PRIVACY POLICY

PRIVACY POLICY

1. Data Processing Controller

Gruppo 5 s.r.l. with registered office in 36010 Zanè (VI) Via Monte Grappa, 27 – 36010 Zanè (VI) – Italy Tel. +39 0445 314046, Tax Code and VAT no. IT00859860249, e-mail [email protected] PEC (certified electronic mail) [email protected], as the Data Processing Controller of the data entered into the www.gruppo5.it Website is committed to ensuring the respect of the personal data privacy protection code pursuant to EU Directive 679/2016 and Italian Legislative Decree 196/2003 and in such role hereby provides you with the following information.

2. Data processed, purpose of data processing, and legal basis for processing

Data you supply visiting the www.gruppo5.it Website

When accessing our Website, the software procedures in charge of its operation acquire certain personal data as a direct consequence of Internet communication protocols (such as domain names, IP addresses, operating system, type of device, browser used for the connection, pages visited, date of access…) that does not contain any additional personal information and is used to obtain anonymous statistical information on the use of the site, to control the way the site is used, and to ascertain responsibility in the event of hypothetical computer crimes.

The legal basis for the processing of the such data is the need to enable the functionality of the Website for the management of contacts and user requests following access.

Purposes and data provided voluntarily by the user

The personal data provided by the user through the contact form “Send an email” or through the “Contact form“, are collected and processed as follows:

1. for contractual relations with the Data Subject customer, for the execution of the services requested and the consequent legal and fiscal obligations, for statistical needs, cookie management, and for prevention and detection of abuse or fraudulent activity in the use of the site and the consequent protection in court;
2. for administrative purposes and legal obligations (e.g., accounting, administrative, fiscal, or for compliance with requests from judicial authorities);
3. in the presence of specific consent, for the periodic sending of newsletters whenever such service has been enabled;
4. in the presence of specific consent, for promotional communications;

The legal basis that legitimizes the processing of such data is the fulfilment of a contract to which the user concerned is a party or of pre-contractual measures. In the cases expressly indicated, the legal basis is the consent that has been freely provided by the Data Subject.

Data collected by means of the www.gruppo5.it Website

For the sake of completeness, we note that when we send out communications, it may be necessary for the messages sent to be monitored by means of statistical tracking systems that enable detection of the opening of a message, the clicks made on hypertext links contained within the email, the IP address used or the type of browser used to open the email, and other similar details. The collection of such data is functional to the verification of the actual reading of the communication and the spatial position at the time of reading. The legal basis that legitimizes the processing of such data is the fulfilment of a contract to which the Data Subject is a party.

3. Nature of data conferral

The conferral of data for the purposes referred to in paragraphs 1) and 2) is optional, but refusal will make it impossible for our company to fulfil its contractual obligations. As regards the purposes referred to in paragraphs 3) and 4), conferral is optional and the use of the data depends on an explicit consent. Any refusal would make it impossible for our company to send newsletters and advertising material (whenever such services have been enabled).

Access to social networks or web services (Facebook, Youtube, Twitter, Houzz, Linkedin, Google Maps, e-mail services or others) used through the Site entails the sharing of personal data acquired by the site with these services, which become co-owners of data processing and collect them independently. We therefore invite you to read the respective Privacy Policies.

4. Methods of data processing and data storage duration

The data collected will be processed by electronic and telematic instruments or in paper form within the limits of the purposes of collection and in such a way as to guarantee their security. The data are stored for the time strictly necessary for the management of the purposes of collection and in compliance with current regulations and legal obligations. The Data Processing Controller will not store data indefinitely and in any case will do so only in accordance with the minimization of processing principle.

5. Parties authorized for the processing and disclosure of your personal data
   Data can be processed by internal and external personnel formally appointed and authorized to process data according to specific instructions given in compliance with current regulations. If it is necessary or instrumental to the execution of the purposes indicated, the data collected may be processed by third parties appointed as external data processors or communicated to the same as autonomous holders, namely:

• persons, companies, associations or professional studios that provide assistance and consultancy to our Company, for the purposes referred to in point 2) sub 1) and 2) and in the presence of explicit consent for the purposes sub 3) and 4);
• entities and associations that perform services related and instrumental to the execution of the abovementioned purposes (market analysis and research service, credit card payment management, maintenance of computer systems, services for communication, e-mail, and delivery, technical services for the management of the Site, suppliers of computer services and subcontractors of all or part of the services provided) for the purposes referred to in point 2) sub 1) and 2) and whenever explicit consent has been given, for the purposes sub 3) and 4);

Only the data strictly necessary for the fulfilment of the relative functions will be communicated to the parties above. The data collected may also be transferred abroad, even outside the European Union, in the forms and ways provided for by the regulations in force, guaranteeing in any case an adequate level of protection. Under no circumstances, however, will personal data ever be disclosed to unspecified parties.

6. Rights of the Data Subject

In any moment whatsoever, the Data Subject (Articles 15 to 23 EU Reg. 679/2016) has the right to obtain confirmation of the existence of his or her personal data and its  communication in intelligible form; to obtain information on the origin of the data, the purposes and methods of processing, the logic applied in case of processing with the aid of electronic instruments, the identification data of the Data Processing Controller, managers, and representative(s) appointed under Art. 3, paragraph 1, GDPR; the indication of the parties to whom personal data may be communicated or those who can gain knowledge from it as representatives of managers or agents; to obtain the updating, rectification or integration, cancellation, anonymization or blocking of any data processing performed in violation of the law, confirmation that the operations of data updating, rectification, integration, cancellation, anonymization or blocking of processing have been brought to the attention of those to whom the data was communicated or disseminated, unless this operation is impossible or disproportionate in the use of means in respect of the protected right, and to oppose for legitimate reasons data processing in whole or in part.

Where applicable, the Data Subject has the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to objection) and the right to complain to the Supervisory Authority. These rights can be exercised by sending an email to [email protected].