Information and personal data voluntarily supplied by you or automatically collected by the use of our Website services (hereinafter, “Services”) will be processed in accordance with GDPR provisions and also with the confidentiality obligations that inspire the activity of the Controller.
Pursuant to GDPR provisions, the treatment made by Galleria Forni sas di Forni Paola & c. is based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
This policy exclusively refers to the present Website and does not concern other websites accessible via links published within the Website.
The Controller is the company Galleria Forni sas di Forni Paola & c., via Farini 26/F, 40124 Bologna, Italy, P.IVA / C.F. IT 00571770379
2. Personal Data
The data collected and processed by the Controller also through the Website can be classified into the following categories: personal details (name, address, gender, birthplace and birthdate), contact details (email address and telephone number), information about purchase orders of products and services offered on the Website, browsing data collected by the Website (hereinafter, “Personal Data”).
Specifically, Personal Data processed through the Website are the following:
- Browsing data
During their normal operation, the information systems and software procedures employed in the Website functioning acquire some Personal Data whose transmission is implicit in the use of internet communication protocols. Such information are not collected for being associated with identified interested parties, yet, due to their nature, they may allow of users identification through processing and association with data held by third parties. This data category includes IP addresses or domain names of computers used by users connecting to the Website, the Uniform Resource Identifier (URI) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. These types of data are used only to obtain anonymous statistical information about the use of the Website and to check its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website or third parties. Excluding such cases, the data are shortly deleted.
- Special categories of data
Specific information requests or CVs for applications sent by email may contain personal data belonging to the special categories referred to in article 9 of GDPR (i.e. (…)personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and (…) genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (…)). Users are invited to not send such data unless strictly necessary. On this regard, we advise users that the treatment of such data is prohibited if they have not given the explicit consent to their processing. Hence, the Controller cannot be held liable or receive any claim and, according to article 9.2.e of GDPR, the processing is allowed only if related to personal data which are manifestly made public by the interested parties.
- Data voluntarily provided by the user
The elective, explicit and voluntary sending of emails and messages to the addresses indicated on the Website, as well as the filling of the form “keep in touch”, entails the consequent acquisition of the sender’s address, necessary to reply to the requests, as well as any other personal data included in the aforementioned messages and communication.
The use of the Services of the Website may involve the treatment of third parties’ Personal Data provided by you to the Controller. In this case, you act as an independent controller assuming all the consequent obligations and liabilities under the law or any other regulation. Hence, you grant to the Controller the indemnity with respect to any dispute, claim, request for compensation for damage deriving from the treatment of the relevant data, etc. that should reach the Controller from third parties whose Personal Data have been processed through your use of the Website in violation of the regulation concerning personal data protection. In any case, you guarantee – assuming any related responsibility – that the processing of third parties’ Personal Data made by you using the Website is done in accordance with article 6 of GDPR, which legitimizes the treatment of such information.
3. Scope of data processing
Your Personal Data are processed for the following purposes:
- to allow the provision of services requested by you (i.e. online sale services);
- to answer assistance or information requests;
- to examine CVs and possibly contact candidates;
- to fulfill any legal, accounting and fiscal obligations;
- to send newsletter containing informative and promotional material concerning the services described and offered on the Website.
4. Legal basis of data processing
Personal Data are processed for the provision of the services referred to in article 3 (i, ii, iii) in accordance with article 6.1.b of GDPR (performance of contracts or precontractual measures), since these types of treatments are done for the provision of services or to answer to information requests of interested parties. In these cases the consent for Personal Data treatment is voluntarily given. In absence of consent it will not be possible to guarantee the Services offered on the Website, to reply to information requests or to examine CVs.
The legal base of processing referred to in article 3 (iv) is established by article 6.1.c of GDPR and, in particular, concerns the fulfillment of a legal obligation. Once Personal Data have been provided, the processing is necessary for compliance with legal obligation to which the Controller is subject.
The legal base of processing referred to in article 3 (v) is established by article 6.1.a of GDPR. The consent for Personal Data treatment can be given voluntarily. In absence of consent it is not possible to constantly inform you about offers and promotions, even those tailored, reserved to customers of Galleria Forni.
5. Recipients of Personal Data
For purposes mentioned in article 3, your Personal Data can be shared with:
- subjects acting as data controllers, namely: 1) persons, companies or professional firms that provide assistance and consultancy to the Controller in accounting, administrative, legal, tax, financial and credit recovery matters relating to the provision of Services;
2) subjects with whom it is necessary to interact in order to provide Services (i.e. email providers, hosting providers); 3) subjects appointed to carry out technical maintenance activities (including computer hardwares and softwares maintenance, network equipment and electronic communications systems maintenance); (hereinafter all indicated as “Recipients”);
- subjects, entities or authorities to whom the disclosure of your Personal Data is required by law or orders of the competent authorities;
- persons authorized by the Controller to process Personal Data in order to perform activities strictly related to the provision of Services, or any other purposes listed in article 3, who are committed to confidentiality or who have an adequate legal obligation of confidentiality (i.e. employees and collaborators).
6. Transfer of personal data
Personal data will not be transferred outside the borders of European Union.
7. Processing methods and storage duration
The processing of your Personal Data is made through the operations indicated by article 4.2 of GDPR such as data collection, recording, organization, storage, consultation, elaboration, alteration, selection, retrieval, alignment, use, restriction, dissemination, erasure or destruction.
The processing of personal data can be recorded and stored in paper format and is carried out by automated and/or electronic means.
Personal data processed for the scopes of article 3 (i and ii) will be stored for the time strictly needed to fulfill the mentioned purposes. In any case, since their processing concerns the provision of Services, the Controller will process Personal Data for the time allowed by Italian Law to protect its own rights and interests.
As regards CVs referred to in article 3.iii and sent through the Website or emails, Personal Data will be stored for the time considered appropriate due to the purpose they have been collected.
Personal data processed for the scopes of article 3.iv will be stored for the time requested by law.
Personal data processed for the scopes of article 3.v will be stored until your withdrawal of consent. At any time and without any reason you may withdraw your consent according to the provisions of the following article 8 by clicking on the link indicated in the newsletter or by sending an explicit request to the Controller at the email address email@example.com.
8. Rights of interested parties
Under articles 13 of GDPR, and also according to articles 7 and 15 – 22 of GDPR, in relation to your Personal Data you have the right:
- to obtain confirmation as to whether or not personal data concerning you are being processed and to receive the personal data concerning you in a structured, commonly used and machine-readable format in cases of article 20 of GDPR;
- to know from which source Personal Data originate and obtain information concerning processing purposes and methods and also about the logic involved in personal data processing by electronic means;
- to access to and to obtain the rectification of personal data and also the restriction of processing in cases of article 18 of GDPR;
- to obtain the erasure, the anonymization or restriction of personal data processing whether it is unlawful, also including personal data stored for the provision of services for which such data have been collected and processed;
- to portability;
- to completely or partially object to your personal data processing:
- in case of legitimate reasons, even if necessary to achieve the purpose for which they have been collected;
- aimed to marketing purposes, or for sending advertising or direct sales material or for carrying out market research or commercial communication.
In any case, according to article 77 of GDPR you have the right to lodge a complaint with the relevant supervisory authority (Garante per la Protezione dei Dati Personali) if you consider unlawful the processing of your personal data. You may find all further information concerning the relevant proceeding on the official website of the supervisory authority at the following address www.garanteprivacy.it.
9. How to exercise your rights
At any time you may exercise the rights referred to in previous article 8 sending an email to the following address: firstname.lastname@example.org.
The Controller reserves the right to amend or simply update, completely or partially, the content of this policy, also due to changes in applicable legislation. The content of the Website and the provisions of this policy may be modified, therefore the Controller invites you to regularly visit this section to be aware of the latest and updated version of this policy in order to be always updated on terms governing data processing.
Last update: February 24, 2021