Notice pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”)
The methods for processing personal data are collected automatically or provided by you through the browsing or use of the website http://www.gruppoboero.it (hereinafter, the “Website”) are illustrated below.
The Data Controller is Boero Bartolomeo S.p.A., in the person of the legal representative, domiciled at the registered office in Genoa, Via Giuseppe Macaggi no. 19 (hereinafter “Boero”, “Company” or “Data Controller”).
Type of data processed
To allow you to use the Website and its services, including the possibility of making purchases, registering and contacting Boero for specific requests (hereinafter, the “Services”), the Data Controller needs to know and process some of your personal data.
Data voluntarily communicated by the user
In order to register, the Data Controller needs to process your name and surname and your email address. To allow you to purchase our products, however, your name and surname, your tax code, your home address, your contact details (such as telephone number and email) and your payment details will be required. Any optional, explicit and voluntary sending of email messages requires us to acquire your personal data, your email address, as well as any other data entered in the message or in the forms sent by you.
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or the domain names of the computers used by users accessing the website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data, necessary to use the Website, are processed for the sole purpose of obtaining statistical information on the use of the Services (most visited pages, number of visitors per hour or day, geographical areas, etc.) and to verify the Services offered work correctly. The browsing data are deleted immediately after the session is closed but may be used by judicial authorities when needed in investigating crimes.
Purpose, Lawfulness of Processing and Provision of Personal Data
Use of the conternt and Services of the Website (i) and guarantee of network and information security (ii, iii) defence of a right (iii). This purpose includes, for example, the possibility of making purchases through the sellers operating on the Website, as well as the possibility of forwarding requests and communications via the Website
Furthermore, this purpose includes the processing of personal data relating to traffic, to an extent strictly necessary and proportionate to guarantee the security of networks and information. In addition, this purpose includes the exercise of the right of defence in court.
(i) Performance of a contract to which you are a party
(ii) Compliance with legal obligations
(iii) Legitimate interests
The provision of personal data is mandatory.
Failure to authorise data processing would make it impossible to use the content and services of the Website.
Furthermore, failure to authorise data processing would make it impossible to guarantee network and information security.
Signing up to the newsletter and receiving direct promotional and marketing information (i). This purpose includes being able to sign up to our newsletter and having direct marketing communications and information about our Services and our offers, in addition to those on discounts and any other promotional and loyalty initiative adopted, both through traditional contact systems which are fully automated, such as, for example, by using your email address.
(i) Express Consent
The provision of personal data is optional.
Failure to authorise personal data processing, while not preventing the use of the Website in any way, may not allow you to fully take advantage of the benefits we offer our community through our newsletter and information of a promotional and direct marketing nature.
Receiving offers, discounts and other benefits based on profiling (i). This purpose includes the possibility of receiving offers, discounts and any other benefits and promotional initiatives tailored to your specific needs and propensity to buy, also by taking part in loyalty programmes requiring registration, identification and profiling of data relating to your purchase volumes, habits and consumption choices.
(i) Express Consent
The provision of your personal data is optional. Failure to authorise data processing, while not preventing the use of the Website in any way, may not allow us to send you customised communications based on your needs and propensity to buy.
Personal browsing data and those acquired through the use of the Website will be deleted at the end of the browsing session. With regard to the processing of your personal data for direct marketing purposes, the Company ensures automatic deletion of your personal data, or their transformation into anonymous form in a permanent and non-reversible way, after 24 months from recording the collected data. Regarding the processing of your personal data for profiling purposes, in compliance with regulatory requests and provided that they have been explicitly authorised by you, the Company ensures automatic cancellation of your personal data, or their transformation into anonymous form in a permanent and non-reversible way, after 12 months from recording those used for profiling purposes. Regarding any other personal data acquired, not being able to accurately predetermine their storage period, the Data Controller undertakes from hereon in to process in line with the principles of adequacy, relevance and minimisation of data, as required by the GDPR, verifying on an annual basis the need for their storage. This is without prejudice to the case in which it is necessary to keep such data to comply with legal obligations, or to ascertain, exercise or defend a right in court.
Categories of Recipients of Personal Data
Personal data processed will not be disclosed to third parties, but may in any case be disclosed in relation to the processing purposes previously set out to the following subject:
- those who can access the data by virtue of the legal obligation provided for by the law of the European Union or that of the Member State to which the Data Controller is subject;
- data controllers belonging to our business group or institutions connected to a central body exclusively for internal administrative purposes;
- subjects who perform support purposes to the activities and services referred to in paragraph 3, or sellers of our products as joint data controllers, companies that offer advertising, marketing and communication services, companies that offer IT infrastructure and support services and IT consultancy as well as design and implementation of software and Internet websites, companies that offer services useful for customising and optimising our services, companies that offer data analysis and development services (including those relating to user interactions with our services), auditing companies, companies that manage the sending of the newsletter, service centres, companies or consultants appointed to provide additional services to the Data Controller, within the limits of the purposes for which they were collected.
Furthermore, our employees may also become aware of your personal data, provided that they are previously designated as a subject acting under the authority of the Data Controller pursuant to art. 29 of the GDPR or as System Administrator. To obtain further information on joint data controllers, on other recipients or on categories of recipients of your personal data, you can contact the Data Controller using the contact details indicated in paragraph 8 (“Rights of the data subject”). Furthermore, it should be noted that an extract of the joint data controller agreement with the sellers will be published in the appropriate section of the Website.
Transfer of Personal Data to Third Countries
The Data Controller does not intend to transfer your personal data to third countries.
Automated Decision-Making Processes
If you explicitly authorise the processing of your personal data for profiling purposes, the Data Controller will use automated decision-making processes aimed at profiling your browsing habits, preferences and interactions with the Website. The aim is to allow you to use the Website in a manner consistent with your interests and preferences, as well as to offer you the opportunity to take advantage of offers, discounts and any other benefits and promotional initiatives tailored to your specific needs. For the purposes of their operation, these processing activities require the recording, analysis and profiling of your personal data, your contact details, your profession and data relating to the products you have purchased and propensity to buy. The logic applied to the profiling process is based on (i) segmentation activities, which allows us to segment users according to their purchasing habits, and (ii) clustering activities through aggregation methods, which, through the analysis of personal data collected, allow us to identify types of users who share similar behaviours. Therefore, as a result of profiling activities, you will be able to take advantage of viewing content targeted exclusively to your interests, as well as receiving communications that could be in line with your interests or habits.
Rights of the data subject
In relation to the processing of your personal data, you, as the data subject, have the right to withdraw the consent given at any time and to obtain access to your personal data from the Company. You can also ask the Company to correct or cancel them. Furthermore, you have the right to obtain the limitation of the processing of personal data concerning you, as well as the right to the portability of such data. In addition to the above, you have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out pursuant to art. 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions, as per art. 21 of the GDPR. Furthermore, if your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you carried out for these purposes, including profiling to the extent that it is connected to such direct marketing. Finally, you have the right to lodge a complaint with a supervisory authority or take action through the appropriate legal channels, if you believe that the processing that concerns you violates the GDPR. To exercise each of your rights, you can contact the Data Controller, in the person of the legal representative, by sending written notice to the registered office in Genoa, Via Giuseppe Macaggi no. 19, or by sending an email to firstname.lastname@example.org.