PRIVACY POLICY

The company F.B. s.r.l. (VAT number 03105310134), with registered office in Milan (MI) 20123, via V. Monti, 55, REA Chamber of Commerce of Milan, Monza Brianza, Lodi MI1874968 and administrative and operational headquarters in Locate Varesino (CO), Via Sacro Monte n. 1 (22070), telephone 0287366253 (from Monday to Saturday from 9:00 to 22:00, excluding Sundays and national holidays in Italy), email: servizioclienti@gioiapura.it. (hereinafter, "Owner"), as the Owner of personal data pursuant to articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data (hereinafter, "Regulation") informs pursuant to art. 13 and 14 of the Regulation which will proceed with the processing of personal data referring to users of the site.

1. Object of the processing

According to the European regulation on the protection of personal data, legal persons cannot be considered interested and therefore the European regulation does not apply. However, if, in the context of the collection of company data, personal data relating to a natural person is entered, that person will be considered as interested pursuant to the aforementioned regulation.
NEWSLETTER / DEM (via email and SMS): If you subscribe to the newsletter you will provide us with your email address; you can also provide us with your telephone number.
CONTACT US: If you fill in the contact form, we will ask you to provide your first and last name and email address.
PURCHASE: If you make a purchase, we will ask for your personal data and contact information in addition to the shipping address.
REGISTRATION: we will ask for personal data and contact information.
You can also decide to register on the site when the purchase is completed and in this case we will use the data you will provide us when filling out the purchase form and may also decide to register via social media and in this case your data will be provided to us by Google or Facebook.
WORK WITH US: we will collect the data that will be included in the cv and therefore it will tend to be personal data and contact information; we can also treat particular categories of data, for example if in the cv will mention being part of protected categories.
ABANDONED CART and WISHLIST: we will process your email address.
NOTIFICATION OF PRODUCT AVAILABILITY: we will process your email address.
REVIEW: we will use your email address to ask you to provide us with reviews.

In any case, ip address and navigation log will be processed.

2. Legal basis and purpose of the processing

The processing of data will be carried out to allow the performance of activities related to the establishment and management of the service requested to the owner.
The provision of data is mandatory in all cases where the legal basis is the execution of the contract or fulfillment of legal obligations arising from the purchase while it is optional in all other cases; in any case of failure to provide it will not be possible to fulfill the requests.
The data will be processed lawfully, correctly and with the utmost confidentiality, in compliance with the appropriate security measures as provided by the Code and the Regulation.
The treatment will be carried out with analog / digital means. In any case, the data will not be publicly disclosed except for those relating to comments or reviews.
With your consent, you may be subjected to profiling as better specified in the dedicated paragraph.
In particular:
NEWSLETTER / DEM (via email and SMS): With your explicit consent (to the use of cookies and / or to the sending of commercial information dedicated to you, we may cross some data in our possession in relation to your habits navigation or purchase to propose products and / activities in line with your interests or with your shopping habits. In particular, we will be able to cross elements such as the characteristics of purchase, the average cart, the frequency of purchase, type and date of birth or geographical area).
PROFILING: With your explicit consent (to the use of cookies and / or to the sending of commercial information dedicated to you, we may cross some data in our possession in relation to your browsing or purchasing habits to offer you products and / activities in line with your interests or with your shopping habits. In particular, we may cross elements such as purchase characteristics, average shopping cart, purchase frequency, gender and date of birth or geographical area). LIGHT PROFILING / SEGMENTATION: We will be able to proceed with a segmentation of our customers on the basis of some basic information, such as the subdivision into man / woman or by age group and also cross these data with others such as, for example, the number of purchases or their frequency; by not obtaining a detailed profile and respecting what can be defined as legitimate expectations of the interested party and by processing exclusively data held by the company, without comparison or interconnection with other systems.
CONTACT US: The legal basis is consent and your data will be processed to allow us to respond to your requests.
PURCHASE: The purpose is to allow you to complete the purchase of our products and allow us to send them. The legal basis is the execution of a contract and the fulfillment of legal obligations (including those of an accounting and tax nature). Your data will be communicated to the courier who will take care of the shipment, duly appointed as data processor. With the purchase, with prior consent, your data will be exported to a CRM for sending commercial information.
REGISTRATION: The purpose is to allow you to enter our site and make purchases more easily as well as manage orders or returns. The legal basis is consent.
WORK WITH US: The purpose is to allow us to evaluate your CV and the legal bases can be found, for common data, in Article 111bis of Legislative Decree no. 196/03 (execution of pre-contractual measures carried out at the request of the interested party); for particular data, in Article 9 letter b) and therefore they are necessary to exercise the specific rights of the data subject regarding labor law.
REVIEW: The legal basis is consent and we will process your data to allow you to carry out these activities.
ABANDONED CART and WISHLIST: The legal basis is the legitimate interest of the company to remind the user to complete an "interrupted purchase" and the products in the cart as well as to let users know, whose products are in the wishlist, the changes they undergo (for example: availability or price). We believe that the user can reasonably expect this treatment because he has interacted with the site showing interest in some products. It is understood that you can always oppose this treatment by exercising the rights referred to in art. 21 GDPR.
NOTIFICATION OF PRODUCT AVAILABILITY: The legal basis is the execution of pre-contractual measures carried out at the request of the interested party and the purpose is to respond to your request.
REVIEW: The legal basis is the legitimate interest of the company to ask you for a review of the products or services rendered; while the legal basis for making the review remains consent.

In any case, the data may also be processed in the event of a dispute with the customer and the legal basis for this processing is the legitimate interest of the owner in legal protection.

IP address and navigation log: we will process the data based on the legitimate interest of the company and the fulfillment of legal obligations.

3. Processing methods - and data retention period

The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for:

NEWSLETTER: We will delete the data after 5 years from the last email sent.
CONTACT US: The data will be used to respond to your requests and will subsequently be deleted. The verification of the obsolescence of the data is done every 12 months.
PURCHASE: We will keep your data for no more than 10 years after purchase.
REGISTRATION: Until you decide to unsubscribe; we will delete your account after 7 years from the last login. Before that and we will send an email to find out if you want to keep the account active.
WORK WITH US: We will delete your data 24 months after sending your CV.
ABANDONED CART and WISHLIST: For the abandoned cart we will send you two emails in the next seven days to remind you to pick up where you left off; subsequently we will delete the data. For products included in the wishlist, we will send you a notification every time the product changes.
REVIEW: Reviews will stay online until they are out of date or you ask us to delete them.

IP address and navigation log: the data will be deleted after 24 months.

Longer data retention times may be justified by the possible establishment of a dispute; in these cases the data controller will process the data for as long as it is necessary for the defense in court.

4. Data communication

The Data Controller may communicate the data for the purposes referred to in art. 2 to all subjects to whom communication is mandatory by law for the accomplishment of the purposes provided for by law. The data may be disclosed to the couriers who will act as data processors and to the payment gateways who will process them as independent holders. The list of data processors is available on site.

5. place of storage and data transfer

The management and storage of personal data will also take place on servers located in non-EU countries (for example for sending commercial information). The data controller ensures from now on that the data transfer will take place in compliance with the GDPR through the stipulation of standard contractual clauses.

6. Rights of the interested party

The user, in his capacity as an interested party, has the rights referred to in art. 15 of the Regulation and precisely:

    1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form.
    2. The interested party has the right to obtain the indication:
      a) the origin of personal data;
      b) the purposes and methods of the processing;
      c) of the logic applied in case of processing carried out with the aid of electronic tools;
      d) the identity of the owner, manager and representative;
      e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents.
    3. The interested party has the right to obtain:
      a) updating, rectification or, when interested, integration of data;
      b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
      c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means that are manifestly disproportionate to the protected right.
    4. The interested party has the right to object, in whole or in part:
      a) for legitimate reasons, to the processing of personal data concerning him / her, even if pertinent to the purpose of the collection;
      b) to the processing of personal data concerning him for the pursuit of purposes not covered by art. 2.
Also pursuant to articles 15 and following of the GDPR, the user has the right to request at any time, access to his personal data, the correction or cancellation of the same, the limitation of processing in the cases provided for by art. 18 of the GDPR, obtain the data concerning him in a structured format, commonly used and readable by an automatic device, in the cases provided for by art. 20 of the GDPR. At any time, the user can revoke pursuant to art. 7 of the GDPR the consent given; propose a complaint to the competent supervisory authority pursuant to Article 77 of the GDPR if it considers that the processing of your data is contrary to the legislation in force. The user can formulate a request for opposition to the processing of his personal data pursuant to article 21 of the GDPR in which to give evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate the request, which would not be accepted in case of existence. compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the user. The interested party can exercise the rights referred to in the previous article at any time by sending a registered letter or an email to the addresses indicated above.