PRIVACY POLICY
Pursuant to Article 13 of EU Regulation no. 679 of 27 April 2016 (hereinafter the “GDPR”), Con.Se. S.r.l. (hereinafter
the “Company”) provides the following information regarding the processing of Personal Data (hereinafter the
“Data”) of users of the Website: www.gpa-group.it (hereinafter the “Site”).
1. DATA CONTROLLER
The Data Controller of the Data of the users of the Site is Con.Se. S.r.l., with registered office in Via Molino Rosso 9/C – 40026 Imola (BO).
The Company can be contacted at the following addresses:
• by e-mail, to the address: privacy@conse.it
• by mail, to the address: Via Molino Rosso 9/C – 40026 Imola (BO)
1. DATA SUBJECT TO PROCESSING
The Data processed may consist of Identification Data, Location Data, an online identifier or one or more characteristic elements of the physical, physiological, mental, economic, cultural or social identity suitable for making the data subject dentified or identifiable, depending on the type of services requested. In particular, the Data processed through the Website are as follows:
B.1 Data processed during navigation
Browsing the Site involves receiving cookies, short strings of text that the websites visited send to the user’s browser, where they are stored and then retransmitted to the same websites during subsequent visits.
While browsing a site, the user may also receive cookies on his computer from sites or web servers other than the one he is visiting (so-called “third-party” cookies). It is possible to distinguish:
a. technical cookies, which allow activities related to the operation of the Site to be carried out;
b. profiling cookies, used to analyze user behavior and possibly send advertising messages in line with the preferences expressed by the user while browsing.
While technical cookies cannot be refused by the user of the Site, as they are strictly functional to the Site itself, the user can freely choose whether to accept or refuse the use of profiling cookies.
More specifically, the website uses the cookies listed in the Cookie policy.
B.2 Additional data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails (through the Spontaneous Application section or the Contact Us Form or in any case through the addresses indicated on the www.gpa-group.it website) involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other Personal Data included in the request.
B.3 Contact details for sending newsletters
It is possible to activate the newsletter service to receive information, promotional and commercial offers in order to stay updated on the activities of the Data Controller and the other Group Companies.
1. LEGAL BASIS, NATURE AND PURPOSE OF THE PROCESSING
The processing of your Personal Data is intended to:
• to allow the provision of the services made available therein by the Company. The legal basis of the processing is given by the need to execute a contract to which the data subject is a party or pre-contractual measures adopted at the request of the same;
• allow navigation of the Site and its smooth functionality. The legal basis of the processing is the provision to users of the services connected to the Site and the legitimate interest of the Data Controller in having a functional website;
• to comply with any obligations provided for by applicable laws, regulations or EU legislation, or to satisfy requests from authorities. The legal basis of the processing is the obligation for the Data Controller to comply with mandatory legislation;
• analyze user behavior and possibly send advertising messages in line with the preferences expressed by the user while browsing. The legal basis for the processing in this case is the consent of the data subject;
• to send newsletters containing information, promotional and commercial offers on the activities of the Data
• for the needs of defending the rights of the Data Controller in the context of any disputes, including in court. The legal basis for the processing is the legitimate interest of the Data Controller to protect its rights.
The provision of Data is optional, but (except in cases of processing based on consent) failure to provide Data prevents the Data Controller from allowing navigation of the Site.
1. DATA RECIPIENTS
The Data may be communicated:
a. to third parties who need to carry out specific activities in relation to the Data, in accordance with the purposes of the processing, or to subjects providing services to the Data Controller.
b. To authorities, bodies and/or subjects to whom they must be communicated, pursuant to binding legal or contractual provisions.
c. In other circumstances, such as acquisitions and sales, to potential third party companies, when we consider selling or transferring some or all of our assets.
1. DATA TRANSFER
With regard to any transfer of Data to countries outside the European Economic Area, the processing will take place in one of the ways permitted by current law. More information can be obtained from the Company on request at the contacts indicated above.
1. DATA RETENTION
The Data will be stored for the time strictly necessary to achieve the purposes of the processing, applying the principles of minimization and proportionality. In any case:
1. with regard to the processing carried out for the provision of services, the Company will retain the Data for the period of time provided for and permitted by Italian law to protect its interests (Article 2946 of the Italian Civil Code and subsequent amendments);
2. with regard to Data processed to comply with legal obligations, they will be stored for the time required by the specific obligation or applicable law;
3. as for the duration of the Data processed through cookies, these are reported in the Cookie policy;
For Data whose processing is based on the consent of the data subject, it is specified that the same will be stored until the consent is revoked.
More information regarding the Data retention period and the criteria used to determine this period can be requested by sending a written request to the Company at the addresses indicated above.
1. RIGHTS OF THE DATA SUBJECTS
Pursuant to art. 15 et seq. GDPR, the data subject has the right to ask the Company for access to their Data, the rectification or deletion of the same or to object to their processing, request the limitation of processing in the cases provided for by art. 18 GDPR, as well as to obtain the Data concerning him/her in a structured, commonly used and machine-readable format, in the cases provided for by art. 20 GDPR.
Requests must be sent in writing to the Company at the addresses indicated above.
In any case, the data subject always has the right to lodge a complaint with the competent supervisory authority, i.e. the Guarantor for the Protection of Personal Data, pursuant to art. 77 GDPR, if you believe that the processing of your Data is contrary to the legislation in force.
This Privacy Policy was updated in Imola on 02/01/2026.