Privacy and Cookie Policy

Notice on the Processing of Personal Data of Website Users

Articles 13 and 14 of Regulation 2016/679/EU (hereinafter also “GDPR”)

Why This Notice

Giglioli srl (hereinafter also the “Company” or “Controller”) is committed to respecting and protecting your privacy. We want you to feel safe both while browsing the site and when you choose to register by providing your personal data to take advantage of the services made available to Users and/or Customers. On this page, the Company intends to provide information on the processing of personal data of users who visit or consult the website accessible online at www.giglioli.eu (the “Site”). This notice applies only to the Company’s website and not to other websites that may be accessed by the user through links (for which reference should be made to their respective privacy policies).
The reproduction or use of the pages, materials, and information contained within the Site, by any means and on any medium, is not permitted without the prior written consent of the Company. Copying and/or printing is allowed solely for personal and non-commercial use (for requests and clarifications, contact the Company at the contacts indicated below). Other uses of the content, services, and information on this site are not permitted.

Regarding the content provided and the information shared, the Company will make reasonable efforts to keep the Site’s content up-to-date and reviewed, without guaranteeing the adequacy, accuracy, or completeness of the information provided. It explicitly disclaims any liability for any omissions or errors in the information provided on the Site.

Source – Browsing Data

The Company informs you that personal data provided and collected upon request for information and/or contact, registration to the site, and use of services via smartphone or any other device used to access the Internet, as well as data necessary for the provision of these services, including browsing data and data used for the purchase of products and services offered by the Company, but also the mere browsing data from the site by users, will be processed in accordance with applicable regulations. The computer systems and software procedures used for the operation of this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of the Internet. This data is not collected to be associated with identified individuals but, by its very nature, could allow users to be identified through processing and association with data held by third parties.
Such data includes “IP addresses” or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the file size obtained in response, the numeric code indicating the status of the response given by the web server (success, error, etc.), and other parameters regarding the user’s operating system and computing environment. These data are used solely for the purpose of obtaining anonymous statistical information on the use of the site and to check its proper functioning. Note that such data may be used to ascertain liability in the event of cybercrimes against the Company’s site or other sites connected to it: save for this possibility, web contact data does not persist for more than a few days.

Source – Data Provided by the User

The Company collects, stores, and processes your personal data to provide the products and services offered on the Site or to fulfill legal obligations. With respect to specific Services, Products, Promotions, etc., the Company may process your data for commercial purposes. In such cases, specific, separate, optional, and always revocable consent will be requested following the methods and contacts below.

The optional, explicit, and voluntary sending of emails to addresses indicated in the appropriate section of the Website, as well as the completion of questionnaires (e.g., forms), communication via chat, push notifications via App, social networks, call center, etc., involves the subsequent acquisition of some of your personal data, including those collected through the use of Apps and related services, necessary to respond to requests. Additionally, when using mobile connections to access digital content and services directly offered by the Company or by our Partners, it may be necessary to transfer your personal data to these third parties. We would like to point out that you might access the Site or connect to areas where you may be allowed to post information using blogs or message boards, communicate with others, for example, from the Company’s Facebook®, LinkedIn®, Youtube® pages, and other social networks, review products and offers, and post comments or content. Before interacting with such areas, we invite you to read the General Conditions of Use carefully, bearing in mind that, in certain circumstances, information posted may be viewed by anyone with Internet access and that all information included in your postings can be read, collected, and used by third parties.

Purposes and Legal Basis of Processing

Data is processed for purposes:

  • Strictly connected and necessary for registration on the website www.giglioli.eu, for the services and/or Apps developed or made available by the Company, for the use of related information services, management of contact requests or requests for information, for purchases of products and services offered through the Company’s site;
  • Ancillary activities related to the management of User/Customer requests and the sending of feedback that may involve sending promotional material; the completion of the purchase order of products and services offered, including aspects related to payment by credit card, management of shipments, potential exercise of the right of reconsideration provided for distance purchases, updating on the availability of temporarily unavailable products and services;
  • Related to compliance with regulations under EU and national laws, protection of public order, and detection and prosecution of crimes;
  • Direct marketing, i.e., sending of advertising material, direct sales, conducting market research or commercial communications related to products and/or services offered by the Company; this activity may also relate to products and services from Company Group Companies and be conducted by sending advertising/informative/promotional material and/or invitations to participate in initiatives, events, and offers aimed at rewarding users/customers, conducted through “traditional” methods (e.g., paper mail and/or operator calls) or “automated” contact systems (e.g., SMS and/or MMS, operator-free phone calls, email, fax, interactive applications), in accordance with Art. 130, para. 1 and 2, of Legislative Decree 196/03 as amended.

Providing data for the purposes under points 1), 2), and 3), related to a pre-contractual and/or contractual phase or required by a specific regulatory provision, is mandatory, and failure to provide it will make it impossible to receive information and access any services requested; regarding point 4) of this notice, the user/customer’s consent to data processing is free and optional and can always be withdrawn without consequences on the usability of products and services except for the Company’s inability to keep users/customers updated on new initiatives or special promotions or benefits potentially available.

The Company may send commercial communications regarding products and/or services similar to those already provided, pursuant to Directive 2002/58/EC, using the email or mailing addresses you provided on those occasions. You may object to this with the methods and contact details provided below.

Processing Methods, Logic, Retention Period, and Security Measures

Processing is carried out with the aid of electronic or automated means and is conducted by the Company and/or third parties that the Company may engage to store, manage, and transmit the data. The processing of data will be performed with organizational and processing logic of your personal data, also related to logs generated by access to and use of services made available via the web, products, and services consumed, for the purposes mentioned above, and in any case in such a way as to ensure the security and confidentiality of data. Personal data processed will be retained for the period provided by applicable regulations.

With regard to data security, in sections of the website designated for specific services where users are required to provide personal data, the information is encrypted using a security technology called Secure Sockets Layer, abbreviated as SSL. SSL technology encodes information before it is exchanged over the Internet between the user’s device and the Company’s central systems, making it inaccessible to unauthorized parties and thus ensuring the confidentiality of the transmitted information. Additionally, transactions made using electronic payment tools are conducted directly through the Payment Service Provider (PSP) platform, and the Company retains only the minimum set of information necessary to handle any disputes.
Specifically, concerning the protection of personal data, the user/customer is invited, in accordance with Article 33 of the GDPR, to report to the Company any circumstances or events that may lead to a potential “personal data breach,” to enable an immediate assessment and adoption of any measures necessary to counter such an event. Reports can be sent to info@giglioli.eu or through Customer Service.
The measures adopted by the Company do not exempt the Customer from taking necessary precautions when using, where required, adequately complex passwords/PINs, which should be updated periodically, especially if they are believed to have been compromised or known by third parties. Users should carefully store these and keep them inaccessible to third parties to prevent improper and unauthorized use.

Cookies

A cookie is a short text string sent to your browser and, if applicable, saved on your computer (alternatively on your smartphone/tablet or any other device used to access the Internet); this occurs typically every time you visit a website. The Company uses cookies for various purposes, in order to offer you a fast and secure digital experience, for example, allowing you to keep your connection to the protected area active as you browse through the pages of the site.

Cookies stored on your device cannot be used to retrieve any data from your hard drive, transmit computer viruses, or identify and use your email address. Each cookie is unique to the browser and device you use to access the Website or the Company’s App. Generally, the purpose of cookies is to improve the functionality of the website and the user experience in using it, although cookies can also be used to send advertising messages (as specified below). For more information on what cookies are and how they work, you can visit the website ‘All About Cookies’ at http://www.allaboutcookies.org.

Data Communication and Transfer Scopes

For the purposes outlined above, the Company may disclose and allow the processing of user/customer personal data by third parties in Italy and abroad with whom we have relationships, where these third parties provide services at our request. We will only provide these third parties with the information necessary to perform the requested services and will take all measures to protect your personal data. Data may be transferred outside the European Economic Area if necessary for the management of your contractual relationship. In such cases, the recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by the Data Controller. When using services provided directly by partners, we will only provide the minimum data necessary for the services. In any case, only the data necessary for achieving the intended purposes will be communicated, and where required, applicable safeguards will be applied for data transfers to third countries. We may also disclose personal data to our business service providers for marketing purposes, for which they are appointed as external processors. Additionally, personal data may be disclosed to competent public authorities for regulatory compliance or for determining responsibility in cases of cyber crimes affecting the site, and to third parties (as controllers or, if they are electronic communication service providers, independent controllers) that provide IT and telecommunication services (e.g., hosting, site management and development services) used by the Company for tasks and activities of a technical and organizational nature essential for the operation of the website. The entities in the above categories act as distinct data controllers or as processors appointed by the Company.

Personal data may also be known by employees/consultants of the Company who are specifically trained and appointed to process data.

The categories of recipients to whom data may be disclosed are available by contacting the Company at the details below.

Data Subject Rights

You may exercise your rights granted by law at any time, including the right:

  1. to access your personal data, obtaining information on the purposes pursued by the Controller, the categories of data involved, the recipients to whom the data may be disclosed, the applicable retention period, and the existence of automated decision-making processes;
  2. to obtain without delay the correction of inaccurate personal data concerning you;
  3. to obtain, in certain cases, the deletion of your data;
  4. to obtain the restriction of processing or to oppose it, where possible;
  5. to request data portability, i.e., to receive them in a structured, commonly used, and machine-readable format, also to transmit such data to another controller, within the limits and under the conditions of Article 20 of the GDPR.

You may also file a complaint with the Data Protection Authority under Article 77 of the GDPR.

For the processing referred to in purpose 4), the Customer may always withdraw consent and exercise the right to object to direct marketing (in both “traditional” and “automated” forms). Without further indication, opposition will apply to both traditional and automated communications.

Data Controller

The data controller, pursuant to Article 4 of the Code and the GDPR, is Giglioli srl, Via Borgo Giannotti 344-B, Lucca, 55100 Italy.

The above rights may be exercised upon request of the Interested Party in the manner made known by the Customer Service or on the Company’s WEB site or by using the following references: Giglioli srl (info[et]giglioli.eu).

The use of the Website, including those for tablets and/or smartphones, by the Customer and/or User implies full knowledge and acceptance of the content and any provisions included in this version of the privacy policy published by the Company at the time the site is accessed. The Company informs that this privacy policy may be modified without notice and therefore advises periodic reading.

The Data Controller
Giglioli srl