STATEMENT TO WEB USERS REGARDING REGISTRATION ON THE SITE
STATEMENT TO WEB USERS REGARDING REGISTRATION ON THE SITE
Statement to web users regarding registration on the site to be provided under art. 13, Reg. UE 2016/679 (GDPR)
Identity and contact details of the Data Controller
The Data Controller is Giordano Vini S.p.A (hereafter: "Giordano" or "the Data Controller"), with registered office at via Cane Guido 47 bis/50, 12055 Diano d'Alba (CN) - P. VAT/Tax ID No. 04642870960.
Categories of personal data
The personal data provided are obtained:
when creating a user account on our website, where the data subject is asked to enter the following personal data:
- Mandatory data: first and last name, date of birth, email address and password selected to access the site's services; should you decide not to provide this personal data, you will not be able to create a user account.
- Optional data: address, mobile and/or fixed telephone number for postal deliveries in the event of subsequent orders; if you decide not to provide this personal data, you may do so at a later date when placing the order.
Purposes of processing, legal basis and retention periods
The data collected are processed to carry out the registration request and activate the User profile for the e-commerce area on the Giordano website.
The legal basis is Art. 6, paragraph 1, subparagraph b), GDPR since the processing is intended to fulfil pre-contractual or contractual obligations to which the data subject is a party (use of the website and activation of the relevant services requested by the user).
The period of data retention is determined according to the period required to finalise the registration and for as long as the user is registered and uses the reserved services. The user's data (and profile) will be deleted in the event of incorrect behaviour on the part of the user in navigating the site or in actions performed by the user through the site. In this case, the Data Controller will inform the competent authorities by communicating the user's data.
Methods of processing
Personal data are processed by the Data Controller using mainly electronic methods and are stored on servers within the company's own management system and/or by third-party companies appointed and duly designated as Data Processors. Appropriate security measures are taken to prevent loss or alteration of data (including accidental loss), illegal or incorrect use and unauthorised access.
Scope of data communication
Where appropriate and in accordance with applicable laws and regulations, we may communicate your personal data, in various ways and for various reasons, to the following categories of entities:
- external service providers, who act as Data Processors in order to provide certain services to our company, such as: providers of services related to the website or the online shop, providers of marketing services or providers of IT support services. During the provision of these services, external service providers may have access to and/or process your personal data. These external service providers will be under a contractual obligation to implement appropriate technical and organisational security measures to safeguard personal data and process them in accordance with the instructions received.
- Giordano may also transfer your personal data to law enforcement agencies, government authorities, legal advisors and external consultants in accordance with applicable data protection law. The legal basis for such processing is the fulfilment of a legal obligation to which our company is subject or is represented by our legitimate interests, such as the exercise of or defence against legal claims.
Place of processing and transfer of data to non-EU countries
The processing, including storage, of personal data takes place on servers owned by the Data Controller and/or by third-party companies duly appointed as Data Processors, located within the European Union. However, personal data may be transferred to third countries, mainly for analytical services, by adopting the contractual clauses set out in the Decision of the European Commission of 5 February 2010 for the transfer of personal data to Data Processors located in third countries, in compliance with the requirements of Art. 46, GDPR and, where applicable for the fulfilment of contractual obligations to which the data subject is party, under the provisions of Art. 49, paragraph 1, subparagraph b), GDPR.
Rights of Data Subjects under Articles 15-22, GDPR
By writing to the Data Controller at the postal address Giordano Vini S.p.A. via G. Cane 47bis/50 - 12055 Diano d'Alba (CN) or at the email address email@example.com, the Data Subject may exercise the rights of: access (Art.15, GDPR), rectification (Art.16, GDPR), erasure and forgetting (Art.17, GDPR), restriction of processing (Art.18, GDPR), notification in case of rectification or erasure (Art.19, GDPR), data portability (Art.20, GDPR), revocation of consent, objection to processing (Art.21, GDPR) for legitimate reasons or for sending marketing communications and direct sales also limited to one or more means of contact (e.g.: by mail and/or email and/or telephone), as well as objecting to profiling (Art.22, GDPR) if linked to direct marketing. At any time, the Data Subject may request a complete and up-to-date list of the Data Processors and third parties to whom personal data may be disclosed.
Complaint to the Supervisory Authority
The Data Subject has the right to lodge a complaint with the Supervisory Authority, which in Italy is the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) – Piazza Venezia 11, 00187 Roma (RM) – www.garanteprivacy.it, by sending an email to firstname.lastname@example.org, using the form found on the Authority's website.
Data Protection Officer
The Data Protection Officer can be contacted at email@example.com for information on data processing.