Grandini s.r.l.

PRIVACY POLICY

(december 2016)

THE PRIVACY POLICY OF THE GRANDINI WEBSITE
This page describes the management of the web site of Grandini, which can be reached at www.grandinishoes.it (hereafter, the “Website”) as regards the processing of the personal data of users that visit the Website.
The information provided only applies to the Website and does not concern any websites that may be visited by a user via external links.
This information is provided also according to Section 13 of Legislative Decree no. 196/2003 – Personal Data Protection Code to any entity having to do with the web-based services that are made available by Grandini. The information provided is also based on the guidelines contained in Recommendation no. 2/2001, which was adopted on 17 May 2001 by the European data protection authorities within the Working Party set up under Article 29 of European Directive 95/46/EC in order to lay down minimum requirements for the collection of personal data online – especially with regard to arrangements, timing and contents of the information to be provided by data controllers to users visiting web pages for whatever purpose.

1. THE DATA CONTROLLER.
Visiting the Website may result in the processing of data concerning identified or identifiable persons.
The “data controller” is Grandini S.r.l., with registered office in Via Settembrini 29, 20124 Milano (Italy), VAT number 09593510960.

2. PLACE WHERE DATA IS PROCESSED.
The processing operations related to the Website services are carried out in Italy at the aforementioned office of Grandini exclusively by technical staff in charge of said processing, or in Europe (UK) at the seat of the company that manages Grandini’s servers.

3. CATEGORIES OF PROCESSED DATA.
Navigation Data. The information systems and software procedures relied upon to operate this Website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.
Such information is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties.
This data category includes IP addresses and/or the domain names of the computers used by any user connecting with this Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.
These data are only used to extract anonymous statistical information on Website use as well as to check its functioning; they are erased immediately after being processed. The data might be used to establish liability in case computer crimes are committed against the Website; except for this case, any data on web contacts is currently retained for no longer than seven days.
Data Provided Voluntarily by Users. The completion of the registration process and sending e-mail messages to the addresses mentioned on this Website, which is done on the basis of a freely chosen, explicit, and voluntary option, entails acquisition of personal data of the data subject, which is necessary in order to buy the products and to reply to any request, as well as of such additional personal data as is contained in the message(s).
The Grandini online store may collect the following information: first name, last name and company name, contact information including email address and billing and shipping address.
The purchase price and the credit/debit card information including card number, address and ccv number, is supplied to Paypal. Information collected during transactions may be maintained in their databases for accounting and billing purposes.
Specific summary information notices will be shown and/or displayed on the pages of the Website that are used for providing services on demand.
Cookies. No personal data concerning users is acquired by the Website in this regard.
No cookies are used to transmit personal information, nor are so-called persistent cookies or user tracking systems implemented.
Use of the so-called session cookies (which are not stored permanently on the user’s computer and disappear upon closing the browser) is exclusively limited to the transmission of session ID’s (consisting of server-generated casual numbers) as necessary to allow secure, effective navigation of the Website and a more confortable process to buy the products.
The so-called session cookies used by this Website make it unnecessary to implement other computer techniques that are potentially detrimental to the confidentiality of user navigation, whilst they do not allow acquiring the user’s personal identification data.

4. DATA PROCESSING PURPOSES.
Personal data is collected for the following purposes:
1) To execute a contract which the data subject is a party (such as the sale of products), or in order to fulfil specific requests of data subject before the execution of a contract;
2) To comply with laws, regulations or Community legislation.

5. PROCESSING ARRAGMENTS.
Personal data is processed with automated and non-automated means for no longer than is necessary to achieve the purposes for which it has been collected.
Specific security measures are implemented to prevent the data from being lost, used unlawfully and/or inappropriately, and accessed without authorisation.
It is important to remember that whatever the data subject transmits or disclose online can be collected and used by others or unlawfully intercepted by third-parties. No data transmission over the Internet can be guaranteed to be 100% secure. Grandini is committed to use commercially reasonable means to protect the data subjects’ information, but the same cannot guarantee the security of any information exchanged.
The Grandini online store is password protected. It is forbidden to divulge the password to anyone. At no time Grandini will ask for the registered user password via e-mail. If the user will ever receive such an inquiry, please notify Grandini immediately. The registered user is solely responsible for maintaining the secrecy of its authentication credentials.

6. DATA SUBJECT RIGHTS.
Data subjects are entitled at any time to obtain confirmation of the existence of personal data concerning them and be informed of their contents and origin, verify their accuracy, or else request that such data be supplemented, updated or rectified (Section 7 of Legislative Decree no. 196/2003 – Personal Data Protection Code).
The above Section also provides for the right to request erasure, anonymisation or blocking of any data that is processed in breach of the laws as well as to object in all cases, on legitimate grounds, to processing of the data.
All requests concerning data protection should be emailed to the address: info[at]grandinishoes.it