Search
Filters

Privacy

PRIVACY POLICY

 

This is an official information statement drafted in accordance with Article 13 of the Legislative Decree 196 of 2003 and EU Regulation 2016/679.
Maglificio Gran Sasso Spa, in its capacity as Data Controller, invites you to carefully read this Privacy Policy before providing any personal information as it contains important information regarding the protection of your personal data.

This Privacy Policy:
• is intended specifically for the websites https://shop.gransasso.it and https://www.gransasso.it;
• shall be regarded as an integral part of this Website and the services we offer;
• applies to information we collect as you browse and explore the Website, as well as the information requested when using specific services made available by the Website (e.g. purchasing products, filling out online information request forms or subscribing to the newsletter service) pursuant to Article 13 of the Code and Article 13 of the GDPR.

***
Any processing of your personal data shall adhere to the principles of correctness, lawfulness, transparency, purpose and retention limitation, minimization, accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to Article 5 of the GDPR. Your personal data will be therefore processed in accordance with the legislative provisions set out in the Regulation and the confidentiality obligations contained therein.

Personal data processing means any operation or set of operations which is carried out on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


INDEX
Below is the index of this Privacy Policy that can help you find relevant information pertinent to the processing of your personal data.


1. DATA CONTROLLER AND DATA PROTECTION OFFICER
2. PERSONAL DATA SUBJECT TO PROCESSING
a. Web browsing data
b. Data provided voluntarily by user
c. Third party personal data provided voluntarily by user
d. Cookies
3. PURPOSE OF DATA PROCESSING
4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING
5. RECIPIENTS OF PERSONAL DATA
6. TRANSFER OF PERSONAL DATA
7. RETENTION OF PERSONAL DATA
8. DATA SUBJECT'S RIGHTS
9. AMENDMENTS
10. CONTACT US

 

1. DATA CONTROLLER AND DATA PROTECTION OFFICER


The Data Controller is Maglificio Gran Sasso Spa having its registered office in Sant'Egidio alla Vibrata (TE, Italy), Via Isaac Newton no. 2, tax code 00061560678. The Data Protection Officer appointed by Maglificio Gran Sasso Spa can be contacted at the headquarters of the Data Controller at the address specified above and by way of e-mail at: gdpr@gransasso.it.

 

2. PERSONAL DATA SUBJECT TO PROCESSING

 

As you use the Website, we inform you that Maglificio Gran Sasso Spa may collect and process information related to you as an individual such as your name, identification number, online ID or one or more characteristic elements of your physical, physiological, mental, economic, cultural or social identity which allows you to be identified, either directly, or together with additional information (hereinafter referred to as “Personal Data”).
Personal Data which may be processed through the Website are as follows:

a. Web browsing data
During their normal operation, the computer systems and software procedures used to operate this Website acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users, though, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers operated by users who connect to the Website, URI (Uniform Resource Identifier) addresses of requested resources, time of the request, method used in submitting the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment.This data is used with the sole purpose of obtaining anonymous statistical information concerning the use of the site and to check its correct operation. This data can be used to ascertain responsibility in the case of hypothetical computer crimes to the detriment of the website and can be communicated to the Judicial Authority, in the event that the latter explicitly requests such data.

b. Data provided voluntarily by user
The optional, voluntary and explicit transmission of personal data, including email address, required in the website related web services (e.g. subscribing to newsletters and purchasing products) entails the subsequent acquisition of such data for the sole purpose of replying/responding to the users’ requests and managing the web services. You are allowed to submit Personal Data which may fall under the category of Personal Data referred to in Article 9 of the Regulation – e.g. “[…] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”.

c. Third party personal data provided voluntarily by user
When using the services offered by the Website, the personal data submitted to Maglificio Gran Sasso Spa may be processed by third parties (e.g. in the case of purchasing products to be sent to third parties). In any situation where you decide to share Personal Data related to other persons through the Website, you will be considered as an independent data controller regarding such Personal Data and must assume all inherent legal obligations and responsibilities. To this end, you shall fully indemnify Maglificio Gran Sasso Spa against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, initiated by the third parties whose personal data have been processed through the use of the Website in violation of the applicable rules on personal data protection. In any 
case, if you provide or in other way process Personal Data of third parties in using the Site, you henceforth guarantee – assuming all related responsibilities – that this specific processing is grounded on an appropriate legal basis in accordance with lawful processing of the information in question.

d. When using the services on the Site, there are no parts or procedures that require the supply of data classified as "special categories of personal data" (ex "sensitive data"), ie data that reveal racial or ethnic origin, political opinions , religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data intended to uniquely identify the person, data relating to health or life and sexual orientation, data relating to criminal convictions, crimes or safety measures . If voluntarily entered by the user, such data may be processed only with your free and explicit consent, expressed in writing at the bottom of this information and pursuant to articles 9 and 10 of EU Regulation 2016/679, otherwise they will not be stored nor taken into consideration by our systems.

e. Cookies are small strings of text that are sent from our website to your device (personal computer, tablet, smartphone, etc), and are memorized in order to enable you to be redirected back to the same Site, during any future visits. During navigation, your device may receive cookies from other websites or severs (“third parties”), of which are made up of different elements, for example, images, maps, sounds, specific page links and other dominions, as present on our website.

We’d like to make it clear that cookies allow a device to be identified and recognised as they access the site, however they cannot identify the person using that device.Cookies work to enable access and navigation on a website and to assist the correct function of that site, facilitating access to authentication services for statistical purposes, to understand which areas of the site have been visited and better manage pages and marketing activities; to supply content and marketing that matches any requests sent during navigation (e.g. behavioural advertising with dynamic creativity).

 

3. PURPOSE OF DATA PROCESSING


The purposes of the processing of your personal data that we intend to carry out, following your explicit consent when necessary, are the following:
3.1. to enable the use of the Website, allow the delivery of the services and the management of the Website's security;

3.2 to answer specific requests addressed to Maglificio Gran Sasso Spa, including any requests for Customer Care submitted by filling out the "Contact Us" form;
3.3. to fulfill the obligations provided for by law, regulations or EU legislation or request from competent Authorities;
3.4. to carry out, by way of e-mail, marketing activities related to products which are similar to those you have already purchased, pursuant to Article 130, paragraph 4 of the Code, if you“opted in” to receiving such communications. You have the right to withdraw your consent at any time ;

3.5. to submit promotional and marketing communications, including newsletters and market research. In accordance with the “Guidelines on Marketing and Against Spam – 4th July 2013” issued by the Italian Data Protection Authority, if you decide to give your consent to receive information related to promotional activities of the Data Controller including market research, we inform you that said activity can be performed, as provided for in the applicable regulations, through automated methods (SMS, e-mail, push notifications, fax) and traditional methods (postal mail, telephone contacts operator). At any time you have the right to object to such processing activities for marketing purposes by giving notice to the Data Controller at the addresses specified in the "Contact" section of this Privacy Policy, without prejudice to the lawfulness of the processing founded on your previous consent.
3.6. to create user profiles by analyzing preferences, habits, interests and consumption choices expressed through the use of the Website and the services offered and submitting material and commercial communications and personalized promotions on the services offered for marketing purposes;

3.7. to communicate your personal data to other companies belonging to Maglificio Gran Sasso Group for the purposes ofcarrying out statistical analysis by submitting promotional materials, including newsletters and market research by means of automated methods (SMS, email, push notifications, fax) and traditional means (postal mail, telephone contacts operator);
3.8. to carry out statistical analysis without the possibility to identify the user;
Data processor has implemented specific security measures to ensure that data is authentic and has not been maliciously or accidentally altered during processing, storage or transmission.


4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING


The legal basis of the processing personal data for the purposes set out in section 3.1 and 3.2 is Article 6 ( 1 )(b) of the GDPR (“[...] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”), since processing operations are required in order to provide the services. The provision of personal data for these purposes is optional; however, failure to provide it would imply the inability to initiate the requested services.
Processing operations carried out for the marketing purposes describedunder section 3.3 are based on a 

granted consent pursuant to Article 6 ( 1 )(c) of the GDPR (“[...] processing is necessary for the pursuit of the legitimate interest of the data controller”). In fact, once the personal data has been transferred, processing operations shall comply with the legal obligation to which the Data Controller is subject.

Processing operations carried out for the purposes of profiling, conducting marketing campaigns and communication to the third parties within Maglificio Gran Sasso Group described under sections 3.5, 3.6 and 3.7  are based on a granted consent pursuant to Article 6 ( 1 )(a) (“[...] the data subject has consented to the processing of his/her personal data for one or more specific purposes”) and to Article 22 ( 2 )(c) of the GDPR . Therefore, the provision of personal data for these purposes is optional and does not affect your use of the services. You may oppose the processing of your Personal Data for marketing and profiling purposes at any time by writing tothe Data Controller at the address provided under the "Contact Us" section of this Privacy Policy or, where available, through the "privacy settings" available in your personal area. With reference to the purpose referred to under section 3.4, please note that, if you are already our customer, we will send you commercial information concerning the owner’s products and services similar to those you already use, unless you dissent.  Please note that the processing referred to in section 3.8 will not be carried out on personal data and therefore it can be freely performed by the Data Controller.


5. RECIPIENTS OF PERSONAL DATA


For the purposes referred to in Section 3 above, your Personal Data may be shared with:
5.1. subjects typically acting as data processors, namely: i) persons, companies or professional firms providing Maglificio Gran Sasso Spa with advice and consulting in accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the services; ii) subjects to engage with in order to provide the services; iii) credit institutions, insurance companies and brokers; collectively “Recipients”;

5.2. subjects, bodies or authorities to disclose your Personal Data to in accordance with the provisions of law or under the orders of the authorities;
5.3. persons authorized by Maglificio Gran Sasso Spa to process the Personal Data required for carrying out activities strictly related to the provision of the services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
5.4. within a group of undertakings for internal administrative purposes;
5.5. within a group of undertakings for the purposes under section 3.7, subject to your explicit consent (as set out under section 4).

 

6. TRANSFER OF PERSONAL DATA


Some of your personal data are shared with Recipients that may be located outside the European Economic Area. The Data Controller ensures that such Recipients will process your personal data in compliance with Articles 43 and 44 of the Code, as well as Articles 44 - 49 of the GDPR. In fact, transfers may be approved by a supervisory authority and the European Commission can decide that standard contractual clauses offer sufficient safeguards on data protection for the data to be transferred internationally. Further information may be requested in writing at the address specified in the "Contact Us" section of this Privacy Policy.


7. RETENTION OF PERSONAL DATA

The Personal Data processed for the purposes referred to in section 3.1 and 3.2 (a-b) will be retained for the period deemed strictly necessary to fulfill such purposes. In any case, since the Personal Data are processed for the provision of the services, the Data Controller will retain the Personal Data for the period 

allowed by Italian law to protect its interests (Article 2946 and ensuing articles of the Italian Civil Code). The Personal Data processed for the purposes referred to in section 3.3 will be retained for the period required by the specific obligations or by applicable law.
For the purposes referred to in section 3.4, 3.5 and 3.6, your Personal Data may be processed until you withdraw your consent.
Further information on the data retention period and the criteria adopted in determining this period may be requested in writing at the address specified in the "Contact Us" section of this Privacy Policy. In any case Maglificio Gran Sasso Spa has the possibility of retaining your Personal Data for the period allowed by Italian law to protect its interests (Article 2947 (1) (3) of the Italian Civil Code).

8. DATA SUBJECT'S RIGHTS

 

Under Article 7 of the Code, you, as a data subject, are entitled to request from the Data Controller, at any time, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing according to Article 21 of the GDPR. Starting from 25th May 2018, you are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the GDPR, as well as to obtain the Personal Data you have provided to the Data Controller in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.
Requests should be made in writing at the address specified in the "Contact Us" section of this Privacy Policy.
In any case, you will always be entitled to file a complaint with the competent supervisory authority (the Italian Data Protection Authority), pursuant to Article 77 of the GDPR, if you believe that the processing of your data violates applicable law.


9. AMENDMENTS

The Data Controller reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g. as a result of changes in applicable law. Maglificio Gran Sasso Spa therefore invites you to regularly visit this Privacy Policy in order to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how Maglificio Gran Sasso Spa collects and uses Personal Data.

10. CONTACT US


If you wish to exercise any of the rights set out above or for any other requests, please contact the Data Controller at the postal address specified above, or by way of e-mail at gdpr@gransasso.it.

 

Tour 360