Search
Filters
Close

Privacy

PRIVACY POLICY

 

Information regarding the personal data processing policy pursuant to Article 13 of Legislative Decree No. 196/2003, in addition to EU Regulation 679/2016
Maglificio Gran Sasso S.p.a., in our capacity as Data Controller according to Legislative Decree no. 196/2003 ("Code"), as well as EU Regulation 679/2016 invites you to carefully read this Privacy Policy before communicating any personal data to the Data Controller, because it contains important information regarding the protection of your personal data.

This Privacy Policy:
It is provided in relation to the websites https://shop.gransasso.it and https://www.gransasso.it;
• is an integral part of the Website and the services we offer;
• is provided to those who interact with the web services of the Website, either through simple consultation or through the use of specific services made available through the Website (for example, purchasing products, filling out online forms to request information or subscribing to the Newsletter service) pursuant to art. 13 of the Code, as well as article 13 of the Regulation.
***
The processing of your personal data shall follow the principles of correctness, lawfulness, transparency, purpose and retention limitation, minimisation, accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to art. 5 of the Regulation. Therefore, your personal data will be processed in accordance with the legislative provisions stipulated in the Regulation and the confidentiality obligations prescribed therein.

Personal data processing means any operation or set of operations which is carried out on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
INDEX
Below is the index of this Privacy Policy so that you can easily find the information pertinent to the processing of your personal data that concerns you.


1. DATA CONTROLLER
2. PERSONAL DATA SUBJECT TO PROCESSING
a. Web browsing data
b. Data provided voluntarily by the user
c. Third party data voluntarily provided by the user
d. Special categories of data
e. Cookie
3. PURPOSE OF DATA PROCESSING
4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING
5. PERSONAL DATA RECIPIENTS
6. TRANSFERS OF PERSONAL DATA
7. RETENTION OF PERSONAL DATA
8. DATA SUBJECT'S RIGHTS
9. MODIFICATIONS
10. CONTACT US


1. DATA CONTROLLER AND DATA PROTECTION OFFICER


The Data Controller is Maglificio Gran Sasso Spa with registered office in Sant'Egidio alla Vibrata (TE, Italy), Via Isaac Newton no. 2, tax code 00061560678. The Data Protection Officer of Maglificio Gran Sasso Spa. can be contacted at the headquarters of the Data Controller at the address indicated above and by email at: gdpr@gransasso.it

2. PERSONAL DATA SUBJECT TO PROCESSING


We inform you that the personal data being processed may consist of a form of identification, such as a name, an identification number, location data, an online identifier or one or more characteristic elements of your physical, physiological, psychological, economic, cultural or social identity that is suitable to render the data subject identified or identifiable, depending on the type of services requested (hereinafter only referred to as "personal data").
The following personal data is processed through the Website:
a. Web browsing data
During their normal course of operation, the computer systems and software procedures used to operate this Website acquire certain personal data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified users but, by its nature, it could lead to the identification of users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding the user's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website to check its correct functioning, to identify anomalies and/or misuses; in any event, they are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Website or third parties.
b. Data voluntarily provided by the user
Except for specific information contained therein, this Privacy Policy is also intended for the processing of data voluntarily inserted by you when filling out the various forms contained on the Website. With reference to the latter, we invite you not to include information that may fall within the group of special categories of personal data pursuant to art. 9 of the Regulation ([...] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relative to a person's health, sex life or sexual orientation).
c. Third party data voluntarily provided by the user
When using the services offered by the Website, the personal data you communicate to Maglificio Gran Sasso Spa may be processed by third parties (such as in the case of purchasing products to be sent to third parties). With respect to these hypotheses, you become the autonomous data controller, assuming all legal obligations and responsibilities. To this effect, you fully indemnify us against any objection, claim, request for compensation for damages from processing, etc. that the Data Controller receives from third parties whose personal data has been processed, through your use of the Website's services, in violation of the applicable rules on the protection of personal data. In any event, if you provide or otherwise process personal data of third parties when using the Website, as of now, you guarantee that this particular hypothesis of data processing is based, where necessary, on the prior acquisition - by yourself - of the consent of the third party to process information concerning him/her and you assume all related liability.
d. Cookies and other tracking technologies


3. PURPOSE OF DATA PROCESSING


Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable:
3.1. to allow navigation of the Website and the delivery of services made available by the Data Controller, including the management of the Website's security, as well as the contractual and administrative/accounting relationships;
3.2. to inspect specific requests addressed to the Maglificio Gran Sasso Spa, including any requests for Customer Assistance sent by completing the "Contact Us" form;
3.3. to fulfil any obligations stipulated by applicable laws, regulations or European legislation, or to satisfy requests from authorities;
3.4. to conduct direct marketing via email for products which are similar to those you have already purchased, pursuant to art. 130, paragraph 4 of the Code, unless you have expressly refused to receive such communications, which you may express during registration on the Website or on subsequent occasions;
3.5. to send you promotional and marketing communications, which includes sending you newsletters and market research, through automated tools (SMS, email, push notifications, fax) and other means (paper mail, telephone with operator); please note that the Data Controller collects a single affirmation of consent for the marketing purposes described here, in accordance with the Provision issued by the Italian Data Protection Authority "Guidelines on promotional activities and obstructing spam" of 4 July 2013; if, in any event, you wish to object to the processing of your data for marketing purposes carried out with the means specified here, you may contact the Data Controller at any time, at the addresses indicated in the "Contact" section of this Privacy Policy, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
3.6. to analyse your preferences, habits and choices as a consumer, in order to send you personalised commercial communications and proposals as well as to carry out general analyses for strategic orientation and commercial intelligence purposes;
3.7. to communicate your personal data to other companies belonging to the Maglificio Gran Sasso Group for the purposes of sending you their promotional and marketing communications, including newsletters and market research, using both automated tools (SMS, email, push notifications, fax) and other means (paper mail, telephone);
3.8. for statistical purposes, without it being possible to trace your identity.
Specific security measures have been implemented in order to prevent data loss, illicit or incorrect use of data and unauthorised access.


4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING


The legal basis for processing personal data for the purposes set out in section 3.1 and 3.2 is art. 6 ( 1 )(b) of the Regulation ([...] processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the same), inasmuch as processing is necessary for the provision of services. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the services requested.
The purpose referred to in section 3.3 represents a legitimate processing of personal data pursuant to art. 6 ( 1 )(c) of the Regulation ([...] processing is necessary for compliance with a legal obligation to which the Data Controller is subject). In fact, once the personal data has been conferred, the processing must comply with the legal obligations to which the Data Controller is subject.
Data processing carried out for the purposes of marketing, profiling and communication to Third party companies of the Group described in section 3.5, 3.6 and 3.7 are based on the issuance of your consent pursuant to art. 6 ( 1 )(a) ([...] the data subject has consented to the processing of his/her personal data for one or more specific purposes) and to art. 22 ( 2 )(c) of the Regulation. Therefore, the provision of your personal data for these purposes is entirely optional and does not affect the use of the services. If you wish to object to the processing of your data for marketing, profiling or communication purposes, you may contact the Data Controller, at any time, using the contact details provided in the "Contact Us" section of this Privacy Policy or, where available, via the "privacy settings" found within your personal area. With reference to the purpose referred to in point 3.4, please note that if the Data Controller uses the electronic mail details provided by the data subject for the purposes of direct sales of its products or services, in the context of the sale of a product, it may, according to art. 130, paragraph 4 of the Code, refrain from requesting the consent of the data subject, provided that the products are similar to those bought by the data subject, who is properly informed and does not refuse such use, initially or on the occasion of subsequent communications. It should also be noted that the processing referred to in section 3.8 is not carried out on personal data and, as such, can be freely performed by the Data Controller.


5. PERSONAL DATA RECIPIENTS


Your personal data may be shared, for the purposes set out in section 3 of this Privacy Policy, with:
5.1. subjects that typically act as data processing supervisors pursuant to art. 29 of the Code and 28 of the Regulation, namely: i) persons, companies or professional firms that provide assistance and advice to Maglificio Gran Sasso Spa on accounting, administrative, legal, tax and financial matters; ii) subjects delegated to carry out technical maintenance activities; iii) credit institutions and insurance companies and brokers;
5.2. persons, entities or authorities who require the communication of your personal information as mandated by law or by order of the authorities;
5.3.. persons authorised by the Data Controller, pursuant to art. 30 of the Code and 29 of the Regulation, to process the personal data necessary to carry out activities strictly related to the provision of services, who are committed to respecting your confidentiality or have an appropriate legal confidentiality obligation;
5.4. Maglificio Gran Sasso Spa Group companies, limited to the pursuit of internal administrative purposes;
5.5. Maglificio Gran Sasso Spa Group companies, limited to the pursuit of the purposes set out in point 3.7, subject to your explicit consent (as specified in point 4).

 

6. TRANSFERS OF PERSONAL DATA


Some of your personal data is shared with Recipients that may be situated outside the European Economic Area. The Data Controller ensures that these Recipients process your personal data in compliance with articles 43 and 44 of the Code, as well as articles 44 - 49 of the Regulation. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. More information is available by sending a written request to the Data Controller at the addresses indicated in the "Contact Us" section of this Privacy Policy.


7. RETENTION OF PERSONAL DATA


Personal data that is processed for the purposes set out in sections 3.1 and 3.2 will be kept for the time strictly necessary to achieve those same purposes. With regard to information processed for the provision of services, the Data Controller will keep this personal data for the period of time envisaged and permitted by Italian law to protect its own interests (Article 2946 of the Italian Civil Code and ff.).
Personal data processed for the purposes set out in section 3.3 will be kept up until the time stipulated by the specific obligation or applicable law.
For the purposes set out in section 3.4, 3.5 and 3.6, your personal data will be processed until you present an objection to its processing. Further information regarding the data retention period and the criteria used to determine this period may be requested via a written request sent to the Data Controller at the addresses indicated in the "Contact Us" section of Privacy Policy. In any case, the Data Controller is granted the possibility to keep your personal data for the period of time provided and allowed for by Italian law to protect their interests (Article 2947 ( 1 )( 3 ) of the Italian Civil Code).


8. DATA SUBJECT'S RIGHTS


Pursuant to art. 7 of the Code, at any time, you have the right to obtain confirmation of the existence or otherwise of your personal data and to know its content and origin, verify its accuracy or request its integration, updating, or rectification; you have the right to request the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, and to oppose, in any event, and for legitimate reasons, its processing. Starting from 25 May 2018 you also have the right to request access to your data, to oppose its processing, to request the limitation of its processing in the cases provided for by art. 18 of the Regulation, where technically possible, as well as obtaining the data concerning yourself in a structured common-use format that is readable via an automatic device, in the cases provided for by art. 20 of the Regulation.
Requests should be sent in writing to the Data Controller at the addresses indicated in the "Contact Us" section of this Privacy Policy.
In any case, you are always entitled to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority), pursuant to art. 77 of the Regulation, if you consider the processing of your data to be in violation of the law in force.


9. MODIFICATIONS


The Data Controller reserves the right to modify or simply update its content, wholly or partially, also as a result of variations in the applicable legislation. Therefore, the Data Controller invites you to regularly visit this section to keep up-to-date with the most recent and updated version of the Privacy Policy in order to always be informed on the data collected and how Maglificio Gran Sasso Spa uses it.

 

10. CONTACT US


To exercise the above rights or for any other requests, please write to the Data Controller at the physical address indicated above, or via email at gdpr@gransasso.it.

top