Premise
Pursuant to Article 13 of EU Regulation 2016/679, the General Data Protection Regulation (hereafter, "Regulation" or "GDPR"), this policy outlines the handling of personal data collected through the website https://www.grechiperticari.com/, which is owned and operated by Grechi Perticari S.r.l. (hereafter, "Website"). This information is intended for all users interacting with the Website’s pages, including those who access the Website without registering and those who register after completing a specific procedure to use the services offered online.
It is also noted that any third-party websites linked on this Website are governed by separate privacy policies, which are independent of this document.
1. DATA CONTROLLER
The controller of personal data collected through the Website is:
Grechi Perticari S.r.l.
Via San Girolamo, 338
06135 Perugia, Italy
VAT ID: IT03887150542
(hereafter, “Company” or “Controller”)
2. PERSONAL DATA SUBJECT TO PROCESSING
In addition to other data referenced in specific sections (particularly regarding "Cookies"), the Website may collect and process the following data:
- Browsing Data: These are data automatically registered by the server with each Website visit, such as IP addresses or domain names of users’ computers, URI (Uniform Resource Identifier) addresses of requested resources, request times, methods used to submit requests to the server, file sizes received, numerical codes indicating the response status from the server (success, error, etc.), and other parameters concerning users’ operating systems and computing environments. Social buttons, which merely provide links to the Company’s social media profiles (such as Pinterest, Instagram, YouTube, LinkedIn), fall into this category, allowing users to reach the Company’s social networks with a single click. Any interactions within the social network are subject to the respective network’s privacy policies and settings.
- Personal Data Provided Voluntarily by Users/Customers: Data users provide through electronic forms for registration, account creation, order submission, and information requests. This may include name, surname, date of birth, email, address, phone number (including mobile), and other data or information in messages sent to the contact points provided on the Website or through published forms (including messaging systems). This also includes data related to orders and purchase processes.
- Online Payment Data: In terms of payment data entered by users, the Company only processes information from digital payment companies and financial institutions managing credit card payments, limited to status updates on the payment (successful/rejected). Other account details (e.g., PayPal, prepaid cards, or credit cards) are stored by the entities managing those services and are not authorized for use by the Company for other purposes.
For the purposes indicated in this policy, the Company does not collect or process any personal data considered as "special categories" under the GDPR (e.g., data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, or health data). Users are advised not to enter such special categories of personal data in contact forms or provide them via phone to Customer Service.
3. LEGAL BASIS AND PURPOSE OF PROCESSING
The processing of personal data is exclusively directed toward the following purposes:
(i) Performance of contractual or pre-contractual obligations – to ensure registration on the Website (and account creation), the provision of services requested via the Website, and the management and fulfillment of product orders placed through the Website. This also covers administrative and accounting purposes related to the concluded contract, including the electronic transmission of order confirmations, invoices, and order completion notifications, as well as purposes related to discounts, promotional sales, and promotions. Customer Service may also process user data to handle and respond to support requests related to products or services available on the Website, including the Newsletter service, activated upon specific request and subscription.
(ii) Compliance with legal obligations – to fulfill legal or regulatory obligations (national and/or EU), including tax-related ones, as well as requirements from competent authorities and entities.
(iii) Legitimate interest of the Company – for defense of rights or interests in any legal or administrative proceeding (including data security measures and debt recovery); for statistical analysis and market research on aggregated data; and for email communication to existing customers regarding products or services similar to those previously purchased by the customer (so-called "soft spamming"), subject to the customer's right to object. This also includes email invitations for customers to complete online purchases in cases of abandoned e-commerce orders (so-called "abandoned cart reminders").
4. MANDATORY OR OPTIONAL NATURE OF DATA PROVISION
The provision of data for purposes described under points (i) (performance of contractual obligations) and (ii) (compliance with legal obligations) is optional. However, as this processing is essential for Website registration and usage, including services related to or stemming from the submission of purchase orders, failure, partial, or incorrect data provision may result in an inability to register on the Website, process and fulfill orders, or access online services, as well as to process specific user requests.
For point (iii) (legitimate interest of the Company), no express consent is required, but users retain the right to object to such processing.
5. DATA DISCLOSURE
Data may be disclosed to the following entities:
- All entities (including public authorities) with statutory or administrative access rights;
- All entities, public and/or private, individuals and/or legal entities, to whom data disclosure is necessary or functional for fulfilling contractual or legal obligations.
Additionally, for the purposes listed above, personal data may be disclosed to authorized Company employees and collaborators (especially within the administration and customer service departments), as well as to entities acting on behalf of the Company, including but not limited to:
- Companies, consultants, or professionals responsible for Website hardware and software maintenance;
- Couriers or shipping companies for product delivery;
- Entities managing informational or commercial communications;
- Company’s legal and fiscal advisors;
Data transfers to non-EU countries or outside the EEA, if required, will be carried out in compliance with GDPR standards, such as the adoption of Standard Contractual Clauses, selecting entities in countries with EU adequacy decisions, and any other applicable measures.
6. DATA RETENTION PERIOD
Personal data will be processed and retained for the duration of the contractual relationship and, subsequently, for the maximum period permitted by applicable legal regulations concerning statutory limitations and/or claims, as well as to defend the Company’s rights in disputes.
Data processed for Newsletter purposes will follow these guidelines, allowing users to unsubscribe at any time.
7. MINORS UNDER 16
The Website does not contain information, features, or services intended for users under 16 years of age. Minors should not provide information or personal data without parental consent. Users under 16 are requested to avoid submitting their data unless authorized by a parent or guardian.
8. DATA SUBJECT RIGHTS
As a data subject, the user may request the following rights from the Controller:
- Right of Access
- Right of Rectification
- Right to Erasure
- Right to Restriction
- Right to Data Portability
- Right to Object
To exercise these rights, please contact:
Grechi Perticari S.r.l.
Via San Girolamo, 338 - 06135 Perugia, Italy
Email: privacy@grechiperticari.com
This Privacy Policy may be subject to changes and updates in compliance with applicable regulations.
LAST UPDATE: OCTOBER 2023