Prodotti Gianni S.r.l. protects the confidentiality of your personal data and guarantees its protection and correct processing, in line with recent European legislation. With this document, pursuant to Articles 13 and 14 of European Regulation (EU) 2016/679 (hereinafter GDPR) and Legislative Decree 196/03, as amended by Legislative Decree 101/18, we hereby inform you of the following:
The data controller is Prodotti Gianni S.r.l., in the person of its pro tempore legal representative, with registered office in Milan, Via M.F. Quintiliano, 30, Tax Code and VAT Number 08860270969. The Data Controller can be contacted at privacy@prodottigianni.com.
The owner has not appointed a data protection officer (DPO).
The data processing described below takes place in Milan, Via M.F. Quintiliano, 30; the data is processed and stored by the data controller within the European Economic Area and will not be transferred outside of it.
The data you provide us with is common and not specific.
These include first and last name, date of birth, contact details (landline and mobile phone numbers, including VOIP, and email address, etc.).
The data may be provided to us by you personally, as the data subject, including through remote means.
During its operation, our website may acquire certain data that is automatically transmitted during navigation, such as IP addresses, online identifiers, time of contact, etc. This information is not processed but will only be used to provide anonymous statistics on the use of the website and to check for any anomalies, as well as to prevent fraud; for the latter purpose, the data may be used solely for the purpose of communicating with the competent authorities for the purpose of ascertaining responsibility. That said, we inform you that, by its nature, this information could, through association and processing with data held by third parties, allow the identification of the user.
In addition to the above, when interacting with social networks, you may provide your data in the registration window (‘register with…’) of the social network.
In general, all types of data processing can be identified in those provided for in Article 4, paragraph 1, no. 2 of EU Regulation 679/16 (e.g. collection, recording, organisation, storage, etc.). Your data will, in any case, be processed in a lawful, fair and transparent manner. Only data that is necessary and essential for the achievement of the specific purpose will be processed (so-called minimisation of processing and accountability pursuant to Article 5(1)(c) of the GDPR), with a guarantee of accuracy and integrity of the data.
In particular, you acknowledge that your personal data, including sensitive data, may be collected based on information you provide during registration or communications, including electronic communications, with the data controller.
Persons under the age of 16 may only use the services with the consent of their parents or, in any case, the holder of parental responsibility pursuant to Article 8 of the GDPR.
The processing of your data is mainly aimed at the correct and complete provision of the services you have requested.
Each type of processing is based on a legal basis or premise, pursuant to Article 6 of the GDPR.
The purposes of the processing are as follows, with the relevant legal basis in brackets:
a) provision of the requested services, management of purchase orders, supply of products, management of payments and communications relating to the orders themselves (performance of the contract or pre-contractual measures);
b) compliance with tax and accounting obligations, including through third parties and external managers (compliance with legal and statutory obligations);
c) personal communications and internal security (contract execution);
d) direct marketing initiatives known as soft spam (Art. 130, paragraph 4 of the Privacy Code)
e) commercial communications from other branded companies or third parties operating in the sector; (consent);
f) customer care and customer satisfaction (contract execution);
Any additional and future purposes will be included in an appendix to this policy and any consent.
Your data will be processed both manually and electronically, only where there is an appropriate legal basis for doing so.
Personal data may be processed both in paper and electronic archives (including portable devices) and in ways strictly necessary to fulfil the purposes indicated above. The data may be processed using so-called cloud computing devices and stored in archives of this type.
The provision of data is mandatory as it is necessary for the fulfilment of contractual or legal obligations in relation to the purposes indicated above in points a), b), c) and f). With regard to points d) and e), the provision of data is optional and may be revoked or opposed as described below. The data controller informs you that failure to provide or incorrectly communicate/update your data could make it impossible to guarantee the adequacy of the processing in accordance with current legislation.
The data may be processed by our employees in customer management, marketing, technical staff, etc. All employees in question have received appropriate training and instructions regarding the minimum security measures required to protect your data.
In order to process your data, the data controller may also use third parties such as:
1. consultants in general, accountants and chartered accountants or lawyers, formally appointed or legally qualified, who provide services for the purposes indicated above;
2. banking and insurance institutions that provide services for the purposes indicated above, including companies that provide payment services accepted by our website as independent data controllers;
3. entities that process data in compliance with specific legal obligations;
4. judicial, police or administrative authorities, for the fulfilment of legal obligations;
5. websites and third-party providers of communication networks and services;
6. websites and third-party providers of communication networks and services for the purpose of processing communications sent by email and their content and attachments;
7. Other companies in the Group, namely Virgilio Holding S.p.A., Prodotti Gianni S.r.l., Old Pharma International S.r.l.
Your data may therefore be disclosed to these parties, who will process it as independent data controllers or processors.
You can verify compliance with current legislation by these service providers on their respective websites, or by contacting the data controller using the methods indicated below.
Your personal data, processed for the purposes indicated above, will be stored in accordance with Article 13(2)(a) of the GDPR. The data will be stored for as long as the data controller is subject to storage obligations for tax or other purposes, as required by law or regulations. In any case, in compliance with the aforementioned provisions, your data will not be stored beyond the period strictly necessary for the purposes and objectives described above.
In the event of disputes with the data controller, processing will continue until the rights of each party have expired. As regards marketing purposes, unless the data subject expressly objects to this purpose or withdraws their consent, the duration will be two years.
Your personal data will not be disclosed or subject to any fully automated decision-making process, including profiling. The exception to this is when you connect to the website or social network pages belonging to the data controller (Facebook, Twitter, etc.). In this case, your data may be analysed in accordance with the provisions and purposes indicated by the web service provider or social network in question. In the latter case, the hosting service provider or social network may use cookies. You are therefore invited to check your privacy and security settings on your social profile and disable the use of these tools if you do not wish to be subject to such processing. Please note that the Settings option, available in the toolbar of most browsers, includes instructions on how to prevent your browser from accepting cookies, receive notifications for each new cookie installed, or disable unwanted cookies. By continuing to use and visit the website or social media profiles of the data controller, you automatically consent to the processing of your data and the use of cookies in accordance with your default settings and as indicated by the hosting server or social network used.
The owner undertakes to protect your data from unauthorised access or other alterations. This involves the use of various security measures (passwords, firewalls, antivirus software, backups, etc.) to protect stored data, as well as continuous reviews of data collection, storage and processing methods.
In accordance with the provisions of this policy, the data controller will treat all your personal data as strictly confidential, in order to preserve its integrity, confidentiality and availability (Article 32 of the GDPR) and will take all reasonable measures to ensure the security of your data once it is in the data controller’s possession. Similarly, the data controller will require third-party suppliers to implement similar measures.
The rights granted to you by the GDPR include:
• request access to your personal data and information relating to it; the correction of inaccurate data or the integration of incomplete data; the deletion of personal data concerning you (upon the occurrence of one of the conditions indicated in Article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); restriction of the processing of your personal data (upon occurrence of one of the circumstances indicated in Article 18, paragraph 1 of the GDPR);
• request and obtain – in cases where the legal basis for processing is the contract or consent, and the processing is carried out by automated means – your personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller (so-called right to personal data portability);
• object at any time to the processing of your personal data in specific situations that concern you;
• withdraw your consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes and concerns common personal data (e.g. date and place of birth or place of residence), or special categories of data (e.g. data revealing your racial origin, political opinions, religious beliefs, health or sex life). Processing based on consent and carried out prior to the withdrawal of consent shall, however, remain lawful.
• lodge a complaint with a supervisory authority ( Data Protection Authority – www.garanteprivacy.it).
To exercise your rights, you can send a certified email or email to the data controller or contact them at the following address: Prodotti Gianni S.r.l. Via M.F. Quintiliano, 30 – 20138 Milan.
