Privacy Policy

Privacy Policy

Information notice pursuant to art. 13 of the REGULATION (EU) 2016/679 (GDPR) and to art. 130 of the Privacy Protection Code

Last Update Date: 25/10/2024

 

WHY ARE YOU GIVEN THIS INFORMATION

 

In compliance with the provisions of Regulation (EU) 2016/679 (European Regulation for the protection of personal data; hereinafter “GDPR”) we provide you with the necessary information regarding the processing of personal data provided. The information is provided pursuant to art. 13 GDPR and is not to be considered valid for other websites that may be consulted through links on this website in the domain of the Data Controller, which is not to be considered in any way responsible for the websites of third parties.

 

Processable personal data 

Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 GDPR).

 

Contracting / user data

Navigation data: Computer systems and software procedures used to the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the internet communication protocols. This information is not collected to be associated with identified data subject, but by their nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.

 

Personal data provided by data subjects: The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the filling in of data collection forms entails the subsequent acquisition of the sender’s address, necessary to reply to requests, as well as any other personal data entered.

 

Information on the processing of personal data carried out through Social Media platforms: With regard to the processing of personal data carried out by the managers of the Social Media platforms used by the Controller, please refer to the information provided by them through their respective privacy policies. The Controller processes personal data provided by users through the pages of the dedicated Social Media platforms, in order to manage interactions with users (comments, public posts, etc.) and in compliance with the current law. 

 

Specific information notices: Specific information notices may be present on the pages of the Site in relation to particular services or processing of personal data provided.

 

Use of cookies and similar technologies. What are they? What is their function?: For more information on the cookies used by this website see the cookies policy included in the footer of the Site and at the following link

 

WHO IS THE DATA CONTROLLER? HOW TO CONTACT THEM?

The data controller is Annamaria srl, with legal headquarters in 10122 Torino, Via Pietro Micca n, 20, Italy, in person of its pro tempore Legal Representative, whom you will be able to contact for any information at the e-mail address info@annamariagroup.com

HAS THE DATA PROTECTION OFFICER BEEN APPOINTED? HOW TO CONTACT THEM?

Annamaria srl appointed its Data Protection Officer (DPO) pursuant to art. 37, 38 and 39 GDPR. The data protection officer is reachable at the above-mentioned Controller’s headquarters and at the e-mail address info@annamariagroup.com

 

PURPOSES OF THE PROCESSING, LEGAL BASIS OF THE PROCESSING, DATA RETENTION AND NATURE OF UNDERWRITING OF PERSONAL DATA

PURPOSES OF THE PROCESSING

Website browsing.

As well as for navigation, the data will be processed to:

Detect statistical information regarding the use of the services (most visited pages, number of guests based on time or daily slots, geographic source, ecc.)

Monitor the operation of the navigation services.

 

LEGAL BASIS OF THE PROCESSING: data processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail, having regard to the reasonable expectations of the data subject and the activities strictly necessary for the operation of the site and the provision of the navigation services.

DATA RETENTION: the data retention will last until the duration of the browsing session. 

NATURE OF UNDERWRITING OF PERSONAL DATA: see cookie policy in the footer of the site.

 

PURPOSE OF THE PROCESSING

Use of cookies and similar technologies. See the cookie policy in the footer of the site.

LEGAL BASIS OF THE PROCESSING: for necessary non-technical cookies and similar technologies, processing is based on consent to the processing of personal data (art. 6 para. 1 lit. a and C42, C43 GDPR). Consent is given through the banner and cookie policy of the site.

DATA RETENTION: see the cookie policy in the footer of the site.

NATURE OF UNDERWRITING OF PERSONAL DATA:  see the cookie policy in the footer of the site.

 

PURPOSE OF THE PROCESSING A 

Contacts: sending contact requests, information.

LEGAL BASIS OF THE PROCESSING: processing is necessary for the execution of a contract  which involves the subject or for the execution of precontractual measures taken upon the subject’s request; (C44 art. 6 par.1 lett.b GDPR) .

DATA RETENTION: 12 months at the most. 

NATURE OF UNDERWRITING OF PERSONAL DATA: the provision of data is necessary. The non provision of personal data may result in the impossibility to be contacted and receive information. 

 

PURPOSE OF THE PROCESSING B

Direct marketing, for the forwarding of advertising material or direct sale or for the fulfillment of market research ,satisfaction questionnaires/reviews, of commercial and promotional communication, newsletter, through automated means (e-mails, SMS). The Data Controller, to compare and possibly improve the results of the automated communications, uses systems with reports. Thanks to the reports the Data Controller will be able to know, for instance: the number of readers, of openings, of singular “clickers” and “clicks”; the devices and operating systems used to read the communication; the detail concerning the activity of each single user; the detail concerning sent e-mails, both delivered and undelivered e-mails, and forwarded ones. All these data are used with the purpose of comparing, and possibly improving, the results of communications.

 

LEGAL BASIS OF THE PROCESSING: the processing is based on consent to the processing of personal data (art. 6 para. 1 lit. a) and C42, C43 GDPR).

DATA RETENTION: 24 months starting from the provision of consent or (if preceding) until the annulment of consent (or opt-out).

NATURE OF UNDERWRITING OF PERSONAL DATA: the provision of data is optional. The non provision of personal data will result in the impossibility to receive direct marketing communications and (where the date of birth is stated as well) direct marketing communications with dedicated discount codes. 

 

PURPOSE OF THE PROCESSING C

Fulfillment of contractual obligations and administrative-accounting and legal purposes related to the establishment, performance and termination of the contractual relation.

LEGAL BASIS OF THE PROCESSING: the processing is necessary for the performance of a contract (C44) art. 6 para. 1 lit. b) GDPR.

DATA RETENTION: 10 years. Art. 2220 Civil Code, except for contractual and extracontractual  issues which may arise, and except for several legal obligations.

NATURE OF UNDERWRITING OF PERSONAL DATA: the provision of data is necessary for the contractual purposes. The non provision of personal data results in the impossibility to establish a contractual relation with you.

 

PURPOSE OF THE PROCESSING D

Direct marketing, e-mail automated “soft-spam”: for the purposes of direct sale of his own products or services, the Data Controller will use the e-mail coordinates provided by the subject in the context of the sale of a product or a service, without the subject’s previous consent, for promotional and commercial communications and newsletter concerning services similar to those that were the object of the sale; the subject, properly informed, does not reject this use, initially or on the occasion of next communications. The subject, at the time of the data collection and at the forwarding of each communication made for the purposes stated in this clause, is informed of the possibility to object, at any time, to the processing, easily and freely.

LEGAL BASIS OF THE PROCESSING: data processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail (C47-C50) art. 6 para. 1 lit. f) GDPR and art. 130, clause 4 of the D. Lgs. 196/2003.

DATA RETENTION: until objection (opt-out).

NATURE OF UNDERWRITING OF PERSONAL DATA: the provision of data is optional. The non provision of personal data will result in the impossibility to receive direct marketing e-mail communications (soft-spam).

 

PURPOSE OF THE PROCESSING E

Performance of the contract related to the adherence to the fidelity program

LEGAL BASIS OF THE PROCESSING: the processing is necessary for the performance of a contract which concerns the subject (art. 6 para. 1 lit. b) and C44 GDPR).

DATA RETENTION: as long as the contract lasts and, after the termination, for a period of 10 years at the most starting from the time of their collection.

NATURE OF UNDERWRITING OF PERSONAL DATA: the provision of data is optional. The non provision of personal data will result in the impossibility to adhere to the fidelity program within the terms set out in the related regulations.

 

PURPOSE OF THE PROCESSING F

Management of your requests and requests of other data subjects pursuant to art. 15 et seq. Of the gdpr (subject’s rights)

LEGAL BASIS OF THE PROCESSING: the processing is necessary for compliance with a legal obligation to which the controller is subject (C45) art. 6, para. 1 lit. c) GDPR. 

DATA RETENTION: 5 years from the closing of the request, except in case of legal suits.

NATURE OF UNDERWRITING OF PERSONAL DATA: the provision of data is necessary to execute legal obligations.

 

PURPOSE OF THE PROCESSING G

Customer area, to log in the account/sign in/manage the account.

LEGAL BASIS OF THE PROCESSING: the processing is necessary for the performance of a contract which involves the subject or for the performance of precontractual measures taken upon the subject’s request (C44) art. 6 para. 1 lit. b) GDPR.

DATA RETENTION: until the termination of the contract or until its cancellation, in any case excepted the technical time required for the deactivation of the credentials.

NATURE OF UNDERWRITING OF PERSONAL DATA: the provision of data is necessary to execute legal obligations.

 

PURPOSE OF THE PROCESSING I

Prevention and management of litigations and other legal aspects, and for the defense in case of trial

LEGAL BASIS OF THE PROCESSING: data processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail (C47-C50) Art. 6 para. 1 lit. f) GDPR.

DATA RETENTION: 10 years, except for objection and except for the necessary time for the defense in court.

NATURE OF UNDERWRITING OF PERSONAL DATA: the provision of data is necessary. The denial will have to be balanced with the legitimate interest of the Data Controller, which can be found in the purposes of this item.

 

TO WHOM WILL THE PERSONAL DATA BE COMMUNICATED? RECIPIENTS OF THE DATA

The personal data will be communicated, according to the purposes foreseen in specific areas as well, to subjects who will process the data as independent Data Controllers, or Data Processors (art. 28 GDPR) and processed by individuals (art. 29 GDPR) acting under the authority of the Data Controller and Data Processors on the basis of specific instructions provided with regard to purposes and methods of the processing, for specific purposes based on the reference area. The data will be communicated to recipients belonging to the following categories: subjects that provide services for the website and communication networks, including e-mail, host and website management; subjects based in Italy, with whom the Data Controller has signed agreements (ex. consultants, shipping and handling societies etc.); social media; subjects dealing with the management of direct marketing activities; competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.

 

IS THERE A DATA TRANSFER TO COUNTRIES OUTSIDE THE E.E.A.?

The management and retention of the data is in Europe. It is dutiful to specify that in case of a personal data transfer to Countries outside the E.E.A., the same thing will be carried out in compliance with the measures established by the appliable law, ensuring a suitable level of protection for the subjects. To have information concerning the guarantees relating to the data transfer outside the E.E.A. write to info@annamariagroup.com.

 

IS THERE AN AUTOMATED PROCESS?

The personal data will be submitted to traditional manual processing, electronic and automated. It is dutiful to specify that completely automated decision-making processes are not carried out. 

 

DATA SUBJECTS’ RIGHTS

You may freely exercise your rights at any time under the EU Reg. 2016/679 – GDPR – art. 15 and following, contacting the Data Protection Officer at info@annamariagroup.comor the data controller at info@annamariagroup.com.

You have the right, at any time, to obtain confirmation from the Data Controller as to whether personal data concerning you are being processed (art. 15), request their rectification (art. 16) or erasure (art. 17), restriction of processing (art. 18). The Data controller communicates (art. 19) any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed to. The Data controller disclose the aforesaid recipients to any requesting data subjects. You may have the right to data portability (art. 20) in a structured, commonly used and machine-readable format. You have the right to objects, at any time, to processing grounded on the legitimate interest of the data controller (art. 21) and where the legal basis is consent, you have the right to withdraw your consent without prejudice to the lawfulness of the processing based on your consent before the withdrawal. 

If you no longer wish to receive automated direct marketing communications (e-mails, SMS-type messages, instant messaging), please send an e-mail to info@annamariagroup.com with the subject line “unsubscribe from automated” or use our automated unsubscribe systems provided for e-mails only (opt-out).

Without prejudice to any other administrative or judicial remedy, in case you consider your data processing in contrast with Reg. UE 2016/679, pursuant to article 15 lett. f) of Reg. UE 2016/679, you have the right to lodge a complaint with a supervisory authority in the Member State you habitually reside, work or in the place where the alleged violation has occurred (Garante Privacy https://www.garanteprivacy.it/).

 

UPDATES 

Data Controller retains the right to modify, update, add or remove some parts of this informative at any time.

Last review : 25/10/2024

 

Data controller

 

Annamaria srl