Order within
for same day dispatch
English
EUR
GDPR INFORMATION pursuant to art. 13-14 of EU Regulation 2016/679 "European Regulation on the protection of personal data"
1. Introduction and Privacy Policy
This information is provided pursuant to Article 13 of EU Regulation 2016/679 - "European Regulation on the protection of personal data - from now on also GDPR".
The undersigned company recognizes the protection of personal data as a primary value and has consequently adopted policies that provide for full compliance with the internal and international regulations on the subject, in compliance with the principles of correctness, lawfulness, transparency and confidentiality established in the GDPR and in any other regulations. applicable.
In compliance with the provisions of the GDPR, this information therefore provides the necessary information regarding the processing of the data provided by you and describes the personal data processing activities carried out by the company Borelli Store srl; it is intended for all those who visit and interact with this e-commerce site www.griffeshop.com owned by the company, the so-called web store ("Store"), in which it is possible to purchase products online.
However, this information is not to be considered valid for other websites that may be consulted through links on the websites of the owner, who is not to be considered in any way responsible for the websites of third parties.
The Company deals with the management of sales and transactions carried out in the context of the Store.
The navigation on the site is free and does not require registration.
Only at the time of purchase, or at the request to become a "partner" of Griffeshop (customer registration), will the data strictly useful for the conclusion of the procedure be requested, that is to: - define the contractual relationship and the consequent legal and tax obligations, as well as to allow effective management of financial and commercial relationships.
The provision of the requested data is optional, but a refusal to do so makes it impossible for Borelli Store srl to conclude the contract and therefore provide products and services.
The company will process your personal data for marketing and / or profiling purposes only with your free and express consent. The consent given for marketing purposes is intended as extended to the sending of communications made through both automated and non-automated methods and / or means of contact, better specified below.
In such circumstances, this privacy policy illustrates the methods and characteristics of the collection and processing of the user's personal data.
If the user provides personal data of third parties, he must ensure that the communication of the data to the Company and the subsequent processing for the purposes specified in the applicable privacy information, complies with the GDPR and the applicable legislation.
The treatments carried out by the company, as Data Controller, are described in the Privacy Policy of the company to which it refers entirely.
2. Identification details of the Data Controller and of the Data Protection Officer (DPO)
The Data Controller is Borelli Store srl in the person of the pro-tempore legal representative, with registered office in via dei Marmorari, 94 - 41057 Spilamberto (MO)
The Data Protection Officer (DPO): Contact email: assistenza@griffeshop.com
3. Place of data processing
The treatments connected to the web / digital / paper services take place at the aforementioned office and are carried out only by personnel formally authorized to process. The data relating to the provision of the web service will be processed at the web farm of the web service provider. No data deriving from the web service is communicated or disseminated.
As a rule, your data will not be transferred outside the European Union.
If this is necessary, in this case we make sure that the recipient, who operates as data controller, complies with the provisions of the GDPR including the rules specifically dictated for the transfer of personal data to third countries, ensuring that said transfers take place on the basis of an adequacy decision or the signing by the manager of standard contractual clauses of data protection approved by the European Commission, which guarantee at least similar levels of protection compared to those envisaged in the EU.
All information on the transfer of personal data to third countries can be requested by contacting the DPO at the addresses indicated in the previous paragraph 2) Identification details of the Data Controller and of the Data Protection Officer (DPO)
4. Type and conditions of legitimacy of the data processed
The computer systems and software procedures used to operate this website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
Visiting and consulting the Site does not generally involve the collection and processing of the user's personal data except for navigation data and cookies as specified in the appropriate section.
In addition, personal data voluntarily provided by the user may be processed when the user interacts with the functionality of the Site or requests to use the services offered on the Site.
In compliance with the relevant legislation, the Company may also collect the user's personal data from third parties necessary for the performance of its business and for the fulfillment of contractual and legal obligations.
All these data are processed, for the time strictly necessary, for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its regular functioning.
The particular data defined by the GDPR are not requested or collected, i.e. those that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to identify in uniquely a natural person, data relating to the health or sexual life or sexual orientation of the person.
Below, by way of example and not limited to the main treatments and related purposes:
A) processing of data by the company for the purpose of accessing and registering to the store and concluding the purchase contract through the Store:
The company will process your data personal:
to allow you to access the Store, even as a non-logged in user, and to browse the Store;
to allow registration to the Store and the use of the services reserved for registered users, including the possibility of purchasing online through the Store;
to allow the conclusion of the purchase contract through the Store;
to allow you to access the Store and browse the Store as a logged in user;
to maintain and manage your account as well as to store your data and information in it, such as, by way of example, personal data, the history of orders and any returns, preferred delivery and / or billing addresses;
The provision of data for the purpose in question is optional: that is, there is no legal or contractual obligation to communicate data; however, failure to communicate the data will make it impossible for the user to access and / or browse the Store and / or register at the Store and use the services reserved for registered users and / or conclude a purchase contract through the Store .
The legal basis for this processing is the fulfillment of the contract or, depending on the case, the execution of pre-contractual measures adopted at the request of the interested party (Article 6.1.b) GDPR or the consent of the interested party freely provided.
For this purpose, the company will process the user's data for the time strictly necessary to carry out the individual processing activities (eg: the registration data will be processed until the account is closed, taking into account the technical times necessary for the same; data necessary for the conclusion of the contract up to the delivery of the product or, in case of non-delivery, up to the termination of the contract), it being understood that, after this deadline, the company may keep the data for the purposes and for the maximum retention periods established by the Regulations and / or by the law.
B) Data processing for the purpose of executing the purchase contract
The company will process your personal data:
to execute the obligations arising for the company from the purchase contract concluded through the Store, such as, by way of example, the delivery of the products sold
to allow it to fulfill the obligations arising from the purchase contract concluded through the Store, such as, by way of example, the payment, even online, of the products purchased.
The provision of data for the purpose in question is optional: that is, there is no legal or contractual obligation to communicate data, however failure to communicate the data will make it impossible for the user to conclude this contract and therefore to purchase through the Store. .
The legal basis for this processing is the fulfillment of the contract (Article 6.1.b) of the GDPR.
For this purpose, the company will process your data for the time strictly necessary to carry out the individual processing activities (eg: the data necessary for the execution of the purchase contract up to the delivery of the product or, in case of non-delivery, up to termination of the contract), it being understood that, once this term has expired, the company may keep the data for the purposes and for the maximum retention periods established by the GDPR and / or by the law.
C) Data processing by the company for assistance / customer care purposes
The company will process your personal data:
for general assistance and customer care activities and therefore to respond to requests for information from users or to respond to complaints, reports and disputes.
The provision of personal data for the purpose in question is optional: that is, there is no legal and / or contractual obligation to communicate data; however, failure to communicate the data makes it impossible to respond to requests and / or reports and / or complaints and / or complaints from users in cases where the response to such requests involves the processing of the user's personal data.
The legal basis of this processing is the execution of pre-contractual measures adopted at the request of the interested party (Article 6.1.b, last paragraph, of the Regulation) or, as the case may be, the legitimate interest of the company pursuant to art. 6.1.f of the GDPR.
For this purpose, the company will process the user's data for the time necessary to carry out the requested activities and, therefore, in particular, for the time necessary to provide the information requested by the user or to respond to complaints and / or reports and / or to complaints presented by the user.
D) Data processing by the company for fraud prevention purposes in the case of payment by credit card
The company will process your personal data:
in the case of payment by credit card for purchases made on the Store, in order to manage and possibly block payment transactions relating to fraudulent orders.
The provision of data for the purpose in question (ie the purpose of preventing credit card fraud) is optional: that is, there is no legal or contractual obligation to provide such data for this purpose and the failure to provide personal data for the purpose in question. object or opposition to the use of such data for this purpose will not have any consequence on the user's ability to register with the Store and / or make purchases on it.
For this purpose, the company also uses data initially collected for different purposes (and, in particular, to allow the conclusion of the purchase contract and its execution) whose further processing for the purpose of preventing credit card fraud is permitted, as it is based on the legitimate interest of the Data Controller, given the compatibility of the purpose in question with the purpose for which the data are initially collected;
The legal basis of this treatment is the legitimate interest of the Data Controller pursuant to art. 6.1.f of the GDPR.
In fact, it is a legitimate interest of the company to carry out an activity, for the purposes of fraud prevention, in the case of online payment by credit card, to protect its business interest, including the purpose of respecting the parameters defined by the international circuits relating to the number fraudulent payment attempts detected on e-commerce sites.
E) Data processing by the company for administrative-accounting, legal and tax purposes:
The company will process your personal data:
for the purpose of executing administrative and / or accounting and / or legal and / or fiscal obligations, connected to the provision of the Store services and / or to the purchase contract concluded through the Store, such as, by way of example, the holding accounting records and the issue of the sales invoice.
The provision of data for the purpose in question is mandatory, because their processing is necessary to allow the Data Controller to fulfill legal obligations imposed on it. Any refusal to provide data for this purpose will make it impossible for the user to use the services of the Store and, in particular, to conclude the purchase contract through the Store.
The legal basis of this processing is the fulfillment of legal obligations to which the company is subject (Article 6.1.c of the GDPR).
For this purpose, the company will process the user's data until the expiry of the legal terms provided for the fulfillment of each administrative-accounting and fiscal fulfillment and / or for the retention times required by law for the conservation of the relative documentation.
F) Data processing by the company in order to allow the user to exercise rights:
The company will process your personal data in order to:
respond to requests for exercising the right of withdrawal and / or requests for exercising the legal guarantee of conformity and / or other rights arising from the purchase contract concluded on the Site and / or provided for by law in relation to this contract and / or in relation to the provision of the Site Services;
carry out the activities that prove necessary as a consequence of the exercise of these rights and to proceed, if necessary, with the related reimbursements;
receive and respond to requests for the exercise of personal data protection rights provided for by the Regulations and carry out all consequent activities.
The provision of data for the purpose in question is mandatory, because their processing is necessary to allow the company to fulfill legal obligations as well as the user to exercise the rights that the law or the contract assign to him. Any refusal to provide data for this purpose will make it impossible for the user to exercise these rights.
The legal basis of this processing is the fulfillment of legal obligations to which the company is subject (Article 6.1.c) of the GDPR).
For this purpose, the company will process the data until the expiry of the legal terms provided for the exercise of the right (limitation period and / or forfeiture) or, in the case of the exercise of these rights, for the time necessary for the management and closure of the file; in the case of exercise of the rights provided for by the Regulation, the data will be processed until the certification, by the Data Controller, of having fulfilled the request or until the fulfillment itself, depending on which of the two events occurs last.
G) Data processing by the company for the purpose of ascertaining, exercising or defending a right:
The company will process your personal data for ascertaining, exercising or defending a right in all competent offices.
The provision of data for this purpose is optional: there is no legal or contractual obligation that requires the data subject to provide data for this purpose.
For the purpose in question, data initially collected for a different purpose are used, the further processing of which is permitted as it is based on the legitimate interest of the owner, given the compatibility of this further purpose with the initial purpose of the collection and also taking into account the fact that , to the extent that the processing is necessary for the ascertainment, exercise and defense of a right, the data controller is also exempted from the obligation of cancellation, by express provision of the GDPR;
The legal basis for this processing is the legitimate interest (Article 6.1.f) of the GDPR.
The user is informed that, in particular, the company will keep and possibly use the data:
1) for the purpose of proving the fulfillment of contractual and / or legal obligations and / or for the exercise of the rights of the interested party. For this purpose the data will be kept for 10 years from the delivery of the product and / or from the provision of the services, including the registration service (in this case the data will be kept for 10 years from the closure of the account) or from the resolution of the contract, in the event of non-delivery of the product;
2) in the case of exercising the rights provided for by the Regulations, the data will be kept for 5 years starting from the attestation of having responded to the request of the interested party or from this confirmation, if later;
3) in the case of the exercise of rights provided for by the purchase contract or by the law, the data will be kept for 10 years, starting from the closure of the file or from the execution of the action that defines it (eg: reimbursement, in case of withdrawal; o delivery of the replacement product, in case of legal guarantee); closing of the file means the last correspondence relating to the exercise of the rights in question;
H) Data processing by the company for marketing and / or profiling purposes
The company will process your personal data for marketing and / or profiling purposes only with your free and express consent. The consent given for marketing purposes is intended as extended to the sending of communications made through both automated and non-automated methods and / or means of contact, as specified in this statement.
The provision of data for this purpose is optional: there is no legal or contractual obligation that requires the data subject to provide data for this purpose; however, failure to communicate the data will make it impossible for the user of the services (eg take advantage of commercial offers, communications, discounts ..) reserved for registered users.
The legal basis of this treatment is the consent expressed by the user (Article 6.1.a of the GDPR).
For this purpose, after obtaining your consent, your data will be kept until its revocation, which can be done at any time.
5. Use of cookies
Check out ourscookie-policy
6. Scope of communication and / or dissemination of data
The subjects to whom the company communicates the data act as external data processors designated by the Data Controller through a specific contract ("Data Processors") or persons authorized to process personal data under the direct authority of the Data Controller ("former Officers ") Or, in the case of third parties that the Data Processor uses, as" Sub-Managers ", pursuant to art. 28.4 of the Regulation, except in cases where the recipient acts as an independent data controller, such as, for example, in the case of the Payment Service Provider, or even as an independent data controller, as in the case of couriers.
Users' personal data may be disclosed by the company to the following categories of recipients:
- companies of the group to which the company belongs and / or employees and / or collaborators, for the performance of administration, accounting and IT and logistical support activities;
- companies, consultants or professionals who may be in charge of the installation, maintenance, updating and, in general, the management of the company's hardware and software, including but not limited to the suppliers of cloud computing services, and to third parties which they make use of;
- companies that carry out logistical support and / or warehouse and / or packaging and / or shipping and delivery or collection of products purchased on the Store and to third parties they use;
- Payment Service Provider and / or to the acquirer and / or to banks in order to allow the payment of purchases made on the Store or their reimbursement, if necessary, and to third parties they use; . The data is encrypted and processed directly by the managers with SSL (Secure Socket Layer) mode, the safest protocol available today and completely transparent for the user.
- public and / or private entities, natural and / or legal persons (legal, administrative and tax consultancy firms), if the communication is necessary or functional for the correct fulfillment of the contractual obligations assumed in relation to the Site Services, including the purchase, as well as the obligations deriving from the law or in the case of ascertaining, exercising or defending a right.
The complete list of recipients is however available at the company headquarters.
7. Rights of interested parties
Finally, we inform you that in accordance with the provisions of Chapter III, Section I, GDPR, the interested party may exercise the rights indicated therein and in particular:
The right of access (Article 15 of the GDPR), which consists in obtaining confirmation that it is or not, the processing of personal data concerning the user is in progress.
Right of rectification (Article 16 of the GDPR) - which consists in obtaining, without undue delay, the rectification of inaccurate personal data concerning the user and the integration of incomplete personal data, also by providing an additional declaration.
Right to cancellation (Article 17 of the GDPR) ("so-called right to be forgotten") - which consists in obtaining, without undue delay, the cancellation of personal data concerning the user.
Right of limitation (Article 18 of the GDPR) - which consists in obtaining the limitation of the processing.
Right to data portability (Article 20 GDPR) - which consists of the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments by the data controller
Right to object (Article 21 of the GDPR) - which consists of the right to object at any time, for reasons connected with your particular situation, to the processing of personal data concerning you pursuant to Article 6, paragraph 1, letters e) or f ), including profiling based on these provisions. The data controller refrains from further processing personal data unless he demonstrates the existence of compelling legitimate reasons for proceeding with the processing that prevail over the interests, rights and freedoms of the data subject or for ascertaining, exercising or the defense of a right in court.
Automated decision-making process relating to natural persons, including profiling (Article 22 GDPR) The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her similarly significantly on his person. Right to lodge a complaint with the supervisory authority - The interested party may lodge a complaint with the Guarantor Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).
8. Exercise of the rights of the interested party
The interested party may exercise their rights through a written communication to be sent by e-mail, certified e-mail, registered letter with return receipt, fax to the addresses indicated in paragraph 2) - Identification details of the Data Controller and Data Protection Officer (DPO) .
The exercise of the rights as an interested party is free pursuant to article 12, GDPR.
9. Withdrawal of consent to treatment
The interested party may revoke the consent to the processing of your personal data at any time, by sending a communication, in the manner indicated above - Exercise of the rights of the interested party, or by writing an email to assistenza@griffeshop.com
