Privacy Policy
Privacy Policy
This Website collects certain Personal Data on its Users.
GPI Spa, with registered office at Via Ragazzi del ‘99,13, Trento, Italy, 38123 – (hereinafter, “Data Controller”, “Owner” or “GPI”), in its capacity as Data Controller, informs Users—pursuant to Art. 13 Regulation (EU) 2016/679 (hereinafter also “GDPR”) and Italian Legislative Decree 196/2003 (Privacy Code), as amended by Italian Legislative Decree no. 101/2018—of the privacy policy adopted to understand how personal data is handled when using the services offered and to allow Users to give their express and informed consent to the processing of their personal data in the sections of the site where they are asked to provide personal data.
This policy document also fully respects and complies with Recommendation no. 2/2001 that the European authorities for the protection of personal data adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online and, in particular, the manner, timing and nature of the information which data controllers must provide users when they connect to web pages, regardless of the purpose of the connection. By consulting this site, data relating to identified or identifiable persons may be processed. Consent mechanisms will be clear, short and easily understandable. If the original conditions for which consent has been requested should change, for example, if the purpose of the data processing changes, further consent will be required in accordance with Regulation (EU) 2016/679.
According to the rules of the Regulation, the processing carried out by GPI will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and storage, data minimisation, accuracy, integrity and confidentiality.
Index
- DATA CONTROLLER
- DATA PROTECTION OFFICER
- TYPE OF DATA COLLECTED
- PROCESSING METHOD AND LOCATION OF THE DATA COLLECTED
- Processing methods
- Legal basis for processing
- Location
- Storage period
- PURPOSES FOR THE PERSONAL DATA PROCESSING
- PERSONAL DATA PROCESSING INFORMATION
- USER’S RIGHTS (Articles 15 et seq. EU Reg. 2016/679)
- Information on the right to object
- How to exercise your rights
- COOKIE POLICY
- MORE INFORMATION ON DATA PROCESSING
Data Controller
The Data Controller is GPI Spa, with registered office at Via Ragazzi del ’99, 13, Trento, Italy, 38123, which the User may contact to assert their rights. The Data Controller’s contact information is listed below:
- Telephone: +39 046 138 1515
- Fax: +39 046 138 1599
- Certified e-mail: gpi@pec.gpi.it
- Email address: dpo@gpi.it
Data protection officer
The Data Protection Officer (DPO-RPD) for GPI S.p.a. is Sicurdata Srl, which the User may contact using the following contact information:
- Telephone: +39 055 750 808
- Fax: +39 055 750 808
- Certified e-mail: sicurdatasrl@pec.pec-opendata.com
- Email address: dpo.sicurdata@opendata.it
Types of Data Collected
Personal Data collected by this Website, either independently or through third parties, includes: Cookies, Usage data, email, first name, surname, telephone number, company name and sometimes sensitive data (if, for example, contained within a curriculum vitae sent through the “Careers” section).
Full details on each type of data collected are provided in the dedicated sections of this privacy policy or by means of specific information texts displayed before the data collection.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Website.
Unless otherwise specified, all Data required by this Website is mandatory. If you refuse to provide the data, it may be impossible for this Website to provide the Service. In cases where this Website indicates certain Data as optional, Users will be free to refrain from communicating such Data, without this having any effect on the availability of the Service or operation.
Users who have any doubts regarding which Data are mandatory, are encouraged to contact the Data Controller.
Any use of Cookies or other tracking tools by this Website or by the owners of third-party services used by this Website, unless otherwise specified, is intended to provide the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Website and guarantees that they have the right to communicate or distribute them, releasing the Data Controller from any liability towards third parties.
Method and location of processing of the Data collected
Processing methods
The Data Controller uses appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data.
The processing is carried out using computerised and/or electronic tools, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects involved in the organisation of this Website (personnel in administration, sales, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, they are also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.
Legal basis for processing
The Data Controller processes Personal Data relating to the User if one of the following conditions is met:
- the User has given consent for one or more specific purposes (Art. 6(1)(a) GDPR). Note: in some jurisdictions the Data Controller may be authorised to process Personal Data without the User’s consent or another of the legal reasons specified below, until the User objects (opts out) to such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
- processing is necessary for the performance of a contract to which the User is party or in order to take steps prior to entering into a contract (Art.6(1)(b) GDPR);
- processing is necessary for compliance with a legal requirement to which the Controller is subject (Art. 6(1)(c) GDPR);
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller (Art. 6(1)(e) GDPR);
- the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party (Art. 6(1)(f) GDPR).
However, it is always possible to ask the Data Controller to clarify the actual legal basis of each processing and in particular to specify whether there is a legal basis for the processing, provided for in a contract or necessary to conclude a contract.
Location
The Data are processed at the headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.
Your Personal Data may be transferred to a country other than the country in which you are located. To obtain further information on the processing location, the User may refer to the section on details of the processing of Personal Data.
The User has the right to obtain information on the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or constituted by two or more countries, such as the UN, and on the security measures taken by the Data Controller to protect the Data.
The User may check whether one of the transfers described above takes place by examining the section of this document relating to the details of the processing of Personal Data or request information from the Data Controller by contacting them at the details given at the beginning.
Storage period
The Data are processed and stored for the time required for the purposes for which they were collected.
Therefore:
- Personal Data collected for purposes related to the execution of a contract between the Data Controller and the User will be retained until the execution of such contract is completed.
- Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
When the processing is based on the User’s consent, the Data Controller may retain the Personal Data for a longer period of time until such consent is revoked. In addition, the Data Controller may be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, at the end of this term, the right of access, deletion, correction and the right to portability of the Data can no longer be exercised.
Purposes of the personal data processing
The processing that we intend to carry out, with your specific consent, where necessary, has the following purposes:
- To allow us to provide the services requested by you, including collection of the data. To store and process data for the purposes of the establishment and subsequent operational, technical and administrative management of the relationship connected to the provision of the Services, and the performance of communications relating to the performance of the relationship established;
- To allow navigation and consultation of the GPI.it website
- To respond to requests for assistance or information, which we will receive via email, phone or chat through the application;
- To fulfil legal, accounting and tax obligations;
- o conduct and process, where necessary, studies, research, market statistics; send you advertising material, information, sales information or surveys to improve the service (“customer satisfaction”) via e-mail or text message, and/or through the use of the telephone operators and/or through GPI’s official social network pages;
- Make personalised sales proposals based on the products or services you have purchased, or which you have become interested in by browsing our Site;
- For the sole purpose of security and prevention of fraudulent conduct, the Data Controller implements an automatic control system that involves the detection and analysis of user behaviour on the site associated with the processing of Personal Data including the IP address;
- To initiate and, if necessary, complete the recruitment and selection process, i.e. to establish a working relationship.
To obtain further detailed information on the purposes of the processing and on the Personal Data actually relevant for each purpose, the User may refer to the relevant sections of this document.
Details on the processing of Personal Data (see the website directly)
Personal Data is collected for the following purposes and using the following services:
- Contact the User
- Mailing list or newsletter (this Website)
Upon registration to the mailing list or newsletter, the User’s email address is automatically added to a list of contacts to which email messages containing information, including sales and promotional information, relating to this Website may be sent. Your email address may also be added to this list as a result of your registration on this Website or after making a purchase.
Personal data collected: surname; email; first name; telephone number; company name.
-
- Contact Form (this Website)
The User, by filling in the contact form with their Data, consents to their use to respond to requests for information, quotes, or any other nature indicated in the header of the form.
Personal data collected: surname; email; first name; telephone number; company name.
-
- Tag management
This type of service is necessary for the centralised management of tags or scripts used on this Website.
The use of these services involves the flow of User Data through them and, where appropriate, their retention.
-
- Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal data collected: Cookies; Usage data.
Processing location: Ireland – Privacy Policy. Subject adhering to the Privacy Shield.
- Interaction with social networks and external platforms
This type of service allows interactions with social networks, or other external platforms, directly from the pages of this Website.
The interactions and information acquired by this Website are in any case subject to the User’s privacy settings for each social network
This type of service may still collect traffic data for the pages where the service is installed, even when Users do not use it.
We recommend that you log out of the respective services to ensure that the data processed on this Website is not linked back to your profile.
AddThis (Oracle Corporation)
AddThis is a service provided by Oracle Corporation that displays a widget that allows interaction with social networks and external platforms and the sharing of content on this Web Site.
Depending on the configuration, this service may show widgets belonging to third parties, such as social network managers on which to share interactions. In this case, the third parties that provide the widget will also be aware of the interaction performed and the Usage Data related to the pages where this service is installed.
Personal data collected: Cookies; Usage data.
Processing location: United States – Privacy Policy.
- Statistics
The services contained in this section allow the Site Owner to monitor and analyse traffic data and serve to keep track of the User’s behaviour.
-
- Google Analytics (Google Ireland Limited)
Google Analytics is a web analytics service provided by Google Ireland Limited (‘Google’). Google uses the Personal Data collected for the purpose of evaluating your use of this website, compiling reports on website activity and sharing it with other services provided by Google.
Google may use Personal Data to contextualise and personalise ads in its advertising network.
Personal data collected: Cookies; Usage data.
Processing location: Ireland – Privacy Policy. Subject adhering to the Privacy Shield.
-
- Google Analytics with anonymised IP (Google Ireland Limited)
Google Analytics is a web analytics service provided by Google Ireland Limited (‘Google’). Google uses the Personal Data collected for the purpose of evaluating your use of this website, compiling reports on website activity and sharing it with other services provided by Google.
Google may use Personal Data to contextualise and personalise ads in its advertising network.
This Google Analytics integration makes your IP address anonymous. Anonymisation works by shortening the IP addresses of Users within the borders of the member states of the European Union or in other countries that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google’s servers and shortened within the United States.
Personal data collected: Cookies; Usage data.
Processing location: Ireland – Privacy Policy. Subject adhering to the Privacy Shield.
-
- Google Ads conversion tracking (Google Ireland Limited)
Google Ads conversion tracking is a statistics service provided by Google Ireland Limited which links data from the Google Ads ad network with actions taken on this website.
Personal data collected: Cookies; Usage data.
Processing location: Ireland – Privacy Policy. Subject adhering to the Privacy Shield.
Rights of the User (Art. 15 et seq. Reg. (EU) 2016/679)
Users may exercise certain rights with reference to the Data processed by the Data Controller.
In particular, the User has the right to:
- revoke consent at any time. The User may revoke the previously expressed consent to the processing of their Personal Data.
- object to the processing of Personal Data. The User may object to the processing of their Data if there is a legal basis other than consent. Further details on the right to object are given in the section below.
- access their Data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.
- check and ask for correction. The User may verify the correctness of their Data and request that it be updated or corrected.
- to restrict processing. When certain conditions are met, the User may request the restriction of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than their storage.
- obtain the erasure or removal of Personal Data. When certain conditions are met, the User may request the erasure of their Data by the Data Controller.
- receive their Data or have it transferred to another data controller. The User has the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, to obtain its transfer without hindrance to another data controller. This provision is applicable when the Data are processed by automated tools and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures connected to it.
- lodge a complaint. The User may lodge a complaint with the competent data protection supervisory authority or take legal action.
Details of the right to object
When Personal Data are processed in the public interest, in the exercise of public powers vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.
Users are reminded that, should their Data be processed for direct marketing purposes, they may object to the processing without giving any reasons. To find out whether the Data Controller processes data for direct marketing purposes, Users may refer to the respective sections of this document.
How to exercise your rights
To exercise their rights, Users may send a request to the Data Controller using the contact details indicated in this document. Requests shall be filed free of charge and processed by the Data Controller as soon as possible and, in any case, within one month.
Cookie Policy
This Website uses Cookies. To find out more and to view the detailed information, the User can consult the Cookie Policy.
More information about data processing
Defence in court
The User’s Personal Data may be used by the Data Controller in court or during the preparatory stages to establish a defence against charges of abusing this Website or related Services by the User.
The User declares to be aware that the Data Controller may be required to disclose the Data by order of the public authorities.
Specific information
Upon the User’s request, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.
System log and maintenance
For operational and maintenance needs, this Website and any third-party services used by it may collect system logs, i.e. files that record interactions and may also contain Personal Data, such as the User IP address.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Do Not Track requests
This Website does not support “Do Not Track” requests.
To find out whether any third-party services you use support them, please consult their privacy policies.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this Website and, if technically and legally feasible, by sending a notification to Users through one of the contact details in the Data Controller’s possession. Therefore, please consult this page regularly, referring to the date modified indicated at the bottom.
If the changes involve processing whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.
Our roots run deep, formed over 30 years of history. Expertise, experience and passion
guide us in the present and drive us towards the future.