DATA CONTROLLER AND CONTACT DETAILS

LISCIANI GIOCHI S.P.A. is the Data Controller for the personal data processed through the website www.liscianigiochi.com

The registered office is located at Via Giacomo Ruscitti, Zona Ind.le Sant'Atto, 64100 Teramo (Te), VAT number 00723030672. For privacy matters, you can contact us via email at [email protected], or by phone at +39 0861 2311.

The official website address is: https://www.liscianigiochi.com

DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS

The personal data of newsletter subscribers are collected through the subscription form.

The processing is carried out in full compliance with applicable regulations, ensuring the security, confidentiality, and protection of the data in our possession, as well as the fundamental rights and freedoms recognized under the GDPR.

TYPE OF DATA COLLECTED AND DATA SOURCES

The personal data processed are those voluntarily provided by the user when filling out the online forms to subscribe to the newsletter. Only the email address of the data subject is collected.

PURPOSE OF THE PROCESSING

1. Newsletter/direct marketing activities of the Data Controller: Upon registration to the newsletter, the data subject's email address is automatically added to a mailing list to which periodic emails may be sent containing informational messages, including technical, commercial, promotional, and/or marketing content.

2. Customer satisfaction surveys: Personal data is processed to send satisfaction surveys to customers via email.

LEGAL BASIS

The legal basis for processing is the consent given through declaration regarding the sending of newsletters and satisfaction surveys (Article 6, paragraph 1, letter a GDPR). According to Article 7 of the GDPR, the data subject can withdraw their consent at any time. Withdrawal of consent can be done using the link in the footer of the newsletter email, which will stop the sending of the newsletter. The withdrawal does not affect the lawfulness of the processing carried out prior to the withdrawal.

RECIPIENTS AND CATEGORIES OF RECIPIENTS

The personal data processed by the Data Controller are not disseminated.

However, they may be communicated to external subjects designated as Data Processors (such as third-party technical service providers, hosting providers, IT companies, communication agencies, website management and development service providers, server and network assistance and maintenance services, newsletter platform providers) or to subjects authorized to process data as operating under the authority of the Data Controller, or other subjects involved in the organization of this website (administrative, commercial, marketing, legal personnel, system administrators).

Finally, they may be communicated to subjects authorized to access them by virtue of laws, regulations, or EU regulations. For compliance with legal obligations or for the verification of responsibility in the case of computer crimes against the site, the data may be communicated to, or allocated to, third parties.

The updated list of Data Processors can always be requested from the Data Controller.

In particular, the infrastructure for managing and sending newsletters is entrusted to Brevo Sas, legal headquarters at 55 rue d’Amsterdam, 75008 Paris, France.

TRANSFER TO FOREIGN COUNTRIES

The data are processed at the Data Controller's operational locations and at any other location where the parties involved in the processing are located, so the Data Controller does not transfer this personal data to third countries or non-EU international organizations.

However, it reserves the right to use cloud services; in such case, service providers will be selected from those offering adequate guarantees, as provided by Article 46 GDPR. For the processing of information and data that may be communicated to these entities, equivalent levels of protection will be required as those adopted for the processing of personal data of its employees. In any case, only the necessary data for the pursuit of the intended purposes will be communicated, and the applicable regulatory tools will be applied.

DURATION OF PROCESSING

The Data Controller retains and processes personal data for the time necessary to fulfill the purposes indicated, or for the period during which the Data Controller will keep the service active, unless consent is revoked by the data subject. In each message, the User will be reminded that they have the right to unsubscribe from the service through a specific link in the footer of each email.

MODALITIES AND NATURE OF THE PROVISION

The data is collected and recorded lawfully and fairly for the above-mentioned purposes, in compliance with the principles and provisions of Article 5, Paragraph 1 of the GDPR.

The processing of personal data is carried out using manual, IT, and telematic tools, with logic strictly related to the purposes themselves, and in any case, in a way that guarantees security and confidentiality.

The provision of data for the aforementioned purposes is entirely voluntary. The refusal of the data subject to provide personal data, the lack of consent, or the revocation of consent for one or more purposes will make it impossible to use the related services or to receive the newsletter.

SECURITY MEASURES

The transfer, storage, and processing of the data of the Data Subject collected through the website are ensured through appropriate technical and security measures. Some of the main security measures include:

  • All the Data Subject’s information is protected with access keys chosen by the user, passwords are not stored in clear text;
  • The site uses an encrypted HTTPS connection;
  • A secure e-commerce platform with integrated security protocols is used;
  • Complex passwords are used;
  • The data of the Data Subjects is collected, stored, and kept on a secure server protected by a firewall and physically located in a web farm with controlled access located in the EU.

AUTOMATED PROCESSING

Under no circumstances does the Data Controller perform processing that involves decisions based on automated processes related to the data of natural persons.

DATA SUBJECT RIGHTS

In accordance with and subject to the conditions set forth in the data protection regulations regarding the exercise of the rights of Data Subjects (Articles 15 to 22), concerning the processing covered by this Privacy Notice, users, as Data Subjects, may exercise certain rights in relation to the data processed by the Data Controller.

In particular, the Data Subject has the right to:

  • Withdraw consent at any time (where required)
  • Object to the processing of their data
  • Access their data
  • Verify and rectify their data
  • Restrict the processing
  • Delete or remove their personal data
  • Data portability

Furthermore, the Data Subject has the right to lodge a complaint with the competent data protection authority or to take legal action if they believe that the processing of their data violates the provisions of the GDPR, according to Article 77 of the GDPR.

The Data Subject may withdraw consent at any time by using the designated link in the footer of each newsletter email, which will stop the sending of the newsletter.

How to exercise your rights

If you wish to request further information on the processing of your personal data or exercise your rights, you can contact us in writing at the email address [email protected] using the appropriate "Rights Exercise Form". Requests are free of charge and will be processed by the Data Controller as soon as possible, in any case within one month.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this privacy policy at any time by informing the Users via email and on the Website. The Data Controller will collect the Data Subject's consent again if necessary.

Last modified: 21/06/2024