Pursuant to art. 13 of the EU Reg. 2016/679
(General Data Protection Regulation, so-called GDPR)
- DATA CONTROLLER
The Data Controller is GMT ITALIA SRL based in Via Francesco Sforza 14, 20122 – Milan (Italy), Tel. 02/72080537 and e-mail address: firstname.lastname@example.org
- DATA PROCESSOR
The Data Processor is Mattia Corvo Santini based in Milan, tel 02/8597981 and e-mail address email@example.com
- TYPES OF PROCESSED DATA
3.1 Navigation data
The visit and consultation of the Site do not generally involve the collection and processing of the user’s personal data. The processing of personal data of the user who visits and consults the Site is limited to the so-called “navigation data”, the transmission of which is necessary for the functioning of computer systems and programs essential for the operation of the Site despite the fact that, by their nature and jointly with other data, they may allow the identification of the user. This category includes, for example, the IP (Internet Protocol) addresses or the domain names of the computer used to visit the Site, as well as other parameters relating to the operating system used by the user to connect to the Site. The collection of browsing data takes place automatically and unavoidably and can only be used to obtain statistical information on the use of the Site and to verify its correct functioning. If expressly requested, such data may be used by the Public Authority to ascertain responsibility in case of computer crimes committed against the Site and/or third parties, according to the procedures in force with the competent Authorities. Except for this possibility, the above described navigation data are only temporarily maintained in compliance with the applicable regulations.
3.2 Data voluntarily provided by individual users
GMT ITALIA SRL collects and processes personal data voluntarily provided by individual user if he/she, by connecting to the Site, fills in the contact form on the Website and send your personal data to GMT ITALIA SRL. The user must fill in the contact form correctly and in its entirety. This involves the mandatory acquisition by GMT ITALIA SRL of the e-mail address, the sender’s name and / or other personal data contained in the e-mail. The provided personal data will be processed exclusively to respond to the user’s requests. In the event that the form is not filled out correctly and completely, the user will not be able to use the contact service. The Personal Data that GMT ITALIA SRL collects and processes may therefore include name and surname, e-mail address, telephone number, address, tax code, etc.
The Company does not knowingly process “sensitive” personal data capable of revealing racial and/or ethnic origins, religious beliefs, philosophical convictions, political opinions, membership of political parties, trade unions, religious or philosophical, political or trade union organizations, the health status or sexual orientations of the person concerned. Therefore, please do not provide these types of data.
- PURPOSES and LEGAL BASIS OF DATA PROCESSING
GMT ITALIA SRL collects and processes user’s personal data for the following purposes:
a) to get in touch with customers or potential customers, answer and manage their requests for information, questions and communications. The consent to the personal data processing for this purpose is necessary to allow the user to use the contact service available on the Site and, consequently, to allow GMT ITALIA SRL to respond to requests for information, questions and communications from customers or potential customers and provide them the required services. In case of lacked consent to the processing of personal data for this purpose, the user will not be able to use the contact service available on the Site and GMT ITALIA SRL cannot respond to requests for information and provide the services requested by the user;
b) to be able to satisfy user’s requests for products and services, to manage sales activities and after-sales assistance, including administrative, accounting and tax activities necessary to fulfill legal obligations, as well as warranty services (repairs or replacements). The provision of data with respect to these purposes is mandatory and in case of refusal, GMT ITALIA SRL will not be able to process the requested contractual services. It is not necessary that GMT ITALIA SRL obtains the explicit consent to the personal data processing for these purposes: the consent is in fact implicit in the request for contractual services and in the legal obligations;
c) to carry out promotional initiatives, such as sending information about new products, events, presentations, etc. This information may be transmitted using traditional methods (calls by telephone, shipment of printed advertising material by post, etc.) or by automated means (SMS, e-mail). In this case, GMT ITALIA SRL will require explicit and specific user consent to the personal data processing for promotional purposes, consent that the user may revoke at any time.
- DATA PROCESSING METHODS AND SECURITY MEASURES
The processing is carried out using IT and/or paper tools, with organizational methods and with logic strictly related to the purposes indicated above. GMT ITALIA SRL takes appropriate security measures to prevent personal data unauthorized access, disclosure, modification or destruction.
Therefore the treatment will be carried out in compliance with the provisions of art. 32 GDPR regarding security measures, also possibly by the employees of the GMT ITALIA SRL specifically appointed and instructed in compliance with the provisions of art. 29 GDPR.
The collected data are processed only for the achievement of the purposes referred to in point 4). GMT ITALIA SRL uses security technologies and procedures that guarantee the protection of user’s personal data and uses constantly updated devices for the processing security and personal data storage.
- PERSONAL DATA DISCLOSURE
They will have access to the personal data: the Data Processor, the other persons acting as External Data Processors appointed by GMT ITALIA SRL, such as professionals (lawyers, accountants) or service providers (credit institutions, insurance companies, etc.) and the employees of GMT ITALIA SRL specifically authorized and instructed.
The personal data collected may be communicated to the Judicial Authority in the cases expressly provided for by law without the consent of the user as well as to all the subjects whose right of access to the data is recognized by virtue of regulatory provisions.
Personal data collected and processed by GMT ITALIA SRL will not be disclosed to third parties, unless the user authorizes, by explicit and express consent, GMT ITALIA SRL to communicate his personal data to third parties, independent data controllers.
Except for the above, personal data in no case will be subject to disclosure.
- TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY
GMT ITALIA SRL does not transfer personal data to third countries that do not provide adequate guarantees, as required by art. 46 GDPR. In any case, GMT ITALIA SRL must acquire the explicit and express consent of the user in order to proceed with the transfer of data to a third country. GMT ITALIA SRL reserves the right to use cloud services and in this case service providers will be selected among those providing adequate guarantees.
- DATA RETENTION MODE AND DURATION
The data collected for the purposes referred to in letter B) of point 4) are stored in a SQL database, an integral part of the management and billing software installed on a server with secure access inside the GMT ITALIA SRL offices in Milan. This data is kept for at least 10 years, after which it will be deleted from the database.
The data collected for the purposes referred to in letters A) and C) of point 4) are currently registered in an excel file on dropbox shared with the two GMT ITALIA SRL stores in Milan but modifiable only by authorized personnel. This data is kept for 5 years, after which it will be deleted from the database.
- USER’S RIGHTS
The interested party to the processing of personal data has the right: a) to access the personal data provided;
b) to rectify, limit, modify, supplement, delete, anonymous the personal data provided;
c) to transfer the data to another data controller;
d) to oppose the processing of personal data provided.
The interested party can exercise these rights by sending a communication via e-mail to the following e-mail address: firstname.lastname@example.org. The interested party also has the right to file a complaint to the Authority for the Protection of Personal Data (www.garanteprivacy.it)
- CONSENT REVOCATION TO THE PERSONAL DATA PROCESSING
The user may revoke consent to the personal data processing by sending an e-mail to the following address: email@example.com. In this case the personal data will be removed from the archives as soon as possible.
Cookies are small text files that are sent to the user’s device (usually to the user’s browser) from the websites visited. They are stored in the user’s device and then re-transmitted to the websites on the subsequent visits of the user to those websites. While browsing a website, a user may receive cookies from other websites or web servers, which are the so-called “third-party” cookies. This is because the visited website can contain elements such as images, maps, audio files, links to individual Web pages on different domains that are on different servers than the one in which the visited page is stored.
Cookies are usually present in substantial numbers in the browser of each user and, sometimes, remain stored for a long time. They are used for different purposes ranging from IT authentication to monitoring browsing sessions to storing specific information about user configurations accessing a particular server and so on. To regulate these devices appropriately, it is necessary to distinguish them taking into account the aims pursued by those who use them, since there are no technical features that allow them to be differentiated. This is actually the approach followed by the Italian Parliament, which imposed the obligation to obtain the informed consent of users for the installation of cookies for purposes other than those of a purely technical nature – according with the EC Directive 2009/136. From this point of view and for the purposes of this decision, cookies can be divided into two main groups: “technical” cookies and “profiling” cookies.
a. Technical cookies
Technical cookies are those used exclusively for the purpose of transmitting a communication over an electronic communication network, or those strictly necessary for a company providing an Information Technology service that has been explicitly requested by the contracting party or by the user to provide the aforementioned service. They are not used for other purposes and are usually installed directly by the data controller or the website operator. They can be grouped into:
- browsing or session cookies, which allow users to browse and use a website (for example, to make online purchases or authenticate to get access to certain sections);
- analytical cookies, which can be equated to technical cookies to the extent that they are used directly by the website operator to collect aggregate information on the number of visitors and the pattern of the visits to the website;
- functional cookies, which allow users to navigate according to certain predetermined criteria, such as language or products to purchase, in order to improve the service quality. Users’ prior consent is not required to install these cookies.
b. Profiling cookies
Profiling cookies aim at creating the user profile. They are used to send advertising messages in line with the preferences shown by the user while browsing. In light of the highly invasive nature of these cookies towards the privacy of users, Italian and European legislation require users to be appropriately informed about their use in order to give their valid consent.
THE TYPES OF COOKIES USED
Below the cookies installed on the Site:
|Gmtitalia.com||_ga||Used to distinguish users.||2 years|
|Gmtitalia.com||_gat_UA-28234341-1||Used to throttle request rate.||1 minute|
|Gmtitalia.com||_gid||Used to distinguish users.||24 hours|
|Gmtitalia.com||_hjIncludedInSample||Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.||365 days|
LINKS TO THIRD PARTIES
To limit, block or delete cookies, it is enough to change the settings of your web browser. The procedure varies slightly according to the type of browser used. For detailed instructions, click on the link related to the browser used.
Some sections of the Site are accessible only by enabling cookies; turning them off it is possible that the user no longer has access to some content and the user cannot fully appreciate the features of the website.