This information is intended to describe the management methods of the site with reference to the processing of personal data of users/visitors who consult it.
This policy is provided only for the site mentioned above and not for other websites that may be consulted by the user/visitor through special links.
We intend to inform users/visitors of the site of the policy we have adopted regarding the protection of personal data, underlining our commitment and our attention with reference to the protection of the same.
Therefore, pursuant to and for the purposes of art. 13 and 14 of EU Regulation 679/2016, General Data Protection Regulation (hereinafter “GDPR”), we provide the following information.

1. Stakeholders
User/visitor of the website (hereinafter “User”)
This Site does not offer direct services to natural persons under the age of 14. The Data Controller is not responsible for any browsing on the Site by such subjects with the consequent collection of their personal data. This responsibility must be considered to be borne by those who have a duty of supervision towards them. In any case, if the Data Controller realizes that some data collected refer to natural persons under the age of 14, he will immediately destroy them.

2. Owner of the treatment
The Data Controller (hereinafter “Owner”) is the company Gino Ferruzzi srl
Registered office: Via Cassia n. 67 – Loc. Tavarnuzze – 50023 – Impruneta (FI) – Italy
Contact details:
Phone: +39 055 854219

3. Data processing and data categories

This website offers informative and interactive content and is dedicated to e-commerce. During navigation, therefore, information about the User can be acquired in the following ways:

3.1. Treatment through simple navigation – data collected automatically
The computer systems and applications dedicated to the operation of this Website detect, during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable Users. The data collected includes the IP addresses and domain names of the computers used by Users who connect to the Site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters concerning the operating system, the browser and the IT environment used by the User. These data are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the Site and to check its regular functioning. The provision of such data is mandatory as it is directly linked to the web browsing experience and individual Users remain anonymous.

3.2 Data provided by the User in the Form or indicated in the Mail. The voluntary sending, by the User, of e-mails to the e-mail address indicated on the Site, or the voluntary insertion of the personal data requested in the Form (name/surname, e-mail, telephone, object, message ) present on the Site does not require further information or requests for consent.
The Company indicated above is the Owner of the personal data entered by the User, for the purposes of processing connected to the request for information sent to the Owner through the “Contacts” link on the website or by email published on the same. The relative treatment will be carried out for the purposes and with the methods indicated below.

3.3 Data provided via social media. To advertise the products in a targeted way, the Owner has a Facebook and Instagram page, which the User can freely access. The sending by the User of messages via the social networks Facebook and Instagram, by clicking on the appropriate icons visible on the site, is exclusively voluntary and the Owner does not need to acquire further consent.

3.4 Data provided following the purchase of the products. For the conclusion of the contract for the sale of the products advertised on the site, the User must initially provide the following data by filling in the appropriate Form: name, surname, or company name, complete billing and delivery address, telephone and e-mail. These data are necessary for the correct management and conclusion of the contract. Furthermore, it is possible, but not mandatory, to provide additional data in the “additional information” field.
Furthermore, for the conclusion of the sale, the User has various payment methods available to choose from: credit/debit card, paypal, postepay, bank transfer; these data are also mandatory and will be managed in the manner indicated below.

3.5 Data provided following subscription to the Newsletter. The User who wants to subscribe to the Newsletter will provide his name and surname and his email. Registration is voluntary. In this regard, see the relative information.

3.6 Cookies. The management software of this website uses cookies; for complete information access this link.

4. Primary purposes of the processing of personal data and legal basis

4.1 Purchase of products
Through the website it is possible to carry out a commercial transaction by entering the personal data indicated in point 3.4 of this information. The processing of such data is necessary in order to be able to carry out and complete the commercial transaction. Once the transaction has been completed, and the product has therefore been purchased, the User will receive an email confirming the purchase and order summary; if necessary, the Owner can use the other information to contact the User and obtain some data necessary for the correct processing of the order.
The Data Controller does not manage or carry out the electronic or paper archiving of the payment data entered by the User; the same are processed in order to be transferred directly to the credit institution via an encrypted protocol and, therefore, acquired and managed directly by the latter.
** Legal basis. The primary purpose is to execute the contract and the lawfulness of the processing is sanctioned by the art. 6 paragraph 1 lett. a) and b) GDPR.

4.2 Purpose of sending a reply to the Request received via the Form or e-mail message. Firstly, the processing of personal data that the User is required to indicate in the context of his request pursues the purposes of making it possible to process a response. With regard to the request made by clicking on the “contact” link, the process consists in the subsequent compilation of a Form, in which it is required to indicate the identification data (name and surname, e-mail) and optionally the telephone number, as well as to the subject of the request (object field) and the reasons for the contact (message field), thanks to which the applicant will subsequently be identified for the sole purpose of sending a reply to the indicated e-mail address or by telephone contact, where inserted. The same principle also applies to personal data indicated in messages sent by email.
** Legal basis. The primary purposes of the processing are represented by the need to allow the completion of a response to the request received, and is, therefore, of a pre-contractual nature, whose legal basis is found in the User’s consent (art. 6 paragraph 1 lett. a) and in the execution of pre-contractual measures (art. 6 paragraph 1 letter b) GDPR).

4.3 Fulfillment of obligations established by law, by regulations or by EU regulations. Personal data will also be processed to fulfill the obligations established by law, by a regulation or by community legislation; by way of example, but not limited to, for tax, civil, social security, administrative, technical obligations, etc.
** Legal basis. It consists in the fulfillment of a legal obligation (art. 6 paragraph 1 letter c) GDPR).

4.4 Prevention of fraud and protection of the rights of the Owner
The personal data collected through the use by the User of the functions of the Site may be processed in order to prosecute any fraud or offense, or to protect the Data Controller’s rights or legitimate interests, also in judicial proceedings where necessary.
** Legal basis. It is identified in the art. 6 paragraph 1 lett. f) of the GDPR.

5. Mandatory or optional consent for the pursuit of the primary purposes of the processing of personal data and consequences of refusal
All the treatments illustrated above in point 3) and for the purposes referred to in point 4) of this information, pursue primary purposes for which, once the User has voluntarily provided their personal data, Article 6 of the GDPR excludes the need to acquire a further and specific consent from the same User for their treatment, either because the treatment is necessary to fulfill an obligation established by law, by a regulation or by Community legislation, or because it is necessary to fulfill pre-contractual obligations (for example, to be able to proceed with sending a reply to the request received), either because it is necessary for the fulfillment of contractual obligations (for example for the purchase of products), or because it is necessary for the protection of rights or legitimate interests of the Owner. The User is free to provide the above mentioned data, but their failure to provide or their revocation will make it impossible for the Data Controller to execute and/or conclude the pre-contractual and contractual obligations. The treatments carried out by the Owner prior to the revocation of the User remain unaffected.

6. Secondary purposes of the processing of personal data and legal basis
Treatments with secondary purposes are those of a promotional, advertising or marketing nature. In particular:

6.1 Newsletter Marketing. Following registration for the newsletter, the User is automatically added to a contact list. The Data Controller may send information on new products, sales promotional material, commercial or advertising communications by e-mail, using automated contact methods.
** Legal basis. The legal basis of the processing is given by consent (art. 6, paragraph 1 letter a) GDPR).

6.2 Communications following the purchase of products (soft spam). The Owner may communicate or provide the User with further commercial or advertising information related to the characteristics of the product purchased; the User will receive these proposals regardless of his subscription to the newsletter.
** Legal basis. The legal basis is given by the legitimate interest pursued by the Data Controller (art. 47 Recital GDPR and art. 6 paragraph 1 letter f) GDPR).

6.3 Processing of data for further advertising purposes. In addition to the treatments indicated in points 6.1 and 6.2 of this information, Gino Ferruzzi srl has a legitimate interest in using the User’s data for advertising and marketing purposes, in order to improve the offer and services.
** Legal basis. Article 47 Council and art. 6 paragraph 1 letter f) of the GDPR
This treatment takes place in the following ways:

6.3.1. social media marketing: on the site there are links, identified with the respective brands, to the social media pages “Facebook” and “Instagram” owned by the Company itself. Through these links, therefore, it is possible to access the social pages indicated above, where the User can contact the Company, write comments, chat, share and in any case acquire information on products, news and offers.
The Data Controller of this site is not responsible for the management and methods of processing User data acquired from social network providers. It is possible to have knowledge of the extent of data management, the methods of setting up the protection of the same and the rights of the User by accessing the privacy and cookie policies of Facebook and Instagram.
When disconnecting from the mentioned social pages, by deleting the installed cookies, it is possible to prevent Facebook and Instagram from linking the information relating to the User’s access with his/her social network account to the site.

6.3.2.Social Network Plug-ins
This site also has plug-ins for social networks, identified with their respective proprietary logos and more precisely Facebook, Twitter, Pinterest, Linkedin and Telegram.
With these functions, the User has the possibility to share (“share” button) the contents and products of the Site through the profiles of the respective accounts on their social pages. When interacting with the plug-ins, the corresponding information is transmitted from the browser to the corresponding social network platform. Therefore, the processing of data that social networks obtain through the use of plug-ins on this site is governed by their respective policies, to which please refer and to which we refer.
The Owner is unable to know or acquire information relating to the content of the shared data and their use by social networks.

6.4. How to opt out of interest-based advertising. The User may at any time revoke the consent granted to the processing of his data and therefore disable the service using the appropriate procedure present in each email received.
Furthermore, the User has the right to exercise his rights at any time, as described in point 15 of this information.

7. Communication and dissemination of personal data.
In addition to the Data Controller, other subjects involved in the organization of the Data Controller or subjects external to his organization may have access to the data, also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.
In particular:

7.1. Within the Owner’s corporate organization. The data will be processed by personnel authorized by the Data Controller himself, for the purposes indicated above, and in particular, by administrative, commercial personnel, personnel responsible for communicating newsletters or sending advertising mails, call center personnel, warehouse workers for the correct processing of the order, collaborators and/or designated, authorized or appointed by the Data Controller.

7.2. Third parties – subjects external to the organization of the Data Controller. These are the subjects who do not operate within the company, appointed, when necessary, as Data Processors. In particular:

7.2.1. In managing the Site: lawyers, system administrators, technical service providers (hardware and software), web designers, hosting providers, IT companies, communication agencies, marketing service providers;

7.2.2. In the management of Data for fiscal, administrative, financial, accounting, contractual purposes: companies that manage postal services, third party payment service providers, couriers, professionals or third party companies that perform assistance, consultancy, collaboration, public administrations for institutional functions within the limits established by law;

7.2.3. For legal obligations, or for the protection of rights: the data may be communicated to the Data Controller’s lawyers, consultants, to all inspection bodies following inspections and/or checks or checks on the regularity of legal obligations, to judicial authorities, experts, conciliation bodies;
The data may be communicated to any other third party when the communication is mandatory by law, including the scope of prevention/repression of any illegal activity connected to access to the Site and the use of the functions present therein.

7.3 Diffusion. The data will not be disclosed.

8. Processing methods

The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out manually or using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
The site uses the SSL encryption system, which, when active, allows for greater security in the protection of Users’ data and in fact, the same cannot be manipulated by third parties. The encrypted connection can be recognized by the padlock symbol in the web address bar.
However, it should be noted that no security system guarantees such protection with absolute certainty, therefore, except in cases of liability for negligence, the Data Controller is not liable for the deed committed by third parties who illegally access the security systems without the due permissions.

9. Automated decision-making processes
The Owner adopts automated contact systems (email) and adopts automated decision-making processes through the use of special software, by means of which he examines the preferences and the ways in which the User interacts with the services on the Site. See the cookie policy.

10. Connection to/from third party sites
From the site it may be possible to connect, through special links, to other third-party sites.
In this regard, the Company Gino Ferruzzi srl cannot be held responsible for any management of personal data by third parties.

11. Data Transfer
The service provider that deals with hosting is Mediasecure srl with headquarters located in Italy. Personal data is stored for the period established by current legislation on servers located within the European Union. It is understood that, if necessary, the Data Controller will have the right to move the servers even outside the European Union; in this case, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission.

12. Data retention times
Users’ personal data will be kept for the time strictly necessary to carry out the purposes illustrated and therefore variable in relation to the nature of the treatment.
• Personal data necessary for the execution of a contract will be processed until the conclusion of the same; those personal data necessary for tax purposes will be processed for another 10 years from the termination of the contractual relationship.
• The personal data indicated in the Form or in the emails will be kept for the time necessary to send an answer to the question and for no more than 24 months from the sending of the same.
• Personal data based on the consent to subscribe to the newsletter will be kept for the entire period in which the User’s consent remains and will be canceled when it is revoked.
• Personal data processed for communications of products similar to those covered by a previous purchase (soft spam) may be kept for a period of 24 months.
• Personal data processed for further marketing purposes will be kept for 6 years.
• Tracking Data will be kept for 2 years.
• Personal data acquired to fulfill a legal or regulatory obligation will be processed until the fulfillment of this obligation;
• Personal data may be processed for as long as it is necessary in the event of having to protect or defend the interests or rights of the Data Controller.
In any case, the Data Controller undertakes to carry out a six-monthly check of the stored data, in order to eliminate those no longer necessary or in excess.

13. Place of data processing
The treatments connected to the web services of this Site take place at the registered office of the Data Controller and in any other place where the parties involved in the treatment are located and are only handled by the personnel in charge.

14. Update of this information
The Data Controller periodically verifies its privacy and security policies and, if necessary, reviews them in relation to regulatory, organizational or technological changes. Therefore, this Information may be subject to changes. Users are therefore invited to always refer to the text of the Privacy Policy published at the time of consultation of the Site.

15. Rights of the interested party
At any time, the User can exercise his rights towards the Data Controller, as described below, within the limits and in the ways indicated by the GDPR:
Specifically, the interested party has the right:
– to access personal data by making an appropriate request (art.15);
– to obtain the rectification (art.16);
– to request the cancellation of the same (oblivion) ​​(art.17);
– to request the limitation of the treatment that concerns him (art.18);
– to oppose the treatment (art.21);
– to obtain data portability (art.20);
– to revoke the consent without jeopardizing the lawfulness of the treatment provided before the revocation, (art.13 par.2 letter c);
– to file a complaint (art.13 par.2 lett.d.) with a supervisory authority competent for the protection of personal data for any violation it deems to have suffered.

16. How to exercise your rights
To exercise the rights indicated above, the User may send a request
– by registered mail to: Gino Ferruzzi srl – Via Cassia n. 67 – Loc. Tavarnuzze – 50023 Impruneta (FI) – Italy
– by pec to:
Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within a month.
– You may also file a complaint with the Supervisory Authority, which for Italy is the Guarantor for the Protection of Personal Data, based in Rome – Piazza Venezia n. 11, or by accessing the website