Scrigno S.p.A. firmly believes that transparency is the basis of his relationship with his users. For this
reason, Scrigno S.p.A. would like to be completely transparent regarding the way in which the users
personal data will be processed when you browse through the website
https://www.scrigno.com/WD/en/pro (hereinafter the “Site”).
This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter the "GDPR").
1. DATA CONTROLLER, DATA PROCESSOR, AUTHORIZED PERSONS
The Data Controller is Scrigno S.p.A. whit legal address at Via Casale S. Ermete, 975, 47822, Santarcangelo
di Romagna (RN), in the person of the legal representative pro tempore domiciled at the registered office of
the Data Controller (“Data Controller”).
You can contact the Data Controller at the following addresses:
– by e-mail: privacyscrigno@scrignogroup.com;
– by postal mail: Via Casale S. Ermete, 975 – 47822 – Santarcangelo di Romagna (RN).
The Data Controller may appoint other entities responsible for processing (hereinafter the "Data
Processors"), as well as authorized subjects to carry out processing operations (hereinafter the "Authorized
persons") pursuant to Articles 28 and 29 of the GDPR. A complete and updated list of Data Processors and
Authorized persons is available by contacting the Data Controller at the above-mentioned addresses.
2.TYPE OF DATA PROCESSED, PURPOSE OF PROCESSING, LEGAL BASIS AND NATURE OF DATA PROVISION
2.1 Browsing data
When browsing the Site, the computer systems and software procedures used to operate them acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the user’s computers, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. Browsing data are processed for the following purposes:
– to verify the proper functioning of the Site and the services offered.
When there is a legal obligation browsing data may also be used for the investigation of criminal offences by the Judicial Authorities.
The legal basis for the processing is the legitimate interest of the Data Controller in the proper functioning of the Site.
The provision of browsing data is necessary for accessing the Site.
2.2 Cookie
When browsing the Site, cookies are used as explained in the Cookie Policy.
2.3 Personal data provided by the User
The completion of the contact form on this Site and the optional, explicit, and voluntary sending of messages to the addresses indicated on this Site, involves the subsequent acquisition of the sender’s contacts, necessary to respond to the requests, as well as any other personal data included in the message / contact form (such as name, surname, profession, email, telephone, country, province, etc.). The data voluntarily provided by the user are processed for the following purposes:
to allow the carrying out of operations strictly connected and instrumental to the management of user requests, such as – merely by way of example – responding to queries received by phone, by email, or through contact forms and enabling access to reserved areas.
The legal basis for processing is the execution of pre-contractual measures adopted at the request of the data subject.
Providing the data is necessary to allow the Data Controller to respond to the user’s requests.
2.4 User-provided data in the context of merchandise purchase requests
In the event of merchandise purchase requests in the reserved area of the Site, the Data Controller processes common personal data, such as, by way of example: name and surname, shipping address, contact details (email and/or telephone number), tax code / VAT number. These data are processed for the following purposes:
to fulfill the user’s request and create the purchase order for the subsequent shipment of merchandise products;
management of the contractual relationship, i.e., to enable the correct execution of the contractual obligations assumed by the Data Controller towards users and vice versa, for the management of related accounting and tax obligations, as well as for compliance with obligations under laws, regulations, and European Community standards, or orders issued by authorities authorized by law and by supervisory and control bodies;
purposes necessary to establish, exercise, or defend a right in court or whenever the judicial authorities exercise their judicial functions.
The legal bases for processing are the execution of pre-contractual measures adopted at the request of the user and/or the execution of a contract of which the data subject is a party, as well as compliance with legal obligations to which the Data Controller is subject. The provision of data is necessary for the proper management of the contractual relationship.
2.5 Data processed for marketing and profiled marketing purposes
The data provided by users as described in paragraphs 2.3 and 2.4 may, subject to consent, be processed by the Data Controller to:
a) carry out information activities regarding products and/or services of the Data Controller as well as promotional, commercial, and marketing activities and/or related to events and initiatives of the Data Controller, market research and/or user satisfaction surveys regarding the products and/or services of the Data Controller using traditional contact methods (such as operator-assisted phone calls, postal mail) and/or automated contact methods (such as calls without an operator, email, messages and social networks), directly or through third-party companies;
b) carry out information activities regarding products and/or services of the Company as well as promotional, commercial, and marketing activities based on the user’s profile – e.g. Private, Architect, Professional, etc. – (so-called profiled marketing) using traditional contact methods (such as operator-assisted phone calls, postal mail) and/or automated contact methods (such as calls without an operator, email, messages and social networks), directly or through third-party companies.
The legal basis for the processing operations referred to in points a) and b) above is the specific consent of the data subject. The provision of data is optional.
3. THIRD-PARTY ADVERTISERS AND LINKS TO OTHER WEBSITES
The Site may include advertisements from entities other than the Data Controller (hereinafter referred to as “Third Parties”) and links to other websites and/or applications. By accessing such websites and/or applications, Third Parties may collect information about the user when interacting with their content, advertising, and services under the conditions and terms described in their respective websites/applications.
4. DATA PROCESSING METHODS AND STORAGE TIMES
The Data Controller has adopted specific security measures to prevent data loss, unlawful or incorrect use, and unauthorized access. Personal data is stored:
a) for the time strictly necessary to fulfill the requests made by users;
b) for 10 years following the termination of the contractual relationship in case of completed purchase of merchandise products;
c) for 24 months following the acquisition of consent for data processing for the transmission of marketing communications, unless renewed consent by the user for an additional 24 months and/or prior revocation of consent by the user.
5. DATA DISCLOSURE
In order to fulfill specific legal obligations and/or in relation to the achievement of the purposes outlined above, the collected data may be transmitted to the following recipients: law firms, companies, or professionals in the context of assistance and consultancy relationships, service providers, digital agencies, and generally to professionals in the digital communication, advertising, and marketing sectors, as well as to other third-party entities if strictly necessary for the purposes outlined above or to entities that may access data pursuant to law or secondary or community legislation. The disclosure of user data to the aforementioned entities will be in compliance with the levels of protection and safeguarding of data subject rights provided by the GDPR.
6. DATA TRANSFER OUTSIDE THE EUROPEAN UNION
In order to achieve the purposes outlined in paragraphs 2.3, 2.4, and 2.5, user data may be shared in countries outside the European Union and particularly in the United States.
This involves the transfer of data to digital service providers such as:
ActiveCampaign LLC, which provides the marketing platform used by the Data Controller to manage data collected through the Website;
Google LLC, which provides the “Google Analytics 4” tool used by the Data Controller as indicated in the Cookie Policy.
ActiveCampaign and Google have certified to the U.S. Department of Commerce their adherence to the principles of the EU-US Data Privacy Framework regarding the processing of personal data received from the European Economic Area and have been appointed by the Data Controller as Data Processors pursuant to Article 28 of the GDPR.
7. DATA SUBJECT RIGHTS
As provided for in Article 13 of the GDPR, the user may, at any time:
request the Controller to access personal data and rectify or erase them, or restrict the processing of data concerning them;
object to the processing of personal data;
exercise the right to data portability;
withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal;
lodge a complaint with a supervisory authority.
With regard to the purposes outlined in paragraph 2.5) “Data processed for marketing and profiled marketing purposes”, users who have given their consent retain the possibility to:
request, at any time and free of charge, the Data Controller to receive communications exclusively through traditional contact methods such as postal mail or operator-assisted calls;
object, at any time and free of charge, to the processing of data for the aforementioned purposes. In this case, the user’s right to object to the processing of data through automated contact methods (such as calls without an operator, email, messages and social networks) extends to traditional contact methods (such as operator-assisted phone calls, postal mail);
object, at any time and free of charge, to the processing of data for the aforementioned purposes only in part, i.e., by expressing a choice regarding the contact methods.
The rights described above (except for point e) can be exercised by making a request to the Data Controller without formalities at the following addresses:
– via email: privacyscrigno@scrignogroup.com;
– by post: Via Casale S. Ermete, 975 – 47822 – Santarcangelo di Romagna (RN).
8. MODIFICATIONS
The Data Controller reserves the right to modify, even due to changes in applicable regulations, the Privacy Policy by updating this page. Therefore, the user is required to periodically check the Privacy Policy to become aware of any updates.
This Privacy Policy rev. 00, was issued on 21.11.2023, and is effective from 21.11.2023.
