Privacy Policy Customer Card

PERSONAL DATA PROCESSING NOTICE

ART. 13 OF REGULATION (EU) 2016/679

 

Data subjects: Customers of points of sales

In compliance with Regulation (EU) 2016/679, hereinafter referred to as 'GDPR', 'GGR SRL UNIPERSONALE', as controller of your personal data, informs you herewith that such Regulation provides for protection of data subjects as to the processing of their personal data and that the relevant processing shall be carried out according to the principles of lawfulness, fairness, transparency and protection of your rights and confidentiality.

To achieve their purposes, the controller needs to collect some personal data, such as name and surname, fixed or mobile telephone number, and email address.

Your personal data shall be processed in compliance with the provisions of the above-mentioned Regulation and the confidentiality obligations provided for therein.

Optional purposes: subject to your freely given consent, the controller shall be allowed to process your personal data for purposes connected with market researches, statistics and promotional activities, including the shipment of advertising and promotional materials, by email, post and/or sms and/or phone, other than those necessary to ensure the execution of the contract. The legal basis for the above purposes shall be your consent.

  • Newsletters: GGR SRL Unipersonale offers you the opportunity to receive newsletters containing news, promotions, invitations to special events (previews, presentations of new collections, private sales, etc.) by email (Newsletters), phone, fax, chat, social networks or post.
  • Information according to your preferences: GGR SRL Unipersonale shall carry out profiling according to your preferences, purchasing habits, origin, and, if specified on the card, your shoe size (2), etc. in order to send you personalized offers. If your date of birth (1) is specified on the card, you will receive a special offer for your birthday.

Your personal data shall be processed in compliance with the provisions of the above-mentioned Regulation and the confidentiality obligations provided for therein as well as in compliance with the regulation "Guidelines on Marketing and against Spam - 4 July 2013" issued by the Italian Data Protection Supervisor (published on the Italian Official Gazette no. 174 of 26 July 2013).

Consequences of the objection to optional purposes: the provision of your personal data for the above purposes is optional and your objection, if any, to the processing of your personal data shall not compromise the continuation of the business relation or the correctness of the processing of personal data.

Processing method: data shall be processed using manual and/or IT and telematic means so as to ensure the safety, integrity and confidentiality of data according to the physical and logical organisational measures provided for by the regulations in force in order to minimize the risk of destruction, loss, unauthorised alteration or disclosure of, or access to, personal data, as established under art. 6 and 32 of the GDPR.

Recipients: in order to carry out some activities or support the functioning and organization of the activities, some data may be disclosed to the following categories of recipients:

Third parties: (disclosure to: natural or legal persons, public authorities, agencies or other bodies other than the data subject, the controller, the processor and any persons duly authorized to process data), including:

  • Firms providing IT or traditional mail services;
    • Any other subjects to which data must be disclosed in order to achieve the above-mentioned purposes.

Processors: (natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller)

  • Suppliers of IT and web services or other services required to achieve the purposes connected with the management of the contract.

Inside the corporate organization, your personal data shall be only processed by personnel expressly authorized by the controller and bound by a confidentiality agreement, and in particular by the following categories of employees:

  • - Administrative personnel
  • - Technical personnel and system administrators
  • - Sales and marketing personnel
  • - Any other employees to which data must be disclosed in order to achieve the above-mentioned purposes.

Dissemination: your personal data shall not be disseminated in any way.

Transfer of personal data to non-EU countries: the controller shall not employ any processors based in non-EU countries.

Storage period: the storage period of the data processed for marketing and profiling activities shall vary according to the purposes pursued by the controller, but under no circumstances shall it be longer than, respectively, 24 months and 12 months from the last contact or reply received.

Controller: pursuant to the relevant Regulation, the controller shall be 'GGR SRL UNIPERSONALE', with registered office and operational headquarters in Via dell’Indipendenza 15, 47030 San Mauro Pascoli (FC), Italy, VAT registration number 03591680404, represented by their legal representative pro tem.

You can request further information about the data supplied by sending an email to the following email address: privacy@ggr-distribution.com. Further information about the privacy policies applied by our company is available on our website www.gianvitorossi.com.

Data protection officer (DPO): pursuant to art. 37 of the GDPR, the controller has appointed as data protection officer the firm Studio Paci &C Srl (contact person: Luca Di Leo), Via Edelweiss Rodriguez Senior 13, 47924  Rimini (RN), Italy, email: dpo@studiopaciecsrl.it, tel. +39 0541 1795431.

Regulation (EU) 2016/679: Art. 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the data subject

1. The data subject shall have the right to obtain the confirmation as to whether or not personal data relating to him or her do exist, even when they have not yet been recorded, as well as to be provided with such data in an intelligible form.

2. The data subject shall have the right to be informed about:

                a. the origin of personal data;

                b. the purposes and methods of the processing;

                c. the logic involved if personal data are processed using electronic means; 

                d. the identification details of the controller, processors and designated representative pursuant to art. 5, par. 2;

                e. the entities or categories of entities to which the personal data may be disclosed or which may acquire such data as designated representative on the territory of the Member State, processors or entities entrusted with personal data processing.

3. The data subject shall have the right to obtain:

                a. the update or rectification of personal data as well as, on his or her request, to have any incomplete personal data completed;

                b. the erasure, anonymization or blocking of data processed in violation of the law, including data for which storage is not necessary in relation to the purposes for which they have been collected or subsequently processed;

                c. the certification that those to whom personal data have been disclosed have been informed of the execution and  content of the operations under letters a) and b), except when this proves to be impossible or requires a disproportionate effort with respect to the protected right;

                d. the data portability.

4. The data subject shall have the right to object, in total or in part:

                a. on legitimate grounds to the processing of personal data concerning him or her, even when such data comply with the purpose for which they have been collected;

                b. to the processing of personal data concerning him or her for the purposes of direct marketing, shipment of advertising material, market researches or commercial communications.

Complaint: if the relevant conditions are met, the data subject shall also have the right to lodge a complaint with the Data Protection Supervisor as supervisory authority according to the established procedures. For further information as well as for the exercise of his or her rights under the European Regulation, the data subject shall contact the controller using the above contact details. 

  

Statement for obtaining the consent of the data subject for optional purposes

Acknowledging the receipt of the information provided by the controller pursuant to art. 13 of the GDPR, the undersigned data subject confirms to have read this personal data processing notice.

The consent relating to the optional purposes is given by filling in and signing the relevant items on the card available at the points of sale.

Below are the optional purposes for which the data subject's explicit consent is required:

Newsletters: GGR SRL Unipersonale offers you the opportunity to receive newsletters containing news, promotions, invitations to special events (previews, presentations of new collections, private sales, etc.) by email (Newsletters), phone, fax, chat, social networks or post.

Information according to your preferences: GGR SRL Unipersonale shall carry out profiling according to your preferences, purchasing habits, origin, and, if specified on the card, your shoe size (*), etc. in order to send you personalized offers. If your date of birth (*) is specified on the card, you will receive a special offer for your birthday.

 

Top