We are very pleased that you have shown interest in our company. Data protection has a particularly high priority for the management of S.M.A.C. Ltd. The use of the S.M.A.C. S.r.l. Internet pages is possible without any indication of personal data; however, if an interested party wants to use special business services through our website, you may need to process personal data. If the processing of personal data is necessary and there is no legal basis for such treatment, we generally obtain the consent of the person concerned.
The processing of personal data, such as the name, address, e-mail address or telephone number of an interested person must always be in line with the General Data Protection Regulation (GDPR) and in accordance with country-specific data protection regulations applicable to the SMAC S.r.l. Through this data protection statement, our company would like to inform the public of the nature, scope and purpose of the personal data we collect, use and process. In addition, those concerned are informed, through this data protection statement, of the rights to which they are entitled.
As a controller, the S.M.A.C. Ltd. has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this site. However, Internet-based data transmissions may, in principle, have security gaps, so absolute protection may not be guaranteed. For this reason, each person concerned is free to transfer their personal data through alternative means, for e.g. by phone.
The S.M.A.C. S.r.l. Data Protection Statement is based on the terms used by the European legislature for the adoption of the General Data Protection Regulation (GDPR). Our data protection statement should be readable and understandable to the general public, as well as to our customers and business partners. To ensure this, we would first like to explain the terminology used.
In this data protection statement, we use, among other things, the following terms:
(a) Personal data
Any information relating to an identified or identifiable physical person ("subject concerned"). An identifiable physical person is the one who can be identified, directly or indirectly, specifically by referring to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The person concerned is an identified or identifiable individual, whose personal data is processed by the processing manager.
Processing is any operation or set of operations performed on personal data or personal data sets, including with automated tools, such as collection, registration, organization, structuring, preservation, adaptation or alteration, recovery, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction.
d) Processing restriction
The limitation of processing is the marking of personal data stored with the aim of limiting its processing in the future.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to assess certain personal aspects relating to an individual, in particular to analyze or predict aspects concerning the performance of the physical person at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific person without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that personal data is not attributed to an identified or identifiable physical person.
g) Controller or controller for processing
The person responsible for the treatment or the person responsible for the treatment is the person or the legal entity, the public authority, the agency or other body that, alone or in collaboration with others, determines the purpose and means of the processing of personal data; If the aims and means of such treatment are determined by EU or Member State law, the person responsible for the treatment or the specific criteria for his appointment may be provided for by EU or Member State legislation.
Processor is a physical or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The beneficiary is a personal or legal entity, a public authority, an agency or another entity, to which personal data is disclosed, whether it is a third party or not. However, public authorities that may receive personal data as part of a particular investigation in accordance with EU or Member State law are not considered recipients; The processing of such data by these public authorities must comply with the data protection rules applicable to the purpose of the treatment.
j) Third party
The third party is a person of physical or legal, public authority, agency or entity other than the person concerned, responsible for the treatment, in charge of the treatment and persons who, under the direct authority of the person responsible for the treatment or the person in charge of the treatment, are allowed to process personal data.
The consent of the person concerned is a free, specific, informed and unequivocal indication of the wishes of the person concerned with whom he or she, through a statement or a clear affirmative action, means consent to the processing of personal data concerning it.
2. Controller Name and Address
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in European Union Member States and other data protection provisions is:
Liberty Square, 38
Phone: .39 082572610
E-mail: [email protected]
The person can, at any time, prevent the setting of cookies through our website through the corresponding setting of the Internet browser used, and can therefore permanently deny the setting of cookies. In addition, cookies already set can be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the person concerned disables the cookie setting in the Internet browser used, not all the functions of our website can be fully usable.
4. Data collection and general information
The Gioielleriafiorentina.it website collects a range of general data and information when a data subject or automated system invokes the website. This general data and information is stored in the server log files. The types of browsers and versions used can be collected (1), (2) the operating system used by the access system, (3) the website from which an access system reaches our website (so-called referrers), (4) the sub -websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address) , (7) the Internet service provider of the access system and (8) any other similar data and information that can be used in the event of attacks on our computer systems.
When using this general data and information, the S.M.A.C. S.r.l. does not draw any conclusions on the subject. Rather, this information is necessary to (1) properly provide the content of our website, (2) optimize the content of our website and its advertising, (3) ensure the long-term viability of our it systems and website technology and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the S.M.A.C. Ltd. statistically analyzes data and information collected anonymously, in order to increase data protection and data security of our company and to ensure an optimal level of protection for processed personal data. Anonymous data from the server log files is stored separately from all personal data provided by an interested party.
5. Registration on our website
The person is able to register on the processing manager's website with the indication of personal data. What personal data is transmitted to the controller is determined by the respective input mask used for recording. The personal data entered by the person concerned is collected and stored exclusively for internal use by the treatment manager and for his own purposes. The controller may request transfer to one or more processors (such as a parcel service) that also uses personal data for an internal purpose attributable to the controller.
By registering on the controller's website, the IP address assigned by the Internet service provider (ISP) and used by the data-date object and the time of registration are also stored. Storing this data takes place in the background, which is the only way to prevent the misuse of our services and, if necessary, to make it possible to investigate crimes committed. Therefore, the retention of this data is required to protect the controller. This data is not transmitted to third parties unless there is a legal obligation to transmit the data, or if the transfer serves the objective of a criminal prosecution.
The registration of the person concerned, with the voluntary indication of personal data, is intended to allow the controller to offer the subjects content data or services that can be offered to registered users only because of the nature of the matter in question. Registered persons are free to edit the personal data specified during registration at any time or to have it completely deleted from the controller's data stock.
The data processor, at any time, provides information on demand to each person concerned about what personal data is stored on the person concerned. In addition, the data processor will correct or delete personal data on request or indication of the person concerned, to the extent that there are no statutory custody obligations. All of the employees of the treatment manager are available to those concerned in this area as contact persons.
6. Subscribe to our newsletters
On the website Gioielleriafiorentina.it of the S.M.A.C. Ltd., users have the opportunity to subscribe to our company newsletter. The input mask used for this purpose determines what personal data is transmitted, as well as when the newsletter is ordered by the controller.
S.M.A.C. Ltd. regularly informs its customers and business partners through a newsletter about business offerings. The company newsletter can only be received by the person concerned if (1) the person has a valid e-mail address and (2) the logs of the person concerned for the shipment of the newsletter. A confirmation email will be sent to the email address registered by a data subject for the first time for the shipment of the newsletter, for legal reasons, in the double-acceptance procedure. This confirmation email is used to demonstrate whether the owner of the email address as the subject of the data is authorized to receive the newsletter.
When signing up for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the person at the time of registration, as well as the date and time of registration. The collection of this data is necessary to understand the (possible) abuse of a data subject's email address at a later date, and therefore serves the objective of legal protection of the processor.
The personal data collected as part of a newsletter registration will only be used to send our newsletter. In addition, newsletter subscribers may be informed by e-mail, provided that this is necessary for the operation of the newsletter service or a recording in question, as this may occur in the event of changes to the newsletter offer, or in the case of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter can be resolved by the person concerned at any time. Consent to the storage of personal data, which the person provided for the shipment of the newsletter, can be revoked at any time. For the purpose of revoking consent, a corresponding link can be found in each newsletter. You can also unwrite the newsletter at any time directly on the controller's website or communicate it to the controller in a different way.
The S.M.A.C. S.r.l. newsletter contains so-called tracking pixels. A tracking pixel is a miniature chart embedded in those emails, which are sent in HTML format to allow logging and analysis of log files. This allows for a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the S.M.A.C. S.r.l. can see if and when an email was opened by a subject of the data, and which links in the email were recalled by those affected.
This personal data collected in the tracking pixels contained in the newsletters is stored and analyzed by the treatment manager in order to optimize the shipment of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the person concerned. This personal data will not be transmitted to third parties. At any time, the persons concerned have the right to revoke their separate declaration of consent issued through the double-acceptance procedure. After a revocation, this personal data will be deleted by the controller. The S.M.A.C. Ltd. automatically considers a withdrawal from receiving the newsletter as a revocation.
8. Contact options via WebSite
The S.M.A.C. S.r.l. website contains information that allows for rapid electronic contact with our company, as well as direct communication with us, which also includes a general e-mail address (e-mail address). If a subject of the data contacts the controller by e-mail or via a contact form, the personal data transmitted by the person is automatically stored. Such personal data transmitted on a voluntary basis by a person concerned with the person responsible for processing is retained for processing or contacting the person concerned. There is no transfer of this personal data to third parties.
9. Comments function on website blog
The S.M.A.C. Ltd. offers users the ability to leave individual comments on individual blog contributions on a blog, located on the controller's website. A blog is a web-based portal, publicly accessible, through which one or more people called bloggers or web bloggers can publish articles or write thoughts in so-called blogposts. Blog posts can usually be commented on by third parties.
If a subject of the data leaves a comment on the blog published on this site, the comments made by the person concerned are also stored and published, as well as information about the date of the comment and the user (pseudonym) chosen by the person concerned . In addition, the IP address assigned by the Internet service provider (ISP) to the internet service provider is also registered. This IP address is stored for security reasons and in the event that the subject violates the rights of third parties or publishes illegal content through a given comment. The storage of this personal data is therefore in the interest of the data controller, so that it can be dislodged in the event of a breach. This collected personal data will not be transmitted to third parties, unless such a transfer is required by law or serves the purpose of the protection of the controller.
10. Procedure for deleting and blocking personal data
The controller processes and stores the personal data of the person concerned only for the period necessary to achieve the purpose of filing, or to the extent that this is granted by the European legislature or other legislators in laws or regulations to which the person responsible for the treatment is subject to.
If the filing purpose is not applicable, or if a retention period prescribed by the European legislature or another competent legislator expires, personal data is regularly blocked or deleted in accordance with legal requirements.
11. Rights of the person concerned
(a) Right to confirm
Each person concerned has the right of the European legislature to obtain confirmation from the controller of whether or not personal data exists. If an interested person wishes to use this right of confirmation, they can contact any employee of the treatment manager at any time.
b) Right to access
Each person concerned has the right of the European legislature to obtain free information from the controller about their personal data stored at any time and a copy of that information. In addition, European directives and regulations grant the person access to the following information:
the purpose of the treatment;
categories of personal data affected;
recipients or categories of recipients to whom personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the expected period for which personal data will be retained or, if not possible, the criteria used to determine that period;
the existence of the right to require the controller to correct or delete personal data, or the limitation of the processing of personal data relating to the person concerned, or to object to such treatment;
the existence of the right to make a complaint to the supervisory authority;
if the personal data is not collected by the person concerned, any information available about its origin;
The existence of automated decision-making processes, including profiling, referred to in Article 22, paragraphs 1 and 4, of the GDPR and, at least in such cases, significant information on the logic in question, as well as the significance and expected consequences of such treatment for the person concerned.
In addition, you have the right to obtain information about the transfer of personal data to a third country or an international organisation. In this case, the person concerned has the right to be informed of the appropriate guarantees relating to the transfer.
If an interested person wishes to use this right of access, they can contact any employee of the treatment manager at any time.
c) Right to rectify
Each person concerned has the right of the European legislature to obtain the correction of inaccurate personal data concerning it from the person responsible for the processing without undue delay. Taking into account the purpose of the treatment, the person has the right to complete incomplete personal data, including through the submission of an additional declaration.
If an interested person wishes to exercise this right of correction, he can, at any time, contact any employee of the controller.
d) Right to cancellation (right to be forgotten)
Each person concerned has the right of the European legislature to obtain the deletion of personal data concerning him without undue delay from the controller, and the controller has an obligation to delete personal data without undue delay if one of the following reasons applies, provided that the treatment is not necessary:
Personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed.
The person withdrew the consent to which the treatment is based in accordance with Article 6, paragraph 1, letter a), GDPR, or Article 9, paragraph 2, letter a), of the GDPR, and where there is no other legal basis for processing.
You are opposed to the treatment under Article 21, paragraph 1, of the GDPR and there is no legitimate reason for the treatment or the person who opposes the treatment under Article 21, paragraph 2, of the GDPR.
Personal data was processed illegally.
Personal data must be deleted in order to comply with a legal obligation in EU or Member State law to which the person responsible for the treatment is subject.
Personal data was collected in relation to the provision of the information society's services under Article 8, paragraph 1, of the GDPR.
If you apply any of these reasons, and you wish to request the deletion of personal data stored by S.M.A.C. Ltd., you or you can, at any time, contact any employee of the controller. An employee of S.M.A.C. Ltd. promptly fulfills the cancellation request immediately.
If the controller has made personal data public and is required, under Article 17, paragraph 1, to delete personal data, the person responsible for processing, taking into account the available technology and implementation costs, takes reasonable steps, including technical measures, to inform other personnel processors who have requested the deletion of any connection by those controllers. , copying or replicating this personal data, although processing is not required. An employee of the S.M.A.C. Ltd. will organize the necessary measures in the individual cases.
(c) Right to restrict processing
Each person concerned has the right, granted by the European legislature, to obtain from the controller the limitation of treatment if one of the following conditions applies:
The accuracy of personal data is disputed by the person concerned, for a period that allows the processor to verify the accuracy of personal data.
The treatment is illegal and the person is opposed to the deletion of personal data and requires the limitation of their use.
The controller no longer needs personal data for processing purposes, but is required by the person responsible for the establishment, exercise or defence of legal claims.
The person concerned disputed the treatment under Article 21, paragraph 1, of the GDPR pending verification that the person's legitimate motives override those of the person concerned.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the S.M.A.C. S.R.l., he or she may at any time contact any employee of the controller. The employee of the S.M.A.C. S.r.l. will arrange the restriction of the processing.
(f) Right to data portability
Each person concerned has the right, recognized by the European legislature, to receive personal data concerning him, provided to a treatment manager, in a structured format, commonly used and readable by a machine. He has the right to pass this data on to another person responsible for unhindered treatment to the processor to whom personal data has been provided, provided that the treatment is based on the consent referred to in Article 6, paragraph 1, letter a), the GDPR or the point (a) of Article 9 (2) of the GDPR, or a contract under Article 6 , paragraph 1, letter b), of the GDPR, and treatment is carried out by automated means, provided that the treatment is not necessary for the execution of a task carried out in the public interest or in the exercise of public powers conferred on the person responsible for the treatment.
In addition, in exercising your right to carry data under Article 20, paragraph 1, of the GDPR, the person concerned has the right to transmit personal data directly from one controller to another, where it is technically feasible and in doing so does not adversely affect the rights and freedoms of others.
In order to enforce the right to portability of the data, you can contact any employee of S.M.A.C. Ltd. at any time.
(g) Right to object
Each person concerned has the right, recognised by the European legislature, to object, for reasons relating to his particular situation, at any time, to the processing of personal data concerning him, which is based on the point (e) or (f) ) of Article 6, paragraph 1, of the GDPR. This also applies to profiling based on these provisions.
The S.M.A.C. Ltd. will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate reasons for the treatment that overrides the interests, rights and freedoms of the person concerned, or for the establishment, exercise or defense of legal claims.
If the S.M.A.C. Ltd. treats personal data for direct marketing purposes, the person has the right to object at any time to the processing of personal data concerning him for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to the S.M.A.C. S.r.l. for direct marketing treatment, the S.M.A.C. Ltd. will no longer process personal data for these purposes.
In addition, the person has the right, for reasons relating to his particular situation, to object to the treatment of personal data concerning him by S.M.A.C. Ltd. for scientific or historical research purposes, or for statistical purposes under Article 89, paragraph 1, of the GDPR, unless the treatment is necessary for the execution of a task carried out for reasons of public interest.
In order to exercise the right to object, you may contact any employee of S.M.A.C. Ltd. In addition, the person concerned is free in the context of the use of the services of the information society and, in derogation from the 2002/58/EC Directive, to use his right to oppose through automated tools using technical specifications.
(h) Automated individual decisions, including profiling
Each person concerned has the right, granted by the European legislature, not to be subject to a decision based solely on automated treatment, including profiling, which has legal effects on him or her, or affects him significantly, provided that the decision (1) is not necessary to enter into or execute a contract between the person and a data processor. , or (2) is not authorised by EU or Member State legislation to which the person responsible for the treatment is subject and which also establishes appropriate measures to safeguard the rights and freedoms of the person concerned and legitimate interests, or (3) is not based on the explicit consent of the person concerned.
If the decision (1) is necessary to enter into, or execute a contract between the person concerned and a data processor, or (2) is based on the explicit consent of the person concerned, the S.M.A.C. Ltd. implements appropriate measures to safeguard the rights and liberties of the person concerned and the legitimate interests of the person concerned, at least the right to obtain human intervention by the person responsible for the treatment. , to express their point of view and to challenge the decision.
If you wish to exercise your rights to automated individual decision-making, you can contact any employee of the S.M.A.C. Ltd. at any time.
(i) Right to revoke consent to data protection
Each person concerned has the right, granted by the European legislature, to withdraw his consent to the processing of his personal data at any time.
If you wish to exercise your right to withdraw consent, you can contact any employee of S.M.A.C. Ltd. at any time.
12. Data Protection Provisions for the Application and Use of Facebook
On this website, the controller has integrated components of the Facebook company. Facebook is a social network.
A social network is a place for social gatherings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or allow the Internet community to provide personal or business-related information. Facebook allows social network users to include creating private profiles, uploading photos and networking through friend requests.
Facebook's operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside the United States or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
With each call to one of the individual pages of this website, managed by the controller and in which a component of Facebook (Facebook plug-in) is integrated, the web browser on the computer system of the person concerned is automatically required to download the display of the corresponding Facebook component from Facebook through the Facebook component. You can access an overview of all Facebook plug-ins under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is aware of which specific subsite of our website was visited by the person concerned.
If the person concerned has logged in at the same time on Facebook, Facebook detects every call to our website by the person concerned - and for the duration of his stay on our website - which specific secondary site of our Internet the page was visited by the person concerned. This information is collected through the Facebook component and associated with the respective Facebook account of the person concerned. If you click one of the Facebook buttons built into our website, e.g. The "Like" button, or if the person submits a comment, Facebook matches this information with the user's personal Facebook account and stores personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the person concerned, whenever the person connects at the same time on Facebook during the call period to our website. This occurs regardless of whether the person clicked on the Facebook component or not. If such information transmission to Facebook is not desirable for the person concerned, then this may prevent you from logging out of your Facebook account before a call is made to our website.
The data protection guideline published by Facebook, available at https://facebook.com/about/privacy/, provides information about Facebook's collection, processing and use of personal data. It also explains the setting options offered by Facebook to protect facebook's privacy. In addition, there are several configuration options to allow the deletion of data transmission on Facebook. These applications can be used by the person concerned to delete a data transmission on Facebook.
13. Data protection provisions related to the application and use of Google Analytics (with anonymization function)
On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web data analysis is the collection, collection, and analysis of website visitor behavior data. A web analytics service collects, among other things, data on the website from which a person came (the so-called referrer), which subpages were visited, or how often and for what duration a subpage was displayed. Web data analysis is primarily used to optimize a website and to perform a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For web analysis through Google Analytics, the controller uses the "_gat application. _anonymizeIp." Through this application, the IP address of the person's Internet connection is shortened by Google and anonymised during access to our websites by one EU Member State or another state contracting the European Economic Area Agreement.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the data and information collected, among other things, to evaluate the use of our website and to provide online reports, showing activities on our websites and to provide other services related to the use of our website for us.
Google Analytics places a cookie on the person's computer system. The definition of cookies is explained above. With the cookie setting, Google is enabled to analyze the use of our website. With each call to one of the individual pages of this website, managed by the controller and in which a component of Google Analytics has been integrated, the Internet browser on the computer system of the person concerned will automatically send the data through the Google Analytics Component for the purpose of online advertising and commission settlement to Google. In the course of this technical procedure, the Google company acquires knowledge of personal information, such as the IP address of the person concerned, which provides Google, among other things, an understanding of the origin of visitors and clicks and subsequently the creation of commission agreements.
The cookie is used to store personal information, such as the time of access, the location from which it was accessed and the frequency of visits to our website by the person concerned. With each visit to our website, such personal data, including the IP address of the Internet access used by the person concerned, will be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google can transfer this personal data collected through the technical procedure to third parties.
The person concerned can, as mentioned above, prevent the setting of cookies through our website at any time by means of a corresponding modification of the web browser used and then permanently deny the setting of cookies. This adjustment to the Internet browser used would prevent Google Analytics from setting a cookie on the internet system of the person concerned. In addition, cookies already in use by Google Analytics can be deleted at any time through a web browser or other software programs.
Additional information and applicable Google data protection provisions can be found in https://www.google.com/intl/it/policies/privacy/ and http://www.google.com/analytics/terms/us. Html. Google Analytics is further explained below the following link https://www.google.com/analytics/.
14. Data Protection Provisions for the Application and Use of Google
On this website, the controller has integrated the Google button as a component. Google is a so-called social network. A social network is a social meeting place on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or allow the Internet community to provide personal or business-related information. Google allows users of the social network to include the creation of private profiles, upload photos and network through friend requests.
The operating company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
With each call to one of the individual pages of this website, managed by the controller and on which a Button of Google has been integrated, the Internet browser on the computer system of the person concerned automatically downloads a view of the corresponding Google Button through the respective button component of Google. During this technical procedure, Google is aware of which specific subpage of our website was visited by the person concerned. More detailed information about Google is available under https://developers.google.com/+/.
If the person concerned has logged in at the same time as Google, Google recognizes every call to our website by the person and for the duration of his stay on our website, as specific subpages of our website The Internet page has been visited by the person. This information is collected through the Google button, and Google matches this with the respective Google account associated with the person concerned.
If you click on the built-in Google button on our website, and then provide a piece of advice from Google 1, Google assigns this information to the personal user account of the data subject and stores personal data. Google stores the person's recommendation of Google 1, making it publicly available in accordance with the terms and conditions accepted by the person concerned. Subsequently, a recommendation of Google 1 provided by the person on this website along with other personal data, such as the name of the Google account used by the person and the archived photo, is stored and processed on other Google services, such as the Google search engine results, the Google account of the person concerned or in other places, e.g. on Internet pages or in relation to advertisements. Google is also able to link the visit to this website with other personal data stored on Google. Google further records this personal information in order to improve or optimize Google's various services.
Google receives information that you have visited on our website, if you are connected to Our Website at the time of the call to our website. This occurs regardless of whether the person clicked or did not click the Google button.
If you do not wish to transmit personal data to Google, you may prevent this transmission by disconnecting your Google account before calling back our website.
Additional information and Google data protection provisions can be retrieved to the https://www.google.com/intl/en/policies/privacy/ page. Additional Google references related to the Google button can be obtained in https://developers.google.com/+/web/buttons-policy.
15. Data Protection Provisions for the Application and Use of Instagram
On this website, the controller has integrated components of the Instagram service. Instagram is a service that can be qualified as an audiovisual platform, which allows users to share photos and videos, as well as to spread that data on other social networks.
The operating company of services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each call to one of the individual pages of this website, managed by the controller and on which an Instagram component (Insta button) has been integrated, the Internet browser is automatically requested on the computer system of the person concerned. download a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram learns about which specific subpage of our website was visited by the person concerned.
If the person concerned has logged in simultaneously on Instagram, Instagram detects every call to our website by the person concerned - and for the duration of the stay on our website - which specific subpage of the Internet the page was visited by the person. This information is collected through the Instagram component and is associated with the respective Instagram account of the person concerned. If the person concerned clicks on one of the Instagram buttons built into our website, then Instagram matches this information with the person's personal Instagram user account and stores personal data.
Instagram receives information via the Instagram component that the person has visited our website provided that the person is registered on Instagram at the time of the call to our website. This occurs regardless of whether the person clicks the Instagram button or not. If such transmission of information to Instagram is not desirable for the person concerned, then he or she may prevent it by logging out of your Instagram account before a call is made to our website.
Additional information and applicable Instagram data protection provisions can be retrieved to the https://help.instagram.com/155833707900388 page and https://www.instagram.com/about/legal/privacy/.
17. Data Protection Provisions for the Application and Use of Twitter
On this website, the controller has integrated components of Twitter. Twitter is a publicly accessible multilingual microblogging service on which users can post and spread so-called "tweets", e.g. short messages, which are limited to 280 characters. These short messages are available to everyone, including those who are not connected to Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. In addition, Twitter allows you to target a large audience via hashtags, links or retweets.
Twitter's operating company is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED States.
With each call to one of the individual pages of this website, which is managed by the controller and on which a component of Twitter has been integrated (Twitter button), the Internet browser is automatically requested on the computer system of the person concerned. to download a view of the corresponding Twitter component of Twitter. More information about Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter acquires the knowledge of which specific subpage of our website was visited by the person concerned. The purpose of the integration of the Twitter component is the retransmission of the contents of this website to allow our users to present this web page to the digital world and increase the number of visitors.
If the person concerned has logged in at the same time on Twitter, Twitter detects every call to our website from the person concerned and for the duration of his stay on our website that has been subjected to a specific subpage of our Internet page. visited by the person concerned. This information is collected through the Twitter component and associated with the respective Twitter account of the person concerned. If the person concerned clicks on one of the built-in Twitter buttons on our website, Twitter assigns this information to the affected user's personal Twitter user account and stores personal data.
Twitter receives information through the Twitter member who has visited our website, provided that you logged in to Twitter at the time of the call to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If this transmission of information to Twitter is not desirable for the person concerned, this may prevent you from logging out of your Twitter account before a call is made to our website.
Twitter's applicable data protection provisions can be accessed at https://twitter.com/privacy?lang=en.
18. Data Protection Provisions for The Application and Use of YouTube
On this website, the controller has built-in components of YouTube. YouTube is an Internet video portal that allows video publishers to set up free video clips and other users, which also provides free viewing, review and comment on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers and videos made by users through the Internet portal.
YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
With each call to one of the individual pages of this website, managed by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser is automatically requested on the computer system of the person concerned. to download a view of the corresponding YouTube component. More information about YouTube can be obtained under https://www.youtube.com/yt/about/en/. During this technical procedure, YouTube and Google gain knowledge of the specific subpage of our website visited by the person concerned.
If the person is logged in on YouTube, YouTube recognizes with each call to a subpage that contains a YouTube video, which specifies a subpage of our website has been visited by the person. This information is collected by YouTube and Google and assigned to the person's YouTube account.
YouTube and Google will receive information through the YouTube component that you have visited on our website, if you are logged in to our website at the time of the call; This occurs regardless of whether the person clicks on a YouTube video or not. If this transmission of this information to YouTube and Google is not desirable for you, delivery may be prevented if you log out of your YouTube account before a call is made to our website.
YouTube's data protection provisions, available on https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing, and use of personal data by YouTube and Google.
19. Data protection provisions related to the application and use of Smartsupp
On this website, the controller has built-in components of Smatsupp. Smatsupp is a chat communication service that allows you to connect the customer with GioielleriaFiorentina.it via chat saving the communication that has taken place.
Smartsupp's operating company is Smartsupp.com, s.r.o., VAT ID CZ03668681, Milady Horakove 13, 602 00 Brno, Czech Republic (European Union).
More information about Smurtsupp can be obtained under https://www.smartsupp.com/help/privacy/
20. Data protection provisions related to the application and use of TrustPilot
Gioielleria Fiorentina can contact you via email to invite you to review any services and/or products received from us [in order to gather your feedback and improve our services and products (the "Purpose"). We use an external company, Trustpilot A/S ("Trustpilot"), to collect your feedback which means we will share your name, email address and reference number with Trustpilot for the purpose.
If you want to read more about how Trustpilot treats your data, you can find their Privacy Statement here
21. Payment Method: Data Protection Provisions Regarding Using PayPal as a Payment Processor
On this website, the controller has built-in components of PayPal. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments via credit cards when a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there are no classic account numbers. PayPal allows you to activate online payments to third parties or receive payments. PayPal also accepts fiduciary functions and offers buyer protection services.
PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you choose "PayPal" as your payment option in the online store during the ordering process, we automatically transmit the person's information to PayPal. If you select this payment option, you accept the transfer of the personal data required for payment processing.
Personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, phone number, mobile phone number, or other data required for payment processing. The processing of the purchase agreement also requires such personal data, which is related to the respective order.
Data transmission is aimed at payment processing and fraud prevention. The processor will transfer personal data to PayPal, in particular, if a legitimate interest is provided to the transmission. The personal data exchanged between PayPal and the data processor will be transmitted by PayPal to the economic credit agencies. This transmission is intended for identity and credit checks.
PayPal, if necessary, will transmit personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for the data to be processed in the order.
You may withdraw your consent to process personal data at any time from PayPal. A revocation has no effect on personal data that must be processed, used or transmitted in accordance with the processing of payments (contracts).
PayPal's data protection provisions can be retrieved on the https://www.paypal.com/us/webapps/mpp/ua/privacy-full page.
22. Legal basis for processing
Art. 6 (1) on. A GDPR serves as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the execution of a contract to which the person is a party, such as when processing operations are necessary for the supply of goods or to provide any other service, the treatment is based on Article 6, paragraph 1, letter lit. b GDPR. The same applies to the treatment operations required for the implementation of pre-contractual measures, for example in the case of requests for our products or services. Our company is subject to the legal obligation to process personal data, for example for the fulfillment of tax obligations, the processing is based on art. 6 (1) on. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the person or another individual. This would be the case, for example, if a visitor was injured in our company and his name, age, health insurance data or other vital information were to be passed on to a doctor, hospital or other third party. So the processing would be based on art. 6 (1) on. d GDPR. Finally, the processing operations could be based on Article 6, paragraph 1, letter lit. f GDPR. This legal basis is used for treatment operations that are not covered by any of the aforementioned legal grounds, if the treatment is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where those interests are exceeded by the interests or fundamental rights and freedoms of the person who require the protection of personal data. Such treatment operations are particularly permissible as they have been expressly mentioned by the European legislature. He considered that a legitimate interest could be assumed if the person concerned is a client of the processor (considering 47, sentence 2, GDPR).
23. The legitimate interests pursued by the controller or a third party
If the processing of personal data is based on Article 6, paragraph 1, letter lit. For GDPR, our legitimate interest is to do our business for the well-being of all our employees and shareholders.
24. Personal data retention period
The criteria used to determine the retention period of personal data are the respective retention periods required by law. After that period expires, the corresponding data is regularly deleted, provided that it is no longer necessary for the fulfillment of the contract or the start of a contract.
25. Providing personal data as a legal or contractual requirement; Requirement required to enter into a contract; Obligation of the person to provide personal data; possible consequences of not providing such data
We make it clear that the provision of personal data is partly required by law (e.g. Tax regulations) or may also result from contractual provisions (e.g. contract partner information). Sometimes it may be necessary to enter into a contract that the person provides personal data, which must then be processed by us. You are, for example, obliged to provide us with personal data when our company enters into a contract with you or you. Failure to provide personal data would result in the contract with the person concerned not being concluded. Before the personal information is provided by the person concerned, the person should contact any employee. The employee clarifies to the person whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, if there is an obligation to provide personal data and the consequences of the non-supply of personal data.
26. Existence of automated decision-making processes
Asa responsible company, we do not use decision-making or automatic profiling.