Privacy policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA (PRIVACY POLICY)
Pursuant to EU Regulation 2016/679 (GDPR)
Glamour Group Srl unipersonale, as the Data Controller, wishes to inform you that the processing of your personal data will be based on the principles of lawfulness, correctness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality. Your personal data will be processed in accordance with all applicable legislation and the confidentiality obligations set out therein.
1. Data controller.
Glamour Group Srl unipersonale (F.C./Tax ID No. 04158400285) is the Data Controller. The pro tempore legal representative can be contacted via email (privacy@glamour-textiles.it) at the company’s registered office in S. Giustina in Colle (PD), Viale dell’Artigianato, 67.
2. Types of data processed
The Data Controller processes the following categories of personal data for the purposes set out in this notice: name, surname, company name, tax ID No. and VAT Reg. No., contact data (e-mail, PEC, phone number), payment data.
The data are processed by both paper and digital means, only to the extent necessary for the purposes set out in point 3. If you provide personal data belonging to third parties (e.g. your employees or collaborators), you must ensure that you are entitled to provide their personal data on the basis of an appropriate legal basis legitimising the processing. In light of the aforementioned circumstances, you are an autonomous data controller and assume all obligations and responsibilities as stipulated by law. With regard to this matter, you are indemnified to the fullest extent permitted by law in the event of any dispute, claim, or request for compensation for damages resulting from the processing of personal data by third parties in violation of applicable regulations.
3. Purpose and legal basis of the processing
The personal data you provide will be processed for the following purposes:
| Purpose of processing | Legal basis for the processing | Type of data being processed | Compulsory or optional nature of data provision | Consequences of refusal to provide data and/or failure to provide data |
| 1.- The processing of requests for information, the execution of contracts (and related pre-contractual activities), and the management of connected fulfilment activities. | – The execution of a contract with the data subject (GDPR, Art. 6(1)(b)). – Compliance with legal obligations (GDPR, Article 6(1)(c)). |
Common personal data. | Compulsory | Failure to respond to the request or to establish and/or maintain the contractual relationship with the data subject. |
| 2.- Sending informative and promotional e-mails on products or services offered by the Controller that are similar to those already purchased (so-called soft spam). | – The Controller may also have a legitimate interest in advertising services or products similar to those already purchased to its customers (Art. 130(4) of Italian Leg. Decree 196/2003 and subsequent amendments)*. | Common personal data. | Optional. | In the event of an objection from the data subject, the data controller will refrain from sending informative and promotional e-mails relating to products and/or services similar to those already purchased. |
| 3.- The sending of informative and promotional emails on behalf of the Controller concerning the Controller’s products or services (direct marketing). | Consent of the data subject (GDPR, Art. 6(1)(a))**. | Common personal data. | Optional. | The Data Controller will not send informative and promotional e-mails. |
| 4.- Conducting defensive investigations. | The Data Controller has a legitimate interest in protecting its rights (GDPR, Art. 6(1)(f)). | Common personal data. | Compulsory. | Inability to establish and/or continue the contractual relationship with the data subject. |
| 5.- Determining, exercising, or defending a right, including that of a third party, in a court of law, or when the judicial authorities perform their jurisdictional functions. | This is legitimate data processing in accordance with current legislation (GDPR, Art. 6(1)(f)). | Common personal data. | Compulsory. | Inability to establish and/or continue the contractual relationship with the data subject. |
* The data subject has the right to object to receiving promotional e-mails on products and services similar to those already purchased (so-called soft spam) at any time. To do so, simply select the unsubscribe link present in each mailing or write to the Data Controller at the addresses indicated in point 1 of this information notice.
** The data subject may revoke consent at any time by selecting the unsubscribe link in each mailing. The initial consent given does not affect the lawfulness of the processing carried out prior to revocation.
4. Automated decision-making processes
We do not apply automated decision-making processes to the processing of personal data for the purposes set out in this policy.
5. Communication, dissemination. Categories of recipients of personal data.
Your data will be processed by employees, collaborators and agents working on behalf of the Data Controller, who are specifically authorised and bound to confidentiality.
Your personal data may be shared with public bodies (such as Tax Authorities, Inland Revenue Agency or other public bodies to which the data must be communicated by law), professionals and service companies for company administration and management who operate on behalf of the company (e.g. accountants, lawyers, technical consultants, etc.); insurance companies, those responsible for maintaining computer systems, suppliers/maintainers of software used to carry out processing operations, agencies that handle marketing campaigns, system administrators, couriers, forwarding agents and, in the event of the need to ascertain and repress crimes, judicial authorities and/or police forces. Your personal data will not be disseminated.
6. Transfer of data outside the European Economic Area (EEA).
Your data will be processed and stored within the European Economic Area.
7. Data retention period.
The data will be processed for 10 years from the termination of the relationship for the following purposes: execution of the contract; defensive purposes; ascertainment, exercise or defence of a right in court.
This period may be extended if necessary in relation to pending litigation. We will process data for sending commercial communications until the right to object is exercised (in the case of soft spam) or until consent is withdrawn (in the case of direct marketing).
If you require further information regarding the period of retention of personal data and the criteria used to determine this period, please contact the Data Controller using the contact details provided above in point 1 of this policy.
8. Rights of the data subject..
In your capacity as a data subject, with regard to the processing of your personal data, you have the right to (i) access your personal data (Art. 15 GDPR), (ii) obtain the rectification of inaccurate personal data, the integration of incomplete data (Art. 16 GDPR), (iii) obtain the deletion of data (Art. 17 GDPR), (iv) obtain the restriction of processing (Art. 18 GDPR), (v) oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection, and oppose processing carried out for the purpose of sending advertising or direct selling material or for carrying out market research or commercial communication (Art. 21 GDPR), (vi) obtain data portability, i.e. to receive in a structured, commonly used and machine-readable format the personal data concerning you that you have provided to the data controller (Art. 20 GDPR). In certain cases, exercising these rights may be restricted, as set out in Art. 23 of the GDPR.
Requests relating to the exercise of the aforementioned rights should be addressed to the data controller using the contact details: e-mail privacy@glamour-textiles.it.
9. Complaints
If you believe that your personal data has been processed in a manner that does not comply with the law, you have the right to lodge a complaint with the supervisory authority of the EU Member State in which you normally reside or work, or of the place where the alleged breach occurred. In Italy, the supervisory authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it).