LANGUAGE SHIPPING
You are navigating from Italy but you are in Italy.
Shipping/Currency: Italy/€
PRIVACY POLICY

Antonioli S.r.l., as Data Controller, provides the following specific information about the methods of managing the site (https://www.antonioli.eu) in reference to the processing of personal data of users that consult it. It is also a privacy notice pursuant to art. 13 of EU Regulation 2016/679 ("GDPR" or "Regulation").


LEGAL FRAMEWORK

- Directive 2002/58/EC on “personal data processing and protection of private life in the field of electronic communications”.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Legislative Decree 30 June 2003 n. 196 “Code regarding the protection of personal data" as amended by Legislative Decree 10 August 2018 n. 101.


DATA CONTROLLER

The Data Controller is Antonioli S.r.l., Milano, via Pasquale Paoli n. 1, email address:
privacy@antonioligroup.com.


DATA PROTECTION OFFICER
The Data Controller has appointed a Data Protection Officer who can be reachable at the following email address: dpo@antonioligroup.com


DATA PROCESSING PLACE
The processing connected with the web services of this website is realized at the seat of Antonioli S.r.l., as well as at the seat of third parties, appointed as Data Processor according to art. 28 of the GDPR, who offer outsourced services.


TYPE OF DATA PROCESSED


Surfing data


The information systems and the software procedures necessary for the functioning of this web site acquire, during their normal exercise, some personal data whose transfer is implicit in the employment of communication protocols on the Internet. These information are not collected to be associated to identified Data Subjects, but – due to its nature – it could, through processing and association with data held by third parties, allow the identification of the users. To this category belong the IP addresses or
the domain names of the PCs used by the users that connect to the web site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, and other parameters concerning the operation system and the user’s information environment. These data are used only to obtain anonymous statistic information on the employment of the web site and to control if it works correctly and are cancelled immediately after the processing. The data, besides, could be used
to assess the responsibility in case of possible cyber-crimes against the web site.


Data provided freely by the user

The collection of personal data freely provided by the user through the form on the website or by calling any telephone number listed within the website, involves the subsequent acquisition of the data provided by the user, necessary for the execution of the service or the transmission of the information
required.


Data required to prevent fraud attempts

If the Data Controller detects, in the context of a purchase request, a risk of possible fraud attempt, it will start a proceeding aimed at identifying the customer by requesting a copy of the identity document and a copy of the credit card, with only the last four digits in clear text. With these documents, the Data Controller will be able to identify the customer and prevent any fraud attempts.


Anonymous or aggregated data


Anonymization is a treatment that prevents the identification of the data subject. The anonymised data does not fall within the scope of the legislation on data protection. The aggregate data may derive from personal data provided by the user but are not considered personal data as, as specified, they do not allow either directly or indirectly the identification of the data subject.


Cookie


The site uses cookies in accordance with the adopted Cookie Policy which is found at the following link.


PURPOSE AND LEGAL BASE OF THE PROCESS


Personal data will be processed for the following purposes:
(i) To allow navigation and consultation of the website. The legal basis of the process is the consent that is clearly given by consulting the site (art. 6, first paragraph, let. a), GDPR).
(ii) Purposes related to the provision of the services required (as answer to request of information and registration to a newsletter).
The legal basis of the process is the consent that is clearly given by filling the form (art. 6, first paragraph, let. a), GDPR).
(iii) Purposes related to joining the loyalty program. The legal basis of the process is the consent that is expressly given at the time of joining the loyalty program (art. 6, par. 1, let. a), GDPR).
(iv) Purposes related to the purchase of the products. The legal base of the process is the performance of the contract (art. 6, first paragraph, let. b), GDPR).
(v) Purposes related to marketing communications, about promotions, newsletters, advertising, related to the brands and services of the Antonioli Group companies. The legal basis of the process is the consent (art. 6, first paragraph, let. a), GDPR).
(vi) Purposes related to the sending of commercial communications to customers who have purchased a product, through the use of the email address provided in the context of the sale, in relation to products similar to those being sold. The legal base of the process is the legitimate interest (art 6, first paragraph, let. f), GDPR).
(vii) Profiling purposes aimed at evaluating the preferences expressed by users in the context of purchases and views on the website by the Antonioli Group companies. The legal basis of the process is the consent (art. 6, first paragraph, let. a), GDPR).
(viii) Defensive purposes in the event of abuses in the use of the site or attempts at fraud. The legal base of the process is the legitimate interest (art. 6, first paragraph, let. f), GDPR).

 

LINKS TO OTHER WEBSITES

This site may contain links or references for accessing other sites. We inform you that the Data Controller does not control the cookies or other monitoring technologies of such websites to which this Policy does not apply. We therefore suggest that you consult the individual privacy policies relating to these websites.


DISCRETIONARY NATURE OF THE DATA PROVIDING

Apart from what has been specified concerning the surfing data, users are free to provide their personal data or not by filling the form on the site. However, the non-providing can enable obtaining what was requested.


CHECK ON YOUR PERSONAL DATA

We inform you that at any time you can choose to limit the collection or use of your personal data. For example, if you have previously consented to the processing of your personal data for marketing purposes, you can change your mind at any time by writing or sending us an email at privacy@antonioligroup.com. The company will not sell or distribute the personal data collected to third parties unless it has obtained explicit and free consent from the interested parties or unless this is expressly required by law. Subject to the collection of consent from the interested parties, personal data may however be used to send commercial communications.


PROCESSING METHODS AND DATA RETENTION

Personal data are processed, even through the use of automated tools, for the time strictly necessary to achieve the purposes for which they were collected. In particular, with reference to personal data processed in the context of the execution of the sales contract, the Data Controller will retain the data for ten years from the conclusion of the contract, i.e. until the time when the limitation periods relating to contractual actions that may arise with reference to the contract in execution of which the data are processed have expired. The data may be retained for a longer period than that indicated if this is
necessary in order to comply with regulatory provisions or if the data are necessary for the Data Controller to defend its rights in court. Personal data processed for marketing purposes on the basis of express consent will be retained by the Data Controller until the revocation of the consent by the interested party, while data collected for profiling purposes, aimed at evaluating the preferences expressed by the interested parties, will be retained for 12 (twelve) months. Data relating to purchases processed as part of membership in the loyalty program will be retained for 3 (three) months, in the
event that the loyalty card is disabled and for 12 (twelve) months in the event that the loyalty card is not used by the customer. Specific safety measures are observed in order to prevent the loss of data, the illegal or wrong use of them and any unauthorized access. The Data Controller inspired by the main international standards, has adopted additional security measures to minimize the risks concerning secrecy, availability and integrity of personal data collected and processed.


SHARING, COMMUNICATION AND SPREADAING OF DATA

The data collected may be transferred or communicated to other companies, specifically appointed as Data Processors, for activities strictly connected to the purposes indicated above and instrumental to the efficiency of the service, such as the management of the information system; the collection of debt, the provision of marketing activities, electronic communication services. Apart from these cases, personal data will not be communicated or transferred to anyone, unless is provided by the agreement or authorized by the data subjects. In this case, personal data could be transmitted to third parties, but only in case: a) there is explicit consent to share data with third parties; b) the information must be shared with third parties in order to carry out the service required; c) it’s needed to meet requests by the Judicial Authority or Public Security. No data deriving from the web service is disseminated.


TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Personal data will not be transferred to third countries, by which we mean countries not belonging to the European Union or the European Economic Area. If this happens, the Data Controller declares and guarantees to comply with the provisions of Articles. 44 and ss. of the GDPR.


RIGHTS OF INTERESTED PARTIES

The regulation for the protection of personal data provides some rights for the subject to whom the data refer (data subject). In particular, according to art. 15 and subsequent of the EU Regulation 2016/679, each data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, to obtain rectification, erasure or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. To exercise the aforementioned rights, the user can contact the Data Controller by sending a registered letter with return receipt to the address indicated or
an email to privacy@antonioligroup.com or the Data Protection Officer at the following email address dpo@Antonioligroup.com.


RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Every data subject who believes that the processing of personal data relating to him or her, through the web site, infringes the Regulation, shall have the right to lodge a complaint with a supervisory authority, as provided by the article 77 of GDPR.


CHANGMENT TO THIS PRIVACY POLICIES

The Data Controller periodically verifies its own privacy and security policies and, if necessary, revises them according to regulatory, organizational or technological changes. In the event of a change in policies, the new version will be published on this page of the site.


LAW AND JURISDICTION

The interpretation and execution of these conditions are governed by Italian law. The Court of Milano (MI) (Italy), will be exclusively competent for any dispute connected with these conditions. The Data Controller reserves the right to obtain urgent remedies in any Court, even abroad, to protect his interests and enforce his rights.


QUESTIONS, COMPLAINTS, SUGGESTIONS AND EXERCISE OF RIGHTS
Anyone interested in more information, in contributing with their suggestions or making complaints or disputes regarding the privacy policies, on the way in which the Data Controller processes personal data, as well as to assert their rights under the legislation on protection of personal data, you can contact the Data Controller by writing to Antonioli Srl, based in Milan, via Pasquale Paoli n. 1, e-mail address: privacy@antonioligroup.com or to the Data Protection Officer at the following address dpo@antonioligroup.com.

 

INFORMATION NOTICE

(pursuant to the Regulation EU 2016/679)


Dear Customer,


pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter "GDPR" or "Regulation"), we hereby inform you that your personal data (hereinafter also "the Data") will be processed by Antonioli S.r.l.,., with registered office in Via Pasquale Paoli 1 – 20143 Milan, Italy as Data Controller (hereinafter also “Controller” or "Data Controller").


Categories of personal data

The Data collected and processed by the Controller are as follows:

  • Identification data (First name, last name, birthdate);

  • Location data (Address, city);

  • Contact details (e-mail; telephone number;);

  • F.C. and/or VAT number;

  • Purchase data.

Purpose and methods of data processing 

In consideration of the activity carried out by the Controller, the collection and processing of your Data have as purposes:

  1. the execution of the obligations deriving from the contractual relations of sale or the performance of pre-contractual activities; 

  2. the management of customers and/or the customers’ orders

  3. the fulfilment of accounting and tax obligations or other legal obligations;

  4. the management of legal disputes;

  5. the creation of the utilities for access to the e-commerce;

  6. the management of the obligations deriving from the membership in the loyalty program;

  7. the sending of commercial communications in order to keep you informed about our products similar to those you have purchased and/or other promotional or marketing activities from the Antonioli Group companies;

  8. the sending of commercial communications about our products and services and/or other promotional or marketing activities customized on the basis of customers' tastes, interests, purchases from the Antonioli Group companies;

  9. prevention of fraud attempt

Your Data will be processed by authorized personnel in accordance with article 29 of GDPR. The processing of the Data for said purposes will take place by computer, telematic, manual and paper means, according to logical criteria compatible and functional to the purposes for which the Data was collected, in compliance with the rules of confidentiality and security provided for by law and by the internal company regulations and security measures of GDPR. Your Data may also be subject to processing involving automated decision-making processes, including profiling. 


Data required to prevent fraud attempts 

If the Data Controller detects, in the context of a purchase request, a risk of possible fraud attempt, it will start a proceeding aimed at identifying the customer by requesting a copy of the identity document and a copy of the credit card, with only the last four digits in clear text. With these documents, the Data Controller will be able to identify the customer and prevent any fraud attempts.


Legal basis of the processing

The legal bases for achieving the above purposes are as follows:

  • with regard to the purposes set out in points 1,2 and 5 to execution of the obligations deriving from the contractual relations of sale or the performance of pre-contractual activities (Article 6(1)(b) of the GDPR);

  • with regard to the purpose set out in point 3 in the the fulfilment legal obligations (Article 6(1)(c) of the GDPR);

  • with regard to the purpose set out in point 4 in the legitimate interest of the Controller (Article 6(1)(f) of the GDPR);

  • with regard to the purpose set out in point 6 to execution of the obligations deriving from the contractual relations (art. 6(1)(b) of the GDPR);

  • with regard to the purposes set out in points 7 and 8 in the consent spontaneously given by the dat asuject (Customer or visitor) by flag a check-box or registering for a specific service (Article 6(1)(a) of the GDPR;

  • with regard to the purposes set out in point 7 in the legitimate interest of the Controller to offer its Customers products similar to those purchased (Article 6(1)(f) of the GDPR and art. 130, par. 4, D.Lgs.196/03). The Customer may always object to such processing;

  • with regard to the purpose set out in point 9 in the legitimate interest (Article 6(1)(f) of the GDPR).


Categories of Data recipients and Data transfer to third countries

The Controller, in the fulfilment of the purposes indicated above, may communicate and transfer your Data to third parties in charge of carrying out or providing specific services strictly functional to the execution of the contractual relationship and inevitably connected to it, such as:

  • to Public Bodies or Offices or Public Administrations in accordance with legal obligations;

  • to subjects whose right to access the Data is recognized by provisions of law and secondary legislation or by provisions issued by authorities legitimated by law;

  • professionals, external debt collection companies and auditing companies;

  • banks and credit institutions;

  • companies that manage IT systems, including those aimed at managing company relations;

  • companies that provide call center services.

The subjects listed above act, depending on the case, as Data Processors or independent Data Controllers. Personal Data are not transferred outside the European Union or the European Economic Area. 


Data Retention Period

The Personal Data collected will be kept for the period of time necessary to pursue the purposes indicated; subsequently, such Data will be kept for a period of ten years in order to comply with legal obligations and, among these, the obligations under Article 2220 of the Italian Civil Code. Any further storage of Data or part of the Data may be arranged to enforce or defend our rights in any venue and, in particular, in court. The personal data processed as part of the loyalty program will be kept for 3 (three) months, in the event that the loyalty card is disabled and for 12 (twelve) months in the event that the loyalty card is not used by the customer. For the purpose n. 7, the Data will be processed and stored by the Controller for the entire period during which the newsletter service will be active, except in case of revocation of consent or the exercise of the rights of opposition and cancellation of the Data by you. For the purpose 8 the Data will be processed and stored by the Controller for the period of 12 (twelve) months, except in a case where you revoke your consent or exercise your rights to oppose and cancel the Data.


Data subject's rights

With regard to your personal data, we inform you that you can exercise your rights under art. 15 et seq. of Regulation (EU) 2016/679, set out below: 

Right of Access; Right to rectification; Right to cancellation or "right to be forgotten"; Right to limitation of processing; Right to receive notification in case of rectification or cancellation of personal data or limitation of processing; Right to Data Portability; Right to Opposition to processing. You have also the right to lodge a complaint with a supervisory authority if you consider that your rights have not been granted to you. 

To enforce the rights reserved to you, please contact the Data Controller, sending a letter to Antonioli S.r.l., Via Pasquale Paoli 1 - 20143 Milan, Italy or sending an email to privacy@antonioligroup.com, , or by writing to the Data Protection Officer at the following address: dpo@antonioligroup.com. If you think that the processing of your personal data by the data controller has infringed the provision of the GDPR, you can lodge a complaint with a Supervisory Authority.


Compulsory or optional nature of the provision of Data

The provision of Data to the Controller is mandatory only for those Data for which there is a regulatory obligation (i.e. established by laws, regulations, provisions of Public Authorities, etc.). In all other cases, you are free to provide your Personal Data or not, as long as part of your Data is strictly necessary for the pursuit of contractual purposes, failure to provide such Data may not allow the provision of services requested by you. 


Consequences in case of refusal to provide the Data

In the presence of a regulatory or contractual obligation to provide your Personal Data, the refusal to provide your Personal Data does not allow the Controller to perform the operations that presuppose the processing of such Data and this with all the consequences and damage at your expense. Therefore, if the Data are necessary or strictly instrumental to the performance of the contractual relationship, the refusal to provide them may make it impossible to carry out the operations connected to such Data (or in any case may cause delays in the performance of such operations). Any refusal to provide Personal Data functional to the activities of the Controller, other than those necessary or strictly instrumental to the execution of the contractual relationship (for example, personal data that can be processed only on the basis of your consent) precludes the conduct of such further activities but does not interfere with the performance of the current contractual relationship.