Information and request for consent to personal data processing
G.V.M. S.r.l. (“the Data Controller”) is a company dealing in the marketing and production of marble and precious stones. The purpose of this document is to inform the user regarding our personal data processing methods. GVM S.r.l., in accordance with Legislative Decree n°196/2003 as amended version of Legislative Decree n°101/2018 (hereinafter referred to as “Privacy Code”) and Directive (EU) n°2016/679 (hereinafter referred to as “GDPR”), aims to guarantee privacy and safety of personal data of all visitors in accordance with the conditions described in this document. This document is to be considered as privacy statement pursuant to articles 13 and 14 of the GDPR.
Type of data processed
The website publishes informative documents, at times interactive. While browsing the site, G.V.M. S.r.l. may acquire visitor information as follows:
Browsing data The informatics systems and software procedures responsible for the running of this website acquire, in the course of normal operations, some personal data whose transmission is implicit in the use of internet communication protocols.
This category of data involves: IP addresses, the type of browser used, the operating system, the domain name and address of accessed websites, information on pages visited by the user on the site, time of access, permanence on each page, analysis of the path within the site and other parameters relevant to the operating system and the users’ web environment.
Further data categories This involves all personal data supplied by the visitor via the site, for example by registration and/or accessing a reserved area and/or a service and/or participating in any initiative launched by G.V.M. S.r.l. alone or in partnership with third parties, writing to a G.V.M. S.r.l. email address to request information or telephoning our number to have direct contact with our customer service.
Purpose of processing
To supply goods and/or services requested by the user, manage contracts concluded by the user, fulfil relative administrative, accounting, fiscal and legal obligations, as well as process requests sent by the user.
To send business communications, also via automated instruments, relative to promotions and/or special offers the customer may have the right to benefit from, in the interest of the Data Controller or other companies connected with G.V.M. S.r.l.
To communicate user data for commercial and/or promotional purposes to third parties operating in the stone and art sector and/or to companies with which G.V.M. s.r.l. may establish partnership agreements. The processing implemented for these purposes is necessary in order to fulfil contractual obligations and do not require specific consent from the person involved. The processing implemented for these purposes is performed with the specific consent of the user, except for business communications relative to products and/or services equal to those already purchased and/or signed by the user for which processing is based on legitimate interest of the Data Controller and which, however, the user has the right to oppose. The processing implemented for these purposes is performed with the specific consent of the user.
Data circulation environment
For the purposes stated above, user data may be communicated to: G.V.M. S.r.l. and/or other companies linked thereto and shall be to that end nominated responsible for the processing ex. art. 28 of GDPR; other third parties who perform part of the processing activities and/or activities connected with and instrumental to the aforesaid activities on behalf of the owner.
Such subjects shall also be named responsible for processing ex art. 28 of GDPR; individual subjects, employees and/or collaborators of the Data Controller, who have been entrusted with specific and/or several personal data processing activities. These individuals have received specific instructions regarding safety and the correct use of personal data and are defined as people authorised for data processing under the direct authority of the Data Controller or Person responsible for processing.
Transfer of personal data
G.V.M. s.r.l. may transfer users’ personal data to third parties located in non EU countries. In this case, such third parties shall be named responsible for processing in accordance with and pursuant to art. 28 of the GDPR and the transfer of personal data to such subjects, limited to the performance of specific processing purposes, shall be regulated in accordance with the conditions stated in Chapter V of the GDPR.
Roles and responsibilities in the privacy environment
Users’ personal data are processed by G.V.M. S.r.l., in quality of Data Processor. More detailed information regarding the names of those responsible for processing can be requested by email from the following address: firstname.lastname@example.org
Data processing method
Personal data processing is carried out mainly by using electronic procedures and supports ( DB, CRM platforms etc…..) for the length of time required to fulfil the aims for which the data have been collected and in accordance with the principles of legality and correctness, as well as being restricted and pertinent to the conditions foreseen by the privacy law in force.
Browse data, if recorded, will be conserved by the Processor for 3 months. The data supplied by users will be processed for the entire duration of the contract in force and further conserved exclusively for the period foreseen necessary to fulfil legal obligations, unless further conservation is necessary in order to defend or avail of a right or fulfil any further legal obligations or orders issued by the Authorities.
At any time, users may exercise, according to art. 7 of Legislative Decree n°196/2003 and articles15 to 22 of EU Directive n° 2016/679, the right to:
a) request confirmation regarding the existence or not of one’s personal data;
b) obtain information regarding the purpose of processing, categories of personal data, recipients or categories of recipients to whom the personal data have been or will be communicated, and whenever possible, the period of conservation;
c) have data corrected or deleted;
d) limit processing;
e) obtain data portability, i.e. receive data from the Processor, in common machine-readable format, and freely transfer it to another Processor;
f) oppose processing at any time and also the use of processing for direct marketing purposes;
g) oppose automated individual decision-making, including profiling.
h) request, via the Data Processor, access to personal data and rectification or deletion of the afore-mentioned data or limitation of processing or oppose processing, as well as the right to data portability;
i) revoke consent at any time without affecting the legality of processing based on consent granted prior to annulment;
j) submit a complaint to controlling authorities.
Users may exercise rights by written request sent to the email address of the registered office or the following email address: email@example.com
I the undersigned declare to have read the above information.
I, the undersigned, in the light of the information received
◻ grant my consent
◻ DO NOT grant my consent to the processing of my personal data as indicated in the privacy statement above.