PERSONAL DATA PROCESSING POLICY

Cravattificio Gierre S.r.l. (“Gierre”), well aware of the importance of the protection of personal data, in its capacity as Controller, informs the users (“Data Subjects”) of the www.gierremilano.com website (“Site”) that the personal data collected through navigation on the Site shall be processed in compliance with current laws. When using the services offered by the Site, Gierre will provide Data Subjects with specific information regarding the further processing of their personal data.

In accordance with Article 13 of Regulation (EU) No 2016/679 (the ‘Regulation’), Gierre shall provide the following information concerning the management and the processing of data.

1. Types of data collected, purpose and legal basis of processing

During the navigation on the Site, Gierre shall process the following data related to the Data Subjects (“Data”):

(i) Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the users’ terminals that connect to the site, the MAC (Media Access Control) addresses, the addresses in the URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to forward the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and parameters related to the operating system and to the user’s computer environment. These Data are used for the following purposes:

to obtain anonymous statistical information on the use of the Site and to check its correct functioning. The Data for this purpose are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. The legal basis justifying said processing is set out in art. 6(1)(b) of the Regulation, since said processing allows the Data Subjects to use the service requested. 

– to fulfil legal obligations or to requests of the judicial Authority. The legal basis justifying said processing is set out in art. 6(1)(c) of the Regulation since said processing is necessary to fulfil a legal obligation to which the data controller is subject.

(ii) Data provided voluntarily by the Data Subjects

Following the voluntary sending of e-mail messages to the e-mail addresses on the site, Gierre may process the sender’s e-mail address and the additional personal data contained in the message to respond to requests made by the Data Subjects. Specific privacy policy will still be given when using particular tools provided by the Site. These Data are used for the following purposes: 

to respond to Data Subjects’ requests. The legal basis justifying said processing is set out in art. 6(1)(b) of the Regulation, since said processing allows to provide the requested service to the Data Subjects;

– to fulfil legal obligations or to requests of the judicial Authority. The legal basis justifying said processing is set out in art. 6(1)(c) of the Regulation since said processing is necessary to fulfil a legal obligation to which the data controller is subject.

(iii) Cookies

The Site uses the following types of cookies: 

technical cookies (both session and navigation cookies), to ensure normal navigation and use of the Site; 

– third party analytics (with reduced identifying potentials), in order to monitor the use of the site by users for the purpose of optimising the web platform and statistics (analytical). For all information concerning the processing of personal data by means of cookies, please refer to the extended policy on cookies, which can be found here or by clicking to the proper link shown in the Site footer. 

2. Data retention period

The Data collected and processed when browsing the Site shall be kept for the entire period of service providing and, in any case, deleted or rendered anonymous within 7 days. Personal data sent voluntarily by users through the tools on the site will be deleted after providing the service requested or having responded to them and in any case within the maximum period of 6 months from the end of this activity, with the exception of those required to comply with fiscal, accounting and administrative regulations or to fulfil other legal obligations and to document the activities carried out.

3. Methods of processing

The Data shall be processed by staff of Gierre that have express authority to do so, by analogue and electronic means, stored on any suitable device and organised in a database. Specific security measures shall be implemented to prevent the loss of the Data, as well as any illegal or incorrect use thereof and unauthorised access thereto. The processing of the Data shall not involve automated decision-making methods.

4. Provision of Data

The provision of Navigation Data is necessary to allow Gierre to provide the service requested by the Data Subjects (navigation on the Site) and mandatory for this purpose; in default, the Data Subjects may not be able to navigate on the Site

The provision of any further Data is optional; the lack of provision will not affect the Data Subjects.

5. Disclosure of the Data

The Data may be disclosed to: (i) subjects having the right and interest to access the personal data of the Data Subjects under national or EU laws; (ii) companies, associations or professional firms that provide services, on behalf of Gierre and in their quality of Data Processor, for the fulfilment of legal obligations as well as services for any other organisational and administrative requirements (“Data Processor”). The names of the Processors are reported in an updated list available from Gierre (to be requested by using the contact details indicated in Section 9). The Data shall not be disseminated.

6. Transfer of Data to Countries that are not part of the EU or to international organisations

Gierre shall not transfer the Data to Countries that are not part of the EU or to international organisations.

7. Link to sites or services of third parties

This policy is provided only for the processing of Data made through the Site or the tools provided by the same, and not for other websites that may be consulted by the Data Subjects through connection, whose managers operate as independent data controllers. Data Subjects are therefore invited to read their privacy policies carefully, before accessing the services of third parties.

8. Rights of the Data Subjects

The Data Subjects may at any time exercise their rights provided for in the Regulation, including: 

– to request information on: (i) the origin of the Data; (ii) the purposes and methods of processing; (iii) the logic applied in the event of the use of electronic devices; (iv) the details of the Controller and of the Processors.

– to obtain: (i) access to, the updating of, or the rectification or integration of the Data; (ii) the erasure, anonymisation or blocking of Data unlawfully processed; (iii) limitation of the processing of Data; (iv) a copy of the Data in standard format.

– to object, in whole or in part, to the processing carried out:

a) for the purposes of scientific, historical or statistical research, even if pertinent to the collection purpose, if such opposition is based on reasons related to their particular situation;

b) for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or to pursue the legitimate interest of the Controller or of a third party;

c) for the purpose of sending promotional materials, advertising and direct marketing;

– to revoke, at any time, the consent given and on the basis of which the processing has been allowed, without affecting the lawfulness of the processing already carried out on the basis of the consent given before revoking said consent.

In the event that they believe that the processing of their Data is against the law, the Data Subjects may submit a complaint to the supervisory authority of the Member State of their habitual residence or work, or to the place in which the alleged violation occurred. The Italian Supervisory Authority can be contacted using the details provided on its own website.

9. Data Controller

The Data Controller is Cravattificio Gierre S.r.l., Via Carlo Poma n. 24, 20129 – Milano, Vat 06259350152, acting through its legal representative pro tempore. Gierre may also be contacted by e-mail at [email protected]

To exercise the rights listed above, the Data Subject may submit their request by e-mail to [email protected]

Gierre reserves the right to update this information on the processing of Data.