Website Privacy Policy
PRIVACY POLICY FOR PERSONAL DATA PROCESSING OF THE WEBSITE
http://www.grucciadesign.it
art. 13 – 14 REG. (UE) 2016/679
Document created: May 9, 2022
| WEBSITE PRIVACY POLICY MOD. 1 For any clarification, information, or to exercise the rights listed in this notice, please contact: info@grucciadesign.it Please include in the subject line: “Website Privacy Request” This policy may be updated following new regulations or website changes; therefore, we invite you to periodically check this section. |
GENERAL INFORMATION ON EU REGULATION 2016/679. EU Regulation No. 679/2016 establishes rules to protect individuals regarding the processing of personal data. This privacy policy applies exclusively to the website mentioned above. Third-party websites accessible via this site are not covered by this policy: the Data Controller declines any responsibility for them. According to the law, personal data processing must comply with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and protection of the data subject’s rights. By browsing this website or providing personal data, the user accepts the terms of this policy, except where explicit consent is required by law.
DATA CONTROLLER- art. 24 GDPR. The Data Controller (or simply “Controller”) is the natural or legal person, public authority, service, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The Controller is also responsible for security-related aspects. With regard to the processing of personal data carried out through this website, the Data Controller is:
Grucciadesign srls
Viale G. G. Felissent n. 44
31020 Villorba (TV) Italy
P.IVA/C.F. 04839120260
Email: info@grucciadesign.it
For any clarification or to exercise the rights granted to the data subject, you may contact the addresses indicated above.
DATA SUBJECT – art. 4 comma 1 lett. a) GDPR. The “data subject” is the natural person, identified or identifiable, to whom the personal data relates. In short, it is the individual who provides their personal data to the Data Controller and who is therefore protected under the aforementioned European Regulation. With regard to this website, the data subject is the user, i.e., the natural person who carries out browsing activities.
DATA OF MINORS UNDER 14. This website does not offer services directed to individuals under the age of fourteen. Participation in training courses is permitted exclusively to adults. The Data Controller is not responsible for any collection of data from such individuals, as this responsibility lies with the holders of parental responsibility due to lack of supervision. In any case, should the Data Controller become aware that any data has been inadvertently collected from individuals under the age of fourteen, it will be promptly deleted.
PURPOSES OF PROCESSING AND CATEGORIES OF DATA PROCESSED – art. 13 par. 1 lett. c) GDPR. In addition to browsing data, the Data Controller processes only the data strictly necessary, which are marked with an asterisk (*) in the relevant fields on the website. The data provided will be used solely and exclusively to achieve the purposes listed below (for example: data provided to request information about the Controller’s activities will be used only to respond to that request and not for other purposes, unless the data subject has given consent or the Controller has a legitimate interest in using the data for different purposes).
Below are the purposes for which the Data Controller processes the user’s personal data, along with the related reasons.
(1) To allow navigation on the website.
During simple browsing, no directly identifying data is collected. However, for the proper functioning of the website, the IT systems may acquire certain information whose transmission is implicit in internet communication protocols (e.g., log files, IP address). Additionally, through the use of cookies, information may be collected that the user does not provide directly. In any case, such information is not collected in order to be associated with identified individuals; however, by its nature, it could still allow third parties to identify users through processing and association with other data already in their possession. Information on cookies and similar automated systems is made available to users via the dedicated link labeled “COOKIE POLICY” on the website (see also the cookie policy published at the end of this document).
(2) To respond to information requests.
The website provides the contact details of the Data Controller (email, registered office, phone, and any other relevant contacts). Users who use these contacts to request information about the Controller’s activities provide their personal data (such as name, surname, and personal details), which will be processed exclusively for the purpose of responding to requests for information, clarifications, or inquiries.
(3) To comply with legal obligations.
The data provided by the data subject will be used to fulfill legal obligations established by national, European, or supranational regulations.
(4) For the establishment, exercise, or defense of legal rights.
The data provided by the data subject may be processed, where necessary, for the establishment, exercise, or defense of the Data Controller’s rights in out-of-court and/or judicial proceedings.
(5) For sending direct marketing communications (Newsletter).
The following information applies whenever, during navigation on this website, the user is asked to provide their data and consent for the Data Controller to send advertising material or commercial communications, offers and promotions, direct sales communications, or to carry out market research or opinion surveys (hereinafter collectively referred to as “direct marketing” or Newsletter activities). The purpose of the processing is to carry out direct marketing activities towards the user.
(6) To respond to information requests submitted by the user via the contact form.
User data (name, email, phone number, and other details) provided through the completion of the contact form will be processed by the Data Controller solely for the purpose of responding to the user’s request for information.
(7) For recruitment purposes and potential inclusion in our team.
The candidate’s personal data, such as name, surname, email, phone number, educational background, tax code, and possibly data relating to minors, will be processed for recruitment, selection, and personnel evaluation purposes. Sensitive data (as per Art. 9(1) GDPR) will be processed only if strictly necessary. Judicial data (as per Art. 10 GDPR) will be processed only under the supervision of the Judicial Authority. If the candidate provides the Data Controller with their public social media profiles (such as Facebook, Instagram, LinkedIn, etc.), the data contained therein will be processed only if necessary and relevant for the performance of the job position applied for (for example, if the candidate applies as a social media manager and has a profile useful for showcasing their skills, the Controller may lawfully process such data). No social media profiles (even public ones) used solely for private purposes will be considered by the Data Controller; therefore, candidates are kindly requested not to include such information in their CV.
LEGAL BASIS- art. 13 par. 1 lett. c) GDPR. The numbering below follows the order indicated above.
(1) Depending on the case, the legal basis may consist of consent pursuant to Art. 6(1)(a) GDPR or Art. 22 GDPR (see Cookie Policy), or legal obligations and/or the legitimate interest of third parties (Art. 6(1)(c) and (f) GDPR) (e.g., processing carried out by law enforcement authorities for justice purposes).
(2) The legal basis is the performance of pre-contractual or contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR).
(3) The legal basis for this processing is compliance with a legal obligation to which the Data Controller is subject (Art. 6(1)(c) GDPR).
(4) This processing is justified by the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR). In fact, in the event of a dispute or litigation between the data subject and the Controller, the latter is entitled to process the data to defend its rights.
(5) The legal basis is:
i) the (optional) consent of the data subject pursuant to Art. 6(1)(a) GDPR;
ii) Art. 130(4) of the Italian Privacy Code, but only for email communications concerning services similar to those already “sold” to the customer;
iii) the legitimate interest pursuant to Art. 6(1)(f) GDPR (in conjunction with Recital 47 GDPR), when the data subject reasonably expects such processing and it does not override their rights and freedoms.
(6) The legal basis is the performance of pre-contractual or contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR).
(7) The processing is lawful as it is carried out for the execution of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR).
Indeed, sending a CV or other professional/work-related data, and the subsequent evaluation by the Data Controller, aims to determine whether to establish an employment relationship. In any case, explicit consent must be provided at the end of the CV if the data subject includes sensitive data (see Art. 9(1) GDPR).
(It is recommended to include the following statement at the end of the CV: “I hereby give my explicit consent to the processing of sensitive data,” along with date and signature.)
DATA RETENTION PERIOD – art. 13 par. 2 lett. a) GDPR. The numbering below follows the order indicated above.
(1) Except as stated regarding cookies or similar tools, the Data Controller does not retain any data potentially provided through simple browsing.
(2) The data of the data subject will be retained for the time necessary to provide the requested information service; once this period has expired, the data will be immediately deleted. PLEASE NOTE: the data will not be deleted but properly managed in accordance with GDPR in the event of a contract being concluded (which cannot be finalized through this website). For further information, please refer to the relevant privacy policy.
(3) The retention period depends on the legal provision applied by the Data Controller at the time of processing.
(4) The Data Controller retains the data for this purpose only if there is a reasonable likelihood of legal action being required.
(5) With reference to this point:
i) In the case of consent, the data will be retained for this purpose until the withdrawal of consent pursuant to Art. 7 GDPR. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
ii) – iii) In the case of processing carried out pursuant to Art. 130(4) of the Italian Privacy Code and Art. 6(1)(f) GDPR, the data will be retained until the data subject objects pursuant to Art. 21 GDPR, either from the outset or during the course of processing.
(6) As per point (2).
(7) The retention period depends on whether an employment relationship is established. If the Data Controller is not interested in the candidate’s profile, the data will be deleted immediately. If the profile is of interest but not immediately required, the data will be retained for a maximum period of 15 months. In the event of an employment or collaboration agreement, the Data Controller will retain the data of the new employee/collaborator in accordance with the relevant privacy policies (to which reference is made). Finally, if there is a concrete likelihood of a dispute or legal claim between the parties, the candidate’s data will be retained until the reasons justifying such retention no longer exist (e.g., amicable settlement, final court decision, etc.).
MANDATORY NATURE OF DATA PROVISION
CONSEQUENCES OF FAILURE TO PROVIDE DATA
METHODS OF PROCESSING – art. 13 par. 2 lett. e) GDPR. The numbering below follows the order indicated above.
(1) The data subject is not obliged to provide their data. Failure to provide such data will prevent navigation on the website. Processing is carried out exclusively through IT systems (software).
(2) The data subject is not obliged to provide their data. Failure to provide such data will prevent the user from receiving the requested information. Processing is carried out via email, telephone, and postal mail.
(3) The system depends on legal obligations; in fact, legislation determines the methods of processing (see, for example, electronic invoicing).
(4) Processing is carried out through IT systems (e.g., email, certified email (PEC), online platforms, management systems, etc.) and paper-based systems (e.g., drafting legal documents, formal notices, printing documents, postal mail, etc.). In some cases, the system depends on legal obligations (see, for example, telematic civil process – PCT).
(5) The provision of personal data is not mandatory. If data is not provided for receiving marketing communications, the data subject will not be able to obtain further information about the Controller’s products and services. Regarding processing methods, “direct marketing” communications are carried out through
automated systems (e.g., email, fax, SMS, automated calls, social networks, interactive applications, push notifications), and traditional systems (e.g., postal mail and/or phone calls with an operator). It is specified that consent given for automated systems also allows the Controller to use the same data for communications via traditional systems. In any case, the data subject has the right to object to any unwanted processing method (e.g., requesting to receive communications only via email). For telephone marketing with an operator, such processing is not permitted if the data subject is registered in the Public Register of Objections.
(6) The data subject is not obliged to provide data. Failure to provide such data will prevent the user from receiving the requested information. Processing is carried out through IT systems.
(7) The candidate is not obliged to provide personal data. However, failure to provide such data will prevent the Data Controller from evaluating the candidate’s profile and, therefore, from proceeding with recruitment or hiring.
DISCLOSURE AND COMMUNICATION OF DATA – art. 13 par. 2 lett. e) GDPR. Data will not be publicly disclosed but may be communicated to authorized personnel (e.g., employees, where applicable), or appointed data processors (e.g., hosting service providers).
To comply with legal or contractual obligations, personal data may also be communicated to:
(i) insurance companies in the event of claims;
(ii) public authorities where required by law;
(iii) lawyers, law enforcement agencies, or judicial authorities (for example) in cases of unlawful acts, contractual breaches, or other legally relevant situations involving the data subject or the Data Controller. For further information on authorized persons or data processors, please contact the Data Controller at the email address indicated above.
PLACE OF PROCESSING AND TRANSFER OF DATA TO NON-EU COUNTRIES- art. 13 par. 1 lett. f). Data processing is carried out at the Data Controller’s registered office as well as at the workplaces of the parties designated as data processors. The Data Controller undertakes not to transfer user data to countries outside the European Union. In the event of such transfers, the Controller guarantees compliance with the provisions set out in Articles 44 and following of the GDPR. For any further information, please contact the email address indicated above.
DATA SUBJECT RIGHTS. IThe data subject has the right to request access to their personal data from the Data Controller, i.e., to know which data is being processed (Art. 15 GDPR); the right to obtain rectification, i.e., to have their data corrected if it has changed (Art. 16 GDPR); the right to restriction of processing, i.e., to limit the use of their data by the Data Controller (Art. 18 GDPR); the right to object, on legitimate grounds, to the processing of their data (Art. 21 GDPR); the right to data portability, i.e., to receive all personal data processed by the Controller in a structured, commonly used, and machine-readable format (Art. 20 GDPR); the right to request the erasure of their data (Art. 17 GDPR); the right to withdraw at any time the consent previously given, without affecting the lawfulness of processing carried out prior to withdrawal (Art. 7–13 GDPR); and the right to lodge a complaint with the Data Protection Authority in the event of violations of the applicable regulations (Art. 77 GDPR).
COOKIE POLICY. Information regarding cookies and similar automated systems is made available to the user by clicking the dedicated link labeled “COOKIE POLICY” located in the footer of the website. For completeness, the Data Controller also provides the aforementioned Cookie Policy at the end of this website privacy notice.
For any information, clarification, or to exercise your rights, please contact the Data Controller at the email address indicated above.
***
COOKIE POLICY OR SIMILAR TRACKING TECHNOLOGIES POLICY
www.grucciadesign.it
art. 13 – 14 REG. (UE) 2016/679
Document created: May 9, 2022
| COOKIE POLICY WEB MOD. 1 For any clarification, information, or to exercise the rights listed in this notice, please contact: info@grucciadesign.it Please include in the subject line: “Website Cookie Request” The “PRIVACY POLICY FOR THE PROTECTION OF PERSONAL DATA OF THE WEBSITE” forms an integral part of this “COOKIE POLICY,” including the rights that the user may exercise by contacting the addresses indicated above. This policy may be subject to changes due to the introduction of new regulations or updates to the website; therefore, we invite you to periodically review this section for updates. |
I. GENERAL INFORMATION ON COOKIES.
Pursuant to EU Regulation 679/2016, as well as the provisions issued by the Italian Data Protection Authority (Garante) with Decision No. 231 of June 10, 2021 (“Guidelines on cookies and other tracking tools”), the Data Controller hereby provides its Cookie Policy. The purpose of this Cookie Policy is to provide users with all the information required under Articles 13–14 of the GDPR, as well as to describe in a specific and detailed manner the characteristics and purposes of the cookies installed on the website, allowing users to select or deselect individual cookies. Processing through cookies is carried out using automated tools, and the data retention period depends on the type of cookie used.
What cookies are. Cookies are small strings of code that the websites visited by the user send to their device (usually to the browser: Google Chrome, Internet Explorer, Mozilla Firefox, etc.), where they are stored and then retransmitted on each subsequent visit by the same user.
Why they are useful. Through the use of cookies, the visited website recognizes the user’s device, improving the browsing experience. Cookies allow users to: navigate efficiently between pages, remember preferred websites, store language preferences and more. They also help ensure that online advertising content is more relevant to the user’s interests.
Cookie classification. Cookies are classified as follows:
- by duration:
session cookies: automatically deleted when the browser is closed
persistent cookies: remain active until expiration or deletion by the user - by origin:
first-party cookies: set directly by the visited website
third-party cookies: set by external websites - by purpose:
technical cookies
profiling cookies
Technical cookies are used to improve the user’s browsing experience. Without them, certain operations may become difficult or even impossible to perform. These cookies may be either first-party or third-party, and can be session-based or persistent; in any case, they do not require the user’s prior consent to be installed.
This category includes strictly necessary cookies, which enable the proper functioning of the website and allow users to access its essential features, such as authentication or the storage of previous actions. It also includes functionality cookies, which enhance the browsing experience by remembering user preferences, such as language settings or other customizations. In addition, analytical cookies fall within this category when they are used to collect information about how users interact with the website, such as the number of pages visited, time spent on the site, or any errors encountered during navigation.
Analytical cookies are considered technical rather than profiling cookies only when appropriate measures are in place to reduce their ability to identify users, such as the anonymization of significant portions of the IP address. When a website uses only technical cookies, it is not required to obtain user consent through a cookie banner; however, providing a comprehensive cookie policy, like this one, remains mandatory.
Profiling cookies are activated only after the user has given their consent. This consent is typically provided by clicking “OK” (or “continue”, etc.) on the cookie banner displayed on the homepage or other pages of the website, or through a clear affirmative action, such as selecting an option within the page. These cookies are used to improve the services offered by the Data Controller and to deliver advertising content tailored to the user’s preferences and interests based on their browsing behavior. The use of profiling cookies for targeted advertising does not result in an increased number of advertisements, nor does it negatively affect the browsing experience. On the contrary, if profiling cookies are disabled, users will simply be shown generic advertisements instead of content aligned with their interests. Examples of profiling cookies include third-party analytical cookies without IP anonymization or data aggregation, as well as advertising, tracking, and conversion cookies.
II. HOW TO MANAGE AND/OR DISABLE COOKIES.
Users can manage their cookie preferences through various methods, which may also be used as alternatives to one another. By following the procedures outlined below, users can choose which cookies to accept and which to disable, either by setting their preferences directly in their browser or by modifying them after cookies have already been installed on their device.
- Most web browsers are set to automatically accept cookies. However, users can modify their browser settings to limit or block cookies if they wish. To manage cookie preferences, users should refer to the instructions or help section provided by their browser, following the relevant paths for the most commonly used browsers.
https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Safari:
support.apple.com/mobile
support.apple.com/desktop
Chrome:
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=it
Firefox:
https://support.mozilla.org/it/kb/Eliminare%20i%20cookie
If users access the website using multiple browsers, the cookie deletion procedure must be carried out for each browser individually. Similarly, if different devices are used (such as smartphones or tablets), users should refer to the specific instructions provided by each device in order to manage or remove cookies. It is important to note that blocking cookies may affect or prevent the proper functioning of the website, as some cookies are strictly necessary for navigation.
- by visiting http://www.youronlinechoices.com/it/ users can obtain more information about third-party cookies, behavioral advertising, and any promotional or targeting cookies that may be stored on their device. Users can also choose to disable all or only some of these cookies by accessing the following link: http://www.youronlinechoices.com/it/le-tue-scelte
- Section III lists the cookies used on this website, including the relevant third-party providers responsible for them. To select or disable these cookies, users must refer to the privacy policies and consent management tools provided by those third parties, accessible via the links indicated in the “Cookie Management” section. Please note that third-party providers may update these links over time; should this occur, users are invited to contact the Data Controller at the email address provided above for further information.
- This website uses a system called “CookieBot” to allow users to view a detailed list of all cookies in use, categorized by type and function. By clicking on the “Show details” link available in the cookie banner displayed upon accessing the site, users can explore this information. Through the same banner, users are also able to manage their preferences and disable any cookies they do not wish to accept.
III. COOKIES USED ON THIS WEBSITE
The following section outlines the technical and profiling cookies, both first-party and third-party, used on this website.
Google Analytics cookies
This website uses Google Analytics to install analytical technical cookies, which allow the Data Controller to collect statistical data about user navigation and thereby improve the services offered. The Data Controller has implemented appropriate measures to reduce the identifying power of these analytical cookies, including the anonymization of significant portions of the IP address.
The data generated by Google Analytics is retained in accordance with the terms specified in the relevant policy, available at the following address:
https://support.google.com/analytics/answer/2838718
Google Inc.’s privacy policy is available at:
http://www.google.it/intl/it/policies/privacy/
Users can disable Google Analytics by installing the browser add-on available at:
https://tools.google.com/dlpage/gaoptout
Disabling these cookies does not affect the browsing experience. However, it should be noted that the anonymous statistical data collected through these technical cookies helps the Data Controller improve its services for users.d
| Name | Purpose | Retention period | Consequences of non-acceptance | Origin | Cookie management |
| _ga | To identify users | 2 years | No data relating to navigation on this website will be stored | Google.com | Please refer to the links provided in the detailed description of the cookie types in use. |
| _gat_gtag_UA_91330834_1 | To limit data collection on high-traffic websites | 1 minute | Linked to the “_ga” cookie | As above. | As above. |
| _gid | To distinguish between different users of the website | 1 day | As above. | As above. | As above. |
Last updated: May 9, 2022
