Cart

Your cart is empty
Total $0.00
This field is mandatory
Go to cart

Select country

Select language

Please note that the contents of your cart will not be retained if you change delivery destination.

Freeshipping for orders over €150

Search EN / USD Cart 0
Privacy Policy
Privacy Policy
Termini e condizioni di vendita
Certilogo
Spedizioni e rimborsi
FAQ

PRIVACY POLICY

Welcome to the GCDS Srl website (“Site”).

On this page, we provide you with information pursuant to art. 13 of Regulation (EU) 2016/679 (“GDPR”) on the processing of your personal data that we collect when you browse the Site and interact with the related services.

The information is provided only for the Site and for its possible subdomains and not for other websites that may be consulted via hyperlinks or links.

We invite you to read this information carefully before providing us with your personal data.

  1. DATA CONTROLLER

GCDS SRL , with registered office in Milan, Via Spartaco n.8, Tax Code and registration number in the Companies Register of Milan, Monza-Brianza and Lodi 09146210969, REAN MI-2071764 , e-mail: dpo@dianacorp.com (“GCDS Srl”) and DIANA E-COMMERCE CORPORATION SRL , with registered office in Torreglia (PD) at via San Daniele n. 137/139, 35038, PI 05097740285, e-mail: privacy@dianacorp.com (“Diana”) are joint controllers of the processing of personal data for all activities related to the sale of products offered on the Site, such as order processing and after-sales assistance (e.g. for returns and complaints). You can learn the essential content of the agreement pursuant to art. 26 GDPR between Diana and GCDS Srl by contacting us by e-mail at angelica.zito@studiogarbagnati.it

 

GCDS Srl is also the independent data controller for the purposes of managing the Site and your registration on the Site (personal account), marketing and profiling.

Below, when we use the expression “ Joint Controllers ”, we will refer jointly to GCDS Srl and Diana. Conversely, you will find the reference to Diana or GCDS Srl in the event that the information refers to only one of the two data controllers.

  1. DATA PROTECTION OFFICER (DPO)

Diana has appointed a Data Protection Officer (DPO), who you can contact by writing to the following address dpo@dianacorp.com .

GCDS has appointed a Data Protection Officer (DPO), who you can contact by writing to the following address angelica.zito@studiogarbagnati.it

 

  1. CATEGORIES OF PERSONAL DATA COLLECTED
  1. Browsing data

Browsing the Site and accessing the related services involve the acquisition of some personal data relating to your browsing, such as, for example, the IP addresses or domain names of the computers you use to connect to the Site, the URI (Uniform Resource Identifier) ​​addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment you use. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow such interested parties to be identified.

  1. Personal data that you provide to us voluntarily

GCD and Diana process the personal data that you voluntarily provide us when you register on the Site, access the related services, purchase a product or interact with the customer service, such as, for example, personal data, contact data, data relating to purchases and bank details.

  1. Cookies

The Site uses so-called cookies. For more information on cookies and their use on the Site, see the Cookie Policy page.

  1. PURPOSE, LEGAL BASIS AND RETENTION PERIOD
  1. Your personal data will be processed by GCDS Srl for:

#

PURPOSE

LEGAL BASIS

RETENTION PERIOD

TO

Site Navigation: navigation data is processed to allow you to navigate the Site and access the related services and, in particular, to obtain anonymous statistical information on the use of the Site and the services offered, to check its correct functioning and for security reasons.

Legitimate interest of the Data Controller, pursuant to art. 6 par. 1 lett. f)

For the period necessary for the relevant processing

B

Registration on the Site (personal account): to allow you to create your personal account on the Site and to access and use the related services

Execution of the contract or pre-contractual measures requested by you, pursuant to art. 6 par. 1 lett. b)

Until the User requests deletion of the account or, failing that, for 24 months from the time of the last access

C

New Product Availability Update: Feedback on your request for an update on the availability of the requested product on the Site

Execution of the contract or pre-contractual measures requested by you, pursuant to art. 6 par. 1 lett. b)

For a period of 3 months from the receipt of your request

D

Marketing: to send you, via email, SMS, social networks and other instant messaging apps, promotional communications (including the newsletter) relating to the Data Controller's products, services and events and/or market research

Your consent, pursuant to art. 6 par. 1 lett. a)

Until consent is revoked or, failing that, for 24 months from the date of the last interaction with the Data Controller .

AND

Profiling: we will process your personal characteristics (gender, date of birth, etc.) and your purchase history to evaluate your satisfaction and send you personalized commercial and promotional communications.

Your consent. pursuant to art. 6 par. 1 lett. a)

Until consent is revoked or, failing that, for 12 months from the date of the last interaction with the Data Controller.
  1. Your personal data will be processed by GCDS Srl and Diana for:

#

PURPOSE

LEGAL BASIS

RETENTION PERIOD

F

Sale of products: for the conclusion and execution of the sales contract for the products offered on the Site, including the management and processing of purchase orders, delivery of products, communication of any circumstances relating to the order, management of payments and anti-fraud controls

Execution of the contract or pre-contractual measures requested by you, pursuant to art. 6 par. 1 lett. b)

For the time necessary to process the purchase order (without prejudice to further storage, where necessary, for the following purposes)

G

After-sales assistance: for the management and response of requests sent by you in relation to products purchased on the Site, for example in relation to returns, complaints and refunds

Execution of the contract or pre-contractual measures requested by you, pursuant to art. 6 par. 1 lett. b)

For the period of time necessary to respond to your request (with the exception of further storage, where necessary, for the purposes that follow)

H

Fulfilment of legal obligations : to fulfil legal obligations (in particular in civil, fiscal, public safety, banking and personal data protection matters)

Fulfilment of legal obligations, pursuant to art. 6 par. 1 lett. c)

For the period required by law. Billing data is retained for 10 years from the date of invoice issue

THE

Litigation and prevention of illicit activities : to defend or assert a right of Diana and/or GCDS Srl and/or to ascertain and prevent fraud and other crimes or illicit activities

Legitimate interest of the Data Controller, pursuant to art. 6 par. 1 lett. f)

For the period necessary for the purpose for which the data is collected in accordance with applicable legislation (for example, in terms of prescription)

  1. NATURE OF DATA PROVISION

The provision of data in the fields marked with an asterisk (*) for the purposes referred to in art. 4, I), letters A), B) and C) and II), which precede, is necessary to navigate and register on the Site, use the related services and purchase products on the Site and failure to provide such data will make it impossible to obtain the requested products and services. On the other hand, the release of data in the fields not marked with an asterisk, although it may be useful to facilitate relations with Diana and GCDS Srl, is optional and failure to indicate them does not affect the obtaining of the requested products and services.

With reference to the marketing and profiling purposes referred to in art. 4, I), letter D) and E), the provision of data is optional and your refusal will make it impossible for GCDS Srl to process the data provided by you for marketing and profiling purposes, but will not prevent you from browsing and registering on the Site, purchasing products and using the related services as provided for in art. 4, I), letters A), B) and C) and II).

  1. TREATMENT METHODS

Your data will be processed by the Joint Controllers using mainly computer and telematic methods.

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The Joint Controllers have adopted all adequate security measures required by law.

  1. CATEGORIES OF RECIPIENTS OF PERSONAL DATA AND DISSEMINATION OF DATA

In order to pursue the purposes for which the data is collected, the Joint Controllers may avail themselves of the following categories of subjects to whom the data may be communicated or who may become aware of it in their capacity as data controllers:

  • IT service providers, such as Internet services and cloud computing;
  • entities that carry out logistics, warehouse, promotion and delivery activities of the Joint Controllers' products and services;
  • entities carrying out customer assistance activities;
  • firms and other entities that provide assistance, consultancy and services of a legal, fiscal, accounting, economic-financial, technical-organisational, data processing or communication nature;
  • entities providing banking, financial, insurance and debt collection services;
  • entities that perform anti-fraud control activities on payments;
  • controlled, parent, participating and associated companies;
  • public authorities and supervisory and control bodies.

The updated list of data controllers is available upon specific request to the Joint Controllers through the methods indicated in paragraph 12.

Exclusively for the purposes specified above, your personal data may also be known by figures within the Joint Controllers authorised to process them by virtue of their respective roles.

No data collected on the Site is subject to disclosure.

  1. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION

Your personal data may be transferred, for the purposes for which they are collected, to the United States of America, which is a country outside the European Union. The transfer of personal data will take place pursuant to the Implementing Decision (EU) 2023/1795 of the European Commission of 10 July 2023 (relating to the EU-US DPF) and, where applicable, the standard contractual clauses adopted or approved by the European Union Commission (Article 46, paragraph II, letters c and d of the Regulation) or the binding corporate rules (Article 47 of the Regulation). To obtain a copy of such data, you can contact the Data Controller, as indicated in paragraph 12.

  1. SOCIAL BUTTONS AND WIDGETS

The Site also contains social buttons/widgets. These are in particular the icons of social networks, such as, for example, Facebook, Twitter, Pinterest, Google+, Youtube, Linkedin and Instagram, which allow you to reach - by means of a "click" on the icon - the relevant social networks. With the support of these tools you can, for example, share content or recommend products from the Site on social networks.

Following clicks on social buttons/widgets, the social network may collect data relating to your visit to the Site. As anticipated in the introduction, this privacy policy does not concern the processing of your data by the social network for which you will have to refer exclusively to the privacy policy provided by the social network.

Except in cases where you spontaneously share your data with the chosen social networks by clicking on social buttons/widgets, the Joint Controllers do not disseminate or share any personal data with the social network.

  1. FACEBOOK PAGE

GCDS Srl uses the “Page Insights” function for its Facebook page, which offers aggregate data on user interaction with the Facebook page.

In relation to such processing, GCDS Srl as joint controller of the processing together with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can find the joint controller agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum . You can consult Facebook's privacy policy at the following link: https://www.facebook.com/privacy/explanation .

  1. MINORS

The Site and the services are intended for the sale of products and services to adults. Therefore, the Joint Controllers do not intentionally collect personal data of persons under the age of 18. If you access the services of the Joint Controllers, you declare that you are of age.

  1. RIGHTS OF INTERESTED PARTIES

In relation to the personal data provided by you, you have the right at any time:

  1. to request confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to the personal data, the information referred to in art. 15 GDPR and a copy thereof ( right of access );
  2. to request the rectification of inaccurate personal data concerning you, as well as the integration of the same where deemed incomplete always in relation to the purposes of the processing (art. 16 GPDR);
  3. to request the deletion of personal data in the cases referred to in art. 17 GDPR, including the lack of necessity of the personal data for the purposes for which they are collected or processed, the withdrawal of consent (if there are no other legal bases) or opposition to the processing (if no legitimate reason for the processing prevails), the unlawful processing of data, the deletion imposed by legal obligations or in the case of information society services addressed to minors;
  4. to request the limitation of processing in the cases referred to in art. 18 GDPR, such as the contestation of the accuracy of the data or the lawfulness of the related processing, if the owner no longer needs them for the purposes of processing or in case of opposition to the processing; the limitation of processing means that your personal data are processed, except for storage, only with your consent or for the ascertainment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest of the European Union or of a Member State;
  5. to object to the processing of personal data in the cases referred to in art. 21 GDPR, including processing based on the legitimate interest of the data controller or third parties or for marketing purposes; in the event of opposition, the Data Controller will refrain from further processing the personal data, except in the case of compelling legitimate reasons for proceeding with the processing that prevail over your interests, rights and freedoms or for the establishment, exercise or defense of a right in court;
  6. to request data portability if the processing is based on your consent or on the contract with the Data Controller and is carried out by automated means; portability entails the right to receive or transmit to another controller your personal data in a structured, commonly used and machine-readable format (art. 20 GPDR);
  7. where you have given consent, you have the right to withdraw consent without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.

To exercise these rights, you can write to: legal@filoblu.it.

You can still exercise your rights towards each Joint Controller by writing to the respective references indicated in paragraph 1.

You can also revoke your consent through the personal section of your account and the link contained in each marketing communication received from the Data Controller.

Finally, we remind you that, if the conditions are met, you also have the right to lodge a complaint with the Authority for the protection of personal data as the supervisory authority according to the established procedures.