Welcome to HiGift!
Icon free graphic draft Free graphic draft Icon free delivery Free delivery Icon immediate assistance Immediate assistance
 

Register

Login

0

Cart

Privacy policy

Information provided pursuant to Article 13 of the GDPR (General Data Protection Regulation) 2016/679

The company  GMEDIA GROUP SRL unipersonale, as data controller wants to inform you that, in compliance with the art. 13 of the EU Regulation 2016/679, your data will be processed in the manner and for the purposes set out below.

DATA CONTROLLER
is the undersigned company GMEDIA GROUP SRL, based in Pistoia (PT), via Silvestro Lega N.29, Tel. (+39) 0573 1780174, e-mail PEC gmediagroup (@) pec.it.

DATA PROCESSED, PURPOSE AND LEGAL BASIS OF THE TREATMENT
As part of the activity, personal identification data are processed, such as name and surname, fiscal code, address, telephone / fax, e-mail, bank and payment references, for the following purposes:
1. fulfill the pre-contractual and contractual obligations connected to the requested service;
2. fulfill the obligations provided for by laws or regulations, by EU legislation, by requests of the judicial authority;
3. exercise the rights of the Data Controller, including, for example, the right of defense in court;
4. only in the presence of specific consent, for marketing purposes (sending e-mails, text messages, newsletters to promote products or services offered by the Data Controller).

The legal basis that legitimates the processing of the data referred to in point 1. is the execution of the contract to which the customer is a party, or the performance of pre-contractual activity at the request of the customer; for point 2. the legal basis is represented by the fulfillment of legal or regulatory obligations; for point 3. the legal basis is represented by the pursuit of the legitimate interest of the data controller. For point 4., otherwise, the legal basis is the consent freely given by the Client.

NATURE OF THE PROVISION
The provision of personal data relating to the processing is optional. However, failure to provide the data in whole or in part may result in the partial or total impossibility of establishing or continuing the relationship with the Customer, to the extent that such data is necessary for the execution of the same.
The provision of data for marketing purposes is also optional. The customer can therefore decide not to give any data or subsequently deny the possibility of processing data already provided: in this case, he will not be able to receive newsletters, commercial communications and advertising material in general concerning the services offered by the Data Controller.

RECIPIENTS OR POSSIBLE CATEGORIES OF PERSONAL DATA ADDRESSEES
The processing of customer data is carried out by internal staff of the Data Controller (employees, collaborators, etc.) identified and authorized for processing in accordance with instructions given in compliance with current legislation on privacy and data security.
If this is necessary for the purposes listed above, the Customer's personal data may be processed by third parties appointed as Data Processors (pursuant to Article 28 of the GDPR) or "Independent" Data Controllers, namely:
• by professionals, companies, associations or professional firms that provide the Owner with assistance or advice for administrative, accounting, tax purposes;
• by all Public Institutions established by law and more generally by all the Bodies provided for by the current accounting and tax legislation as recipients of mandatory communications;
• from banking institutions for collections and payments as well as from eventual professionals, for the management of payments through credit cards or electronic payment instruments in general, postal couriers and for any credit recovery:
In any case, the Customer's personal data are not subject to disclosure.

TRANSFER OF DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATIONS
As part of the management of the contractual relationship, no transfer of the Customer's data to non-EU countries or to international organizations is envisaged.

DATA STORAGE PERIOD
For the purposes referred to in points 1., 2. and 3., the customer's personal data will be processed and stored by the Data Controller for the entire duration of the contractual relationship and, at the end of the same for any reason, for the time provided by the current accounting, tax, civil and procedural law in force.
For the purposes referred to in point 4. the customer's personal data will be processed and stored by the Data Controller until the client's consent is revoked or until the customer exercises the right to delete personal data.

RIGHTS OF THE INTERESTED PARTY
As an interested party and in relation to the treatments described in this Notice, the customer has the rights referred to in articles 7, 15 to 21 and 77 of the GDPR and, in particular, the:
• right of access - article 15 GDPR: right to obtain confirmation that a processing of personal data concerning the Customer is in progress and, in this case, to gain access to such personal data, including a copy of the same;
• right of rectification - article 16 GDPR: the right to obtain, without unjustified delay, the rectification of inaccurate personal data concerning the Customer and / or the integration of incomplete personal data;
• right to cancellation (right to oblivion) ​​- article 17 GDPR: the right to obtain, without unjustified delay, the deletion of personal data concerning the Customer;
• right to limitation of treatment - article 18 GDPR: the right to obtain the limitation of the processing, when: the interested party disputes the accuracy of the personal data, for the period necessary for the Owner to verify the accuracy of such data; the processing is unlawful and the interested party objects to the deletion of personal data and instead requests that its use be limited; personal data are necessary for the interested party to ascertain, exercise or defend a right in court; the Data Subject has opposed the processing pursuant to art. 21 GDPR, in the waiting period for the verification regarding the possible prevalence of legitimate reasons of the Data Controller with respect to those of the Interested Party;
• right to data portability - article 20 GDPR: the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning the Customer provided to the Owner and the right to transmit them to another Owner without impediments, if the treatment is based on consent and is carried out by automated means. Furthermore, the right to obtain that the personal data of the Customer are transmitted directly to another Owner if this is technically feasible;
• right to object - article 21 GDPR: the right to object, at any time for reasons connected to his particular situation, to the processing of personal data concerning the User based on the condition of lawfulness of the legitimate interest or execution of a task of public interest or the exercise of public authority, including profiling, unless there are legitimate reasons for the Data Controller to continue processing that prevails over the interests, rights and freedoms of the Data Subject or for the assessment, exercise or defense of a right in court. In addition, the right to object to processing at any time if personal data is processed for direct marketing purposes, including profiling, to the extent that it is connected to such direct marketing;
• right of revocation - article 7 GDPR: the Customer has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to revocation;
• right to complain - article 77 GDPR: the Customer has the right to lodge a complaint with the Italian Data Protection Authority, Piazza Venezia 11, 00187, Rome (RM).

The Customer may at any time exercise his rights by sending a registered letter with return receipt. to: GMEDIA GROUP SRL unipersonale, with headquarters in Pistoia (PT), via Silvestro Lega N.29, or a PEC to: gmediagroup (@) pec.it.

The exercise of rights by the Customer is free under Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Owner could charge the Customer a reasonable fee, in light of the administrative costs incurred to manage his request, or deny the satisfaction of his request.

The last change to this Privacy Policy was made on 22 May 2018.