PRIVACY POLICY

1 – Legal basis for processing

By using or browsing this website, visitors and users explicitly agree to this privacy notice and consent to the processing of their personal data in accordance with the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service.
Providing data, and therefore consent to the collection and processing of data, is optional; users may refuse consent and may withdraw any consent given at any time. However, refusing consent may result in the inability to provide certain services and The browsing experience on the site would be compromised.
Registered Customer data is processed based on the ongoing contract with  Gruppo Ci Due from the moment the contract is concluded.

2 – Purposes of processing

Per trattamento di dati personali si intende: registrazione, conservazione, organizzazione, consultazione, selezione, estrazione, raffronto, elaborazione, utilizzo, modificazione, interconnessione, blocco, comunicazione, cancellazione e distruzione, cessione o diffusione, ovvero la combinazione di due o più di tali operazioni.
The processing of data collected from the site, in addition to purposes connected, instrumental, and necessary for the provision of the service, is aimed at the following purposes:

2.1 – Statistics

Collection of data and information in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site, to improve the online store and the platform.
Aucune de ces informations n'est liée à la personne physique - Utilisateur du site, et ne permet en aucun cas de l'identifier.

2.2 – Security

Collection of data and information in order to protect the security of the site and its users (anti-spam filters, firewalls, virus detection) and to prevent or uncover fraud or abuse to the website.
The data are recorded automatically and may also include personal data (IP address) which could be used, in accordance with applicable law, to block attempts to damage the site itself or harm other users, or otherwise carry out harmful or criminal activities. These data are never used to identify or profile the User and are periodically deleted.

2.3 – Shopping/Service Provision

Collection of data to manage orders, provide products and services, process payments, communicate with users regarding orders, products, services and promotional offers, update records, and generally and manage the user's account , display content such as wish lists and customer reviews, and recommend products and services that may be of interest to users.

2.4 – Ancillary Activities

Share data with third parties that perform functions necessary or instrumental to the operation of the service, and to allow third parties to carry out technical, logistical, and other activities on our behalf.
This website uses providers to carry out certain activities, such as processing orders, delivering packages, sending traditional mail, analyzing data, providing marketing support, processing credit card payments, and providing customer services.
Providers only have access to the personal data necessary to perform their tasks, and they commit not to use the data for other purposes, and are required to handle personal data in accordance with current regulations. This category of data is kept only for the period of time necessary to provide the service.

2.5 – Newsletter

Provide the newsletter service for customers who have signed up through the website via a dedicated web page with a subscription form and mandatory data processing consent. This page or the user administration section allows for automatic removal from the newsletter, as well as a dedicated link at the bottom of informational newsletters. For subscriptions through written consent given directly to the Data Controller, it is possible to send a request to Gruppo Ci Due at the email address: privacy@ateliergruppocidue.it

3 – Data Collected

This site collects user data in two ways.

3.1 – Data collected automatically

During users' navigation, the following information may be collected and stored in the site's log files:

• Internet Protocol (IP) address;
• Type of browser;
• Parameters of the device used to connect to the site;
• Name of the Internet Service Provider (ISP);
• Date and time of the visit;
• Web page from which the visitor arrived (referral) and exited;
• Possibly the number of clicks.

This data is used to analyze user trends and collect data in aggregate form, manage and ensure the security of the site, and cannot in any way be linked to the User's identity.

3.2 – Data provided voluntarily

The site may collect other data when users voluntarily use services, such as comment services, communication services (chat, contact forms, and email submission), and purchasing services (shopping cart):

• First and last name;
• Email address;
• Physical residence address;
• VAT number and/or tax code;
• Company and headquarters;
• Image (avatar);
• Social profiles;
• Geographic location.

This data is voluntarily provided by the User at the time of requesting the service or when posting a comment, and will be used exclusively for the provision of the requested service and processed only for the time necessary to provide the service.

Tax data is required in order to use paid services and for invoicing purposes. Data collected by the site is not provided to third parties, unless it is a legitimate request from judicial authorities and only in cases provided by law. However, data may be provided to third parties if necessary for the provision of a specific service requested by the User, or for tax purposes, or for performing security checks or site optimization.

4 – Place of Processing

The data collected from the website is processed at the headquarters of the Data Controller and at data centers located within the European Economic Area (EEA), and is handled only by personnel authorized for processing. Personal data is processed using both automated and manual tools, for the time strictly necessary to achieve the purposes for which it was collected.

5 – Data Retention Period

The collected data is processed for the duration necessary for the purposes for which it was collected, and in any case no longer than the periods prescribed by law.
Data required for tax purposes is retained until the corresponding tax assessments are completed, therefore for at least 10 years, or longer if the relevant tax year is not yet statute-barred.
Upon expiration, the data will be deleted or anonymized, unless there are further reasons for retaining it (e.g., legal obligations).

6 – Transfer of collected data to third parties and non-EU countries

Users’/customers’ personal data are an essential component of our work, and transferring it to third parties is not part of our activities. However, this website, in carrying out its activities and providing services requested by users, may need to transfer some data to third parties that perform specific tasks instrumental and related to those of the site, including: order processing (e.g., domain purchases), mail delivery, data analysis, marketing support, credit card payments, etc. Providers have access only to the data necessary to perform their specific tasks and are required to process it in accordance with this Privacy Policy.

In the case of a transfer of a business or production units, the Customers' personal data are included in the corporate assets being transferred, but remain subject to the commitments provided in this Privacy Policy, unless a new consent is requested.

In case the data are transferred to companies located outside the European Union (for example Google, Facebook, and Microsoft – for LinkedIn and Skype), we ensure that the transfer is carried out in compliance with current regulations, and in particular the rules set forth by the General Data Protection Regulation. The transfer is authorized based on specific decisions of the European Union and the Italian Data Protection Authority International Community Regulationsin particular Decision 1250/2016 Privacy Shield - here is the link to the information page of the Italian Data Protection Authority so no further consent is required.

7 – Cookies

This website uses only cookies necessary to ensure its functionality and the proper use of the content by users.

This website uses the following categories of cookies:

7.1 Technical cookies

Cookies in this category include both persistent and session cookies, allow distinguishing between connected users to prevent a service from being provided to the wrong user and therefore result from an explicit request by the user, and are also used for the security of the site and its users. Without these cookies, the site or some parts of it may not function correctly. Cookies in this category are always sent from our domain, and no consent is required for them.

8 – Security Measures

The Data Controller processes the data of visitors/users in a lawful and fair manner, adopting appropriate security measures aimed at preventing unauthorized access, disclosure, alteration or unauthorized destruction of data, as well as unlawful use of data. The processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated, and the data is stored and kept in secure facilities with access limitations and personnel verification. Access to information is strictly limited to authorized personnel.
The website is constantly monitored to check for any security breaches and ensure that information is secure.
In addition to the Data Controller, in some cases, categories of staff involved in the organization of the site (administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
It is important that you adopt appropriate protections against unauthorized access to your password and computer. Always make sure you have logged out when using a computer shared with other users.

9 – User Rights

In compliance with the obligations arising from national legislation (Privacy Code) and European legislation (General Data Protection Regulation No. 679/2016), the User may, according to the methods and within the limits provided by current legislation:

• Oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning them for the purposes of sending advertising or direct sales material, or for conducting market research or commercial communications;
• Request confirmation of the existence of personal data concerning them;
• Know its origin;
• Receive intelligible communication of it;
• Obtain information about the logic, methods, and purposes of the processing;
• Request its updating, correction, integration, deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including data that is no longer necessary for the purposes for which it was collected;
• In cases of processing based on consent, to receive, at the sole cost of any support, your data provided to the controller, in a structured and machine-readable format and in a format commonly used by an electronic device.
• The right to file a complaint with the Supervisory Authority (Privacy Authority)
  Link to the Authority's page.
• Moreover, more generally, to exercise all the rights recognized to you under current legal provisions.

Requests should be addressed to the Data Controller.

10 – Data Processor

The data controller and processor under current laws is: Gruppo Ci Due – Via Circonvallazione Nuova, 50 10014 Caluso (TO), contactable by email at privacy@ateliergruppocidue.itor at the address specified above.