Privacy policy
Information Document pursuant to and for the effects of Article 13 of Regulation (EU) 2016/679 (GDPR)
In compliance with the provisions of Regulation (EU) 2016/679 European Regulation for the protection of personal data, we provide you with the necessary information regarding the processing of personal data you provide. This notice does not apply to other websites that may be accessed through links present on the websites owned by the data controller, who is not in any way responsible for third-party websites.
Personal data processed
“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific elements of their physical, physiological, genetic, mental, economic, cultural, or social identity; (C26, C27, C30).
Browsing data
The IT systems and software procedures used to operate this site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.
Data provided by the data subject
The optional, explicit, and voluntary sending of messages to the contact addresses, as well as the completion and submission of forms present on the Data Controller’s website, involves the acquisition of the contact data of the sender, necessary to respond, as well as all personal data included in the communications.
Cookies
For more information on the cookies used by this website, please see our cookie policy.
1. DATA CONTROLLER, pursuant to Articles 4 and 24 of Regulation (EU) 2016/679 is Officine Gullo srl, with registered office at Via della Torricella, 29 50012 Bagno a Ripoli (FI) VAT number 06179730483.
2. JOINT DATA CONTROLLER pursuant to Article 26 of Regulation (EU) 2016/679 is MM Operations srl, with registered office at Strada della Repubblica, 66 43121 Parma (PR) VAT number 02762110340, solely for the exclusive sale of Officine Gullo products purchasable from the official website shop.officinegullo.com.
3. Has the Data Protection Officer been appointed? What are their contact details?
The position of Data Protection Officer (DPO) has not been identified as the conditions for mandatory designation under Article 37, paragraph 1 of Regulation (EU) 2016/679 do not occur.
4. Purpose of Processing, legal basis, data retention period, and nature of provision
Purpose A) Browsing the website
Browsing the website
- LEGAL BASIS: legitimate interest Article 6 letter f) and Recital 47: the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail, taking into account the reasonable expectations of the data subject based on their relationship with the data controller. Activities strictly necessary for the operation of the site and for the provision of browsing services on the platform.
- DATA RETENTION PERIOD: for the duration of the browsing session. For browsing, see cookie policy.
- NATURE OF PROVISION: except as specified for browsing data (which are necessary to allow browsing the website), the user is free to provide personal data.
Optional completion of data collection forms for contacts
- LEGAL BASIS: Article 6 letter b) and Recital 44: based on the execution of pre-contractual measures taken at the request of the data subject
- DATA RETENTION PERIOD: The above-mentioned personal data will be retained for a period not exceeding the achievement of the purposes underlying the processing, allowing for further retention to comply with legal obligations or internal regulations, to allow for the defense of the Joint Controllers in court and the exercise of rights.
- NATURE OF PROVISION: the provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide the data requested by the contact form will result in the inability to obtain what is requested or to use the services of the data controller.
Purpose B) Completion of electronic forms for purchasing products from the website
- LEGAL BASIS: Article 6 letter b) and Recital 44: the processing is necessary for the execution of the e-commerce contract.
- DATA RETENTION PERIOD: The above-mentioned personal data will be retained for a period not exceeding the achievement of the purposes underlying the processing, allowing for further retention to comply with legal obligations or internal regulations, to allow for the defense of the Joint Controllers in court and the exercise of rights.
- NATURE OF PROVISION: the provision of data is optional or necessary depending on the specific purpose for which the data is processed. However, failure to provide the data requested by the purchase form for Officine Gullo products will result in the inability to conclude the contract.
Purpose C) Direct marketing
If the data subject completes dedicated forms for data collection for the purpose of Direct Marketing: subject to consent and until opposition for direct marketing activities by the Controller, market research, sending newsletters and promotional material, commercial and advertising or related to events and initiatives, by the Controller via automated means of electronic mail.
The Controller uses systems for sending newsletters and promotional communications with reports to compare and possibly improve the results of communications. Thanks to the reports, the Controller can know, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; the details of individual user activity; the details of sent emails, delivered and undelivered emails, and those forwarded; All these data are used to compare and potentially improve the results of communications.
- LEGAL BASIS: Consent Article 6 paragraph 1 letter a): the data subject has given consent to the processing of their personal data.
- DATA RETENTION PERIOD: Until opposition (opt-out/revocation of consent)
- NATURE OF PROVISION: The provision of data for purposes B) and/or C) is optional, and in the absence of it, your data will not be processed for the pursuit of such purposes; denial of consent for purposes C) will not prejudice the usability of purposes A) and B).
5. Processing methods
The processing of personal data of Users will take place using manual, IT, and telematic tools, as well as paper-based methods.
6. To whom will the collected personal data be communicated?
The personal data provided will be shared with subjects who will process the data as data processors (Article 28 of Regulation (EU) 2016/679) and/or as natural persons specifically authorized to process the data acting under the authority of the Data Controller (Officine Gullo srl), the Joint Controller (MM Operations srl), and the Processor (Article 29 of Regulation (EU) 2016/679), for the purposes listed above.
Specifically, data will be shared with:
- IT service providers related to the management of the website including cloud service and e-commerce service; including email, newsletters, communication and marketing management, assistance in using the platform, freelancers, firms, or companies within assistance and consultancy relationships;
- competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.
The updated list of data processors is available at Officine Gullo srl, to which the user can send a specific request in the manner indicated in “Contacts for exercising the rights of the data subject and for further information.”
For the pursuit of the purposes referred to in point B) the Joint Controller MM Operations srl may rely on subjects who will process the data as data processors (Article 28 of Regulation (EU) 2016/679) and/or as natural persons acting under the authority of the Data Controller and the Processor (Article 29 of Regulation (EU) 2016/679), for the purposes listed above.
Specifically, data will be shared with:
- subjects engaged in logistics, warehousing, shipping, supply, sale, and delivery of products and services of MM Operations srl
- subjects providing customer support in case of return requests
- subjects providing services for the management of the information system used by MM Operations srl and telecommunications networks; including email and management of the e-commerce of the website, freelancers, firms
, or companies within assistance and consultancy relationships;
- subjects providing banking, financial, insurance, and debt recovery services
- subjects performing anti-fraud activities on payments
- competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request
The updated list of data processors is available at MM Operations srl, to which the user can send a specific request in the manner indicated in “Contacts for exercising the rights of the data subject and for further information.”
7. Will the data be transferred outside the EEA?
Personal data may be transferred to countries within the EEA and outside the EEA (European Economic Area), in order to fulfill contractual obligations and purposes only within the limits and under the conditions set out in Article 44 (General principle for transfers); Article 45 (Transfers based on an adequacy decision). The data subject can obtain information regarding the data transfer guarantees by sending a request in the manner indicated in “Contacts for exercising the rights of the data subject and for further information.”
8. Is there an automated process?
We do not use decision-making processes based on automated processing, including profiling without your consent.
9. Minors
The Site and related services are not intended for minors, and therefore Officine Gullo srl and MM Operations srl do not knowingly process personal data of individuals under the age of 18.
10. What are your rights? How can you exercise them?
You can assert your rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21 of Regulation (EU) 2016/679.
You have the right, at any time, to request from the Data Controller and the Joint Data Controller (for the purposes referred to in point B) access to your personal data, rectification, deletion, limitation of processing, and data portability, if applicable. Furthermore, you have the right to object, at any time, to the processing of your data based on consent and/or legitimate interest. To no longer receive automated direct marketing communications (point C) (e.g., email, SMS), it will be sufficient to write at any time an email to the contact point for exercising the rights of data subjects with the subject “unsubscribe from automated communications” or to use our automated unsubscription systems provided only for emails. Without prejudice to any other administrative and judicial remedy, if you believe that the processing of your data violates what is provided for by Regulation (EU) 2016/679, pursuant to Article 15 letter f) of the aforementioned Regulation (EU) 2016/679, you have the right to lodge a complaint with the Guarantor for the protection of personal data (Supervisory Authority www.garanteprivacy.it). The exercise of the preceding rights is not subject to any formality and is free of charge. Officine Gullo srl and/or MM Operations srl may request users to verify their identity before taking further actions following users’ requests.
11. Contacts for exercising rights
For exercising rights and/or obtaining any type of information regarding points A) and C) of this privacy notice, users can send an email to [email protected] or write to Officine Gullo srl – Via della Torricella, 29 – 50012 Bagno a Ripoli (FI). For exercising the rights referred to in point B) (purchase of products from the website), they can send an email to the Joint Data Controller at [email protected] or write to the Joint Data Controller MM Operations srl – Via Magnanini 40 42018 – San Martino in Rio (Re). The Data Controller (Officine Gullo srl) and the Joint Data Controller, as per joint control agreements, also agree that complaints and requests for the exercise of rights submitted by data subjects will be managed within the framework of the processing purposes established it being understood that data subjects may exercise their rights against both Controllers pursuant to Article 26, paragraph 3, of Regulation (EU) 2016/679, invoking each Controller, independently of the other, before the Guarantor for the protection of personal data and/or national justice.
12. Further information
The controller reserves the right to modify, update, add, or remove parts of this privacy notice at its discretion and at any time. To facilitate this verification, the notice will contain the date of update.
Date of update: October 18, 2024