The purpose of this policy statement is to describe the way in which the website https://www.golsagolchiniart.com/ (hereinafter, the “Site“) managed to process the personal data of users who access, use or interact with it (hereinafter, the “Users“).
This is a general information notice provided in observance of Article 13 of the Regulation (EU) 2016/679 concerning the protection of individuals regarding the processing of personal data and the free movement of these data (hereinafter, the “Regulation” or “GDPR“) to all Users consulting and/or interacting with the services provided through the Site by Golsa Golchini Art S.r.l., with head office in Piazza Cinque Giornate, 4, 20129 – Milan, P. Iva 12351370965 (hereinafter, the “Data Controller”).
This information notice will explain the purposes and methods by which the Data Controller collects and processes the personal data of Users, which categories of data are processed, what are the rights of data subjects under the Regulations and how they can be exercised.
The statement is provided exclusively for the Site, therefore the Data Controller assumes no responsibility for third-party websites that may be consulted through hyperlinks found on the Site itself. In addition, the statement refers to the data acquired from the pages, managed by the Data Controller, of social network platforms such as, but not limited to, Facebook and Instagram.
The processing of the User’s personal data will be carried out by suitable paper, electronic and/or telematic devices, with strictly correlated logics for the above purposes and, in any case, in a way that guarantees the security and privacy of such data.
By using the Site, Users are encouraged to read this policy before providing personal information of any kind
1. PERSONAL DATA CATEGORIES
A) NAVIGATION DATA
The computer systems and software procedures used to operate this Web Site collect, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not gathered in order to be associated with identified interested parties, although because of their nature they could allow users to be identified through data processing and associations held by third parties.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) notation addresses of required resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. The data could be used to identify responsibility in case of hypothetical computer crimes that may damage the Site.
B) DATA PROVIDED VOLUNTARILY BY THE USER
Without limitation to what has been specified above in relation to navigation data, the Data Controller will acquire personal data that may be provided by the User through the Site in order to access certain services (e.g. through the “Sign-Up” page of the Site or to receive the newsletter), or to create a personal account on the Site or make a purchase through the same.
By way of example, the Site will only acquire personal data of a common nature, provided directly by the User (such as first name, last name and e-mail address, shipping address, telephone number), as well as any other information that the User will communicate, on his/her own initiative, through the contact tools made available by the Site.
2. PURPOSES, LEGAL BASIS FOR PROCESSING AND SUPPLY NATURE
The data indicated in the preceding paragraph will be processed by the Data Controller:
- in order to allow the User to navigate the Site and, if applicable, to create a personal account on the same;
- in order to fulfill User requests submitted via e-mail;
- if requested by the User, to submit the periodic newsletter of the Data Controller, containing communications of a commercial nature and concerning its own products or services similar to those offered on the Site.
The processing is therefore necessary to fulfill a User’s request, as part of the execution of the existing legal relationship with the Data Controller. The submission of such data is therefore necessary in order to comply with the User’s requests.
In addition, the data provided as part of the assistance requested via chat may also be used to monitor and improve the quality of the service offered to the User, based on a legitimate interest of the Data Controller.
At any time it is possible to request cancellation of your personal account or from the newsletter service by writing to the e-mail address [email protected], clicking on the “Unsubscribe” button in the Data Controller’s newsletter, or by following the instructions for cancelling your account found in the restricted area of the Site.
3. CATEGORIES OF SUBJECTS WHOM PERSONAL DATA MAY BE COMMUNICATED TO AND PURPOSES OF COMMUNICATION
The Data Controller may also communicate, for the same purposes indicated in paragraph 2 above, some of the User’s personal data to third parties, who will process the User’s personal data as data processors in accordance with Article 28 of the Regulations.
The list of data processors can be requested from the Data Controller at any time by writing to [email protected].
4. PERIOD OF DATA RETENTION AND DURATION OF PROCESSING
The Data Controller will store the data for as long as necessary to pursue the purposes described in this policy and, in particular, to enable the User to take advantage of the services made available through the Site. After this period has expired, the Data Controller may retain Users’ data for an additional period of 10 years in order to comply with legal obligations or protect its interests in court.
For the purpose of sending the newsletter, the Data Controller will store the data until the User requests to stop receiving such communications by sending an email to [email protected] or by clicking on the unsubscribe button present in the communications. Following such a request, the Data Controller will proceed to permanently delete the User’s email address from the newsletter mailing list.
5. TRANSFER OF PERSONAL DATA ABROAD
The User’s personal data will not be transferred outside the European Union.
6. RIGHTS OF DATA SUBJECTS
The User is entitled to exercise the rights provided for in Articles 15 ess. of the Regulations, in particular:
- the right to access personal data and, in particular, to access, as well as to request and obtain information about the existence of personal data relating to you in the availability of the Data Controller;
- the right to rectification and, in particular, to request and obtain the rectification and/or correction of your personal data if you believe that they are inaccurate or incomplete;
- the right to request, if the circumstances mentioned in the Regulations apply, the deletion of personal data or the restriction of processing concerning them;
- the right to request, where appropriate, the portability of personal data;
- the right to revoke the consent previously given.
Such requests may be addressed to the Data Controller by sending an email to [email protected].
Finally, that in accordance with the regulations in force, the User may propose any claims regarding the processing of his/her personal data to the Guarantor Authority for the Protection of Personal Data.
7. DATA CONTROLLER