Pursuant to article 13 of EU Regulation no. 679 of 27 April 2916, (hereinafter “GDPR”), GPA S.p.A. (hereinafter called the “Company”), provides the following information concerning personal data processing (hereinafter called “Data”) from users of the website www.gpa-group.it (hereinafter called the “Website”).
- DATA CONTROLLER
The Website user’s data Controller is GPA S.p.A. with registered office at Via Molino Rosso 9/C – 40026 Imola (BO).
The Company can be contacted at the following address:
- By e-mail, at the address: privacy@gpa-group.it;
- By post, at the following address: Via Molino Rosso 9/C – 40026 Imola (BO).
- TYPE OF DATA FOR PROCESSING
Processed Data can be classified into identification data, location data or online identification data. It can also relate to one or more physical, physiological, psychic, economic, cultural, or social identity elements which allow the data subject to be identified or identifiable, depending on the type of service requested.
More specifically, Data processed on the Website is:
B.1- Data processed whilst browsing
Browsing on the Website produces cookies. Cookies are small text files which visited web sites send to the user’s browser. They are stored in the user’s browser before being reshared to the same websites in following visits.
During website browsing, the user can receive website cookies or webserver cookies which are different from the website that he or she is visiting (so-called “third-party” cookies). It is possible to distinguish:
- technical cookies, these allow us to carry out the activities linked to the correct functioning of the Website.
- profiling cookies, used to analyse the user’s behaviour and possibly send him/her advertising messages which result from the preferences that he/she expresses when surfing.
While technical cookies cannot be refused by the site user as they are strictly functional for the Site itself, users can freely choose to accept or refuse profiling cookies.
More in detail, the internet website uses Cookies which are described in the Cookie Policy.
B.2 Further data provided voluntarily by the user
The optional, explicit, and voluntary sending of e-mails (through the section “Spontaneous application” or the “Contact us” form or via the e-mail addresses present on the website www.gpa-group.it) result in the consequent acquisition of the user’s email address and his/her other personal data which is necessary to respond to requests as well as any other possible personal data inserted in the request.
B.3 Contact Data to send the newsletter
The newsletter service can be activated to receive information, promotional and commercial offers to be updated with the Controller and other Group Companies’ activities.
- LEGAL BASIS, NATURE AND PURPOSES OF THE PROCESSING
The processing of the user’s personal data aims to:
- allow the provision of services offered by the Company. The legal basis of this processing is given by the need to enter into a contract of which the data subject is a party or for pre-contractual measures adopted at the latter’s request;
- allow browsing on the Website as well as correct functionality. The legal basis of the processing consists of the provision in favour of the users of the services connected to the Website and the legitimate interest of the Controller in having a functional website;
- fulfil any obligations stipulated by applicable laws, regulations or Community legislation or to satisfy the Authority’s requests. The legal basis of the processing is the Controller’s compliance with the mandatory legislation;
- analyse the user’s behaviour and possibly send him/her advertising messages depending on the preferences expressed whilst browsing. The legal basis of this processing is based on the data subject’s consent;
- send newsletters containing information, promotional and commercial offers regarding the Controller and other Group companies’ activities. The legal basis of this processing in this case is the consent of the data subject;
- defend the Controller’s legal rights in the event of dispute, also in a legal dispute. The legal basis of this processing is the Controller’s legitimate interest to protect his/her rights.
Provision of data is optional but (except in cases of processing based on consent), failure to provide the data prevents the Data Controller from allowing browsing of the website.
- DATA RECIPIENTS
Data can be sent:
- to third parties who need to carry out specific activities in relation to the Data in accordance with the purposes of the processing, or to the Controller’s service providers.
- To authorities, institutions or subjects, the communication of which is mandatory by law or contract.
- In other circumstances such as acquisitions or sales to potential third-party companies when we contemplate selling or transferring some or all of our businesses.
- DATA TRANSFER
As regards to the possibility of Data transfer in non-European countries, the processing will take place in accordance with the applicable law. It is possible to have more information, upon request, from the Company at the above contacts.
- DATA RETENTION
Data will be kept for the time strictly necessary to achieve the purposes of the processing, applying the principles of minimization and proportionality.
In any case:
- with regard to the processing carried out for the provision of services, the Company will keep the Data for the period of time envisaged and permitted by Italian law to protect its interests (art. 2946 et seq. of the Italian civil code);
- with regard to personal Data processed to comply with legal obligations, it will be kept for the time required by the specific obligation or applicable law;
- with regard to the terms of duration of the Data processed through cookies, these are reported in the Cookie policy.
For Data whose processing is based on the consent of the data subject, please note that the same will be kept until the consent is revoked.
Further information regarding the data retention period and the criteria used to determine this period can be requested by sending a written request to the Company at the addresses indicated above.
- RIGHTS OF THE DATA SUBJECTS
Pursuant to article 15 et seq. of the GDPR, the data subject has the right to ask the Company to access his/her personal data, the right to rectification, delete and oppose the processing of personal data concerning him/her in the cases stipulated in article 18 GDPR, as well as the right to receive the personal Data concerning him or her in a structured format, commonly used and readable by an automatic device in the cases stipulated by article 20 GDPR.
Requests must be sent in writing to the Company at the addresses indicated above.
In any case, the interested party always has the right to lodge a complaint with the competent supervisory authority, i.e. the Guarantor for the Protection of Personal Data, pursuant to art. 77 GDPR, if he/she believes that the processing of his/her Data is contrary to the legislation in force.