Privacy Policy
Pursuant to art. 4, no. 7 of the EU Regulation, Gewiss S.p.A., tax code and VAT number IT 00385040167, with registered offices at Via Domenico Bosatelli 1 - 24069 Cenate Sotto (BG) – Italy, is the Controller of data (hereinafter referred to as the “Data Controller”). Gewiss S.p.a. has appointed a Data Protection Officer (DPO), who may be contacted at the following email address: dpo@pec.gewiss.com.
Privacy Information Notice pursuant to art. 13 of EU Regulation 2016/679 on the use of the Site https://www.gewiss.com/ww/en
THE REASON FOR THIS INFORMATION NOTICE
In compliance with the provisions of art. 13 of EU Regulation 2016/679 (hereinafter referred to as the "EU Regulation" or “GDPR”), concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data, this Information Notice is provided to users of the https Site: https://www.gewiss.com/uk/en (hereinafter, the "Site").
It is understood that the Data Controller makes available further detailed information notices for specific situations.
IDENTITY OF THE DATA CONTROLLER AND DATA PROTECTION OFFICER
TYPES OF DATA PROCESSED
For the pursuit of the purposes indicated below, the Data Controller, depending on the case and if necessary, will process personal data belonging to the following categories:
• Navigation data (common personal data), data belonging to this category are collected through cookies. For detailed information about the cookies, please refer to the cookie policy;
• Common personal data such as personal and contact data relating to the services offered by this Website.
The optional, explicit and voluntary sending of emails to the addresses indicated on this Website involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the letter.
PURPOSE OF PROCESSING AND RETENTION PERIOD
The purposes of the processing are as follows:
1. Purposes for the protection of a legitimate interest of the Data Controller (art. 6 para. 1, let. f GDPR):
a. Ensure the proper functioning of the Website;
b. Prevent or discover fraudulent activities or abuses that are harmful to the Website.
The data processed for the above purposes will be stored according to the provisions of the cookie policy.
c. Exercise the rights of the Data Controller, for example the right of defence in court.
If it is necessary to ascertain, exercise or defend the rights of the Data Controller in court, the retention period may extend until the judgement becomes final.
2. Purposes based on a contract or pre-contractual measures taken at the request of the data subject (art. 6 para. 1, let. b GDPR):
d. Registration to the reserved area of the MYGEWISS Website.
The data processed for the above purposes will be retained for the duration of the contractual relationship or until the account is cancelled.
e. Sending your application via the "Work with us" section.
The data processed for the above purpose will be stored for a period of 24 months.
3. Purposes based on the data subject’s consent (art. 6 para. 1 let. a GDPR)
f. Subscription to the newsletter service to receive commercial communications and/or advertising material on products or services offered by the Data Controller;
g. Recording of the degree of customer satisfaction regarding the quality of the services and the activity carried out;
h. Carrying out marketing activities: for example, sending - through online and offline channels - by automated means of contact (such as SMS, email, social accounts) and traditional (such as phone calls with operator and traditional mail) - promotional and commercial communications;
i. Carrying out profiling activities: analysis of your preferences, habits, behaviours or interests in order to send you personalised commercial communications;
j. Data transfer to Gewiss Group companies and/or other companies operating in the same product sector as Gewiss S.p.A., for the sending of commercial communications by third parties.
- With reference to point f) above, the data will be kept for a maximum period of 24 months.
- With reference to point g) above, the data will be kept for a maximum period of 24 months.
- With reference to point h) above, the data will be kept for a maximum period of 24 months.
- With reference to point i) above, the data will be kept for a maximum period of 12 months.
- With reference to point j) above, the data will be kept for maximum period of 24 months.
In the aforementioned cases, however, the data subject is given the opportunity to revoke consent at any time (art. 7 para. 3 GDPR).
LEGAL BASES FOR PROCESSING
The processing of personal data referred to above is based on the following legal bases:
• Legitimate interest of the Data Controller (art. 6 para. 1, let. f GDPR) for the purposes referred to in letter a) to letter c).
• Contract or pre-contractual measures taken at the request of the data subject (art. 6 para. 1, let. b GDPR) for the purposes referred to in letters d) and e);
• Consent of the data subject (art. 6 para. 1, let. a GDPR) for the purposes referred to in letter f) to letter j).
CATEGORIES OF RECIPIENTS
The data acquired by the Data Controller, as part of the above purposes, may be communicated to one or more of the following categories of subjects, such as:
• Third parties (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourcing activities on behalf of the Data Controller, as Data Processors;
• Subjects carrying out management activities of the Data Controller’s IT system;
• Marketing and advertising agencies;
• Providers of hosting services;
• Judicial authorities, Revenue Agency, social security institutions, administrative and sector authorities, as well as to those subjects to whom communication is mandatory by law. These parties will process the data as Autonomous Data Controllers.
The complete and up-to-date list of the Autonomous Data Controllers, the Data Processors in charge and the Recipients in any way of data (ex art. 4, no. 9, of the EU Regulation) can be requested from the offices of the Data Controller or via the email: dpo@pec.gewiss.com.
TRANSFER OF DATA OUTSIDE THE EEA
The data will be processed within the European Economic Area (EEA) by the Data Controller and/or by third parties appointed and duly appointed as Data Processors. Transfers may take place to countries that do not provide the same level of protection provided by the GDPR or applicable legislation; in this case, Gewiss S.p.A. will ensure that each of these recipients assumes specific contractual obligations in accordance with the applicable regulations on the protection of personal data (including the signing of the Standard Contractual Clauses approved by the European Commission), unless the Data Controller may refer to any other legal basis for the transfer of such information. In any case, the data subject may always request more information, including the countries receiving the personal data, by writing to the email address privacy@gewiss.com.
For details of transfers through cookies, you can consult the cookie policy.
METHODS OF PROCESSING
Personal data will be processed both on paper and electronically and/or automatically. Collection, registration, organisation, storage, consultation, processing, modification, extraction, comparison, use, interconnection, communication, cancellation and destruction and any other appropriate operation may be carried out, including automated data, in compliance with the legal provisions necessary to ensure, inter alia, the confidentiality and security of the data and the accuracy, updating and relevance of the data to the declared purposes.
RIGHTS OF THE DATA SUBJECT
The data subject, in relation to the personal data provided, has the right to exercise at any time and according to the provisions of the EU Regulation the rights established by the latter and the following:
• Right to withdraw consent (art. 7, para. 3, of the EU Regulation): right to revoke the consent given. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the revocation;
• Right of access of the interested party (art. 15 of the EU Regulation): right to obtain confirmation of the existence or not of personal data relating to him/her and a copy thereof in an intelligible form;
• Right of rectification (art. 16 of the EU Regulation): right to rectification of inaccurate personal data concerning him/her;
• Right to erasure, i.e., "right to be forgotten" (art. 17 of the EU Regulation): right to the erasure of your data;
• Right to restriction of processing (art. 18 of the EU Regulation): right to obtain the restriction of processing, for example, in case of dispute of the accuracy of the data or in case of unlawful processing;
• Right to data portability (art. 20 of the EU Regulation): right to receive in a structured format, of common use and readable by automatic device, the personal data concerning him/her provided to the Data Controller and the right to transmit such data to another Data Controller without hindrance if the processing is carried out on the basis of consent or is contracted and carried out by automated means;
• Right to object (art. 21 of the EU Regulation): right to object to the processing of your personal data;
• Right not to be subjected to automated decision-making processes (art. 22 of the EU Regulation): right not to be subject to a decision based solely on automated processing.
Requests should be sent to the following email address: privacy@gewiss.com.
Please note that the Company undertakes to respond to your requests within 1 month, except in the case of requests of particular complexity, for which a maximum of 3 months may be required. In any case, the Company will explain the reason for the wait within 1 month of your request.
The outcome of the request will be provided in writing (at the request of the interested party) or in electronic format (and, in this case, free of charge). The Data Controller specifies that the data subject may be asked for any contribution if his requests are manifestly unfounded, excessive or repetitive: in this regard, Gewiss S.p.A. will keep track of the requests. Gewiss S.p.A., in compliance with art. 19 of the EU Regulation, undertakes to report to the recipients to whom the personal data of the data subject have been disclosed any corrections, cancellations or restrictions of processing requested by the data subject, where this is possible. Please note that the withdrawal of consent does not affect the lawfulness of the processing based on consent before the revocation.
RIGHT TO LODGE A COMPLAINT (art. 77 OF THE EU REGULATION)
If the data subject considers that his/her rights have been compromised or damaged, or that the processing of his/her data is contrary to current legislation, he/she has the right to lodge a complaint with the Data Protection Authority in the manner indicated by the same link.
NATURE OF DATA PROVISION
The provision of data for purposes a), b), and c) is necessary; failure to provide it will make it impossible to browse the website and ensure the security of the same.
The provision of data for purposes d) and e) is also necessary; failure to provide them will not allow the correct establishment and/or continuation of the contract concluded between the parties.
For purposes f), g), h), i), and j), the provision of data by the data subject is optional: the failure to provide data by the data subject will make it impossible for the data subject to receive commercial communications, including customised products or services offered by the Data Controller.
With regard to the use of technical cookies, please note that if the functionality of these cookies has been limited, through browser settings, navigation may be difficult or impossible.
AMENDMENTS AND UPDATES
Gewiss S.p.A. may also make changes and/or additions to this information as a consequence of any amendments and/or regulatory additions. In such cases, the new version of this policy will be available on the Gewiss S.p.A. Website.