Regulation (EU) 679/2016 (hereinafter, GDPR”), aims to ensure that the processing of personal data is carried out with respect for fundamental rights and freedoms, particularly with regard to confidentiality, personal identity and the right to personal data protection.
Under arts. 13 et seq. GDPR, and in relation to your personal data processed for marketing purposes, GGR S.r.l. Unipersonale hereby provides the following information.
1. DATA CONTROLLER– THE DATA PROTECTION OFFICER
The Data Controller is GGR. S.r.l. Unipersonale, with registered office in S. Mauro Pascoli (FC), Via dell’Indipendenza 15, Tax Code and VAT no. 03591680404, email@example.com (henceforth, for sake of brevity, “GGR" or “Data Controller" ). The Data Controller has also appointed, in accordance with the regulations in force, its own Data Protection Officer ("DPO"), who can be contacted at firstname.lastname@example.org, or by telephone at +39 0541 1795431.
2. CATEGORIES OF PROCESSED DATA
Personal data that shall be subject to processing include:
a) your identification and contact data, such as your name, surname, email address, telephone number, date of birth, place of origin;
b) The data relating to your preferences and purchasing habits (including the size of the footwear purchased), relative to the products offered by GGR;
(hereinafter, also collectively defined at the "Data").
3. PURPOSE AND LEGAL BASIS OF THE PROCESSING
upon your explicit consent, for marketing purposes by sending communications containing news on GGR products, promotions, invitations to special events (previews, presentation of new collections, private sales, etc.), via email, phone, chat, social networki or by post, pursuant to art. 6.1(a) of GDPR;
upon your explicit consent, for profiled marketing purposes, tailored on your preferences, purchasing habits, footwear size and, if indicated ,on your origin and date of birth, by sending personalized communications containing news on GGR products, promotions, invitations to special events (previews, presentation of new collections, private sales, etc.), via email, phone, chat, social network or by post, pursuant to art. 6.1(a) of GDPR.
4. NATURE OF THE PROCESSING
The provision of Data, as described in detail above, is optional and is subject to your explicit consent, that may also be withdraw at any time without affecting the lawfulness of the processing carried out before such withdrawal.
5. DATA PROCESSING PROCEDURES AND COMMUNICATION METHODS
The Data Controller undertakes to carry out the processing of the Data in accordance with the provisions set forth in the GDPR, as well as any national legislation in force regarding privacy, and also process such Data in a lawful and correct manner, collecting and recording the same for specific, explicit and legitimate purposes, taking care to check that the same are pertinent, complete and not excessive in relation to the purposes for which they were collected or subsequently processed.
Processing activities shall be carried out using manual and electronic systems, with logics strictly related to the aforementioned purposes and, in any case, only by subjects duly appointed as data processors or authorized person, appropriately trained and informed of the constraints imposed by law, as well as with the use of security measures to safeguard your confidentiality and to avoid the risks of loss or destruction, unauthorised access, unauthorised processing or processing which does not comply with the purposes referred to above. All security measures are constantly updated pursuant to all technological developments. Data shall not be disclosed, sold or assigned to any third-parties, except where required by the laws in force.
In any case, communication of Data within the limits strictly necessary for the purposes pursued, to employees, collaborators, professionals, companies eventually assigned to provide specific processing services and third party suppliers (who shall process your Data as data processors with which Data Controller has signed data processing agreement according to art. 28 GDPR) and other companies of GGR Group to which the Data Controller belongs to. These subjects, if operating in non-EU countries, provide their services on the basis of standard contractual clauses or on the basis of European Commission adequacy decisions. Your Data may also be disclosed to law enforcement authorities, judicial authorities, and those subjects to whom the law or EU Regulations grant the right to access your Data.
6. RIGHTS OF DATA SUBJECTS
Pursuant to art. 15 et seq. GDPR, each data subject is entitled, at any time and free of charge, to know whether his/her Data is being processed or not and the data retention period, to obtain a copy, the rectification, the integration, or the update and/or the erasureof them. The data subject has the right to obtain restriction of the processing of Data and to receive a copy in a commonly used electronic form.
If you believe your rights have been violated by the Data Controller and/or other third parties, you are entitled to lodge a complaint with the Italian Data Protection Authority and/or other competent supervisory authorities.
7. DATA RETENTION
The Data retention period for the purposes indicated above is 7 (seven) years from the date on which your Data was collected and you have given your consent. .