GRIN SRL and its sub-offices and affiliates (singly and collectively called “GRIN SRL”) will process your data with the greatest care. The privacy of those visiting our Websites and who interact with us is of great importance to us. Here below you will find detailed explanations of how we manage your data to protect your privacy. If you need any further information please do not hesitate to contact us by clicking on the link below:
pursuant to article13 of the Privacy Code (Legislative Decree 196/2003) and art. 13 of EU Regulation 679/2016
GRIN SRL (hereinafter, the “Controller”)as process Controller, pursuant to and for the purposes of art. 13 of Legislative Decree 196 of 30 June 2003, (hereinafter, the “Privacy Code”) and art. 13 of EU Regulation 679/2016 (hereinafter, the “Privacy Regulation”), as amended:
Pursuant to art. 4 of the Privacy Regulation, “personal data” is: “any information concerning an identified or identifiable individual («data subject»). The individual who can be identified, directly or indirectly, is considered identifiable, with special reference to an identifier like name, identification number, location data, and online identifier or one or more characteristic elements of his/her physical, physiological, genetic, mental, economic, cultural or social identity”.
1.CONTROLLER, PROCESSOR AND DATA PROTECTION MANAGER
2. CLIENT DATA PROCESSING PURPOSES AND METHODS.
The data of clients and suppliers is processed for the following purposes:
Personal data is processed, under the Controller’s authority, by parties specifically appointed, authorised and trained to do so pursuant to art. 30 of the Privacy Code and art. 29 of the Privacy Regulation, using manual, digital or telematic tools, with logics strictly related to the purposes; however, in a way that guarantees the confidentiality and security of the personal data. The personal data may also be processed, for the Controller, by Processors specifically appointed to do so pursuant to art. 29 of the Privacy Code and art. 28 of the Privacy Regulation.
3. WEBSITE USERS’ DATA PROCESSING PURPOSES AND METHODS.
The personal data requested and supplied is needed to enable the user to access the website (hereinafter the “Website”) and use the following services (the “Website Services”):
Data is processed for the following purposes:
The processing of data for the above purposes will comply with the Privacy Code and the Privacy Regulation and all specific sector regulations including what is established in the “Authority Regulations for loyalty programs” of 24 February 2005 and in the “Guidelines on the processing of personal data for on-line profiling” of 19 March 2015.
In compliance with the “Guidelines on promotional activities and contrasting spam” of 4 July 2013, please note that consent possibly provided to send commercial, promotional and marketing communications through automated tools will extend to traditional contact methods.
Data supplied will mainly be processed using digital tools under the Controller’s authority, by parties specifically appointed, authorised and trained to do so pursuant to article 30 of the Privacy Code and articles 28 and 29 of the Privacy Regulation. Please note that suitably security measures are taken also pursuant to arts.5 and 32 of the Privacy Regulation to prevent the loss of data, illegal or incorrect use and unauthorised access.
4. INFORMATION COLLECTED AUTOMATICALLY BY THE WEBSITE - COOKIES
Like all websites, our Website uses log files which store information collected automatically during visits. In fact, computers systems and software procedures used to operate the Website acquire some information automatically during use; it is transmitted implicitly when using Internet communication protocols.
The following information is collected:
That information is processed automatically and collected solely in an aggregated form to check that the Website is operating correctly.
Cookies are used in the Website. Cookies are text files recorded on digital support, enabling registration of some parameters and data communicated to the computer system, through the browser used.
Cookies enable an analysis of habits when using the Website, for different purposes: computer authentications, monitoring sessions, memorizing information on specific configurations concerning users accessing the server, memorizing preferences, etc.
Cookies are separated into:
Consent to the installation of Cookies:
However, please note that deactivating the use of profiling Cookies means that some Website functions cannot be used in full.
Cookies from third parties
When navigating the website, the terminal/device can also receive cookies sent by other websites or webservers (hereinafter “Third Parties”). The Third Parties using cookies in our website are:
5. OBLIGATORY OR OPTIONAL NATURE OF CONSENTING TO THE PROVISION OF DATA. CONSEQUENCES OF A REFUSAL AND THE LEGAL BASIS OF PROCESSING
Please note that:
Please remember that, in any case and at any time, you may ask the Controller to erase data through a simple communication to be sent with no special formalities to the addresses given in art. 1 above.
6. TO WHOM AND IN WHAT AREAS MAY WE TRANSMIT DATA
Data may be notified, in the EU, in full compliance with the Privacy Code and the Privacy Regulation, to the following subjects:
Please note that rights pursuant to art. 7 of the Privacy Code and arts. 15, 16, 17, 18, 20 and 21 of the Privacy Regulation may be exercised at any time by sending a written communication to the Controller’s contact details in art. 1 above, and as a result, obtain:
The data subject may also object to the processing of data previously provided.
Referred to the Newsletter, please note the right to request the interruption of processing performed through the automatic contact mode and extended to traditional ones. Moreover, it is possible to exercise that right only partially, that is requesting interruption, for example, to send promotional communications through one or some contact modes for which consent had been provided.
8. DURATION OF PROCESSING
Personal data will be stored for a preset period based on criteria founded on the type and duration of the Agreement and on the needs to protect the interests of the Data Subject (going from 24 months for profiling data to 10 years for contractual data, through the vagueness linked to data collected for guarantees).
9. SECURITY MEASURES
Through the Website, data is processed in compliance with laws applicable and using suitable security measures in compliance with laws in force, also pursuant to arts. 5 and 32 of the Privacy Regulation. On this point, we confirm adoption of suitable security measures to block unauthorised access, theft, disclosure, modification or unauthorised destruction of data processed.
This Policy was issued in May 2018.