Privacy Policy

(European Regulation 2016/679 and Legislative Decree 196/2003 as amended by Legislative Decree 101/018)


The European Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data as well as the free circulation of such data (hereinafter "GDPR") and the Legislative Decree of June 30, 2003, No. 196 as amended by D .Lgs. 10 August 2018 n.101 (hereinafter, together with the GDPR, "Personal Data Protection Regulations") provide for the protection of individuals with regard to the processing of personal data.

To this end we inform, pursuant to art. 13 of the GDPR, that the personal data you provide to Gieffe Srl during the purchase of the product or interactions with the web services provided by Gieffe Srl will be processed in compliance with the Personal Data Protection Regulations and the consequent rights and obligations , and in particular that:


DATA CONTROLLER: the data controller, ("Data Controller"), is Gieffe Srl, with registered office at Via San Giuliano Nuovo n. 39 / A - Castelceriolo, Alessandria (AL) - Italy, P.I. and C.F. 01762490066, in the person of its legal representative pro tempore, who can be contacted at the email address


DATA PROTECTION OFFICER (DPO): the data protection manager appointed by the Data Controller is Goodridge Ltd, based in Dart Building Grenadier Road, Exeter Business Park, Exeter, Devon, EX1 3QF, United Kingdom, in the person of Paul Butterworth, contactable at address


TREATMENT: treatment means any operation or set of operations, carried out with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as collection, registration, organization, structuring, preservation , adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.


PERSONAL DATA: personal data ("Personal Data") means any information concerning an identified or identifiable natural person ("interested") that includes information and facts about the customer (for example: name, address, contact details, a identification number, etc.), including those of a particular nature pursuant to art. 9 of the GDPR (data on the general state of health, political, religious, philosophical or union opinions, joining a union or a political party, information relating to racial or ethnic origins, genetic, biometric data intended to identify a physical person, data relating to the sexual life and sexual orientation of the person), ("Particular Personal Data") as well as those governed by Article 10 of the GDPR (personal data relating to criminal convictions and offenses).


PURPOSE OF THE TREATMENT: the Data Controller will process the Personal Data, including Particular Personal Data and those governed by art. 10 of the GDPR, communicated directly by you as interested in the request for the provision of a service offered (supply of product) by the Owner, for the purpose of carrying out the activity necessary for the provision of the said service and the management of the related file , as well as for the fulfillment of the obligations connected to it foreseen by the relevant legislation.


METHOD OF TREATMENT: the Personal Data collected are stored, and more generally processed, both with IT and telematic tools, both on paper and on any other type of suitable support, in compliance with adequate technical and organizational security measures provided by the GDPR . These data will not be transferred abroad and will be treated in compliance with the Personal Data Protection Regulation (GDPR) and the confidentiality commitments which inspire the activity of the Data Controller. We also inform you that these data will be processed and stored using dedicated software in compliance with the regulations in force.


DATA RECIPIENTS: within the scope of the aforementioned purposes, they may have access to Personal Data (including Particular Personal Data and data governed by Article 10 of the GDPR) which concern you, employees or collaborators of the Data Controller who need them for 'execution of their duties, or by virtue of the position they hold, or other service providers who have been appointed as data controllers, or have been authorized to perform such processing. The owner is available to provide, at your request, the names and contacts of the data processors and the autonomous data controllers who should process your personal data. Always within the limits pertinent to the processing purposes indicated and based on the type of consent given, your Personal Data may be communicated to all those subjects whose knowledge is indispensable for the performance of the requested service (Social security bodies, authorized individuals in execution of specific legal obligations, judicial and administrative authorities, etc.). Your Personal Data will not be disseminated in any way.


STORAGE PERIOD: the data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed ("principle of limitation of conservation", art. 5 GDPR) or based on the deadlines set by law, statute of limitations and in any case no later than 10 years from the termination of the relationship for the purposes of the treatment indicated above.


RIGHTS OF THE DATA SUBJECT: the data subject is always entitled to request the Data Controller to: a) access to his data (art. 15 of the GDPR), b) the correction (art. 16 of the GDPR), c) the cancellation of the same ( Article 17 of the GDPR), d) the limitation of processing (Article 18 of the GDPR), e) information about the recipients of personal data (Article 19 of the GDPR), f) to request data portability (art 20 of the GDPR), is also entitled g) to object to the processing (art. 21 of the GDPR), eh) of not being subjected to a decision based solely on the automated processing (art. 22 of the GDPR), by enforcing these and the others rights provided by the GDPR by simple communication to the Owner. In any case, the interested party has the right to revoke the consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation. The specific application must be submitted by contacting the Data Protection Officer (DPO) or directly at the Management of Gieffe Srl. Through the contacts indicated above for the Data Controller and the DPO. At your request, the owner is available to provide you with a copy of the aforementioned items and to illustrate them in detail. In the event of disputes, the interested party has the right to lodge a complaint with a supervisory authority, for the Italian territory the Guarantor for the Protection of Personal Data can be contacted directly via the website


LEGAL BASIS OF THE TREATMENT AND CONSEQUENCES OF A REFUSAL: given that you will be asked only for the Personal Data necessary for the execution of the supply or service mentioned above, the provision of such data is obligatory for these purposes and the failure to authorize the use of these data renders impossible to execute and complete the assignment for the provision of the requested service. For the processing of Particular Personal Data you are asked for a specific consent, necessary for the execution and completion of the said assignment. The legal basis of the processing of Personal Data for the purposes indicated above, and specified in the paragraph "PURPOSE OF THE TREATMENT" that precedes, resides in the art. 6 paragraph 1. b) of the GDPR and with regard to Particular Personal Data in the consent pursuant to art. 9, paragraph 2 a) of the GDPR. For personal data relating to criminal convictions and crimes governed by Article 10 of the GDPR the legal basis also lies in the other requirements indicated by said art. 10.

PayPal transactions are subject to PayPal's privacy policy