1. Identification of the Data Controller
The Data controller is Gruppo Design s.r.l, VAT number 10323270966, with registered office in Via Piranesi 75, 20137 Milan (hereinafter, “Nannini”).
2. Purposes of the processing and types of personal data subject to the processing when you access the Website
If you access the Website (whether as registered user or as unregistered user), the following personal data will be processed, for the following processing purposes:
Browsing Data: The IT systems and software procedures, that have been set up to operate this Website, collect personal data as part of their ordinary functioning; the transmission of such data is an inherent feature of Internet communication protocols. Such information is not collected in order to relate it to identified data subjects; however, in consideration of its nature, such information might allow the identification of the users, through processing and matching with data held by third parties. This category of data includes IP addresses and/or the domain names of the computers used by the users connecting with this Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment. These data are only used to obtain anonymous statistical information on the use of the Website as well as to check its correct functioning. The data might be used to assess liability in case any computer crime is committed against the Website. Browsing Data are processed for our legitimate interest in order to ensure the security of the Website, control its correct functionality and for statistical purposes on the use of the Website (Section 6, par.1, point f) of the Regulation).
Data supplied by you on a voluntary basis:
– by post/e-mail/fax sent on a voluntary basis: the voluntary, explicit and optional sending of your personal data to the postal or e-mail addresses or fax number indicated on this Website implies the subsequent collection of such personal data in order to reply to any of your request related to the Website (Section 6, par. 1, point b) of the Regulation). You do not have an obligation to provide such data. However, failure to provide such data may result in the impossibility to obtain what has been requested;
– during phone call to our phone numbers: when you call our phone numbers or our customer cares service, we may process the personal data communicated by you on a voluntary basis during the phone conversation or reasonably requested by us in order to give you the answer you need (Section 6, par. 1, point b) of the Regulation). You do not have an obligation to provide such data. However, failure to provide such data may result in the impossibility to obtain what has been requested;
– through the contact forms published on the Website: certain contact forms are published on our Website (for example, “Contact us”). If you decide to use said contact forms, we will collect and record your personal data only for process your request (Section 6, par. 1, point b) of the Regulation). You do not have an obligation to provide such data. However, failure to provide such data may result in the impossibility to obtain what has been requested.
On the Website we use the so-called cookies. Please refer to the following paragraph 10.
3. Purposes of the processing of personal data when you register on the Website
If you decide to register on the Website, your personal data will be processed for the following purposes:
– for the performance of a contract to which you are a part or in order to take steps at your request prior to entering into a contract (Section 6, par.1, point b) of the Regulation): we will process your personal data to allow you to register on the Website, to provide you with services for registered users only, to allow you to purchase online applying the Terms of the Website and the Terms of Sale and any other contracts and arrangements to which you are a part (like terms and conditions regulating certain initiatives or promotions or regulations of prize contest), and in order to take steps at your request prior to entering into a contract, like, for example, when you contact us to obtain information regarding our products or services prior to deciding whether purchase or use the same;
– for providing you with the newsletter service (Section 6, par. 1, point b) of the Regulation): on the Website you may subscribe to our newsletter. Please note that our newsletter has a commercial nature and, thus, includes offers and promotions related to products or services provided by us or by third parties. Thus, by subscribing to our newsletter, you consent to the processing of your e-mail address for marketing purposes (direct sale, to send promotional material, for market research, advertising communications) and to be contacted by e-mail for such purposes. Should you refuse to provide your consent, the navigation on the Website, the possibility to set an account of the Website and to purchase on the Website will not be compromised and you will not suffer any detrimental consequences. You may in any case, for free and without formalities, revoke your consent to the processing of your e-mail address for marketing purposes at any moment, by sending us a request through the means indicated in the following paragraph 15. You may also revoke your consent to the processing of your e-mail address for marketing purposes by clicking the unsubscribing link (opt-out) inserted in any promotional e-mail.
– for compliance with legal obligations (Section 6, par. 1, point c) of the Regulation): if you make a purchase online, we will process your personal data in order to comply with legal obligations under applicable tax laws and consumer protection regulations;
– for pursuing our legitimate interest to monitor the use of the Website by visitors (Section 6, par. 1, point f) of the Regulation): in order to pursue our legitimate interest to know how the Website is used by visitors and the relevant traffic, we emit, even through third parties, statistical data and aggregate data related to the number of pages viewed on our Website, number of visitors and, more in general, the ways the Website is used, without revealing your identity. To emit such statistical and aggregate data, our providers use the so-called cookies (please note the following paragraph 10);
With your consent (which is optional), we may process your personal data for marketing and/or e/o profiling purposes. For such kind of processing, please refer to the following paragraphs 4 e 5.
4. Processing for marketing purposes
Subject to your optional consent, (Section 130 of the Legislative Decree no. 196/2003; section 6, par. 1, point a) of the Regulation), which can be given by selecting the relevant check-box online, we will process your personal data for marketing purposes (e.g. direct sale, sending advertising material, market research and commercial communication, customer satisfaction rate). Should you provide your consent, we may contact you by post and e-mail, in order to propose you the purchase of products or services offered by us or by third parties, to propose you offers, promotions or commercial opportunities or propose you to participate to questionnaires, studies or market researches or survey on customer satisfaction. By selecting the check-box related to marketing purposes, you give your consent to be contacted by ordinary post and by e-mail. You may, at any time, for free and without formalities, revoke your consent to the processing of your personal data for marketing purposes, also in a selective manner (by way of example, by communicating your willingness to stop receiving further communication via e-mail, only wanting to receive communications by post), by submitting your request as provided for under the following paragraph 15. With reference to the promotional communications sent via e-mail, you may revoke your consent to the processing of your e-mail address for marketing purposes also by clicking on the relevant link (opt-out) which will appear in each promotional emails.
5. Processing for profiling purposes
Subject to your optional consent (Section 6, par. 1, point a) of the Regulation), which can be given by selecting the relevant check-box online, your personal data (i.e. your personal data, contact details and information related to products purchased on the Website) may be processed by Nannini for profiling purposes, that is, to infer your preferences and consumer habits, in order to send you commercial offers which are consistent with the identified customer profile and, in particular, promotional communication based on : (i) products and services purchased by you on the Website; (ii) information voluntarily provided when registering on the Website; (iii) pages viewed on the Website and items viewed on the Website. Your consent to process your personal data for profiling purposes is optional and, failure to provide such consent, does not imply any consequences whatsoever on the possibility to register on the Website and to purchase products on the Website. The consent to the processing of personal data for profiling purposes is extended also to the details of the purchases made by you on the Website or in Nannini stores; however, details related to the purchased goods will be stored by Nannini for profiling purposes for a maximum period of 12 months and for marketing purposes for a maximum period of 24 months. As indicated in the following paragraph 14, you may object at any moment to the processing of your personal data for profiling purposes, by sending a request to Nannini as indicated in the following paragraph 15.
6. Data communication
Upon request of the judicial or the public security authority, we may have to communicate certain details related to visitors and to registered users of the Website, when provided for by the law. In such case, we may have to communicate your data also to legal consultants and to law firms, when it is necessary to pursue our legitimate interest to exercise or defend a right in a judicial procedure.
Furthermore, your personal data may be communicated to banks, payment institutions and other payment intermediaries, to the extent it is required in order to receive a payment from you or to make a payment to you. Where provided for by the law, the details of the purchase made on the Website may be communicated to the Tax Authority. Your personal data may also be communicated to the judicial authority, upon its request, where provided for by the law. Under no circumstances your personal data will be communicated to third parties for marketing purposes.
7. Persons to whom the data may be communicated
The following persons may have access to your personal data: Nannini employees or collaborators involved in the management and maintenance of the Website, in customer care services to visitors and users of the Website who ask for information or make other requests, in the handling of the purchases online, including, depending on the specific consent provided by you, in the sending of marketing communications or in profiling activities. Furthermore, third parties, providing us with ancillary services as data processors, may have access to your personal data: by way of example, IT and logistic service providers, outsourcing and cloud computing service providers, analytics services providers (providing us with statistics and aggregate data on the use of the Website); management services providers; consultants and advisors, other companies of our group providing us with services, marketing companies sending marketing communications on our behalf.
8. Data dissemination
Your data will not be disseminated.
9.Is it mandatory or optional to provide your personal data
The provision of your personal data in the contact forms published on the Website or, in any case, in the communications you may spontaneously send to our contacts indicated online is always optional; however, failure to provide us with your personal data, may result in the inability to process your communication or to satisfy your request.
The provision of your personal data when registering on the Website or to the newsletter service is optional but necessary to the extent that failure to provide the same will result in the inability to register on the Website or to register to the newsletter service, or the impossibility to use the services reserved to registered users or to make purchase on the Website.
When you make a purchase on the Website, the provision of your personal data is required to process your purchase order and to comply with legal and tax requirements. Failure to provide such data will result in the impossibility to make the purchase you desire on the Website.
11. Means of processing and data storage
The processing of your personal data will be made by automated and non-automated means, on the basis of criteria strictly consistent with the relevant purposes and, in any case, in order to ensure the security and the privacy of the data.
The browsing data will be stored for a maximum period of seven days, save that a longer storage is required in order to assess liability in case any computer crime is committed against the Website or to comply with the requests of the judicial authority.
If you have contacted us by post, e-mail, fax or by any online contact forms in order to obtain information related to the Website and to the services offered, your data will be stored for a maximum period of 60 days from the day in which we have provided you with the information requested, save that a longer storage of the data is required to comply with legal requirements or to exercise or defend a right in a judicial procedure. If you have contacted us in relation to a purchase made on the Website through any of the means of contact on the Website, we will keep the correspondence for 10 years, as provided for by the applicable law in relation to the storage of business records and correspondence.
The personal data collected when you register on the Website will be stored as long as your account remains active and will be deleted immediately after the closure of your account.
The personal data related to the purchase made on the Website will be stored for 10 years, as provided for by applicable tax regulation.
If you have consented to the processing of your personal data for marketing purposes, your personal data will be processed until you revoke your consent to the processing for marketing purposes in relation to all or any of the means of contact. In such case, your personal data will be stored for other purposes of processing, if any. The data will be processed for profiling purposes within the time limits indicated in paragraph 5 above.
12. Transfer of your personal data outside the SEE
Some of our providers maybe established in the US, that is a country which is not part to the Economic European (“EES”), or in turn entrust the processing of your personal data to sub-contractors based in such country. The legislation in such country do not provide an adequate level of personal data protection pursuant to the standards established by the Regulation. However, in order to protect your personal data, we or our providers have taken all the necessary precautions required by Regulation for transfer your personal data outside the EES, relying on appropriate warranties foreseen by Regulation and, in particular, on the Agreement EU U.S. Privacy Shield Framework, that has been deemed adequate by a determination of the European Commission, as provided for under Section 45 of the Regulation and/or standard clause for the data protection approved by the European Commission with the Decision 2010/87/UE, as provided for under Section 46.2 of the Regulation.
13. Your rights
You are entitled at any moment, for free and without formalities, to exercise the rights pursuant to Sections from 15 to 22 of the Regulation: the right to access to the personal data (that is, the right to obtain from Nannini confirmation as to whether or not your personal data are being processed and, where it is the case, access to the personal data, obtaining a copy and to the information as per Section 15 of the Regulation) and the rectification (that is, the right to obtain the rectification of inaccurate personal data concerning you or to have incomplete data completed ) or the erasure of the same (that is, the right to obtain the erasure of your personal data where one of the grounds indicated in Section 17 of the Regulation applies) or the restriction of the processing (that is, the right to obtain the restriction of processing where one of the cases indicated in Section 18 of Regulation applies, the label of the data stored with the purpose of limiting the processing in the future), plus the right to data portability (that is, the right, in the cases indicated by Section 20 of the Regulation, to receive from us your personal data in a structured, commonly use and machine readable format and have the right to transmit those data to another controller without hindrance). Furthermore, you have the right to revoke your consent to processing at any moment. The revocation of consent does not affect the legality of processing based on consent until revocation. We hereby remind you that you may file a complaint with the Authority for personal data protection (www.garanteprivacy.it) or with another UE Authority for personal data protection with jurisdiction in the country where you reside habitually or where you work.
14. Right to object to processing under the Regulation
You have the right to object, at any time, for reasons related to your particular situation, to the processing of your personal data pursuant to section 6, paragraph 1, points e) (performance of a task carried out in the public interest or in the exercise of official authority) or f) (legitimate purpose) of the Regulation, including profiling based of those provisions. If your personal data are processed for direct marketing purposes, you have the right to object at any moment to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
15. Contact details
You may contact Gruppo Design s.r.l. in order to exercise your rights, as above indicated, by submitting a communication, to the attention of the Legal Department, by: (i) registered letter with return receipt at the postal address of Gruppo Design s.r.l Via Piranesi 75, 20137 Milan, or (ii) by email at firstname.lastname@example.org