Privacy

GRIN SRL and its sub-offices and affiliates (singly and collectively called “GRIN SRL”) will process your data with the greatest care. The privacy of those visiting our Websites and who interact with us is of great importance to us. Here below you will find detailed explanations of how we manage your data to protect your privacy. If you need any further information please do not hesitate to contact us by clicking on the link below:

 

Request information

 

 PRIVACY AND COOKIES POLICY

pursuant to article13 of the Privacy Code (Legislative Decree 196/2003) and art. 13 of EU Regulation 679/2016

 

GRIN SRL (hereinafter, the “Controller”)as process Controller, pursuant to and for the purposes of art. 13 of Legislative Decree 196 of 30 June 2003, (hereinafter, the “Privacy Code”) and art. 13 of EU Regulation 679/2016 (hereinafter, the “Privacy Regulation”), as amended:

  • collects and then processes the personal data of its Clients and Suppliers (hereinafter, the “Data Subject”)
  • intends to notify all users of and/or visitors to the website www.mygrin.eu (respectively the “Users” and the “Website”) about use of personal data, log files and cookies collected through the Website itself.

Pursuant to art. 4 of the Privacy Regulation, “personal data” is: “any information concerning an identified or identifiable individualdata subject»). The individual who can be identified, directly or indirectly, is considered identifiable, with special reference to an identifier like name, identification number, location data, and online identifier or one or more characteristic elements of his/her physical, physiological, genetic, mental, economic, cultural or social identity”.

 

1.CONTROLLER, PROCESSOR AND DATA PROTECTION MANAGER

  • The personal data processing Controller is GRIN Srl (Tax Code and VAT number 04956970968) with registered office in VIA DELLE INDUSTRIE, 13, 23896 SIRTORI (LC), e-mail info@mygrin.it (hereinafter the “Controller”).
  • The updated list of Processors appointed will be supplied at a request from the data subjects and/or Users.
  • The company has not appointed a Data Protection Manager.

 

2. CLIENT DATA PROCESSING PURPOSES AND METHODS.

The data of clients and suppliers is processed for the following purposes:

  1. full, accurate execution of the obligations of the contractual relationship implemented (hereinafter, the “Agreement”);
  2. administrative and accounting obligations strictly connected to the Agreement and its creation;
  3. compliance with specific legal obligations, from a regulation or from community regulations (for example, those set forth on “anti money-laundering”);
  4. updating the Data Subject on promotional and marketing actions, also by sending advertising and/or promotional material (for example, newsletters), through automated tools and/or traditional contact modes.

 

Personal data is processed, under the Controller’s authority, by parties specifically appointed, authorised and trained to do so pursuant to art. 30 of the Privacy Code and art. 29 of the Privacy Regulation, using manual, digital or telematic tools, with logics strictly related to the purposes; however, in a way that guarantees the confidentiality and security of the personal data. The personal data may also be processed, for the Controller, by Processors specifically appointed to do so pursuant to art. 29 of the Privacy Code and art. 28 of the Privacy Regulation.

 

3. WEBSITE USERS’ DATA PROCESSING PURPOSES AND METHODS.

The personal data requested and supplied is needed to enable the user to access the website www.mygrin.eu (hereinafter the “Website”) and use the following services (the “Website Services”):

  • consult the products/services catalogue;
  • enter the reserved area;
  • be contacted;
  • enter the service to find points of sale for products near his/her position;
  • Use the DOWNLOAD service;
  • Access the NEWSLETTER service

 

Data is processed for the following purposes:

  1. to fulfil legal obligations;
  2. to manage the Website technically;
  3. to update people on all our promotional and marketing actions, even direct, also by sending advertising and/or promotional material, through automated tools and/or traditional contact modes, for example by e-mail (the “Newsletter”).
  4. to analyse preferences, habits, interests and choices, including the type, frequency, location of purchases, to prepare statistics, create specific user profiles and perform predictions related to future consumption (hereinafter, the“Profiling Activity”);
  5. to circulate technical/commercial information (the “Products/services Catalogue”);
  6. to inform the clients of authorised parties to be contacted if interested (“Resellers”);
  7. to enable the download of technical and commercial information on products or services (“Download”)

 

The processing of data for the above purposes will comply with the Privacy Code and the Privacy Regulation and all specific sector regulations including what is established in the “Authority Regulations for loyalty programs” of 24 February 2005 and in the “Guidelines on the processing of personal data for on-line profiling” of 19 March 2015.

In compliance with the “Guidelines on promotional activities and contrasting spam” of 4 July 2013, please note that consent possibly provided to send commercial, promotional and marketing communications through automated tools will extend to traditional contact methods.

Data supplied will mainly be processed using digital tools under the Controller’s authority, by parties specifically appointed, authorised and trained to do so pursuant to article 30 of the Privacy Code and articles 28 and 29 of the Privacy Regulation. Please note that suitably security measures are taken also pursuant to arts.5 and 32 of the Privacy Regulation to prevent the loss of data, illegal or incorrect use and unauthorised access.

 

4. INFORMATION COLLECTED AUTOMATICALLY BY THE WEBSITE - COOKIES

a) Information collected automatically

Like all websites, our Website uses log files which store information collected automatically during visits. In fact, computers systems and software procedures used to operate the Website acquire some information automatically during use; it is transmitted implicitly when using Internet communication protocols.

The following information is collected:

  • Internet Protocol (IP) address or domain name of the device used;
  • type of browser and device parameters used to connect to the Website;
  • URI (Uniform Resource Identifier) addresses of resources requested or the method used to submit the request to the server;
  • name of the internet service provider (ISP);
  • visit date and time;
  • User referral and exit web pages;
  • possibly the number of clicks;
  • the size of the file obtained in response;
  • the numerical code indicating the data response status from the server (successful, error, etc.);
  • other parameters related to the device’s operating system and computer environment.

That information is processed automatically and collected solely in an aggregated form to check that the Website is operating correctly.

 

b) Cookies

Cookies are used in the Website. Cookies are text files recorded on digital support, enabling registration of some parameters and data communicated to the computer system, through the browser used.

Cookies enable an analysis of habits when using the Website, for different purposes: computer authentications, monitoring sessions, memorizing information on specific configurations concerning users accessing the server, memorizing preferences, etc.

Cookies are separated into:

  1. Technical cookies: used for navigation or to supply a service requested. Without using those cookies, some operations could not be done or would be more complex and/or less secure.
  2. Profiling cookies: are used to track navigation and create profiles on tastes, habits, etc. In that way, advertising messages consistent with the preferences already shown in previous on-line navigation can be transmitted to devices.

 

Consent to the installation of Cookies:

  1. Consent is not needed to install technical Cookies.
  2. Consent is required for the installation of profiling Cookies. If you do not want the device to receive and memorise profiling Cookies, you can modify your browser’s security settings. In fact, through the settings of the browser used to navigate you can decide whether to cancel and/or avoid the installation of cookies on the device used.

 

However, please note that deactivating the use of profiling Cookies means that some Website functions cannot be used in full.

 

Cookies from third parties 

When navigating the website, the terminal/device can also receive cookies sent by other websites or webservers (hereinafter “Third Parties”). The Third Parties using cookies in our website are:

On using the Website use of Cookies is deemed as accepted and that consent has been given to the processing of data collected by Third Parties.

 

5. OBLIGATORY OR OPTIONAL NATURE OF CONSENTING TO THE PROVISION OF DATA. CONSEQUENCES OF A REFUSAL AND THE LEGAL BASIS OF PROCESSING

Please note that:

  • providing personal data is obligatory for purposes linked to company activities, to finalising agreements, managing contacts and using services offered by the website. The legal bases consist in the correct execution and management of the contract and execution of the services supplied through the website.
  • providing personal data is not obligatory but optional for purposes linked to direct marketing, newslettering and profiling also using digital tools. With reference to those purposes the legal basis for processing is any consent expressed freely (pursuant to art. 6, paragraph 1, letter a) of the Privacy Regulation and art. 23 of the Privacy Code). Not providing data means we will not be able to contact the user for those purposes.

Please remember that, in any case and at any time, you may ask the Controller to  erase data through a simple communication to be sent with no special formalities to the addresses given in art. 1 above.

 

6. TO WHOM AND IN WHAT AREAS MAY WE TRANSMIT DATA

Data may be notified, in the EU, in full compliance with the Privacy Code and the Privacy Regulation, to the following subjects:

  1. the financial administration and/or other public authorities, when that is established by law or at their request;
  2. the external structures, subjects and companies that the Controller uses to perform the activities connected, instrumental and resulting from execution of the Website Services - including the cloud computing storage service - to send the Newsletter and Profiling Activities;
  3. external consultants (for example, to manage fiscal obligations), unless appointed as Processors in writing.

 

7.RIGHTS

Please note that rights pursuant to art. 7 of the Privacy Code and arts. 15, 16, 17, 18, 20 and 21 of the Privacy Regulation may be exercised at any time by sending a written communication to the Controller’s contact details in art. 1 above, and as a result, obtain:

  • confirmation of whether the personal data is being held or not and indication of its origin, check exactness or request updating, rectification, integration;
  • access, rectification, erasure of data or restriction of processing;
  • erasure, transformation into an anonymous form or blocking data processed in breach of the law.

The data subject may also object to the processing of data previously provided.

Referred to the Newsletter, please note the right to request the interruption of processing performed through the automatic contact mode and extended to traditional ones. Moreover, it is possible to exercise that right only partially, that is requesting interruption, for example, to send promotional communications through one or some contact modes for which consent had been provided.

 

8. DURATION OF PROCESSING

Personal data will be stored for a preset period based on criteria founded on the type and duration of the Agreement and on the needs to protect the interests of the Data Subject (going from 24 months for profiling data to 10 years for contractual data, through the vagueness linked to data collected for guarantees).

 

9. SECURITY MEASURES

Through the Website, data is processed in compliance with laws applicable and using suitable security measures in compliance with laws in force, also pursuant to arts. 5 and 32 of the Privacy Regulation. On this point, we confirm adoption of suitable security measures to block unauthorised access, theft, disclosure, modification or unauthorised destruction of data processed.

 

10. CHANGES TO THE PRIVACY POLICY

The Controller reserves the right to make changes to this Privacy Policy. In that case the users will be notified in a timely manner when they next use the Website.

This Policy was issued in May 2018.