Privacy policy

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

Pursuant to article 13 of Regulation (EU) 2016/679, we inform you that while browsing on our e-commerce platform, your personal data will be collected and processed during registration and authentication to the reserved area and purchase of our products. Our data treatment policy conforms with US privacy law.

Data Processing Controller
The Data Controller of your personal data is A. Gallo Colors S.r.l., with registered office in Via Raniero Gigliarelli 93 - 06124 Perugia (PG) and VAT 03750550547, in the person of the legal representative pro tempore.

Scope of Application, Type and Source of Personal Data
The processing will be based on the principles of lawfulness, correctness, transparency, purpose limitation, minimization, accuracy, storage limitation, integrity and confidentiality, accountability and protection of your rights.

Registration
In particular, when you register on our e-commerce, your personal and contact data such as name, surname and e-mail, necessary for creating the account, will be collected and processed.

Purchase of Products
During the purchase of our products, and even without registering on our e-commerce, additional information will also be requested, such as the shipping and billing address, your fixed or mobile telephone numbers, as well as the data relative to the payment methods used.

Profiled Marketing
At the time of registration on our e-commerce and subject to your consent, we may also process your personal and contact data (name, surname and e-mail), as well as information relating to purchases you previously made on our portal, to send you promotional communications, offers and discounts reserved for you and referring to our products of your specific interest.

Newsletter
Even without registering on our e-commerce, you can still receive, if you wish, promotional communications about our products by subscribing to our newsletter. With your consent, your personal and contact data (name, surname and e-mail) will be processed to send you periodic information and/or promotional communications about our products, including offers and discounts that we may reserve for you on particular occasions. Our policy on the processing of your personal data for subscribing to the newsletter can be accessed here.

Contact Form and Waiting List
Furthermore, we may collect additional personal data when you need to contact us and send us requests in relation to the purchase of our products or the use of e-commerce, through the contact form and the addresses on the site or if you use the waiting list service to be informed about the restocking of our products of your specific interest and temporarily unavailable. The policy on the processing of your personal data for sending requests via contact form or the use of the waiting list can be accessed here.

Cookies
Finally, during your browsing on our e-commerce we may automatically collect some information, such as your IP address, the date and time of access to our site, the browser you used and information on the operating system of your device, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified parties concerned, but that by its very nature could allow identifying users. We also collect information about your clicks and the pages thathave been shown to you. For detailed information on the cookies installed on our site, please consult our Cookie Policy.

Processing Purposes
In relation to the purchase of products on our e-commerce, the personal data you provided during registration and/or purchase (personal data, contact and payment) will be processed:

a) for purposes related to the fulfillment of purchase orders and for related activities (management of payments, invoicing, shipping and delivery of products, etc.), including the management of your requests and complaints relating to the purchase of our products or use of our services received through the contact channels on the site, and to allow your access and browsing within the login area;

b) for activities related to the ascertainment and/or exercise and/or defense of rights, or for the management of litigation, contractual breaches, warnings, transactions, arbitration and judicial disputes;

c) for the fulfillment of the obligations established by laws, regulations, community regulations and provisions issued by the authorities.

Furthermore, if you register on our e-commerce, with your explicit consent, your personal and contact data (name, surname and e-mail) together with the information relating to the purchases you made on our portal, may be used for profiled marketing purposes, or to make

d) analysis of your purchase choices on our e-commerce aimed at sending promotional communications, offers and discounts reserved for you and referring to our products of your specific interest.

If you make a purchase without creating an account on our e-commerce, you still have the right to subscribe to our newsletter when completing the order. In this case, subject to your explicit consent, your personal and contact data (name, surname and e-mail) will be processed:

e) in order to send you periodic communications of an informative and/or promotional nature about our products, including offers and discounts that we may reserve for you on particular occasions.

Legal Basis
The processing of your personal data for the purposes referred to in letters a), b) and c) is necessary for the execution of a contract of which you are a party or for the execution of pre-contractual measures adopted at your request as well as for the pursuit of legitimate interest of the Data Controller and to fulfill the legal obligations to which the Data Controller is subject.
The processing of your personal data for the purposes referred to in letters d) and e) requires your consent. At any time you have the possibility to revoke the consent given for profiled marketing and/or newsletter activities by sending a written request to the Data Controller at the e-mail address privacy.agallocolors@gmail.com

Nature of Conferment
The provision of your personal data for the purposes referred to in letters a), b) and c) is essential and the refusal to provide it makes it impossible to finalize purchases on our e-commerce.

The provision of your personal data for the purposes referred to in letter d) (profiled marketing) is optional and any refusal to provide the requested information and consent to the processing will make it impossible to receive promotional communications and to personalize your shopping experiences on our e-commerce.

The provision of your personal data for the purposes referred to in letter e) (newsletter) is optional and any refusal to provide the requested information and consent to the processing will make it impossible to receive periodic communications of an informative and/or promotional nature about our products.

Processing Methods
Your personal data will be processed for the correct fulfillment of the purposes indicated in this policy by means of IT tools, as well as with the use of security measures to guarantee the confidentiality of personal data and to avoid undue access to unauthorized subjects.

Automated Decision-Making Processes
The Data Controller does not use automated decision-making processes to achieve the purposes set out in this policy.

Retention Period
In compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to article 5 of Regulation (EU)
2016/679, your personal data will be retained for the period of time necessary to pursue the aforementioned purposes. In particular:

  • for the purposes referred to in letters a), b) and c), your personal data will be retained for the entire duration of the relationship and subsequently for 10 years from the termination of the effectiveness of the relationship itself, in line with the retention term of the accounting records prescribed by article 2220 Civil Code;

  • for profiled marketing purposes referred to in letter d), your personal data will be processed and retained until revocation of your consent;

  • for subscription to the newsletter referred to in letter e), your personal data will be processed and retained until revocation of your consent.

The verification of the obsolescence of the data retained in relation to the purposes for which it was collected and the methods by means of which it is processed is carried out periodically. For profiled marketing purposes and for the newsletter, the Data Controller will request the renewal of the consent within 48 months from the first collection.

Categories of Recipients
Your personal data will be processed by employees and/or collaborators of the Company who have previously been designated as subjects acting under the authority of the Data Controller, within the limits of their competences and in accordance with the instructions given to them - pursuant to article 29 of Regulation (EU) 2016/679 - for the correct fulfillment of the purposes indicated in this policy.

In relation to the processing purposes set out above, your personal data may be acquired by subjects who perform, as external data processors pursuant to article 28 of Regulation (EU) 2016/679, auxiliary and/or instrumental activities for the purposes indicated in this policy. Merely by way of example and not exhaustively:

  • third-party companies or other subjects who carry out consulting services in administrative and tax accounting on behalf of the Data Controller;

  • hosting and maintenance companies of the e-commerce platform;

  • companies that offer marketing services and newsletters for the benefit of the Data Controller

third-party companies in charge of shipping the goods and/or carrying out possible operations related to the shipment itself.

The updated list of external data processors can be constantly checked by contacting the Data Controller at the addresses indicated in this policy.

Without the need for your express consent, the Data Controller may also communicate your personal data to third parties who operate as independent Data Controllers, namely:

  • supervisory bodies, judicial authorities, as well as to all other subjects, to whom communication is mandatory by law;

  • legal consultants who provide assistance in the field of protection of contractual rights (management of disputes, defaults,
    warnings, transactions, arbitrations and judicial disputes);

  • subjects who are entitled to access the personal data of the parties concerned by virtue of the provisions of the law,
    regulations and community regulations;

  • companies that provide payment services, such as Stripe and PayPal.

Dissemination and Transfer to Third Parties
Your personal data will never be disseminated nor transferred to third parties.

Transfer to Third Countries
In relation to the processing purposes set out, your personal data may be transmitted abroad and processed by third parties, established in the territory of countries outside the European Economic Area, such as the United States of America. The transfer to these third countries takes place on the basis of adequacy decisions of the European Commission or the signing of standard contractual clauses approved by the European Commission itself.

Please note that data protection laws and other laws of other countries outside the European Economic Area to which your personal data may be transferred may offer a lower level of protection than that of your EU country of residence. The Data Controller will take appropriate precautions in such cases, in accordance with applicable law, to ensure that your personal data remains protected. These measures also include the use of standard contractual clauses to safeguard the transfer of data outside the European Economic Area.

In any case, you have the right to obtain the reference to the appropriate or opportune guarantees adopted for the transfer of your personal data and the means to obtain a copy of such personal data or the place where it was made available.
For more information, or to request a copy of the contractual agreements in force, you can contact the Data Controller at the address privacy.agallocolors@gmail.com

Rights of Parties Concerned
Pursuant to Regulation (EU) 2016/679, in relation to the processing of your personal data and as an interested party, you have the right to ask the Data Controller to access your personal data (article 15), to correct (article 16) or the cancellation thereof (article 17), the limitation of the processing of data concerning you (article 18) or to oppose processing thereof (article 21), in addition to the right to data portability (article 20). You also have the right to revoke the consent, without however prejudicing the lawfulness of the processing based on the consent given before the revocation (article 7, paragraph 3) as well as the right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that concern you or that significantly concern your person, if you have not previously and explicitly consented (article 22).

Method of Exercise of Rights
To exercise the rights deriving from Regulation (EU) 2016/679, you can send a written communication to the Data Controller at the e-mail address privacy.agallocolors@gmail.com

Complaints and Appeals
Pursuant to article 77, you have the right to file a formal complaint with the supervisory authority (for Italy, the Guarantor for the Protection of Personal Data) if you believe that the processing that concerns you violates Regulation (EU) 2016/679. Finally, pursuant to article 79, if you believe that the rights you are entitled to under the aforementioned Regulation have been violated as a result of the processing, you can propose a judicial appeal against the Data Controller or the external Data Processor.

Contact Us
If there are any questions regarding this privacy policy, you may contact us using the information below. Grazie!

www.agallocolors.com
privacy.agallocolors@gmail.com