PRIVACY
& COOKIE POLICY
1) Introduction
Gens Aurea S.p.A. takes the user's privacy seriously and is committed to respect it. This privacy policy ("Privacy Policy") describes the personal data processing activities carried out by Gens Aurea S.p.A., through the Luxuryzone.it website and the related commitments undertaken by the Company to that effect. Gens Aurea S.p.A. may process the user's personal data when he/she visits the website and uses the services and features on the website. In the sections of the website collecting the personal data of the user, a specific information is normally published according to art. 13/15 of EU Reg. 2016/679.
Where provided by EU Reg. 2016/679, the user’s consent will be required before proceeding with the processing of his/her personal data for marketing purposes. If the user provides personal data of third parties, he/she must ensure that the communication of the data to Gens Aurea S.p.A. and the subsequent processing for the purposes specified in the applicable privacy policy is in compliance with EU Reg. 2016/679 and applicable law 2016/679.
2) Details of the owner, Managers and DPO
Gens Aurea S.p.A. (Fiscal Code, VAT Number and Company Register Number 06702220960 with registered office in Osnago 23875, via Mazzini,24) info@gens-aurea.iti
DATA PROTECTION OFFICER (Osnago 23875, via Mazzini24), rdp@gens-aurea.it
3) Type of data processed
The visit and consultation of the Website do not generally involve the collection and processing of personal data of the user except for navigation data and cookies as specified below. In addition to so-called "navigation data" (see below), personal data processed may be voluntarily provided by the user when he/she interacts with the functionality of the website or asks to use the services offered on the website. In compliance with the privacy regulations, Gens Aurea S.p.A. may also collect his/her personal data from third parties in the course of its activities.
Personal data provided by the user
Most of the user's personal data is provided when he/she's searching, booking, purchasing and communicating with us via Tawk.to chat or our customer service. The user provides, for example, personal data when: he/she searches for a product, makes a booking and a purchase, provides personal data for the profile, communicates with us by phone, email or otherwise, fills in a questionnaire or a contest entry form, uses our services, fills out a Wish List or other gift lists, participates in a discussion groups or other community features, writes and evaluates reviews, requests alerts and/or notifications. Here is the data the user provides: name, address and phone number, content of reviews and emails sent to us, chat conversations.
Data automatically collected
We collect and analyze data such as: the Internet protocol (IP) address used to connect the user's computer to the Internet, login, email address, password, computer and connection information such as browser type and version, time zone settings, types and versions of "browser plug-ins", operating system and platforms, orders history, data we sometimes combine with similar information collected by other customers for the purpose of creating functions such as "Best Sellers", the complete URL (Uniform Resource Locators) path (including date and time), the number of cookies, the products viewed or searched for, and any phone number you used to contact our customer service. We may also use browser data such as cookies, Flash cookies (also known as Flash Local Shared Objects), or similar data collected through certain parts of our website to prevent fraud and for other purposes. During some visits, we may use software tools such as JavaScript to evaluate and collect sessions information, including page load duration, download errors, duration of visits to certain pages, interaction information with pages (such as scrolling, clicking and cursor movements on pages) and methods used to exit the page. We may also collect technical information to help us identify your device for fraud prevention and diagnostic purposes.
Data automatically collected
We collect and analyze data such as: the Internet protocol (IP) address used to connect the user's computer to the Internet, login, email address, password, computer and connection information such as browser type and version, time zone settings, types and versions of "browser plug-ins", operating system and platforms, orders history, data we sometimes combine with similar information collected by other customers for the purpose of creating functions such as "Best Sellers", the complete URL (Uniform Resource Locators) path (including date and time), the number of cookies, the products viewed or searched for, and any phone number you used to contact our customer service. We may also use browser data such as cookies, Flash cookies (also known as Flash Local Shared Objects), or similar data collected through certain parts of our website to prevent fraud and for other purposes. During some visits, we may use software tools such as JavaScript to evaluate and collect sessions information, including page load duration, download errors, duration of visits to certain pages, interaction information with pages (such as scrolling, clicking and cursor movements on pages) and methods used to exit the page. We may also collect technical information to help us identify your device for fraud prevention and diagnostic purposes.
4) Cookies and navigation data
The Website uses "cookies". By using the Website, the user consents to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard drive of the user’s computer. There are two macro-categories of cookies: technical cookies and profiling cookies.
Technical cookies are necessary for the proper functioning of a website and to allow the user to navigate; without them the user may not be able to correctly view the pages or use certain services.
Profiling cookies have the task of creating user profiles in order to send advertising messages in line with the preferences he / she expressed while browsing.
Cookies can also be classified as:
_ "session" cookies, which are deleted immediately when the browser is closed;
_ "persistent" cookies, which remain in the browser for a certain period of time. They are used, for example, to recognize the device connecting to a site by facilitating authentication operations for the user;
_ "own" cookies, generated and managed directly by the operator of the website the user is browsing on;
_ "third party" cookies, generated and managed by parties other than the operator of the website the user is browsing on.
5) Cookies used on the site
This website uses cookies. Cookies are important for the proper functioning of a website. To improve the user experience, we use cookies to store access data and ensure secure access, collect statistical data to optimize the functionality of the website and, prior to user's consent, provide personalized content, customized on each user's interests. Click "Accept All" to give your consent and go directly to the website or make a selection from "Preferences", "Statistics", "Marketing" to view detailed descriptions of the types of cookies and choose which ones to accept and then click on "Accept selected". Click "Reject" to reject all cookies (except those strictly necessary) and continue browsing the website. For "More information" select the space below
6) How to disable cookies in browsers
Google Chrome
- Click on the wrench icon on the browser bar
- Select "Settings"
- Click on "Show advanced settings"
- In the "Privacy" section, click on the "Content Settings" button
- To enable cookies, in the "Cookies" section, select "Allow data to be stored locally". This will enable both first-party and third-party cookies. To enable only first-party cookies, instead, activate the "Block third-party cookies and site data".
- To completely disable cookies, select "Prevent sites from setting data"
- Note that there are different levels of cookie enabling in Chrome. For more information about setting cookies on Chrome, refer to the following page from Google: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647
Microsoft Internet Explorer 6.0, 7.0, 8.0
• Click on "Tools" at the top of the browser window and click on "Internet Options"
• Move to the "Privacy" tab
• To enable cookies: Move the selector to "Average" or lower
• To disable all cookies: Move the selector completely to another
• Note that there are different levels of cookie enabling on Internet Explorer. For more information about setting cookies on Internet Explorer, refer to the following page from Microsoft:
http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
Mozilla Firefox
• Click on "Options" from the browser menu
• Select the "Privacy" panel
• To enable cookies: Select "Accept cookies from sites"
• To disable cookies: Uncheck "Accept cookies from sites"
• Note that there are different levels of cookie enabling on Internet Explorer. For more information about setting cookies on Internet Explorer, refer to the following page from Mozilla:
US/kb/Enabling%20and%20disabling%20cookies
Opera
• Click on "Settings" from the browser menu
• Select "Quick Settings"
• To enable cookies: select "Enable Cookies"
• To disable cookies: uncheck "Enable Cookies"
• Note that there are different levels of cookie enabling on Internet Explorer. For more information about setting cookies on Opera, please refer to the following page from Opera Software:
http://www.opera.com/browser/tutorials/security/privacy/
Safari on OSX
• Click on "Safari" from the menu bar and select "Preferences"
• Click on "Security"
• To enable cookies: In the section "Accept cookies" select "Only for the site I’m browsing"
• To disable cookies: In the section "Accept cookies" select "Never"
• Note that there are different levels of cookie enabling on Internet Explorer. For more information about setting cookies on Opera, refer to the following page from Apple:
http://docs.info.apple.com/article.html?path=Safari/3.0/en/9277.html
For all browsers refer to the online support of the browser you are using.
7) Retention of personal data (Monday)
Personal data are stored and processed through computer systems managed by Tech Srl, as technical service providers; for more details, please refer to the section "Accessibility of personal data" below. The data are processed exclusively by specifically authorized personnel, including personnel in charge of performing extraordinary maintenance operations. The data will be stored for a maximum period related to the function chosen, for marketing purposes and for sending the newsletter for a period of six years.
8) Purpose and methods of data processing
Gens Aurea S.p.A. may process the user's common personal data for the following purposes: use of services and features on the Website, management of requests and reports by the users, sending of newsletters.
Moreover, with the additional and specific optional consent of the user, Gens Aurea S.p.A. may process personal data for marketing and profiling purposes, that is to send the user promotional material and/or commercial communications relating to the products and services of the Company and/or third parties with whom the aforementioned Company has concluded commercial and/or marketing agreements at the indicated addresses, develop studies, statistical and market research, verify the level of user satisfaction and for each customers' loyalty activity, through both traditional (such as, paper mail, phone calls with operator, etc.) and automated (such as, internet communications, fax, e-mail, sms, mobile applications such as smartphones and tablets -cd. APPS-, social network accounts -e.g. via Facebook or Twitter-, automatic operator calls, etc.) means of communications.
Personal data are processed both in paper and electronic form and entered in the company’s information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles and inspired by the principles of fairness and lawfulness of processing.
9) Security and quality of the personal data
Gens Aurea S.p.A. is committed to protect the security of the user's personal data and complies with the security provisions required by the applicable law in order to avoid data loss, unlawful or illicit use of data and unauthorized access to them. Furthermore, the information systems and computer programs used by Gens Aurea S.p.A. are configured in such a way as to minimize the use of personal and identifying data; these data are processed only for the aim of achieving the specific purposes pursued from time to time. Gens Aurea S.p.A. uses several advanced security technologies and procedures to help protect your personal data; for example, personal data are stored on secure servers located in places with safe and controlled access. We are committed to protecting the security of the user's personal data when they are sent, using the standard cryptographic SSL protocol for the information entered.
The user can help Gens Aurea S.p.A. to update and maintain correct their personal data by communicating any changes related to their address, their qualification, contact information, etc.
10) Scope of communication and data access
The user's personal data may be disclosed to:
• all the subjects whose right of access to such data is recognized according to the normative measures;
• to our employees, as part of their duties;
• to our affiliates and to all natural and/or legal persons, public and/or private persons when the communication is necessary or functional to the performance of our activity and in the ways and for the purposes explained above;
We use other companies and natural persons to carry out certain activities on our behalf. For example, to process reservations, deliver parcels, send traditional mail and email, remove repetitive information from customer lists, analyze data, provide marketing assistance, provide search results and links, make payments with credit cards and provide services to customers. These providers only have access to personal data that is necessary to perform their duties. They may not use such data for other purposes and are also required to process personal data in accordance with this Privacy Policy, and the applicable data protection regulations.
We only disclose account data and other personal data where this is expressly required by law or by the Authorities; to enforce or apply our General Terms of Use and Sale and other agreements; to protect our assets or rights, as well as the security of luxuryzone.it, our users or other subjects. This includes exchanging information with other companies and organizations that provide fraud prevention or credit risk reduction.
11) Nature of granting the personal data
The provision of certain personal data by the user is mandatory to allow the Company to manage communications, requests received by the user or to contact the user to follow up his request; in this case the conferment is mandatory to allow the Company to comply with the request that, otherwise, cannot be processed. On the contrary, the collection of other data is optional: the failure to provide will not imply any consequences for the user.
The provision of personal data by the user for marketing purposes, as specified in the section "Purposes and methods of processing", is optional and the refusal to provide them will have no consequences. The consent given for marketing purposes is extended to the sending of communications made through both automated and traditional methods and/or means of contact, as illustrated above.
12) Rights of the data subject
12.1 Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679
The data subject has the right to obtain from the data controller confirmation that personal data concerning him or her are being processed or not, and in this case, to obtain access to the personal data and the following information:
- a) the purposes of the processing;
- b) the concerned categories of personal data;
- c) the recipients or categories of recipients the personal data have been or will be disclosed to, in particular if recipients of third countries or international organizations;
- d) the estimated storage period for personal data or, if this is not possible, the criteria used to determine that period;
- e) the existence of the data subject’s right to ask the data controller to rectify or delete the personal data or to restrict the processing of personal data concerning him or her or to object to their processing;
- f) the right to lodge a complaint with a supervisory authority;
- g) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
12.2 Right according to art. 17 of Reg. EU 2016/679 - right to cancellation («right to be forgotten»)
The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay and the data controller has the obligation to delete personal data without undue delay, if one of the following reasons exists:
a) personal data are no longer necessary for the purposes they were collected for or otherwise processed;
1. b) the data subject revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing;
2. c) the data subject objects to the processing according to Article 21, paragraph 1, and there is no predominant legitimate reason to proceed with the processing, or he/she opposes the processing according to Article 21, paragraph 2;
3. d) personal data have been unlawfully processed;
4. e) personal data must be deleted in order to fulfil a legal obligation under the law of Union or State member the controller is subject to;
5. f) the personal data have been collected in relation to the provision of information company services referring to Article 8, paragraph 1 of EU Reg. 2016/67912
12.3 Right as for art. 18 Right to processing restriction
The person concerned has the right to obtain from the Data Controller the limitation of the processing in the following cases:
- a) the person concerned disputes the accuracy of the personal data, for the period required for the Data Controller to check the accuracy of these personal data;
- b) the processing is unlawful and the person concerned objects to the deletion of the personal data and instead requests the use to be limited;
- c) although the Data Controller no longer needs the data for the purposes of the processing, the personal data are required by the person concerned for the confirmation, exercise or defence of a right in a legal forum;
- d) the person concerned has objected to the processing in accordance with article 21, paragraph 1, EU Regulation 2016/679 while awaiting the verification of the prevalence of legitimate reasons of the Data Controller over those of the person concerned.
12.4 Right referred to in article 20 Right to the data portability
1. Withdrawal of consent to processing
The data subject may revoke the consent to the processing of his / her personal data by sending a PEC (Certified Electronic Mail) to gensaureaspa@legalmail.it; info@gens-aurea.it or rdp@gens-aurea.it or a registered letter to the following address: Gens Aurea S.p.A., registered office in Osnago, via Mazzini,24 accompanied by a photocopy of his / her identity document, with the following text: "Withdrawal of consent to the processing of my personal data. At the end of this operation, if there is no legal obligation to process the user’s personal data, they will be removed from the archives as soon as possible.
For further information on the processing of the user's personal data, or to exercise the rights referred to in point 12 above, he / she can send a PEC (Certified E-mail) to the addresses gensaureaspa@legalmail.it; info@gens-aurea.it or rdp@gens-aurea.it or a registered letter to the following address: Gens Aurea S.p.A., registered office in Osnago, via Mazzini,24. Before the user can provide or change any information, it may be required to verify his / her identity and answer some questions. An answer will be provided as soon as possible.
1. Right to contact the Authority
The user has the right to lodge a complaint with the competent authority (Data Protection Authority)