Privacy Policy en
Information provided in accordance with Articles 13-14 of the GDPR (General Data Protection Regulation) 2016/679
According to the indicated regulations, data processing will be based on the principles of fairness, lawfulness, transparency and protection of your privacy and rights.
In accordance with Art.13 of the EU Regulation 2016/679 of April 27, 2016 (referred to below as “GDPR”), the company GE.S.I. srl (referred to below as “GESI”) releases this policy statement, updated with respect to the legal dictates introduced with the entry into force of the GDPR, the new data protection and privacy regulation of the European Union.
This information is provided with respect to the studiogesi.it website and activities related and connected to it and PAM. Any other sites that may be consulted through links from the mentioned site are not covered by this document.
This document is an overview of how we process your data and your rights under privacy laws.
1. DefINITIONS
“Website” | It refers to the website studiogesi.it – studio-gesi.com – studiogesi.com |
“Application” | It refers to a program or service operated by GESI (or on behalf of GESI), which can be viewed online, mobile or other environments and platforms, including those operated by third parties, that enable direct interaction with our users. |
“Subject” | It refers to the person to whom the personal data refer who is identified or identifiable, i.e., who can also be identified indirectly, by reference to characteristic information or features, or by the cross-reference of several personal data. |
“Aggregate Data” | It refers to information about groups or categories of users, which do not identify and cannot reasonably be used to identify an individual user. |
“Anonymized Data” | It refers to information that is not directly or indirectly identifying and cannot reasonably be used to identify an individual user. |
“Minors” | It refers to individuals identified by us as minors who are not legally able to consent to the collection and processing of personal data. |
“Parents” | This refers to a parent or legal guardian. |
“Data Controller” | This refers to the data controller responsible for the personal information collected by the Site and Applications, i.e. GE.S.I. srl based in Via Domenico di Somma, 5 – 80016 Marano di Napoli – Naples – Italy |
“Data Processor” | It refers to the personal data controller, which is a person or entity engaged in the processing of personal data on behalf of one or more data controllers, authorized to perform data processing only as directed by the data controller. |
“IP Address” | It refers to an address that identifies the access point through which a person connects to the Internet and is usually controlled by the user’s Internet connectivity provider. |
“Notification” | It refers to a message that may be forwarded by e-mail to the last communicated e-mail address or by other ways in accordance with applicable laws. A notification may also consist of the posting of changes notices on the Site and Applications. |
“Personal Data” | This refers to information that identifies (directly or indirectly) a specific individual, for example, name, mailing address, e-mail address, telephone number, browsing data, IP address. When associated directly or indirectly with personal data, anonymous data are also treated as personal data. |
2. Who is the Data Controller and how can they be contacted?
The Data Controller is GE.S.I. srl, with registered office in Via Domenico di Somma, 5 – 80016 Marano di Napoli – Naples – Italy, VatID IT04509261212.
It is possible to contact us through our Customer Care at the following telephone number (+39)081.586.46.12 or by writing to the following e-mail address: gestioneprivacy@studio-gesi.com for the exercise of all your rights under the EU Regulation.
3. How are the data collected and processed?
We process personal data obtained through:
- Web site data collection forms in the “Work with Us” section;
- Generic website contact forms;
- Contact by Phone;
- Cross-selling activity commissioned by affiliate or agent;
- E-mail requests;
- Freely accessible public sources (business records, media, Internet) or legitimate sources from other companies under GESI or third-party sources, where this is necessary to comply with the data subject’s request;
- Contacts with shipping companies;
Data are processed by automated tools in compliance with the regulations and in accordance with the principles of fairness, lawfulness, transparency, protection of confidentiality and the rights of the data subject, for the time strictly necessary for the performance of transportation services and the processing of related administrative paperwork. Our computer system is structured to counteract data loss, illegal or incorrect use and unauthorized access.
4. Which data is this about?
Relevant data are personal information (e.g., first name, last name, address, phone number, e-mail, and other contact data), identification data (e.g., ID data), authentication data (e.g., signature specimen), and anonymous data. Personal and anonymous data converge into aggregate data.
- Data entered when the Subject submits an application in the “Work with us” section;
- Generic data of the Data Subject which include information about the purchased products/services, addresses related to delivery, tax identification number or VAT number for issuing the detailed tax document (if any), telephone number and payment information, data resulting from the fulfillment of contractual obligations (e.g. payment data from brokers and payment channel operators such as Paypal) and other data similar to the mentioned categories;
- Data related to the characteristics, choices and habits of the data subject;
- Information that the data Subject provides by communicating by telephone, e-mail, or through the contact forms on the Web site when contacting us to obtain information or report a problem;
- Information about events in which the data subject attends, as well as his or her personal information and preferences, to the extent that such information is relevant to organizing and managing such events;
- Data entered into public forms related to the website and applications under it;
- Personal data entered while browsing the Website or through the use of an application linked to it, or on third-party Internet platforms or sites, such as social networking sites, or when a user links his or her profile on a third-party site or platform with the registration account;
- User location information obtained during visit to our site or use of our Applications, relating to the user’s IP address, where the processing of such data is permitted by applicable laws;
- Usage, visualization and technical data, including your device identifier or IP address, when you visit the Site, use our Applications on third party sites and platforms, i. e., open our email messages.
5. Data from third parties
The website user acknowledges that any indication or provision of personal and contact data of any third party other than the data subject himself constitutes a processing of personal data with respect to which he stands as autonomous data controller, assuming all the obligations and responsibilities provided for by the current legislation on personal data. In this sense, the user warrants to GESI that any third party data which will be so indicated by the user (and which will consequently be treated as if the third party had provided in its own right the informed consent to the processing and communication of the data to GESI) has been acquired by the user in full compliance with the current legislation on personal data. The user confers on this point the widest indemnity with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by GESI from any third party concerned due to the provision of the data indicated by the user in violation of the applicable data protection regulations.
6. What are the purposes of data processing activities?
We process personal data in accordance with the rules of the European General Data Protection Regulation pursuant to Article 13 of EU Regulation 2016/679 of April 27, 2016. Although accessing and browsing the Website and using the Applications can be done freely, the ability to use certain online services available on the Website is allowed only upon registration. The registration process consists of filling out an online form in which the user is asked to indicate his personal data – some to be entered obligatorily – for the activation of authentication credentials (email + password) with which the interested subject will subsequently access all areas and services of the Website reserved for registered users. Therefore, in the first place, the primary purposes of the processing are represented by the need to allow the completion of the procedure of prior online registration and the creation of an account and to allow the administrators of the Site the generation and subsequent technical and administrative management (including the purposes of providing support and technical assistance on request) of the account, activation codes, passwords and similar authentication credentials to be used on the Sites as created by users as part of the registration process.
Registered users once authenticated are enabled to use all the services made available online on the Sites:
- Checking the status of already finalized orders;
- Sending files and supplementary information for an existing order;
- Filling a new order;
- Recruitment and selection of staff by GESI for itself or other companies related by corporate and/or contractual relationships, not limited to the sending of service and new position communications
The processing of personal data is directed toward achieving the following primary purposes:
- In respect of contractual obligations
- Of processing related to the provision of services, resulting from a request;
- Of processing related to the provision of goods in the context of the activity and consequent to a request;
- The purposes of data processing are primarily related to the management of services and may include needs for evaluation, management, and execution of transactions (e.g., refunds);
- For administrative and accounting purposes, including the possible transmission by electronic mail of commercial invoices by GESI and/or companies related to it in the provision of the service or the supply of a good or service, for sending communications to the user regarding the account or transactions carried out with GESI. Legal basis for this processing is the performance of contractual or legal obligations. The data will be kept for ten years from the date of collection.
- In respect of legal obligations
- Of treatment related to VAT regulations (VAT tax register, etc.);
- To execute an order of judicial or Police Authorities or vigilance bodies. Legal basis for this processing is the execution of legal obligations to which GESI is subject. The data will be kept for ten years from the date of collection;
- Regard to the legitimate interest
- To recognize the Data Subject and cross-reference information about its interactions with GESI in order to provide accurate and personalized assistance, monitor customer satisfaction and ensure better fulfillment of customer needs. The legal basis for this processing is GESI’s legitimate interest in strengthening ties with its customers and meeting their expectations. The data will be kept for ten years from the date of collection;
- To execute a request from the Data Subject
- The primary purposes also include certain technical processing carried out by means of what are known as “technical cookies” according to what is explained in more detail in the Cookie Policy. In these specific cases, technical processing is aimed solely at carrying out the transmission of a communication over an electronic communications network to the extent strictly necessary to provide the services explicitly requested by users. Legal basis for this processing is the need to execute a request from the Data Subject. The data will be used for the time strictly necessary to manage the functionality provided by the cookies.
In the cases in points a), b), c), d) and e), GESI is not obliged to acquire specific consent from the data subject. In fact, all the processing operations illustrated above pursue primary purposes for which the current legislation excludes the need to acquire specific consent from the data subject, either because the processing is necessary to comply with an obligation laid down by law, regulation or EU legislation, or because the processing is necessary to perform obligations under a contract to which the data subject is a part of, or to comply, prior to the conclusion of the contract, with specific requests made by the data subject, or to pursue legitimate interests of the data controller also taking into account the reasonable expectations of the data subjects.
In accordance with current data protection regulations and the choices of the data subject, personal data may also be processed for the following additional secondary purposes:
- In consideration of the consent of the subject
- For subscribing to mailing lists held by GESI, conducting market surveys and polls (including by telephone, online, through forms), sending advertising and informational material about products and services offered by GESI or GESI’s partners, purchase solicitations, by using automated systems, such as e-mail, fax, SMS or MMS, or by traditional methods (e.g., paper mail), or by telephone with operator (hereinafter collectively “Processing for Mareketing Purposes”). Legal basis for this processing is the consent of the data subject. The data will be kept for the time required to manage the relationship with the interested subject, taking every care to avoid indefinite storage and to facilitate the exercise of the rights due to the same. Consent may be revoked at any time. This also applies to the revocation of statements of consent provided to us before the GDPR came into effect, i.e., before May 25, 2018. A revocation of consent does not affect the lawfulness of data processing in the period prior to the revocation.
Any refusal will have no consequences except the impossibility of being included in statistical analysis and/or profiling and receiving promotions, discounts and targeted communications, based on the data provided, or being informed about any marketing and promo-advertising initiatives. Therefore, for these additional purposes, the processing will take place exclusively according to the purposes and on the basis of the specific consent given by the data subject, which can, however, be revoked at any time.
Although the data subject has given consent to pursue the purposes mentioned in point f), the subject will still be free to revoke it at any time by sending a clear communication to that effect to GESI via the contact service on the Site, or to the email address: gestioneprivacy@studio-gesi.com.
In compliance with current data protection legislation and the choices of the data subject, personal data may also be processed for the following additional secondary purpose:
- Considering the evaluation of interests: Where required, we process your data beyond the actual fulfillment of the contract for the purpose of the pursuit of legitimate interests by us or third parties. Examples:
- Advertising or market and opinion research, unless you object to the use of your data.
- Evaluation of legal claims and defense in legal disputes;
- Video surveillance to protect the right of the owner of the premises to prevent access to unauthorized persons, to collect evidence on robbery, fraud;
- Construction and site security measures (e.g., access controls);
- Measures to ensure the right of the owner of the premises to prevent access to unauthorized persons;
- Measures for operational management and further development of products and services;
7. Soft Spamming
Restricted to the e-mail address provided by the user in the context of the purchase of a service or product through the Website or the Applications, this provided data may be used to allow the direct offer by GESI of similar products or services (”soft spamming”), without prejudice to the user’s right to object at any time and without formality to such processing, manifesting in a suitable and unambiguous manner such will. The request for cancellation may be exercised by the user freely by contacting the owner simply upon receipt of newsletters, by clicking on the unsubscribe link at the bottom of the message received or through the contact service on the Site or by writing to: gestioneprivacy@studio-gesi.com.
8. Data processing methods
The processing will be carried out mainly with IT tools therefore the observance of the minimum precautionary measures of data security and privacy will be kept. In particular, there have been implemented technical, IT, organizational, logistical and procedural security measures in order to prevent loss, illicit or irrelevant use of data and access to them without authorization.
9. Who receives my data?
Within the company, any unit that needs your data to fulfill our contractual and legal obligations will have access to your data. Service providers and auxiliaries commissioned by us may also have access to your data for the purposes indicated. These are companies belonging to the following categories: data processing centers for business and related consulting, logistics, telecommunications, collection, consulting, sales, marketing.
Data may also be communicated:
- To all those subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative measures;
- To all those public and/or private entities, individuals and/or legal entities (legal, administrative and tax consulting firms, Judicial Offices, Chambers of Commerce, Chambers and Offices of Labor, etc.), if the communication is necessary or functional for the proper fulfillment of the contractual obligations undertaken, as well as the obligations arising from the law;
- To banking institutions and companies that operate national or international payment circuits through which online payments are made for products purchased through the Sites.
Presonal data are not resold or transferred to third parties for marketing purposes and under no circumstances will they be disseminated.
10. Will the data be transferred to a third country or international organization?
Data transfer to entities or States outside Italy and the European Union (referred to as third countries) occurs to the extent that (at least one of the following):
- This is necessary for the fulfillment of your orders
- This is required by law (e.g., in relation to reporting requirements under tax laws)
- This is necessary because our supplier (belonging to the categories IT services, logistics, printing services, telecommunications, collection, consulting, sales, marketing) is based in a third country.
- You have given your consent
You can contact us to ask to see a copy of the specific warranty measures as they relate to the export of your information
Keep in mind that in cases where the EU Commission considers that a third party (a third country, territory, international organization) provides an adequate level of protection, the transfer does not require specific authorization from the data subject.
In addition, when we use or disclose personal data transferred from countries that have developed Safe Harbor Agreements with the U.S., we comply with the Safe Harbor principles defined by the U.S. Department of Commerce, we use European Commission-approved standard contractual clauses, we take other measures under European Union laws to ensure adequate protection, or we obtain your consent.
11. How we handle the data of Minors
We do not intentionally collect personal data from Minors in connection with the functionality of the Site. The Services offered fall under the meaning of “Business Services” and therefore a minor would have no reason to provide GESI with their personal data.
12. How long is my data stored?
We will process and store your personal data for as long as necessary to comply with our contractual, legal, tax record-keeping and warranty determination obligations on products and services sold.
13. What are my data privacy rights?
Any subject of data processing may exercise:
- Rights of access according with Article 15 GDPR
- Right to rectification and erasure in accordance with Article 16 GDPR
- Right to restriction of processing in accordance with Article 18 GDPR
- Right to object in accordance with Article 21 GDPR
- Where applicable, the right to data portability in accordance with Article 20 GDPR
- Right to complain in accordance with Article 77 GDPR to the supervisory authority (Privacy Guarantor).
Any data subject may revoke consent to the processing of personal data granted to us at any time. This also applies to revocation of declaration of consent made before the GDPR came into force, that is, before May 25, 2018.
Please note that the revocation is valid for the future and has no retroactive effect on the treatment that took place before it.
14. Am I required to provide my data?
As part of our contractual relationship (buying and selling, subscribing to a service), you have an obligation to provide all personal data required for the purpose of the performance of the service, sale or otherwise the purposes stipulated in the concluded agreement. This obligation also relates to the data we are required to collect under the law. Without such data, we are in principle unable to enter into or perform a contract with you.
15. Will the data collected be subject to profiling?
Some data are processed automatically, with the aim of evaluating certain aspects (profiling). For example, profiling is used to be able to specifically notify and advise you about products and services. This allows communications and marketing to be tailor-made as needed, including market research and surveys;
16. Changes to this privacy policy
We may occasionally make changes to this Privacy Policy in order to incorporate new technologies, industry practices, regulatory requirements, make improvements in processing techniques, or for other purposes. We will notify you with appropriate Notification if such changes are significant and obtain your consent where required by applicable law.
Last update: Oct 2022
About your right to object in accordance with Article 21 of the GDPR
1. Right to object to data processing for direct marketing purposes
In individual cases, we process your personal data to carry out direct marketing activities. You have the right to object to the processing of your personal data for purposes related to this kind of marketing activity at any time. This also applies to profiling where it is in direct connection with such direct marketing activity.
If you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose.
2. Rights of objection of the data subject
For reasons related to your particular situation, you have the right to object at any time to the processing of your personal data under Article 6 of the GDPR. This also applies to profiling on the basis of this standard under Article 4 of the GDPR.
In case of an objection, we will no longer process your personal data unless we can provide evidence of compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or unless the processing serves the exercise, performance or defense of interests. It should be kept in mind that in such cases the company will not be able to provide services, products and enter into agreements.
The objection should be addressed to: GE.S.I. srl – Via Domenico di Somma, 5 – 80016 Marano di Napoli (Naples), Italy or by e-mail to: gestioneprivacy@studio-gesi.com