Article 6(1)(b) of the GDPR, since processing operations are required in order to provide the services.
The provision of personal data for these purposes is optional; however, failure to provide such data would make it impossible to initiate the requested services.
Processing carried out for the purpose described under section 3.3 is necessary to comply with a legal obligation to which the Data Controller is subject, pursuant to Article 6(1)(c) of the GDPR.
Processing carried out for profiling, marketing campaigns and communication to third parties within Maglificio Gran Sasso Group, as described under sections 3.5, 3.6 and 3.7, is based on your consent pursuant to Article 6(1)(a) and Article 22(2)(c) of the GDPR.
Therefore, the provision of personal data for these purposes is optional and does not affect your use of the services.
You may object to the processing of your Personal Data for marketing and profiling purposes at any time by writing to the Data Controller at the address provided under the “Contact Us” section of this Privacy Policy or, where available, through the privacy settings in your personal area.
With reference to the purpose referred to under section 3.4, if you are already our customer, we may send you commercial information concerning products and services similar to those you already purchased, unless you object.
The processing referred to in section 3.8 does not concern personal data and may therefore be freely carried out by the Data Controller.
5. Recipients of personal data
For the purposes referred to in Section 3 above, your Personal Data may be shared with:
- 5.1. Subjects typically acting as data processors, including persons, companies or professional firms providing advice and consulting in accounting, administrative, legal, tax, financial and debt collection matters, subjects engaged to provide services, credit institutions, insurance companies and brokers
- 5.2. Subjects, bodies or authorities to whom your Personal Data must be disclosed in accordance with legal provisions or orders from authorities
- 5.3. Persons authorized by Maglificio Gran Sasso Spa to process Personal Data required for activities strictly related to the provision of services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality
- 5.4. Companies within the group of undertakings for internal administrative purposes
- 5.5. Companies within the group of undertakings for the purposes under section 3.7, subject to your explicit consent
6. Transfer of personal data
Some of your personal data may be shared with Recipients located outside the European Economic Area.
The Data Controller ensures that such Recipients process your personal data in compliance with Articles 43 and 44 of the Code, as well as Articles 44 to 49 of the GDPR.
Transfers may be based on adequacy decisions or on Standard Contractual Clauses approved by the European Commission. Further information may be requested in writing at the address specified in the “Contact Us” section of this Privacy Policy.
7. Retention of personal data
Personal Data processed for the purposes referred to in sections 3.1 and 3.2 will be retained for the period strictly necessary to fulfill such purposes.
Since the Personal Data is processed for the provision of services, the Data Controller may retain the Personal Data for the period allowed by Italian law to protect its interests, including Article 2946 and subsequent articles of the Italian Civil Code.
Personal Data processed for the purposes referred to in section 3.3 will be retained for the period required by the specific obligations or applicable law.
For the purposes referred to in sections 3.4, 3.5 and 3.6, your Personal Data may be processed until you withdraw your consent or object to the processing, where applicable.
Further information on the data retention period and the criteria used to determine such period may be requested in writing at the address specified in the “Contact Us” section of this Privacy Policy.
In any case, Maglificio Gran Sasso Spa may retain your Personal Data for the period allowed by Italian law to protect its interests, including Article 2947(1)(3) of the Italian Civil Code.
8. Data subject’s rights
Under Article 7 of the Code, you, as a data subject, are entitled to request from the Data Controller, at any time, access to your Personal Data, correction and erasure of your Personal Data, as well as to object to its processing according to Article 21 of the GDPR.
Since 25 May 2018, you are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the GDPR, as well as to obtain the Personal Data you have provided to the Data Controller in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.
Requests should be made in writing at the address specified in the “Contact Us” section of this Privacy Policy.
In any case, you are always entitled to file a complaint with the competent supervisory authority, the Italian Data Protection Authority, pursuant to Article 77 of the GDPR, if you believe that the processing of your data violates applicable law.
9. Amendments
The Data Controller reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, for example as a result of changes in applicable law.
Maglificio Gran Sasso Spa therefore invites you to regularly visit this Privacy Policy in order to review the latest updated version, so that you may remain constantly informed on how Maglificio Gran Sasso Spa collects and uses Personal Data.
10. Contact us
If you wish to exercise any of the rights set out above or for any other request, please contact the Data Controller at the postal address specified above, or by e-mail at [email protected].