Privacy Policy

1. Purpose, data and retention period

We may collect or receive personal information for a variety of purposes related to our business operations, which may include the following:

1.1 Contact - by telephone, mail, email and/or web forms

We use the following data for this purpose:

• A first and last name
• A house or a different physical address, including street name and city
• An email address
• A telephone number

The basis on which we process data is:

Conservation period

1.2 Payments

We use the following data for this purpose:

• A first and last name
• A house or a different physical address, including street name and city
• An email address
• Account name or alias
• A telephone number

The basis on which we process data is:

Conservation period

1.3 Account Registration

We use the following data for this purpose:

• A first and last name
• A house or a different physical address, including street name and city
• An email address
• Account name or alias

The basis on which we process data is:

Conservation period

1.4 Newsletter

We use the following data for this purpose:

• An email address

The basis on which we process data is:

Conservation period

PRIVACY POLICY

The Owner reserves the right to modify or simply update the content, in part or in full, also due to changes in applicable legislation. The Owner will make such changes known as soon as they are applied and will be binding as soon as they are published on the site. The Data Controller therefore invites you to visit this section regularly to become acquainted with the most recent and up-to-date version of the Privacy Policy so that you are always up-to-date on the data collected and its use.

Furthermore, this Privacy Policy only applies to the site www.brandgioielli.it whereas it does not apply to other websites that may be consulted via external links.

Which laws does this document refer to? This privacy policy is drafted taking into account the combined provisions of:

• Law 171/2018 on the Protection of Individuals with regard to the Processing of Personal Data (RSM Privacy Law)
• European Data Protection Regulation EU 2016/679 (EU GDPR)
• Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 and ss.mm.ii (Italian Privacy Code)
• “Cookies and other tracking tools guidelines” of 10 June 2021 of the Italian Data Protection Authority
• European ePrivacy Directive 2002/58/EC“

1. Stakeholders

Website users: www.brandgioielli.it

2. Data Controller and Processors

The data controller is the company Jewit S.r.l with registered office in Via Piandolano, 12 - 47899 Serravalle (RSM) and COE: SM27075 to which you may address to exercise the rights recognised by Law 171/2018 on the Protection of Individuals with regard to the Processing of Personal Data (RSM Privacy Policy)

An up-to-date list of all further Data Processors is available at the Data Controller's head office, which can be consulted.

3. Place of data processing

The Data are processed at the Controller's premises and at any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.

Your Personal Data may be transferred to a country other than the country where You are located. For further information on the processing location, the User may refer to the section on Personal Data processing details.

The User has the right to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or consisting of two or more countries, such as the UN, as well as about the security measures taken by the Data Controller to protect the Data.

4. Types of Data Processed and Purposes of Processing

The Data being processed are of a common type (identification) and navigation data (IP addresses, URI notation addresses, etc.), but on occasion also special and/or sensitive data voluntarily provided for your particular needs (general and particular information on your orientations and preferences; food intolerances; health problems; etc.);
Data provided through the use and navigation of the social platforms used by the owner entails further processing of your personal data by the respective social platform provider, not necessarily limited to your interaction with us. The processing of users' personal data complies with the policies in use on the platforms used. Data shared by users through private messages or comments sent directly to the managers of the channels will be processed in accordance with current data protection regulations and this policy.

The Controller will process your data:

A) without the need for your express consent for the following Service Purposes:

1. Fulfilment of contractual and pre-contractual obligations (formulating an estimate, issuing an invoice, providing a service);
2. Responding to contact requests via forms on the website, via social platforms where the owner is present (Facebook, Instagram, etc) and via instant messaging services (WhatsApp, Messanger, etc);
3. Fulfilment of regulatory obligations, in particular accounting, tax and security obligations;
4. Following the purchase of a product or service, the data controller may communicate to the user further information, also of a commercial nature, concerning the same category of goods as the purchases made. The legal basis for the processing described above is the legitimate interest of the data controller.
5. Litigation management.

The processing of functional Data for the fulfilment of these obligations is necessary for the correct management of the requested service and their provision is compulsory in order to implement the purposes indicated above. Failure to provide the Data may make it impossible for the Data Controller to respond to a possible request from the data subject.

B) only with your specific and separate consent for the following Marketing Purposes:

1. Transmit to you via e-mail, post and/or SMS and/or telephone contact, newsletters, commercial or promotional communications and/or services offered by the Controller; send you information and commercial offers, also from third parties; send advertising and informative material; carry out commercial communications, also interactive; carry out direct sales or placement activities for products or services.
2. Transmit to you questionnaires or other documents in order to detect the degree of satisfaction with the quality of the services offered; process studies and statistical research on sales, customers and other information, and possibly communicate the same to third parties; transfer to third parties the data collected and processed for commercial purposes, including for sale or attempted sale and also outside the territory of the European Union, or for all those purposes of a commercial and/or statistical nature that are lawful. Participate in prize draws related to promotions and commercial initiatives.
3. Please convey my best wishes for the national holidays.

Failure to provide consent for the purposes set out in point B) will not entail any consequences. Consent is optional.

5. Communication and dissemination of data

The data may be communicated externally only to the data subject and to persons explicitly indicated by the data subject. The data will not be further communicated and disseminated except to persons and/or companies duly authorised by the data controller for the best management of the service, to fulfil specific legal obligations always deriving from the service offered, also with regard to tax profiles, or for purposes strictly connected and instrumental to the operation of the service. The data will not be transferred to a third country or international organisation.

The full list of data processors is available by sending a written request to the Data Controller at [email protected].

1. Treatment modalities

The processing of personal data consists of the collection, recording, organisation, storage, communication of the same data. The processing of personal data is carried out for the above-mentioned purposes by automated and computerised means in accordance with Article 5 of the law 171/2018, in compliance with the rules of lawfulness, legitimacy, confidentiality and security provided for by the regulations in force. The data will be kept for a period of time necessary for the purposes for which they were collected or subsequently processed in accordance with legal obligations, and in any case no longer than 5 years.

DATA RELATING TO CHILDREN UNDER 18 YEARS OF AGE

Minors under the age of 18 may not provide personal data. The Data Controller shall not be liable in any way for any collection of personal data, as well as false declarations, provided by the minor, and in any case, should it be found to be so, the Data Controller shall facilitate the right of access and cancellation forwarded by the guardian, custodian or those exercising parental responsibility.

6. Rights of the data subject

The data subject has the right to obtain access to and rectification of his or her personal data. The interested party has the right, for legitimate reasons, to obtain the deletion of their personal data or the limitation of their processing, or to object to their processing, as well as, more generally, to exercise all the rights recognised to them by current legal provisions. In order to exercise his or her rights, he or she may always contact the Data Controller, by sending his or her requests to [email protected], as well as to the Personal Data Protection Authority.

7. Complaint Rights

Data subjects who consider that personal data relating to them are being processed in violation of the law 171/2018, have the right to lodge a complaint:

if in the territory of the Republic of San Marino to the Italian Data Protection Authority (www.garanteprivacy.sm), as provided for in Article 66 of the GDPR-SM, or to take appropriate legal action (Article 70 of the GDPR-SM);

if in the territory of the European Union to the Italian Data Protection Authority (www.gpdp.it), as provided for in Article 77 of the EU GDPR itself, or to take appropriate legal action (Article 79 of the EU GDPR).