1. WHO IS THE DATA CONTROLLER
The Site is managed by GCDS SRL, which acts as an independent data controller for all activities related to the online sale of GCDS products such as the conclusion and execution of the contract, the payment, the issuance of the invoice, the shipment of the product, any management of the right of withdrawal, return and legal guarantees, the control and prevention of fraud and abusive behavior, registration on the Site ("My Account") and the use of services reserved for registered users (eg: Wish List, My Orders, Quick Purchase, etc..); the following services offered through the Site (not active in all countries): (i) delivery of products purchased online, (ii) return of products purchased online; as well as any related assistance provided by Customer Service (more information in point 3.1) and the fulfilment of legal obligations regarding the processing of personal data (more information in point 3.4). GCDS S.r.l., with registered office in Milan, Via Nino Bixio n.42, tax code, VAT number and registration number with the Register of Companies of Milan, Monza-Brianza and Lodi 09146210969, R.E.A. N. MI-20717664, acts as autonomous data controller for the purposes of marketing, profiling and sharing your data for such purposes, if you give your express consent to such processing (more information at point 3.3). GCDS S.R.L. also acts as data controller for the services offered through the Site for the fulfilment of legal obligations regarding the processing of personal data (more information in point 3.4). For any clarification, question or need related to your privacy or to exercise your rights recognized by European legislation on the processing of your personal data (General Regulation on Data Protection - EU Reg. no. 2016/679, hereinafter "GDPR") (see point 6) you can contact us at any time by sending a request to Customer Service (selecting the topic "Privacy"). If you wish, you may also contact us or our Data Protection Officers (DPOs) directly; to do so, please use the contact details below.
2. WHICH DATA WE PROCESS
With reference to the purposes of processing indicated in point 3 below, we process various types of personal data concerning you, including
- your identification data (such as name and surname), your contact details (such as email address and telephone number), shipping address and billing address, payment details (such as payment method used, holder, card number used). These data are processed by GCDS S.R.L. with reference to the online sale of GCDS products and the related activities (such as the conclusion and execution of the contract; the payment; the issue of the invoice; the shipment of the product; the possible management of the right of withdrawal, return and legal guarantees; customer care; the control and prevention of fraud and abusive behaviour - also by third parties - which are in contrast with the rules in force, the applicable contractual provisions, the rules of correctness and good faith).
- For customer service activities, the information you choose to provide in your communications is also processed.
- in the case of your registration on the Site ("My Account"), your identification data, your email address and password, as well as the data necessary to provide you with the services reserved for registered users (e.g.: Wish List, My Orders, Quick Purchase, etc.). In case of registration/authentication to My Account through Facebook (a service of Facebook Ireland Ltd. acting as autonomous data controller) we collect from this third party the data necessary for your registration/authentication. My Account and the related services reserved for registered users are managed by GCDS. S.R.L.
- your identification and contact details are also used by GCDS to handle any enquiries you may have regarding GCDS products.
- when you give your consent, GCDS also processes data relating to your preferences and interests, such as the products you have purchased or that are on your wish list, your age and gender, your country, language and currency preference, the newsletters you are subscribed to and your interaction with them and with the events in the GCDS world.
- GCDS SRL processes your data to analyze your habits and preferences to offer you personalized services and communications in line with your interests;
- your name, surname and postal address, as well as your contact details (such as email address and telephone number) when a user of the Site provides us with this information in order to deliver to you certain products purchased on the Site.
- We process your data only to fulfil our user's request, and never for any other purpose (e.g. marketing).
3. WHY WE PROCESS YOUR DATA AND ON WHAT LEGAL BASIS
3.1 PURPOSES RELATED TO THE ONLINE SALE OF PRODUCTS
GCDS S.R.L, as data controller, processes your personal data for the online sale of GCDS products and related activities.
In particular, for:
- the conclusion and execution of the purchase contract on the Site of one or more products, for payment, shipment of the product, possible management of the right of withdrawal, return and legal guarantee. This treatment is necessary for the execution of a contract of which you are a party (purchase and sale contract). The provision of your personal data is compulsory; failing this, you will not be able to make a purchase on the Site or manage your possible requests regarding the right of withdrawal, return and legal guarantee or receive dedicated customer assistance;
- customer service. The treatment is necessary for the execution of a contract to which you are a party (provision of assistance). The provision of your personal data is compulsory; failing this, you will not be able to receive the assistance you requested;
- the fulfilment of legal obligations relating to the sales activity (such as issuing and keeping the invoice). This treatment is necessary to fulfil a legal obligation to which GCDS SRL is subject. The provision of your personal data is, therefore, mandatory, failing which you will not be able to make a purchase on the Site;
- registration on the Site ("My Account") and use of the services reserved for registered users (e.g.: Wish List, My Orders, Quick Purchase, etc.). This treatment is necessary for the execution of a contract to which you are a party (registration to the Site and the provision of services). The provision of your personal data is mandatory; failing this, you will not be able to register on the Site and use the services dedicated to registered users;
- the prevention and repression of fraud and abusive behaviour (including on the part of third parties) that is in conflict with current regulations, applicable contractual provisions, rules of fairness and good faith. The lawfulness of such processing is based on the legitimate interest of GCDS S.R.L. to carry out controls and security activities with the aim of preventing and protecting against fraudulent activities and abusive behaviour. At your request, GCDS SRL can provide you with detailed information on this legitimate interest and the so-called balancing test;
- the use of the following services offered through the Site and related to online sales (not active in all countries): (i) delivery of products purchased online; (ii) return of products purchased online. This treatment is necessary for the execution of a contract of which you are a party (provision of the relative service). The provision of your personal data is compulsory; failing this, you will not be able to use the service.
3.2 PURPOSES RELATING TO THE PERFORMANCE OF OTHER SERVICES YOU REQUESTED
Through the Site you can contact GCDS SRL for more information about the world and GCDS products. GCDS S.R.L. processes the personal data you provide when you use these services on the Site and that you enter in the relevant forms on the Site. The processing is based on the fulfilment of a contractual obligation between the parties or the execution of pre-contractual measures taken at your request. The provision of your personal data is mandatory, any refusal would prevent you from using the service requested.
3.3 MARKETING PURPOSES
With your consent, which is optional, GCDS S.R.L. uses your personal data for marketing purposes. GCDS S.R.L. GCDS S.R.L. may send you promotions, commercial communications or advertising about its products, services and events. Marketing activities may include carrying out market research and surveys to determine your satisfaction or to carry out statistical analysis, even with anonymous data organized in aggregate form. The processing of your data is based on your freely expressed consent and the provision of your data is optional; in case of refusal, in fact, there will be no consequences on the ability to purchase our products online.
With your consent, which is optional, GCDS S.R.L. uses the data collected online, through this or other sites or through GCDS social media accounts, to collect information about your preferences, habits, lifestyle and the details of your purchases. The data is used for the creation of group and/or individual profiles ("profiling") that allow us to send you personalized communications in line with your interests, or to carry out market research and statistical analysis, including anonymous data, organized in aggregate form. The processing of your data is based on your freely expressed consent and the provision of your data is optional; in case of refusal, in fact, there will be no consequences on the possibility to purchase our products online.
These companies will process your data for their own marketing purposes, i.e. to send you promotions, commercial or advertising communications about their products, services, events, including market research and surveys to measure your satisfaction or to carry out statistical analysis, including anonymous data, organised in aggregate form. The processing of your data is based on your freely expressed consent and the provision of your data is optional; in case of refusal, in fact, there will be no consequences on the ability to purchase our products online.
To send you marketing communications or personalized offers, channels such as email, newsletters, operator telephone calls, SMS, MMS, chat, instant messaging, social networks and traditional mail are used, including the sending of invitations to events organized by GCDS S.R.L. or in which GCDS participates. You can unsubscribe from newsletters through the appropriate section of your personal account or by clicking on the relevant link at the bottom of each commercial communication.
3.4 FURTHER PURPOSES
Your personal data is processed by each data controller, to the extent of its competence:
• the management of requests for the exercise of personal data protection rights (more information in point 6). This processing is necessary to fulfil a legal obligation to which the data controller is subject;
4. WHO WILL PROCESS YOUR DATA
Your personal data may be accessed by the staff (employees and collaborators) of GCDS S.R.L. duly instructed, as well as third parties (suppliers and/or business partners) who have been suitably selected by the data controller and offer adequate guarantees of compliance with the rules on the processing of personal data. These third parties may carry out their activities as "data processors" (i.e. under the direct responsibility of the data controller who designated them), on the basis of a specific designation by the data controllers (by each of them for processing under their own ownership): for example, internet providers, companies specialising in computer and telematic services, customer service companies, companies carrying out marketing activities, companies specialising in market research and data processing, physical shops) or as "independent data controllers" (for example, couriers and forwarding agents, bank operators, freelance professionals or companies providing legal or tax advice and assistance).
Your personal data may also be communicated to third parties in the following cases:
- when the communication is required by applicable laws and regulations with respect to third parties who are legitimate recipients of communications, such as authorities and public bodies that process your data as independent data controllers for their respective institutional purposes;
- in the case of extraordinary transactions (e.g. mergers, acquisitions, sale of business, etc.);
- when you give your consent for independent marketing purposes.
You can request an updated list of the subjects to whom we communicate your data by contacting us at the addresses indicated below.
Some of the above mentioned entities may also be established outside the European Union (EU) or the European Economic Area (EEA), in countries that do not guarantee an adequate level of protection of personal data according to the standards established by the GDPR. GCDS S.R.L. will take the necessary precautions for a legitimate data transfer (in particular, through the use of the Standard Contractual Clauses approved by the European Commission). You may request information on the transfer abroad of your personal data at any time by contacting us at the contact details indicated below.
5. HOW LONG WE STORE YOUR DATA
We retain your personal data for a limited period of time, strictly related to the purpose for which it was collected and in accordance with applicable legal or regulatory requirements. At the end of the specified retention period, your personal data will be deleted or otherwise rendered anonymous irreversibly, unless GCDS S.R.L. is required to retain the data for a further period to comply with legal or regulatory obligations or to exercise or defend a legal claim.
The storage period is different depending on the purpose of the processing, in particular:
- for the online sale of products and related activities (point 3.1), your personal data will be kept by GCDS S.R.L. for the entire duration of the contractual relationship and for 10 (ten) years after the termination of the same, except for the registration to the Site ("My Account") and the use of services reserved for registered users (for example: Wish List, My Orders, Quick Purchase, etc.), in relation to which your personal data will be kept until you request the cancellation of your account;
- when GCDS S.R.L. processes your data for profiling or customised marketing purposes, your data will be kept for a period of 24 months from the time you give your consent for the above purposes, following the data protection impact assessment conducted by GCDS S.R.L. with the participation of its Data Protection Officer;
- for generic marketing activities, your data is stored by GCDS S.R.L. until you request cancellation, revocation of consent or opposition to processing; GCDS S.R.L. also wants to protect your data and make sure you want to continue to receive its communications. Therefore, delete your data when 12 months have passed since your last interaction with the world of GCDS S.R.L., for example through purchases from the Site, participation in events or interaction with the GCDS S.R.L. newsletter;
- in order to comply with legal obligations regarding the processing of personal data (point 3.4), your personal data will be processed by each data controller, to the extent of its competence, for the period necessary to manage your request to exercise the rights recognised by GDPR or to fulfil the legal obligation to which the data controller is subject. The data necessary to demonstrate compliance with the legal obligations to which the data controller is subject will be kept for 10 (ten) years;
- in the event of a judicial or administrative dispute, your data will be kept for the period necessary for the judicial protection of a right by GCDS S.R.L. or a third party or within the limits imposed by the judicial or administrative authority.
For more information about the storage of your personal data, please contact us at the contact details indicated below.
6. WHAT ARE YOUR RIGHTS
You may contact each data controller or the respective Data Protection Officer at any time, at the contact details specified below, to exercise your rights recognised by GDPR and, in particular:
- to have confirmation whether or not personal data concerning you is being processed and, if so, to obtain access and a copy of such data ("right of access");
- the correction of your personal data, i.e. to obtain the correction, modification or updating of any inaccurate or no longer correct data, and to obtain the integration of incomplete personal data, including by providing a supplementary statement ("right of correction");
- to revoke your consent ("right to revoke consent"): you may revoke your consent to the processing of your personal data at any time, including in relation to any activity for marketing purposes, including profiling. In this regard, we remind you that the sending of commercial and promotional communications, the carrying out of market research and surveys for the detection of satisfaction and the personalization of commercial offers according to your interests are considered marketing activities. Once your request has been received, the data controller will promptly cease the processing of your personal data that is based on such consent, while different processing or processing based on other assumptions will continue to be carried out in full compliance with the provisions in force;
- to request the deletion of your personal data when these, in particular, (i) are no longer necessary with respect to the purposes for which they were collected or processed, or (ii) they have been processed unlawfully, or (iii) they must be deleted in order to fulfil a legal obligation, or, finally, (iv) you have opposed their processing (see below "right to object") and there is no prevailing legitimate reason allowing the data controller to proceed with the processing in any case ("right of deletion" or "right to be forgotten");
- to obtain the limitation of the processing of your personal data, i.e. that the owner retains such data without being able to use them except for your possible requests and the exceptions provided for by law. This right can be exercised only when, in particular, (i) you contest the accuracy of your personal data, for the period necessary for the owner to verify the accuracy of such data, or (ii) the processing of the data is unlawful and you request the limitation of their use, instead of their deletion, or (iii) although the owner no longer needs them for the purposes of processing, the personal data are necessary for you to ascertain, exercise or defend a right in court or (iv) you have opposed their processing (see "right of opposition" below), pending verification that the legitimate reasons of the data controller take precedence over those of the data subject (right of limitation);
- to request your data or transfer it to a person other than the data controller ("right to data portability"). You may request to receive the data that we process on the basis of your consent or on the basis of a contract with you, in a structured, commonly used and machine-readable format. If you wish, we may, where technically possible, transfer your data directly to a third party specified by you at your request;
- to make a complaint to one of the supervisory authorities responsible for compliance with data protection rules if you believe that the processing of your personal data has been carried out unlawfully ("right to lodge a complaint"). In Italy, the complaint may be submitted to the Data Protection Supervisor (http://www.garanteprivacy.it/).
In addition, as an interested party you also enjoy the "right to object", i.e. to:
oppose at any time, for reasons related to your particular situation, the processing of your personal data carried out for the pursuit of a legitimate interest of the data controller or for marketing purposes, including profiling. The data controller will abstain from further processing of your personal data unless it proves the existence of legitimate compelling reasons for processing that prevail over the interests, rights and freedoms of the data subject or for ascertaining, exercising or defending a right in court.
- In order to ensure that the rights described above are fully respected and that our users' data is not violated or accessed illegally by third parties, we may ask you for certain information to ascertain your identity or to clarify your request before we accept your request.
8. WEB PUSH NOTIFICATION
GCDS S.R.L. may use some of your personal data in order to send you on your device, with your express consent, personalized notifications about its products and commercial news (so-called "web push notification"). In order to send you such notifications we use technologies similar to cookies (in particular, "HTLM5 Local Storage") which store information in the Local Storage of your device. Some of your personal data is also stored on servers - located in the European Union - for the management of web push notifications. Personalisation of communications is carried out according to the way you navigate and use the Site and, in particular, the products you view, purchase or place in your shopping cart or the data you enter in the Site registration form or when purchasing products on the Site (in particular, your name to personalise the communication sent to you and your date of birth to offer you promotions and discounts dedicated to you on your birthday). The categories of personal data that are used for this purpose are:
- products purchased, displayed or placed in the shopping cart;
- date of birth;
- gender (man or woman); language used for navigation and version of the Site used (country);
- information about the device and browser that you are using;
- date and time you gave your consent to receive the web push notifications;
- My Account creation date;
- last visit to the Site.
You may at any time withdraw your consent to receive such personalised commercial communications by proceeding, depending on the browser you use, according to the following instructions.
Chrome: Settings > Show Advanced Settings > Privacy - Content Settings > Notifications - Manage exceptions > Insert www. GCDS.IT and select "Lock".
Firefox: Options > Content > Notifications - Choose > www. GCDS.IT - "Lock"
Safari: Preferences > Notifications > From here set the selector to "Reject".
You may also revoke your consent to the receipt of such notifications by proceeding in accordance with the following instructions.
Desktop: Right-click on the notification > disable notifications from www. gcds.it
Mobile: Access the notification centre > Site parameters > Notifications > Block notifications from www.gcds.it
In any case, the service and your personal data held by GCDS will be deleted 365 (three hundred and sixty-five) days after the date of your last visit to the Site.
9. DATA SECURITY
We adopt specific technical and organisational security measures to safeguard the confidentiality of the personal data of Site users and to prevent their personal data from being used illegally or fraudulently.
We remind you to take appropriate precautions when using the Site, such as keeping your access credentials strictly confidential or changing them periodically.
10. CONTACTS OF DATA CONTROLLERS AND DATA PROTECTION OFFICERS
The data controller for the purposes set out in points 3.1 3.2, 3.3 and 3.4 is GCDS S.r.l., with registered office in Milan, Via Nino Bixio n.42, tax code, VAT number and registration number with the Milan, Monza-Brianza and Lodi Companies' Register 09146210969, R.E.A. N. MI-20717664.
The Data Protection Manager is domiciled at Studio Legale Garbagnati, Via Cherubini 6 Milan 20145. She can be contacted at the following email address: email@example.com .
For any clarification, question or need related to your privacy or to exercise your rights recognized by GDPR (see point 6) you can contact us by sending a request to our Customer Service by selecting "Privacy".
If you wish, you can also contact us or our Data Protection Officer (DPO) directly; you can use the contact details above.