Privacy Policy

PRIVACY POLICY

Information provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”)

General Information

Data subjects are hereby informed (pursuant to Article 4, para. 1, GDPR) of the following general profiles which apply to all processing environments:

• All data are processed in compliance with the applicable data protection regulations (Regulation (EU) 2016/679 and Italian Legislative Decree 196/2003, as amended by Italian Legislative Decree 101/2018);

• All data are processed in a lawful, fair and manner transparent in relation to the data subjects, pursuant to the general principles laid out by Article 5, GDPR;

• Specific security measures are followed to avoid loss of data, illegal or incorrect use of the data, and unauthorised access (Article 32, GDPR).

The Controller

The Controller is this company (represented by its pro tempore legal representative, who can be contacted for any data protection matters or to exercise the rights listed below, under the following sections:

CONTROLLER

Name: Vetreria di Borgonovo Spa

Email: info@borgonovo.it

Data Protection Officer

the Group has appointed a DPO, who can be contacted for all information on the subject of privacy and to exercise all the rights envisaged in the provisions of Articles 15-21 of the GDPR.

DATA PROTECTION OFFICER

Name: Galli Data Service Srl

Email: dpo@gallidataservice.com

Rights of data subjects

• Right to request the existence and access to the personal data concerning said data subject (Article 15 “Right to access”)

• Right to have incorrect or incomplete data amended/supplemented (Article 16 “Right to amendment”)

• Right to obtain the deletion of the data, if justified reasons exist (Article 17 “Right to erasure”)

• Right to obtain limitation of processing (Article 18 “Right to limitation”)

• Right to receive data concerning the data subject in a structured format (Article 20 “Right to portability)

• Right to object to processing and to automated decision-making processes, including profiling (Article 21, 22)

• Right to revoke previously provided consent;

• Right to lodge, in the absence of a response, a claim with the data protection Supervisory Authority.

The following specific information are provided below, relating to:

1. Processing of data connected to the functioning of this website

2. Processing of the data of customers/suppliers of the Controller

1. PROCESSING OF DATA CONNECTED TO THE FUNCTIONING OF THIS WEBSITE

1. Navigation Data

The IT systems and software processes responsible for the operation of this website acquire certain personal data during the course of their normal operations, the transmission of which is an integral and essential part of the Internet communication protocols. This is information which is not gathered in order to be associated with identified parties, but due to its nature could, through processing and association with data held by third parties, permit identification of the users. This category of data includes the IP addresses or domain names of the computers used by visitors to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to issue the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, failure etc.) and other parameters concerning the user's operating system and IT environment.

2. Cookies

This policy is provided pursuant to Article 13 of Regulation EU 2016/679 (GDPR), as well as applicable legislation regulating cookies:

• “Linee guida cookie e altri strumenti di tracciamento” (Guidelines for cookies or other tracking tools), 10 June 2021 (Published in the Italian Official Journal no. 163, 9 July 2021);

• Guideline 5/2020 on consent pursuant to regulation (EU) 2016/679, adopted by the European Data Protection Board.

What are Cookies? Cookies are short fragments of text (letters and/or numbers) which allow the web server to store information on the client (the web browser) to be reused during the same visit to the site (session cookies) or at a later date (persistent cookies). Cookies are stored, on the basis of the user’s preferences, by the individual browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as, for example, web beacons, transparent GIFs and all forms of local storage introduced with HTML5 can be used to collect information on the user's behaviour and use of services. Hereinafter this policy refers to cookies and all similar technologies using simply the term “cookies”.

Possible Types of Cookies

In relation to the “Linee guida cookie e altri strumenti di tracciamento” (Guidelines for cookies or other tracking tools), 10 June 2021 (Published in the Italian Official Journal no. 163, 9 July 2021 and in the Register of Proceedings 231, 10 June 2021), the categories of cookies used, their purposes and classification criteria are given below.

Further Information on Types and Methods of Managing Preferences

By clicking on the corresponding icons of the main web browsers, it is possible to obtain an analytical classification of the cookies used by the site, complete with: cookie name, content, domain, sending method, persistence.

The main web browsers also allow the following:

• Blocking use of all (or some) types of cookies

• Removing some or all of the installed cookies

For information on the settings to use with the individual browsers, see the following section. Please note that blocking or deleting cookies could compromise website navigation. The site could contain links to third-party sites and third-party cookies; for further information, please view the privacy policies of any linked sites.

Links to portals and social media The pages of the website may contain Social Network buttons, widgets, plug-ins, links and cookies to facilitate interaction with social media platforms and sharing of content. These include, by way of example: Facebook pixel, Facebook remarketing, Facebook segmentation etc. (which in any case use technologies and tools which reduce the identifying ability of the cookies, such as anonymisation or hashing/encryption systems). Please note that the processing of data provided by users to the various social media channels is performed in accordance with the privacy settings and rules of the social media companies themselves, accepted by the user upon registration. By way of information, some links for the main social networks are provided below, through which it is possible to manage your privacy and cookies settings:

• Facebook (information): https://www.facebook.com/help/cookies/

• Facebook (configuration): your account - privacy section

• Instagram (information) https://www.instagram.com/legal/privacy

• YouTube: https://www.youtube.com/t/terms

• Linkedin (information): https://www.linkedin.com/legal/cookie-policy

• Linkedin (configuration): https://www.linkedin.com/settings

• Google+ (information): http://www.google.it/intl/it/policies/technologies/cookies/

• Google+ (configuration): http://www.google.it/intl/it/policies/technologies/managing/

• Twitter (information): https://support.twitter.com/articles/20170514

• Twitter (configuration): https://twitter.com/settings/security

• Google remarketing (information): http://www.google.com/intl/it it/policies/technologies/ads/

• Google remarketing (disablement): https://www.google.it/ads/preferences

Managing preferences via the main web browsers Users can decide whether or not to accept cookies using the settings of their web browser (please note that, by default, almost all web browsers are set to automatically accept cookies). The settings can be modified and defined specifically for different websites and web applications. Moreover, the best browsers allow you to define different settings for “proprietary” and “third-party” cookies. Usually, configuration of cookies is performed from the “Preferences”, “Tools” or “Options” menus.

Links to guides for managing cookies for the main browsers are provided below:

Internet Explorer: http://support.microsoft.com/kb/278835

Internet Explorer [mobile version]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings

Chrome : http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647

Safari [mobile version]: http://support.apple.com/kb/HT1677

Firefox : http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies

Android:https://support.google.com/accounts/answer/61416?hl=it&co=GENIE.Platform%3DAndroid

Opera : http://help.opera.com/opera/Windows/1781/it/controlPages.html#manageCookies

Further Information

• www.allaboutcookies.ora (for additional information on the technologies used by cookies and on their operation)

• www.youronlinechoices.com/it/a-proposito (allows users to object to installation of the main profiling cookies)

• www.garanteprivacy.it/cookie (collection of the main regulatory measures by the Italian Data Protection Authority)

3. Specific Functions of the Website

Some pages of the website may involve requests for information from the user in relation to specific services (e.g. requests for information, user information, work with us etc.).

4. Data supplied voluntarily by the user

The optional, explicit and voluntary sending of post/email to the addresses listed on this website, also for the purposes of completing the purchase of products sold through the site, will result in acquisition of the sender's email address, which is essential for responding to the requests, as well as any other personal data included in the message. Should the user upload their CV in order to apply for a position, they will remain the sole party responsible for the relevance and accuracy of the data sent. Please note that any CVs sent without the inclusion of a specific disclaimer authorising processing of the subject's personal data will be immediately deleted.

5. Data provided for the purchasing of products by the user

In order to allow the conclusion of the sales contract, the Controller will gain knowledge of personal data relating to you (identifying data, contact details, any payment data where communicated by the payment platform PayPal), processing of which is necessary to comply with contractual obligations. Data provided for conclusion of the contract may be communicated to PayPal as service provider, in accordance with the terms and conditions of use of that provider.

2. PROCESSING OF DATA CONNECTED TO RELATIONSHIPS WITH CUSTOMERS AND SUPPLIERS

1. Purpose of the Processing

The company processes identifying personal details of customers/suppliers (for example, name, surname, company name, tax details, address, telephone number, email address, bank, and payment information) and of their contact persons (name, surname, and contact data) acquired and used within the scope of supply of the products/services supplied.

2. Purposes and Legal Basis of the Processing

The data are processed in order to:

• Conclude contractual/professional relationships and supply the related services;

• Comply with precontractual, contractual and tax obligations relating to existing relationships, as well as manage the necessary related communications;

• Comply with obligations provided for by law, regulations, EC directives or by the authorities;

• Exercise a legitimate interest or right of the Controller (for example: legal defence, protection of credit positions, normal operating, management and accounting requirements).

Failure to provide such data will make it impossible to establish a relationship with the Controller. The above-mentioned purposes represent appropriate legal bases for processing pursuant to Article 6 paras. b, c and f. In the event of an intention to perform processing for different purposes (e.g: marketing communication, production of photo/video content etc.), specific consent will be required from the data subjects.

3. Methods of Processing and Retention Times

Processing of personal data is performed by means of the operations specified in Article 4, 2), GDPR, more specifically: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data. Personal data are subject to processing both electronically and on paper. The Controller will process the data for the time necessary to fulfil the purpose for which they were gathered, and the relative legal obligations (generally coinciding with the relationship with the data subject, save for extension in reference to the retention obligations for administrative documentation and commercial correspondence.

4. Scope of the Processing

Data are processed by internal parties duly trained and authorised pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external parties operating as Independent Controllers or Data Processors (e.g. consultants, technicians, banking institutes, carriers etc.). Data may be communicated to any subsidiary/associate companies. Data will not be transferred or transmitted outside the EU (they may only be transferred outside the EU pursuant to the conditions laid out in Chapter V, GDPR, designed to guarantee that the level of protection of data subjects is not compromised “Article 45 Transfers on the basis of an adequacy decision, Article 46 Transfers subject to appropriate safeguards, Article 47 Binding corporate rules, Article 49 Derogations for specific situations”). Data will not undergo automated processes which involve significant consequences for the data subject.

3. POLICY UPDATES

Please note that this policy may undergo periodic revision, also in relation to the reference regulations and legislation. In the event of significant changes, this will be suitably highlighted on the website homepage for an appropriate period of time. Data subjects are, in any case, encouraged to check this policy on a periodic basis.