Send us your enquiry

Introduction and legal basis
This Privacy Policy, which can be downloaded by the User for storage, is governed by EU Regulation 679/2016, regarding the Processing of Personal Data, in order to promote awareness and encourage public understanding of the risks, rules, guarantees and rights in relation to the processing of personal data and to promote awareness of the Data Controllers and Data Processors regarding the obligations imposed on them by the EU Regulation. Users are invited to periodically visit this section, in order to be always updated on any regulatory changes. 

Scope of application 
This Privacy Policy is valid for users browsing www.gianlucamech.com 

Controller of the personal data
GIANLUCA MECH S.p.a., with registered office in Via Rodolfo Mech, 80 – 36020 Asigliano Veneto (VI) – ITALY - Ph. +039.0444874905 e-mail: in privacy@gianlucamech.com – dpo@gianlucamech.com – dataprotectionofficer@pec.it – 

Information on general risks
The Data Controller would like to inform Users that, due to the particular nature of the medium used, there is a general risk of breaching the security of the network, a risk that may arise outside the scope of application of the security measures adopted pursuant to current legislation. Therefore, Users are advised to ensure that their navigation instrument has all the necessary requirements to guarantee the security of data transmission over the network. 

Object of collection and processing

1. personal data provided by the User : data released, voluntarily and knowingly, such as name, surname and e-mail address and telephone number, through the various forms (registration, newsletter, information, etc.), as well as personal data contained in the requests for information, in relation to the use of Gianluca Mech S.p.a. products;
2. data obtained through the User's device: device manufacturer, device model, operating system, browser type, IP address;
3. data obtained from social media: the User ID and/or the username associated with a given social media service and the link to the User's profile in case of access to or registration on the Site through a social media service (e.g. Facebook).

Access to the service through social media services requires the communication of the aforementioned data. If Users do not intend to communicate the aforementioned information, they must use other means to access the website; 

Purposes and methods of collection and processing of personal data 
The data are collected to allow the main functionalities of the website www.gianlucamech.com, namely to allow Users to perform registration operations, to manage requests for information sent by users, to comply with applicable regulations and/or to respond to the requests from public and administrative authorities, to carry out the activities necessary for the sale of business or company branches, acquisitions, mergers, demergers or other transformations and for the execution of the aforementioned operations, to allow a limited profiling activity of the preferences, characteristics, habits or consumption choices of the Users, in order to allow the execution of marketing activities focused on specific interests and needs of the Users, with their prior consent. Furthermore, the data are collected to allow www.gianlucamech.com to send newsletters and marketing communications, by any means (including e-mail, SMS, phone calls or directly by mail) and which refer to its own services in order to carry out (also customized) communication according to the interests and needs of the Users, with reference to products and services of commercial partners and third-party companies. The Website www.gianlucamech.com also processes aggregate data for its own statistical purposes. 

Legal Basis
The processing of personal data is first and foremost based on the contractual purposes. In this case the processing is obligatory, as it is necessary for the provision of the requested services, so if the Users do not want their personal data to be used for such purposes, they must not use the services and the website. Any refusal or opposition to the processing of the User’s personal data by the website www.gianlucamech.com may be exercised by the user by downloading the appropriate form for the exercise of rights on the site. This choice will make it impossible for the user to use the services offered by the website www.gianlucamech.com. The processing also takes place on the basis of the legitimate interest of www.gianlucamech.com, of its counterparts and its partners for the performance of economic activities, within the framework and limits that are strictly necessary for their execution, in line with the User's interest. Finally, the legitimate interest in data processing is found in profiling activities, for the purpose of sending marketing communications, based on the User's interests and needs. In all these cases, the data processing activities are not mandatory and the User may object at any time, in the manner indicated below, or by using the specific form for the exercise of rights, available on the site www.gianlucamech.com 
Marketing Purposes are optional. 
However, failure to give consent for their realization would make it impossible for www.gianlucamech.com and its Partners to send the User generic and/or personalized marketing communications and Partners’ services/products. The Users may at any time revoke their consent to the processing of personal data for Marketing Purposes by sending the appropriate form, available for download, on www.gianlucamech.com to the e-mail address indicated in this privacy policy. 

Procedure for giving consent. Active provision. www.gianlucamech.com does not use automatic or predefined boxes for acquiring consent from the data subject. In fact, the Users will have to express their consent in a clear, determined and conscious way by clicking on the appropriate button "I accept", only after having carefully read the text of the information. In this way, consent will be obtained for the processing and storage of personal data by the system. 
The Users, having given their consent knowingly, carrying out the system-guided procedure, assume the responsibility of having read the information, relieving the Data Controller of any liability. 

To whom are the data disclosed?
The Website www.gianlucamech.com shares the User's personal data, for the aforementioned purposes, with third-party service providers in charge of processing activities and duly appointed as External Data Processors, for example. service providers instrumental to the Service offered through the website www.gianlucamech.com or in support of the latter and/or other activities carried out through the website; with the prior consent expressed by the User, with any external Partners or third-party companies, as independent Data Controllers, to allow them to send generic or personalized marketing communications; with the Competent Authorities in order to collaborate in investigations aimed at guaranteeing protection against unlawful or unauthorized use of the website, as well as to ensure compliance with Applicable Laws. The data may also be communicated to subjects delegated to carry out the activities necessary for the execution of the purposes pursued by the application and disseminated exclusively for this purpose. They belong to the internal company personnel, responsible for executing the service offered by the website. 
Users' data could also be communicated to the following categories of third parties:

• public authorities for the fulfilment of specific legal obligations;
• administrative, judicial and tax authorities, in the cases and with the limitations provided for by law;
• other entities controlled by and/or connected to the company, in the cases and with the limitations provided for by law;
• service providers or consultants for needs related to service management.

In these cases, the data subject's consent to the disclosure of personal data is not required. 

Procedures for processing personal data 
The User's personal data are processed electronically and otherwise, for the period of time strictly necessary to achieve the purposes for which they were collected. In the management of data collected through www.gialucamech.com, the most appropriate measures are taken to prevent loss, illicit or incorrect use of the data and unauthorized access. Furthermore, reasonable measures are taken to maintain the security of the personal data collected, also limiting the number of subjects who have material access to our databases and installing electronic security systems protecting against unauthorized access. 

Data transfer method
It is possible that, as part of our activity, the User's personal data are transferred to third-party companies both inside and outside the European Union. In this case, all the measures will be adapted so that this transfer takes place in accordance with the provisions of articles 45 and 46 of EU Regulation 679/2016 - GDPR. In the event that the Users wish to receive further information regarding the existing guarantees and request a copy thereof, they may contact us at the following e-mail privacy@gianlucamech.com – dpo@gianlucamech.com – dataprotectionofficer@pec.it – 

Place of storage 
The data released by the User will be stored on Amazon UK servers, by Zerogrey Ltd, Dublin

Data retention period
The data collected will be kept for the time necessary to carry out the activities and obligations for which they were collected, within the corporate digital archive (Customer Care). Subsequently, they will be archived constituting an internal data registry for the operator, or will be erased. The internal data registry can combine and classify the users' data by associating them with the identification codes used for authentication. 

Rights of the User
The data subjects have the rights set forth in the Regulation 679/2016, including: 

• to request confirmation of the existence of their personal data, among the data collected by the company;
• to know their source, the processing logic and purpose of their processing;
• to obtain the updating, rectification and completion of data;
• to request their erasure, transformation into anonymous form or block in the event of unlawful utilization;
• to oppose their utilization for legitimate reasons or to send advertising material, commercial information, market research, direct marketing and interactive marketing communication;
• to request the transfer of their data to third parties, where possible and necessary.

The exercise of these rights by the User takes place through direct contact of the Data Controller, which the User, using the contact details included in this information notice, may request to proceed with each of the above-mentioned obligations. Alternatively, the appropriate form for exercising the rights is available for download on www.gialucamech.com which the User can fill out and send to the email address infogianlucamach.com 

Reporting procedure
In the event of violation of the rules protecting personal data or an event that causes the loss of the aforementioned data by the Controller, Regulation 679/2016 imposes the following procedure: 

Reporting obligation by the data subject
If the data subjects are aware of the violation of their personal data, they must provide urgently to the Data Controller a communication using one or more contact details among those indicated under point 2) of this information notice. The Data Controller must, within 72 hours, communicate the violation to the European or National Competent Privacy Authority, along with the measures taken to deal with the violation. 

Reporting by the Data Controller 
The Controller who becomes aware of the violation from other sources of control (DPO - Data Processor - Persons tasked with Data Processing) must notify the European or National Privacy Authority within 72 hours, also indicating the measures adopted to deal with the violation, as well as the data subject. 

Complaint 
The data subject also has the right to submit a complaint to the supervisory authority. For more information on the procedures, the User is invited to visit the site https://europa.eu/european-union/about-eu/institutions-bodies/european-data-protection-supervisor_it 

Compensation for damage
Data subjects who have suffered damage caused by the loss, unauthorized or unlawful dissemination of their data have the right to take legal action, before the appropriate European or national competent offices, to obtain compensation.
Competent authority
The European Data Protection Authority is competent to receive reports relating to the violation of personal data or damage suffered as a result of the same: https://europa.eu/european-union/about-eu/institutions-bodies/european-data-protection-supervisor_it 

Jurisdiction
In the event of disputes relating to the interpretation of this document, the Consumer Court will be competent.