Privacy Policy

This Privacy Policy (“Privacy Policy”) is to inform you, pursuant to European Regulation no. 2016/679 on personal data protection (“GDPR”), of the methods and purposes we use to process the personal data we collect, including via the website www.paolagrandegioielli.com(the “Website”).

1. Data Controller

Grande S.r.l.., tax-code and VAT number 04579611213, with registered office at Via Bisignano, 7, 80121 Napoli, is the Data Controller (here in after “Data Controller”).

2. Personal Data Protection Officer

Ms. Paola Grande is the Personal Data Protection Officer, and her contact information is: Grande S.r.l.., Via Bisignano, 7, 80121 Napoli; telephone +39 081417308; [email protected]].

3. Categories of Personal Data

3.1 Browsing Data

Through the Website, we acquire personal data from the normal operation of the computer systems and the software procedures used to operate the Website, since the transmission of such data is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects; rather, by its nature, through processing and association with data held by third parties, it could enable the identification of the users. This data category includes, for example, IP addresses or domain names of computers used by Website users and other information relaring to user Website access.

3.2 Personal Data Supplied by the User

We collect the following personal data supplied by the data subjects:

contact information: e.g. name, surname, nationality, address, date of birth, e-mail address, telephone number, website;

additional personal data contained in communications sent: e.g. requests, complaints, comments, curriculum vitae;

information relating to the transactions performed, such as, for example, credit/debit card data, or other data needed to fulfil contractual requirements;

any other personal data provided by the data subject in relation to the provision of our services.

3.3 Cookie

Through the Website, we can acquire users’ personal data through cookies, including third party and profiling cookies. For further information on cookies and how they are used, please refer to our Cookie Policywww.paolagrandegioielli.com/cookie .

4. Purposes and Legal Basis for Processing

4.1 Our processing of personal data is performed for purposes connected or instrumental to our business and specifically for:

processing purchase orders, including verifying and carrying out payments and providing the services offered;

improving and customising our products and services and our business in general;

market research and analysis;

data enrichment, for example by analysing preferences, purchase history and interactions with Website users, together with data collected by third parties and/or by public databases;

communications in response to requests or complaints, or marketing messages containing news, information or updates on our products or services, offers, promotions or special events.

4.2 Our processing of personal data has the following legal basis:

processing is necessary for our performance of the contract for the purchase of products or for the provision of the other services we offer, or in order to take the initiatives requested by the data subjects with a view to executing the contract for the purchase of products or the provision of other services;

processing is necessary for our compliance with applicable laws or regulations;

processing is necessary to pursue our legitimate interests, such as to conduct and develop business activities with current or potential customers, including through direct marketing, or to ascertain, exercise or defend a right in court;

processing is based on the data subject’s consent.

5. Nature of Data Provision and Consequences of Failure to Provide

With the exception of browsing data, which are automatically collected by the Website system, the data subject is free to provide or not to provide its personal data.

Failure to provide personal data, as well as the partial or incorrect provision of personal data by the data subject, may render it impossible for us to provide the services we offer.

6. Processing Methods

6.1 Personal data are processed with manual, paper, computing and/or electronic tools, including automated tools or tools capable of storing, managing or transmitting data, in each case in a fair, lawful, transparent and private manner.

6.2 Personal data may be subject to automated decision-making processes, including profiling, in order to customise commercial or promotional communications to the data subjects.

7. Security

The security of the personal data we collect is paramount to us. Therefore, we have taken appropriate security measures to protect such personal data from accidental or unlawful destruction or loss, alteration, disclosure, unauthorised access or other violations; however, we cannot guarantee that any of the above mentioned events will not occur.

8. Data Storage

Personal data will be stored for the time period necessary for the purposes for which they were collected, generally three years from the end of the relationship or the last contact with the applicable data subject, unless otherwise required by law. It is possible that we will retain personal data for longer periods of time, for example if necessary to comply with legal, tax or financial obligations, or in order to have accurate records of our transactions in the event of complaints or appeals.

9. Data Subject’s rights

The data subjects may exercise the following rights with respect to their personal data:

Right to withdraw consent: where applicable, the data subjects have the right to withdraw their consent to data processing at any time. For example, if you wish to stop receiving electronic marketing communications, you can e-mail [email protected], and no further communications will be sent to you.

- Right to access, rectification and erasure: data subjects have the right to request access to, and receive copies of, all of their personal data held by the Data Controller, request correction of any inaccuracy in their personal data and request its erasure under certain circumstances. You can view and update most of your data online or by contacting the Data Controller at [email protected]

Right to data portability: the data subjects have the right to receive all of their personal data in a structured commonly used and machine-readable format, as well as to transmit such data to another controller without hindrance from the Data Controller, when the processing is carried out by automated means and is based on consent or a contract.

Right to restriction of processing: the data subjects have the right to restrict the processing of their personal data in the instances set forth in Article 18, section 1 of the GDPR. Where processing has been restricted, the Data Controller will process (with the exception of storage) the data, only with the data subject’s consent or to establish, exercise or defend legal claims or to protect of the rights of another natural or legal person or for reasons of public interest.

Right to object to processing justified on the basis of legitimate interests: where the processing of personal data is based on the Data Controller’s legitimate interests, the data subjects have the right to object to such processing, for reasons related to their specific situation. In these cases, the Data Controller will no longer process the personal data, unless it can demonstrate the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or where it needs to process the data to establish, exercise or defend a legal claim.

Right to object to processing for direct marketing purposes: where the Data Controller processes personal data for direct marketing purposes, the data subject shall have the right to object to such processing at any time and the Data Controller must discontinue such processing of the data.

Right to lodge a complaint with a supervisory authority: if the data subjects believe that the Data Controller’s processing of their personal data is contrary to the GDPR, they may lodge a complaint with the Supervisory Authority for the protection of personal data or with any other competent supervisory authority.

For more information about their rights, exercising such rights, or for complaints or questions in relation to personal data processing, data subjects may contact the Data Controller at [email protected]

Evidence of the identity of the data subject may be requested, and we reserve the right to request the payment of expenses, where permitted by law, for example if the request is manifestly unfounded or excessive.

We are committed to responding to the requests of data subjects as soon as possible and, in any case, within the period of time set forth by law.

10. Changes to this Privacy Policy

This Privacy Policy may be unilaterally amended at any time, for example in order to fulfill new requirements of applicable laws or technical requirements. The updated Privacy Policy will be published on the Website and, where required by law or in the event of substantial changes, data subjects will receive a notice in order to request the renewal of their consent to such changes. Therefore, we encourage data subjects to periodically visit the Website and review this Privacy Policy.