Skip to main content

In this section we describe our website management procedures in relation to the treatment of the personal information of the users. It refers to a policy that relates to article 13 of the D.Igs.n.196/2003 (from this point on which will be referred to as The Privacy Code) and to article 13 of the EU Regulation 679/2016 on the treatment of personal data ( from this point on referred to as EU Regulation) for those that interact with the website service of Gianna Cheli, accessible by electronic means at the website address: corresponding to the initial page of the official website of Gianna Cheli.

Treatment of personal data includes any procedure or group of procedures carried out with or without the help of automated processes and applied to personal data or sets of personal data, even those not registered in a database, such as the collection, the registration, the organization, the structuring, the conservation, elaboration, selection, blocking, the adjustment or modification, extraction, use, communication through transmission, the diffusion or any other form of access, the comparison or interconnection, the limitation, the cancellation or destruction..

The ownership of the data, conferred voluntarily and treated following the consultation of the site shall be attributed to Gianna Cheli.
Address: Via del Bombone 46 A, Rignano sull'Arno 50067 (FI), Italy
Mobile: (+39) 338 73 32 058

Navigation data:
The computer and technology systems and software procedures used for the operation of this website, acquire certain personal data in the normal course of the service, which is implicit to be able to use the internet communications protocols.
This information is not collected to be associated with identified data subjects, but which by their very nature could, through elaborations and associations with data held by third parties, allow the identification of users.
This category of data includes IP addresses and domain names of computers utilized by the users that connect to the website, the addresses in URI (Uniform Resource Identifier) notation of the required resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc), and other parameters related to the operating system and computer environment of the user.
The data collected in this way could be used to ascertain responsibility in case of possible computer crimes against the site.

Data provided directly by the user:
The optional, explicit and voluntary sending of data as requested by various sections of this site are used in order to process the users requests (an indicative and non exhaustive example: when information or clarification is requested by calling the numbers indicated on the site or writing to email addresses present there.

Any specific summary information shall be reported or displayed on the pages of the site dedicated to services on request, in such a way as to draw the attention of the person concerned on the processing of their personal data.

The processing of personal identifying data will be based on principles of correctness, lawfulness, transparency and protection of confidentiality.
The processing of data will mainly be carried out with the help of electronic tools or in any case automated, in accordance with the procedures and by appropriate means to ensure the security and confidentiality of the data, in accordance with the Privacy Code and the EU Regulation. In particular all technical, IT and organizational measures will be taken, so that the minimum level of data protection required by law is ensured, allowing access only to persons in charge of data processing by each of the owners or other managers designated by the owners.
The data shall be managed and protected in environments where access is under constant control.

The personal data provided by the user, for the purposes described may be brought to the knowledge of or communicated to the following entities:
• employees and/or collaborators of Gianna Cheli
• companies or consultants in charge of installation, maintenance, the updating and general management of the hardware and software systems of Gianna Cheli
• companies entrusted by Gianna Cheli to send online communications
• to all public and/or private entities, natural persons or legal entities ( legal, administrative and tax consultancy firms), if the communication is necessary or functional to the proper fulfillment of the contractual obligations assumed in relation to the services provided through the website, and obligations arising from the law.
• To shipping agents and persons in charge of delivery and/or collection of products purchased
• to all those (including Public Authorities) who have access to the data through regulatory or administrative measures.

The provision of personal data by users is absolutely optional, however any refusal to include them on the registration page for the purposes of providing the service, makes it impossible to use the service offered within the website
The communication of the data is a necessary requirement for the conclusion of e-commerce contracts through the website in the case of refusal it will not be possible to conclude said contract.

Personal data will be stored for a period of xxxx.
The data subject has the right to:
1. a) access their personal data
2. b) ask the data controller to rectify inaccurate personal data which concern them without undue delay, taking into account the purposes of the process, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
3. c) obtain the deletion of personal data concerning him or her without undue delay, and the data controller has the obligation to delete the personal data without undue delay if one of the following reasons exists:
• the personal data is no longer necessary for the purposes for which it was collected
• the data subject withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1, point a), or Article 9, paragraph 2, point a) of the EU Regulation 2016/679, and if there is no other legal basis for processing.
• the person concerned objects to the processing pursuant to Article 21, paragraph 1, and there is no legitimate reason for processing, or objects to the processing in accordance with Article 21, paragraph 2 of the EU Regulation 2016/679.
• the personal data have been unlawfully processed.
• the personal data must be deleted in order to fulfill a legal obligation under Union or State law to which the controller is subject.
• the personal data have been collected in relation to the offer of information company services referred to in Article 8, paragraph 1 of the EU Regulation 2016/679. If the data controller has made personal data public and is therefore obliged in accordance of paragraph 1 to delete them, taking into account the available technology and the implementation costs, it adopts reasonable measures, including technical ones, to inform the data controllers that are processing the personal data of the interested party to delete any link, copy or reproduction of his or her personal data. The above does not apply to the extent that the processing is necessary:
• for the exercise of the right to freedom of expression and information;
• for the fulfillment of a legal obligation that requires the processing provided by the law of the Union or member state to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health in accordance with Article 9, paragraph 2, point h) and i), and of Article 9, paragraph 3 of the European Regulation 2016/679;
• for archiving for public interests, for scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1, in so far as the right referred to in paragraph 1 risks making it impossible or seriously jeopardizes the achievement of the objectives of such treatment;
• or for the establishment, exercise or defense of a right in a court of law;
d) obtain from the controller the restriction of processing when one of the following cases exists:
• the data subject disputes the accuracy of the personal data, for the necessary time required for the data controller to verify the accuracy of such personal data;
• the processing is unlawful and the concerned party is opposed to the cancellation of the personal data and asks instead that it's use be limited;
• although the controller no longer needs it for the purposes of processing, the personal data are necessary for the person concerned to ascertain, exercise or for the defense of a right in a court of law;
• the data subject has opposed the processing in accordance with Article 21, paragraph 1, pending the verification of the possible prevalence of the legitimate reasons of the data controller compared to those of the data subject; If the processing is limited in accordance with the above, such personal data are processed except for storage, only with the consent of the data subject or for the establishment, exercise or defense of a right in a court of law, or to protect the rights of another natural or legal person, or for reasons of public interest relevant to the Union or a Member of its States. The data subject who has obtained the restriction of processing shall be informed by the data controller before that restriction is lifted.
1. e) object to the processing of personal data
2. f) data portability, the data subject has the right to receive in a structured format, of common use
and from an automatic device the personal data concerning him or her provided to one data controller who has the right to transmit such data to another data controller without impediment by the data controller of the processing to which it has provided them where:
• the processing is based upon agreement in accordance with Article 6, paragraph 1, point a), or
Article 9, paragraph 2, point a), or for a contract in accordance with Article 6, paragraph 1, point
b) of the EU Regulation
• the processing is carried out by automated means In exercising their rights with regards to data portability the data subject has the right to obtain the direct transmission of personal data from one data controller to another if technically feasible.
The exercising of the right to data portability is without prejudice to Article 17 of the EU Regulation 2016/679. This right shall not apply to the processing necessary for the performance of a task in public policy or in connection with the exercising of official authority invested with the data controller.
The described right must not affect the rights and freedoms of others.
1. g) revoke consent, the interested party has the right to revoke their consent at any moment. The withdrawal of consent does not affect the lawfulness of the processing based on consent before revocation. Consent shall be revoked as easily as it is granted.
2. h) lodge a complaint with the guaranteeing supervisory authority (Guarantee Privacy)

The use of session cookies is strictly functional to optimize the use of the website, and therefore exclusively to guarantee the best navigation within the site itself. Business access is monitored only for statistical purposes on behalf of Fiesole go and Fiesole go by logging to appropriate log files.
Other sites to which this website might possibly link may contain tracking systems which are unknown to the owner of this site. It is not ensured that such external sites are equipped with suitable security systems to protect the data processed and to prevent damage ( for example from computer viruses).

OVH, servers in the European Community.
Specific safety measures have been adopted for the management of the site, aimed at ensuring secure access and protecting the information contained therein from risks of loss or distribution even accidental.
The antivirus software used in the management of the site is updated on a daily basis. Furthermore Gianna Cheli, while ensuring the adoption of appropriate antivirus systems, recalls that in addition to being a legal obligation, it is advisable for the user to equip his or her workstation with an antivirus prevention and scanning system.