Privacy and Cookie Policy

About this document

LISCIANIGIOCHI S.P.A. (hereinafter also LISCIANIGIOCHI, “Company” or “Owner”) is committed to the respect and protection of privacy and wishes to offer a clear and transparent vision of what information relating to individuals is collected and processed for: customers and users who browse the Website, make purchases, subscribe to the newsletter or contact LISCIANIGIOCHI for assistance.

Following the full implementation of the General Data Protection Regulation 2016/679 (the so-called “GDPR”, or “Regulation”), across the European Union, and the national legislation (Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2018), LISCIANIGIOCHI has set itself the following objectives:

– ensure that Data Subjects understand what personal data is collected, for what purposes and for how long;

– explain in a clear and transparent way how the personal data that Data Subjects provide are used and with whom they are shared, in order to offer an increasingly efficient service;

– inform Data Subjects of their rights and possible choices in the processing of personal data, ensuring, firstly, greater control over them and, secondly, greater protection by those involved in the processing.

PRIVACY FOR MINORS

Registration is only permitted to users who are 18 years of age or older. The personal data of minors under 18 years of age can be provided only with the consent of a parent or legal guardian.

LISCIANIGIOCHI S.p.A. declines any responsibility for cases in which the user provides data that are incorrect, untrue, or relating to third parties, including minors, for which he/she is not entitled and/or expressly authorised to provide and consent to the processing. The user assumes full responsibility for such conduct.

WEBSITE PRIVACY POLICY AND COOKIE POLICY

pursuant to Article 13 of EU Regulation 2016/679


DATA CONTROLLER AND CONTACT DETAILS

LISCIANI GIOCHI S.P.A. is the Data Controller of the personal data processed through the Website www.liscianigroup.com.

The registered office is in Via Giacomo Ruscitti, Zona Ind.le Sant’Atto, 64100 Teramo (Te), VAT 0072303672. For all privacy matters, please contact the following email address: privacy@liscianigiochi.it, or the telephone number +39 0861 2311.

The Company Website has the following address: https://www.liscianigroup.com



DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS

Personal data collected through the Website will be processed in full compliance with the applicable legislation, guaranteeing the security, confidentiality and protection of the data in its possession, respecting the fundamental rights and freedoms that are recognised to the Data Subjects, in accordance with European Regulation 2016/679, hereinafter GDPR.



TYPES OF DATA COLLECTED

The data is collected from the Data Subject. The IT systems and software procedures used to operate this Website acquire, as part of their routine operation, certain personal data whose transmission is implicit in the use of the Internet.

Among the personal data collected by this Website are: technical, statistical and profiling cookies, Website usage data, time spent on the Website.

The data we collect includes information that can identify you as an individual (“personal data”) and we may also process certain data relating to your device, such as the anonymised IP address of your device and activity in relation to the types of services you use with your consent where required.

The personal data processed through the Website are as follows:

A. Automatically collected browsing data:the data is not collected to be associated with identified Data Subjects, but by its very nature could allow the identification of browsing users through processing and association with data held by third parties. This category of data includes “IP addresses” or the domain names of the computers used by users who connect to the Website, the Uniform Resource Identifier (URI) of the resources requested. IP addresses are saved in “anonymised” form. The visible portions of data are used only to obtain anonymous statistical information on the use of the Website and to check the proper functioning of the LISCIANIGIOCHI S.p.A. Website.

B. Cookies: the Website uses certain cookies and the data collected through them may be used to access certain parts of the Website or for statistical and profiling purposes or to make the browsing experience more pleasant and efficient in the future, trying to assess user behaviour and to modify the content offer according to their behaviour. More information about cookies is available in the “Cookie Policy ” section below.

C. Data related to Websites and Third-Party Services, Plug-Ins: the Website may contain links to other websites or applications. The Website also incorporates plug-ins and/or buttons for social networks to allow easy sharing of content on your favourite social networks. These plug-ins are programmed so as not to set any cookies when the users access the page, in order to protect the privacy of the users. Cookies may be set, if so provided by the social networks, only when the user makes effective and voluntary use of the plug-in. Please note that if users browse the Website whilst logged into the social network then they have already consented to the use of cookies conveyed through this Website at the time of registration with the social network: services may be used to analyse traffic on this Website, potentially containing personal data of users, in order to filter it from parts of traffic, messages and content recognised as SPAM (Google reCAPTCHA, SPAM protection service provided by Google Inc.). The collection and use of the data obtained by means of plug-ins are governed by the respective privacy policies of the social networks, to which reference should be made.



PURPOSES OF DATA PROCESSING

The Website requests certain information from the browser in order to offer a quality service.

These are browsing preferences, logins and cookies used for the proper functioning of the Website and in order to offer a better service.

The Data Controller may process the data to:

– manage the Website, the Services and for internal operations, including troubleshooting and, where legitimate, data analysis, testing, statistical purposes and surveys;

– improve the Website and ensure that the content is presented in the most effective way for browsing;

– where legitimate, for trend monitoring, marketing and advertising;

– keep the Website secure and for the establishment of liability in the event of computer crimes against the Website and legal protection.



LEGAL BASIS

The use of technical cookies does not require consent as it is necessary for the execution of a contract or pre-contractual measures (Article 6, paragraph 1, letter b of the GDPR) of the Data Controller so that the functions of the Company Website can be used and enjoyed as a result of the browsing carried out by the user.

The use of profiling cookies is carried out with the consent of the Data Subject (Article 6, paragraph 1, letter a of the GDPR).



POLICY ON COOKIES AND SIMILAR TECHNOLOGIES



RECIPIENTS AND CATEGORIES OF RECIPIENTS

The personal data processed by the Data Controller will not be disclosed.

On the other hand, the data may be communicated to the Data Controller’s employees and to external parties who collaborate with the same, designated as Data Processors (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, website management personnel, platform for managing cookies and website consents) or authorised to process the data as they operate under the authority of the Data Controller, or other parties involved in the organisation of this Website (administrative, sales, marketing, legal and system administrator personnel).

Finally, the data may be communicated to the subjects entitled to access them under the provisions of the law, regulations, Community regulations. In order to comply with legal obligations or to ascertain responsibility in the event of computer crimes against the Website, the data may be communicated to, or allocated to, third parties.

The updated list of the Data Processors can always be requested from the Data Controller.

This is without prejudice to the obligation of LISCIANIGIOCHI S.p.a. to communicate data to Public Authorities on specific request.



TRANSFER ABROAD

The data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located, therefore the Data Controller does not transfer this personal data to third countries or international organisations.

However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR 2016/679. The equivalent levels of protection adopted for the processing of the personal data of the Data Controller’s employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided will be applied.



DURATION OF PROCESSING

In accordance with the principle of retention limitation (Article 5, GDPR), verification of the obsolescence of the stored data in relation to the purposes for which they were collected is carried out periodically. In particular:

a) automatically-collected data are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the Website and to check its regular operation, also for security purposes or according to the deadlines provided for by law;

b) the data provided voluntarily by the user will be kept for a period of time not exceeding the achievement of the purposes for which they are processed or according to the deadlines provided for by law.



METHODS AND NATURE OF PROVISION

The data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles of lawfulness and provisions of Article 5, paragraph 1 of the GDPR.

Personal data processing is carried out by means of manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality.

The provision of data for the aforementioned purposes is entirely optional. Any refusal by the Data Subject to provide personal data, the lack of consent or its revocation for one or more purposes, will make it impossible to use the services related to them.

The Data Subject may refuse to provide the Data Controller with his/her navigation data. To do this, he/she must disable the cookies by following the instructions provided by the browser in use. Disabling cookies may worsen or prevent you from navigating and enjoying the functionality of the Website.


SECURITY MEASURES

The transfer, retention and processing of the Data Subject’s data collected through the Website are ensured through appropriate technical and security measures, specifically:

All the information of the Data Subject is protected with the access keys that the user has chosen himself, passwords are not recorded in clear text.

The Website has an encrypted HTTPS connection.

A secure e-commerce platform is used, with built-in security protocols.

Strong passwords are used.

Data is collected, stored and maintained on a secure server, protected by a firewall and physically located in an access-controlled web farm in the EU.



RIGHTS OF THE DATA SUBJECTS

In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of Data Subjects (Articles 15 to 22), with regard to the processing operations covered by this Privacy Policy, as Data Subjects, users may exercise certain rights with reference to the data processed by the Data Controller.

In particular, the Data Subject has the right to:

· Revoke consent at any time

· Oppose the processing of their data

· Access to their own Data

· Verification and rectification

· Restriction of processing

· Deletion or removal of their personal data

· Portability

Furthermore, the Data Subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he/she considers that the processing operations concerning him/her are in breach of the GDPR, pursuant to Article 77 of the GDPR.

The data subject may revoke consent at any time.

How to exercise your rights

If you wish to request further information on the processing of your personal data or to exercise your rights, you may do so in writing to privacy@liscianigiochi.it using the Exercise of Personal Data Protection Rights Form. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.


AUTOMATED PROCESSING

The Data Controller does not, under any circumstances, carry out processing operations consisting of automated decision-making processes on the data of natural persons with regard to the processing operations indicated below.



CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users by email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.

Last modified: 14/10/2021

PRIVACY POLICY FOR THE ONLINE CONTACT FORM

pursuant to Article 13 of EU Regulation 2016/679

DATA CONTROLLER AND CONTACT DETAILS

LISCIANI GIOCHI S.P.A. is the Data Controller of the personal data processed through the Website www.liscianigroup.com.

The registered office is in Via Giacomo Ruscitti, Zona Ind.le Sant’Atto, 64100 Teramo (Te), VAT 0072303672. For all privacy matters, please contact the following email address: privacy@liscianigiochi.it, or the telephone number +39 0861 2311.

The Company Website has the following address: https://www.liscianigroup.com

DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS

Personal data collected through the compilation of the “Contacts” section on the Website will be processed in full compliance with the applicable legislation, guaranteeing the security, confidentiality and protection of the data in its possession, respecting the fundamental rights and freedoms that are recognised to the Data Subjects, in accordance with European Regulation 2016/679, hereinafter GDPR.

TYPES OF DATA COLLECTED AND ORIGIN OF THE DATA

The personal data processed are those provided voluntarily and directly by the user by filling in the online forms. i form on-line.

Personal data collected: SURNAME, NAME, EMAIL AND PHONE NUMBER.

PURPOSES OF DATA PROCESSING

Personal data are processed to fulfil requests for information regarding the products/services offered and any commercial or other requests made by filling in the forms.

LEGAL BASIS

The legal basis for the processing is the execution of pre-contractual measures or the contract with regard to the fulfilment of requests made by filling in the form, and personal data are acquired by the Data Controller exclusively to manage users’ requests for assistance and information.

RECIPIENTS AND CATEGORIES OF RECIPIENTS

The personal data processed by the Data Controller will not be disclosed.

On the other hand, the data may be communicated to the Data Controller’s employees and to external parties who collaborate with the same, designated as Data Processors (such as third party technical service providers, postal couriers, hosting providers, IT companies) or authorised to process the data as they operate under the authority of the Data Controller, or other parties involved in the organisation of this Website (administrative, sales, legal and system administrator personnel).

Finally, the data may be communicated to the subjects entitled to access them under the provisions of the law, regulations, Community regulations. In order to comply with legal obligations or to ascertain responsibility in the event of computer crimes against the Website, the data may be communicated to, or allocated to, third parties.

The updated list of the Data Processors can always be requested from the Data Controller.

This is without prejudice to the obligation of LISCIANIGIOCHI S.p.a. to communicate data to Public Authorities upon specific request.

TRANSFER ABROAD

The data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located, therefore the Data Controller does not transfer this personal data to third countries or to international organisations.

However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR 2016/679. The equivalent levels of protection adopted for the processing of the personal data of the Data Controller’s employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated.

DURATION OF PROCESSING

Data provided voluntarily by the user will be stored for a period of time not exceeding the fulfilment of the purposes for which they are processed or in accordance with the deadlines provided for by law.

In this case, the data entered in online forms will be stored for a maximum of 12 months or for the duration of the product warranty (as requests may also relate to technical support for products during the warranty period).

METHODS AND NATURE OF PROVISION

The data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles of lawfulness and provisions of Article 5, paragraph 1 of the GDPR.

Personal data processing is carried out by means of manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality.

SECURITY MEASURES

The transfer, retention and processing of the Data Subject’s data collected through the Website are ensured through appropriate technical and security measures, specifically:

All the information of the Data Subject is protected with the access keys that the user has chosen himself, passwords are not recorded in clear text.

The Website has an encrypted HTTPS connection.

A secure e-commerce platform is used, with built-in security protocols.

Strong passwords are used.

Data is collected, stored and maintained on a secure server, protected by a firewall and physically located in an access-controlled web farm in the EU.

RIGHTS OF THE DATA SUBJECTS

In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of Data Subjects (Articles 15 to 21), with regard to the processing operations covered by this Privacy Policy, as Data Subjects, users may exercise certain rights with reference to the data processed by the Data Controller.

In particular, the Data Subject has the right to:

· Revoke consent at any time (where required)

· Oppose the processing of their data

· Access to their own Data

· Verification and rectification

· Restriction of processing

· Deletion or removal of their personal data

· Portability

Furthermore, the Data Subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he/she considers that the processing operations concerning him/her are in breach of the GDPR, pursuant to Article 77 of the GDPR.

How to exercise your rights

If you wish to request further information on the processing of your personal data or to exercise your rights, you may do so in writing to privacy@liscianigiochi.it using the Exercise of Personal Data Protection Rights Form. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

AUTOMATED PROCESSING

The Data Controller does not, under any circumstances, carry out processing operations consisting of automated decision-making processes on the data of natural persons with regard to the processing operations indicated below.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users by email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.

Last modified: 14/10/2021

PRIVACY POLICY FOR PERSONAL DATA PROCESSING IN THE RESERVED AREA AND HELPDESK ASSISTANCE

pursuant to Article 13 of EU Regulation 2016/679

DATA CONTROLLER AND CONTACT DETAILS

LISCIANI GIOCHI S.P.A. is the Data Controller of the personal data processed through the Websitewww.liscianigroup.com.

The registered office is in Via Giacomo Ruscitti, Zona Ind.le Sant’Atto, 64100 Teramo (Te), VAT 0072303672. For all privacy matters, please contact the following email address: privacy@liscianigiochi.it ,or the telephone number +39 0861 2311.

The Company Website has the following address: https://www.liscianigroup.com

DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS

Personal data collected by filling in the registration form for the reserved area or by requesting assistance from the helpdesk, present on the Website will be processed in full compliance with the applicable legislation, guaranteeing the security, confidentiality and protection of the data in its possession, respecting the fundamental rights and freedoms that are recognised to the Data Subjects, in accordance with European Regulation 2016/679, hereinafter GDPR.

TYPES OF DATA COLLECTED AND ORIGIN OF THE DATA

The data are collected from the Data Subject and are provided directly when creating an account in the reserved area.

Data collected with REGISTRATION IN THE RESERVED AREA: name, surname, email, telephone, address, type of user, VAT number, tax code, date of birth.

PURPOSES OF DATA PROCESSING

Personal data is processed for the following purposes:

1. to authorise access to the Reserved Area and provide the services requested;

2. to inform the Data Subject that content and documents of interest are available in the Reserved Area;

3. to provide customer assistance on its products/services;

4. fulfilment of administrative and accounting requirements strictly related to the service, such as the purchase of products;

5. fulfilment of specific obligations laid down by law, regulation or Community legislation;

6. in the event of loss of access credentials, activate the procedure that allows the recovery of the password and its reset;

7. to pursue the legitimate interests of the Data Controller, including, where necessary, to assert or defend a right in court.

LEGAL BASIS

The processing of data for the purposes referred to is necessary for the performance of a contract or pre-contractual measures (Article 6, paragraph 1, letter b of the GDPR) and the pursuit of the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f of the GDPR) to possibly assert or defend a right in court.

With reference to the purposes referred to in paragraph 1 above, the provision of personal data is optional but is a necessary requirement for the provision of the service; in fact, failure to provide such data makes it impossible to receive access credentials to the reserved area.

RECIPIENTS AND CATEGORIES OF RECIPIENTS

The personal data processed by the Data Controller will not be disclosed.

On the other hand, the data may be communicated to the Data Controller’s employees and to external parties who collaborate with the same, designated as Data Processors (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, website management and development service providers, support services and maintenance of servers and networks, intra-structure supplier of the online shop, customer assistance services) or authorised to process the data as they operate under the authority of the Data Controller, or other parties involved in the organisation of this Website (administrative, sales, marketing, legal and system administrator personnel).

Finally, the data may be communicated to the subjects entitled to access them under the provisions of the law, regulations, Community regulations. In order to comply with legal obligations or to ascertain responsibility in the event of computer crimes against the Website, the data may be communicated to, or allocated to, third parties.

The updated list of the Data Processors can always be requested from the Data Controller.

This is without prejudice to the obligation of LISCIANIGIOCHI S.p.a. to communicate data to Public Authorities upon specific request.

TRANSFER ABROAD

The data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located, therefore the Data Controller does not transfer this personal data to third countries or to international organisations outside the EU.

However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR. The equivalent levels of protection adopted for the processing of the personal data of the Data Controller’s employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools will be applied.

DURATION OF PROCESSING

The Data Controller retains and processes personal data for the time necessary to fulfil the purposes indicated, i.e. for the period for which the Data Controller will maintain the service active.

The data will be kept for as long as the account is active unless regulatory obligations introduce higher processing.

In the event of legal disputes, for the entire duration of the dispute, until the time limit for appeals has expired.

METHODS AND NATURE OF PROVISION

The data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles of lawfulness and provisions of Article 5, paragraph 1 of the GDPR.

Personal data processing is carried out by means of manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality.

The provision of data for the aforementioned purposes is entirely optional. Any refusal by the Data Subject to provide personal data, the lack of consent or its revocation for one or more purposes, will make it impossible to use the services related to them.

SECURITY MEASURES

The transfer, retention and processing of the Data Subject’s data collected through the Website are ensured through appropriate technical and security measures, specifically:

All the information of the Data Subject is protected with the access keys that the user has chosen himself, passwords are not recorded in clear text.

The Website has an encrypted HTTPS connection.

A secure e-commerce platform is used, with built-in security protocols.

Strong passwords are used.

Data is collected, stored and maintained on a secure server, protected by a firewall and physically located in an access-controlled web farm in the EU.

RIGHTS OF THE DATA SUBJECTS

In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of Data Subjects (Articles 15 to 21), with regard to the processing operations covered by this Privacy Policy, as Data Subjects, users may exercise certain rights with reference to the data processed by the Data Controller.

In particular, the Data Subject has the right to:

· Revoke consent at any time (where required)

· Oppose the processing of their data

· Access to their own Data

· Verification and rectification

· Restriction of processing

· Deletion or removal of their personal data

· Portability

Furthermore, the Data Subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he/she considers that the processing operations concerning him/her are in breach of the GDPR, pursuant to Article 77 of the GDPR.

How to exercise your rights

If you wish to request further information on the processing of your personal data or to exercise your rights, you may do so in writing to privacy@liscianigiochi.it using the Exercise of Personal Data Protection Rights Form. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

AUTOMATED PROCESSING

The Data Controller does not, under any circumstances, carry out processing operations consisting of automated decision-making processes on the data of natural persons with regard to the processing operations indicated below.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users by email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.

Last modified: 14/10/2021

PRIVACY POLICY FOR ONLINE PURCHASES

pursuant to Article 13 of EU Regulation 2016/679

DATA CONTROLLER AND CONTACT DETAILS

LISCIANI GIOCHI S.P.A. is the Data Controller of the personal data processed through the Website www.liscianigroup.com.

The registered office is in Via Giacomo Ruscitti, Zona Ind.le Sant’Atto, 64100 Teramo (Te), VAT 0072303672. For all privacy matters, please contact the following email address: privacy@liscianigiochi.it, or the telephone number +39 0861 2311.

The Company Website has the following address: https://www.liscianigroup.com

DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS

The personal data of users who make purchases online (e.g. management of orders, sale and delivery of products via third party courier, management of returns and warranties and other activities necessary for the sale of products via e-commerce) with or without access to the reserved area, collected by filling in the relevant forms, present on the Website, will be processed in full compliance with applicable legislation, guaranteeing the security, confidentiality and protection of the data in its possession, respecting the fundamental rights and freedoms that are recognised to the Data Subjects, in accordance with European Regulation 2016/679, hereinafter GDPR.

TYPES OF DATA COLLECTED AND ORIGIN OF THE DATA

The personal data processed are those provided voluntarily by the user by filling in the online registration forms in the RESERVED AREA or by making a purchase WITHOUT REGISTRATION.

In particular:

1. data collected with REGISTRATION IN THE RESERVED AREA: name, surname, email, telephone, address, VAT number, tax code, date of birth, system log, data relating to purchases made and other non-specific data.

2. data collected for ON-LINE PURCHASES WITHOUT REGISTRATION: name, surname, company/company name, VAT number, tax code, data relating to purchases made.

The data are collected from the Data Subject and are provided directly by the Data Subject at the time of purchase.

PURPOSES OF DATA PROCESSING

Personal data are processed to allow customers to make online purchases, with the following purposes:

a. to allow registration to e-commerce and manage access to the relevant services;

b. to allow and facilitate the purchase of products online and the eventual conclusion of the purchase contract through e-commerce;

c. to maintain and manage the account created following registration;

d. to allow the products to be placed in the shopping cart and to conclude and execute the purchase contract via e-commerce;

e. to deliver the products sold by courier;

f. to fulfil all legal obligations connected with the relative administrative, accounting, fiscal and financial processes connected with the provision of the product or service supplied;

g. to protect contractual rights or rights arising from relations between the parties;

h. internal reporting and controls.

i. to manage and possibly block fraudulent or illegal uses of e-commerce;

j. to ensure compliance with the Data Controller’s contractual rights and related legitimate interests (e.g.: to demonstrate that it has fulfilled its obligations under the contract with the Data Subject or imposed by law).

LEGAL BASIS

The legal bases of the processing consist of:

· performance of a contract or pre-contractual measures (Article 6, paragraph 1, letter b of the GDPR) for the purposes a) to e);

· fulfilment of a legal obligation (Article 6, paragraph 1, letter c of the GDPR) for the purpose f);

· pursuit of a legitimate interest (pursuant to Article 6, paragraph 1, letter f of the GDPR) for the purposes g) to j).

RECIPIENTS AND CATEGORIES OF RECIPIENTS

The personal data processed by the Data Controller will not be disclosed.

On the other hand, the data may be communicated to the Data Controller’s employees and to external parties who collaborate with the same, designated as Data Processors (such as third party technical service providers, postal couriers, hosting providers, IT companies, website management and development service providers, support services and maintenance of servers and networks, intra-structure supplier of the online shop, customer assistance services) or authorised to process the data as they operate under the authority of the Data Controller, or other parties involved in the organisation of this Website (administrative, sales, marketing, legal and system administrator personnel).

Finally, the data may be communicated to the subjects entitled to access them under the provisions of the law, regulations, Community regulations. In order to comply with legal obligations or to ascertain responsibility in the event of computer crimes against the Website, the data may be communicated to, or allocated to, third parties.

The updated list of the Data Processors can always be requested from the Data Controller.

For credit card data, the Stripe platform is used (https://stripe.com/it), the data are not processed by Lisciani Spa, but solely by that platform.

For transactions made by the User/Data Subject through the Stripe platform, see the Privacy Policy: https://stripe.com/it.

In case of payment on delivery, specific processing will be carried out by the courier.

This is without prejudice to the obligation of LISCIANIGIOCHI S.p.a. to communicate data to Public Authorities on specific request.

TRANSFER ABROAD

The data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located, therefore the Data Controller does not transfer this personal data to third countries or to international organisations outside the EU.

However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR. The equivalent levels of protection adopted for the processing of the personal data of the Data Controller’s employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools will be applied.

DURATION OF PROCESSING

The Data Controller retains and processes personal data for the time necessary to fulfil the purposes indicated, i.e. for the period for which the Data Controller will maintain the service active:

– Registration data will be processed until the account is closed, taking into account the technical time required for this;

– The retention period of personal data for the purposes of legal obligations is 10 years from the end of the contractual or commercial relationship.

– The retention period of personal data for the purpose of pre-contractual activities, in case of non-finalisation of the purchase, is 5 months from the acquisition of the data.

At the end of this period, the data will be deleted or made anonymous, unless their further retention is necessary to fulfil contractual obligations, legal obligations or to comply with orders issued by Public Authorities and/or Supervisory Bodies, as well as to prevent fraudulent activities or in the event of litigation.

METHODS AND NATURE OF PROVISION

The data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles of lawfulness and provisions of Article 5, paragraph 1 of the GDPR.

Il trattamento dei dati personali avviene mediante strumenti manuali, informatici e telematici con logiche strettamente correlate alle finalità stesse e, comunque, in modo da garantirne la sicurezza e la riservatezza.

Personal data processing is carried out by means of manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality. The provision of data takes place in the fields of the registration form in the personal area of e-commerce; or in the fields of the order form when purchasing without registering. The provision of data for the aforementioned purposes is entirely optional. Should the Data Subject refuse to provide the data, it will be impossible to proceed with the purchase and, therefore, to conclude the contract and receive the products selected through e-commerce.

SECURITY MEASURES

The transfer, retention and processing of the Data Subject’s data collected through the Website are ensured through appropriate technical and security measures, specifically:

All the information of the Data Subject is protected with the access keys that the user has chosen himself, passwords are not recorded in clear text.

The Website has an encrypted HTTPS connection.

A secure e-commerce platform is used, with built-in security protocols.

Strong passwords are used.

Data is collected, stored and maintained on a secure server, protected by a firewall and physically located in an access-controlled web farm in the EU.

RIGHTS OF THE DATA SUBJECTS

In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of Data Subjects (Articles 15 to 21), with regard to the processing operations covered by this Privacy Policy, as Data Subjects, users may exercise certain rights with reference to the data processed by the Data Controller.

In particular, the Data Subject has the right to:

· Revoke consent at any time (where required)

· Oppose the processing of their data

· Access to their own Data

· Verification and rectification

· Restriction of processing

· Deletion or removal of their personal data

· Portability

Furthermore, the Data Subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he/she considers that the processing operations concerning him/her are in breach of the GDPR, pursuant to Article 77 of the GDPR.

How to exercise your rights

If you wish to request further information on the processing of your personal data or to exercise your rights, you may do so in writing to privacy@liscianigiochi.it using the “Exercise of Personal Data Protection Rights Form“. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

AUTOMATED PROCESSING

The Data Controller does not, under any circumstances, carry out processing operations consisting of automated decision-making processes on the data of natural persons with regard to the processing operations indicated below.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users by email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.

Last modified: 14/10/2021

NEWSLETTER SUBSCRIBER PRIVACY POLICY

pursuant to Article 13 of EU Regulation 2016/679

DATA CONTROLLER AND CONTACT DETAILS

LISCIANI GIOCHI S.P.A. is the Data Controller of the personal data processed through the Website www.liscianigroup.com.

The registered office is in Via Giacomo Ruscitti, Zona Ind.le Sant’Atto, 64100 Teramo (Te), VAT 0072303672. For all privacy matters, please contact the following email address: privacy@liscianigiochi.it, or the telephone number +39 0861 2311.

The Company Website has the following address: https://www.liscianigroup.com

DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS

The personal data of newsletter subscribers are collected through the newsletter subscription form.

The processing is carried out in full compliance with the applicable legislation, guaranteeing the security, confidentiality and protection of the data in its possession and the fundamental rights and freedoms that are recognised, in accordance with the rules set out in the GDPR.

TYPES OF DATA COLLECTED AND ORIGIN OF THE DATA

The personal data processed are those provided voluntarily by the user by filling in the online forms and subscribing to the newsletter. Only the Data Subject’s EMAIL is collected.

PURPOSES OF DATA PROCESSING

Newsletter/Direct marketing activities of the Data Controller:personal data are processed for sending e-mail newsletters, technical or commercial information concerning the services and products offered by LISCIANIGIOCHI S.p.a.

By subscribing to the mailing list/newsletter, the Data Subject’s email address is automatically included in a list of contacts to whom email messages containing information, informative messages also of a commercial, promotional and/or advertising nature may be sent periodically.

Customer satisfaction surveys: personal data are processed for the purpose of sending customer satisfaction questionnaires by email.

LEGAL BASIS

The legal basis of the processing consists of the consent expressed by a statement regarding the sending of newsletters and sending questionnaires on your satisfaction (Article 6, paragraph 1, letter a GDPR). With reference to Article 7 of the GDPR, the Data Subject may revoke any consent given at any time. The revocation of consent, which can be carried out by means of the appropriate link in the footer of the email newsletter, results in the suspension of the sending of the newsletter. Any revocation shall not affect the lawfulness of the processing provided before the revocation.

RECIPIENTS AND CATEGORIES OF RECIPIENTS

The personal data processed by the Data Controller will not be disclosed.

On the other hand, the data may be communicated to the Data Controller’s employees and to external parties who collaborate with the same, designated as Data Processors (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, website management and development service providers, support services and maintenance of servers and networks, intra-structure supplier of the online shop, customer assistance services) or authorised to process the data as they operate under the authority of the Data Controller, or other parties involved in the organisation of this Website (administrative, sales, marketing, legal and system administrator personnel).

Finally, the data may be communicated to the subjects entitled to access them under the provisions of the law, regulations, Community regulations. In order to comply with legal obligations or to ascertain responsibility in the event of computer crimes against the Website, the data may be communicated to, or allocated to, third parties.

The updated list of the Data Processors can always be requested from the Data Controller.

In particular, the infrastructure for managing and sending the newsletters is entrusted to Sendinblue S.p.a., registered office at 55 rue d’Amsterdam, 75008 Paris, France.

The updated list of the Data Processors can always be requested from the Data Controller.

This is without prejudice to the obligation of LISCIANIGIOCHI S.p.a. to communicate data to Public Authorities on specific request.

TRANSFER ABROAD

The data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located, therefore the Data Controller does not transfer this personal data to third countries or to international organisations outside the EU.

However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR. The equivalent levels of protection adopted for the processing of the personal data of the Data Controller’s employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided will be applied.

DURATION OF PROCESSING

The Data Controller retains and processes personal data for the time necessary to fulfil the purposes indicated, i.e. for the period for which the Data Controller will maintain the service active unless the Data Subject revokes consent. In each message, the User will be reminded that he/she has the right to unsubscribe from the service with a special link in the footer of each email.

METHODS AND NATURE OF PROVISION

The data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles of lawfulness and provisions of Article 5, paragraph 1 of the GDPR.

Personal data processing is carried out by means of manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality.

The provision of data for the aforementioned purposes is entirely optional. Any refusal by the Data Subject to provide personal data, the lack of consent or its revocation for one or more purposes, will make it impossible to use the services related to them

Failure to provide an email may make it impossible for you to receive the newsletter.

SECURITY MEASURES

The transfer, retention and processing of the Data Subject’s data collected through the Website are ensured through appropriate technical and security measures, specifically:

All the information of the Data Subject is protected with the access keys that the user has chosen himself, passwords are not recorded in clear text.

The Website has an encrypted HTTPS connection.

A secure e-commerce platform is used, with built-in security protocols.

Strong passwords are used.

Data is collected, stored and maintained on a secure server, protected by a firewall and physically located in an access-controlled web farm in the EU.

AUTOMATED PROCESSING

The Data Controller does not, under any circumstances, carry out processing operations consisting of decisions based on automated processes on the data of natural persons with regard to the processing operations indicated below.

RIGHTS OF THE DATA SUBJECTS

In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of Data Subjects (Articles 15 to 22), with regard to the processing operations covered by this Privacy Policy, as Data Subjects, users may exercise certain rights with reference to the data processed by the Data Controller.

In particular, the Data Subject has the right to:

· Revoke consent at any time (where required)

· Oppose the processing of their data

· Access to their own Data

· Verification and rectification

· Restriction of processing

· Deletion or removal of their personal data

· Portability

Furthermore, the Data Subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he/she considers that the processing operations concerning him/her are in breach of the GDPR, pursuant to Article 77 of the GDPR.

The Data Subject may revoke any consent given at any time by using the appropriate link in the footer of each newsletter email, resulting in the suspension of the sending of the newsletter.

How to exercise your rights

If you wish to request further information on the processing of your personal data or to exercise your rights, you may do so in writing to privacy@liscianigiochi.itusing the Exercise of Personal Data Protection Rights Form. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users by email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.

Last modified: 14/10/2021

CUSTOMER AND SUPPLIER PRIVACY POLICY

pursuant to Article 13 of EU Regulation 2016/679


DATA CONTROLLER AND CONTACT DETAILS

LISCIANI GIOCHI S.P.A. is the Data Controller of the personal data processed.

The registered office is inVia Giacomo Ruscitti, Zona Ind.le Sant’Atto, 64100 Teramo (Te), VAT 0072303672. For all privacy matters, please contact the following email address: privacy@liscianigiochi.it, or the telephone number +39 0861 2311.

The Company Website has the following address: https://www.liscianigroup.com



DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS

The processing of your personal data, as a potential customer/supplier and/or customer/supplier of goods and services, will be carried out in compliance with the security measures set out in Article 32 of EU Regulation 2016/679.

The management of the contractual relationship with customers/suppliers (mainly legal persons) necessarily involves the processing of personal data (identification, telephone numbers, email) relating to persons with whom you come into contact. This Privacy Policy is therefore made available to natural persons who work with customers/suppliers. Since it is difficult to send it directly to the Data Subjects, the Privacy Policy is made available to them on the Data Controller’s website, with a request to notify the Data Subjects.

The persons concerned by the processing activities are the natural persons who, by virtue of their employment or other relationship with the legal persons of the customers/suppliers, are operationally involved in commercial, pre-contractual and contractual communications. Furthermore, they may also be customers/suppliers who are natural persons, consultants, freelancers or private companies.



TYPES OF DATA PROCESSED

The personal data processed are identification data (e.g. name, surname, company name, address, telephone number, e-mail address, bank and payment details).



PURPOSES OF DATA PROCESSING

The data are processed for the management of customers and suppliers, more specifically to:

  1. conclude contracts for the services/products of the Data Controller or supplier; fulfil pre-contractual, contractual and tax obligations arising from existing relationships;
  2. fulfil the obligations provided for by law;
  3. exercise the rights of the Data Controller, such as the right of defence in court and the management of litigation
  4. commercial communications and marketing.


LEGAL BASIS FOR PROCESSING

• For the purposes provided for in points 1: the processing is necessary for the performance of a contract to which the Data Subject is party or the performance of pre-contractual measures taken at the request of the Data Subject (Article 6, paragraph 1, letter b) of the GDPR).

• For the purpose provided for in point 2: the processing is necessary for compliance with a legal obligation to which the Data Controller is subject. (Article 6, paragraph 1, letter c) of the GDPR).

• For the purpose provided for in point 3: processing is necessary for the purposes of pursuing the legitimate interests of the Data Controller or third parties (Article 6, paragraph 1, letter f) of the GDPR).

• For the purpose provided for in point 4: consent of the Data Subject.



RECIPIENTS AND CATEGORIES OF RECIPIENTS

The personal data processed by the Data Controller will not be disclosed, i.e. they will not be made known to unknown subjects, in any possible form, including making them available or simply consulting them. On the other hand, they may be communicated to the Data Controller’s employees, to external subjects who collaborate with the Data Controller designated as Data Processors or authorised to process data as they operate under the authority of the Data Controller.
They may also be communicated, only as strictly necessary, to subjects who, for the purpose of processing your requests, must supply goods or perform services on behalf of the Data Controller. Finally, your personal data may be communicated to the subjects legitimately entitled to access them by virtue of provisions of the law, regulations, Community rules, such as credit institutions, forwarding agents, our accountants and lawyers, hardware and software maintenance companies.
In particular, on the basis of their roles and work duties, they have been authorised to process your personal data, within the limits of their competence and in accordance with the instructions given to them by the Data Controller.
An updated list of the Processors can always be requested from the Data Controller.
This is without prejudice to LISCIANI GIOCHI S.P.A.’s obligation to communicate the data to Public Authorities upon specific request.



TRANSFER ABROAD

The data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located, so the Data Controller does not transfer this personal data to third countries or to international organisations.
However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR. The equivalent levels of protection adopted for the processing of the personal data of the Data Controller’s employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided by Chapter V of the GDPR will be applied.



DURATION OF PROCESSING

The Data collected for the purposes indicated will be kept for the entire duration of the contract and, after the termination of the contract, for 10 years. In the event of legal disputes, the Data will be kept for the entire duration of the dispute, until the time limit for appeals has expired.



METHODS AND NATURE OF PROVISION

Your data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles of lawfulness and provisions of Article 5, paragraph 1 of the GDPR.
The processing of personal data is carried out using manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality.
Your consent is not required for the data collected and used for the above-mentioned purposes.
The communication of personal data for the purposes set out in this Privacy Policy and their processing are necessary for the conclusion and execution of the contract and, consequently, failure to communicate such data, or the incomplete communication of such data, makes it impossible to proceed with the relationship in question.



RIGHTS OF THE DATA SUBJECTS

  • In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of Data Subjects (Articles 15 to 21), you, as a Data Subject, may exercise certain rights with reference to the data processed by the Data Controller.

    In particular, the Data Subject has the right to:

    • Where given, revoke consent at any time
    • Oppose the processing of their data
    • Access to their own Data
    • Verification and rectification
    • Restriction of processing
    • Deletion or removal of their personal data
    • Portability

    Furthermore, the Data Subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he/she considers that the processing operations concerning him/her are in breach of the GDPR, pursuant to Article 77 of the GDPR.

    How to exercise your rights

    If you wish to request further information on the processing of your personal data or to exercise your rights, you may do so in writing to privacy@liscianigiochi.it using the “Exercise of Personal Data Protection Rights Form“. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.


AUTOMATED PROCESSING

The Data Controller does not, under any circumstances, carry out processing operations consisting of decisions based on automated processes on the data of natural persons with regard to the processing operations indicated below.



CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users by email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.

Last modified: 09/12/2021

PRIVACY POLICY FOR CANDIDATES’ PERSONAL DATA

pursuant to Article 13 of EU Regulation 2016/679


DATA CONTROLLER AND CONTACT DETAILS

LISCIANI GIOCHI S.P.A. is the Data Controller of the personal data processed also through the Website www.liscianigroup.com.

The registered office is in Via Giacomo Ruscitti, Zona Ind.le Sant’Atto, 64100 Teramo (Te), VAT 0072303672. For all privacy matters, please contact the following email address: privacy@liscianigiochi.it, or the telephone number +39 0861 2311.

The Company Website has the following address:https://www.liscianigroup.com



DESCRIPTION OF THE PROCESSING AND CATEGORIES OF DATA SUBJECTS

LISCIANI GIOCHI S.P.A. informs you that it may process your personal data for personnel pre-selection and selection activities, through CV analysis and interviews.

In particular, the persons concerned by the processing activities are natural persons who send their Curriculum Vitae either spontaneously or to apply for open positions. Collection takes place through spontaneous CV submission, through a website or recruitment agencies.

Candidates are asked not to include any special or judicial data in their CVs that are not strictly necessary, otherwise, they cannot be processed. CVs sent spontaneously will, if considered of no interest, be destroyed and not stored; otherwise, however, the candidate will be promptly contacted regarding the request to store the curriculum vitae on electronic/paper supports and will also be provided with this Privacy Policy.



TYPES OF DATA COLLECTED AND ORIGIN OF THE DATA

Personal data processed: Name, address or other personal identification, Declared profession, Professional quality certificates, Tax code and other personal identification numbers, Photo, Residential address, E-mail address, Education and culture, Job (current, previous occupation, curriculum vitae, etc.),

The data is partly collected from the Data Subject and partly collected from third parties.



PURPOSES OF DATA PROCESSING

    1. manage the assessment of your CV;
    2. planning and managing selection interviews also in interactive or group mode;
    3. preparing recruitment documents.


LEGAL BASIS

For purposes 1, 2, 3: Processing is necessary for the performance of a contract to which the Data Subject is party or for the performance of pre-contractual measures taken at the request of the Data Subject.

If the candidate spontaneously includes in his/her CV the fact that he/she belongs to protected categories, the prerequisite for processing such “special” data, if any, is that the data are provided directly by the Data Subject. Their processing may be provided in order to fulfil the obligations and exercise the specific rights of the Data Controller or of the Data Subject in the field of employment and social security law and social protection.



RECIPIENTS AND CATEGORIES OF RECIPIENTS

The personal data processed by the Data Controller will not be disclosed.

On the other hand, the data may be communicated to the Data Controller’s employees, to external subjects who collaborate with the Data Controller, designated as Data Processors or authorised to process data as they operate under the authority of the Data Controller. All employees, consultants, temporary workers and/or other subjects who carry out their activities on the basis of instructions received from LISCIANI GIOCHI S.P.A., pursuant to Article 29 of the GDPR, are designated “Authorised Data Processors”. LISCIANI GIOCHI S.P.A. gives them adequate operating instructions, with particular reference to the adoption of and compliance with security measures, in order to guarantee the confidentiality and security of the data.

The data may be communicated to companies and professionals who are the Data Processors appointed by LISCIANI GIOCHI S.P.A. or who are themselves the Data Controllers of the personal data transmitted to them.

The updated list of the Data Processors can always be requested from the Data Controller.

This is without prejudice to the obligation of LISCIANIGIOCHI S.P.A. to communicate data to Public Authorities on specific request.



TRANSFER ABROAD

The data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located, therefore the Data Controller does not transfer this personal data to third countries or to international organisations.

However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the GDPR. The equivalent levels of protection adopted for the processing of the personal data of the Data Controller’s employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided by Chapter V of the GDPR will be applied.



DURATION OF PROCESSING

The processing will last no longer than is necessary for the purposes for which the data were collected, and will be kept for a maximum of 24 months from the date on which the data were provided.



METHODS AND NATURE OF PROVISION

Your data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles of lawfulness and provisions of Article 5, paragraph 1 of the GDPR.

Personal data processing is carried out by means of manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality.

Your consent is not required for the data collected and used for requirements related to the execution of activities inherent to the contractual relationship and compliance with the legal obligations indicated. Failure to provide the above-mentioned personal data will make it impossible to continue the relationship in question. For data collected and used for the legitimate interest of the Data Controller, your consent is not required (Article 6, letter f of the GDPR). The communication of the aforementioned personal data is optional but necessary for the performance of the services offered by the Data Controller. Any refusal to communicate such data will make it impossible to provide all or part of the services requested.


SECURITY MEASURES

The transfer, retention and processing of the Data Subject’s data collected through the Website are ensured through appropriate technical and security measures, specifically:

All the Data Subject’s information is protected with the access keys that the user has chosen himself, passwords are not recorded in clear text.

The Website has an encrypted HTTPS connection.

A secure e-commerce platform is used, with built-in security protocols.

Strong passwords are used.

Data is collected, stored and maintained on a secure server, protected by a firewall and physically located in an access-controlled web farm in the EU.



RIGHTS OF THE DATA SUBJECTS

In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of Data Subjects (Articles 15 to 21), you, as a Data Subject, may exercise certain rights with reference to the data processed by the Data Controller.

In particular, the Data Subject has the right to:

  • Where given, revoke consent at any time
  • Oppose the processing of their data
  • Access to their own Data
  • Verification and rectification
  • Restriction of processing
  • Deletion or removal of their personal data
  • Portability

Furthermore, the Data Subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he/she considers that the processing operations concerning him/her are in breach of the GDPR, pursuant to Article 77 of the GDPR.

How to exercise your rights

If you wish to request further information on the processing of your personal data or to exercise your rights, you may do so by writing to privacy@liscianigiochi.it. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.


AUTOMATED PROCESSING

The Data Controller does not, under any circumstances, carry out processing operations consisting of decisions based on automated processes on the data of natural persons with regard to the processing operations indicated below.



CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users by email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.

Last modified: 27/10/2021

Click here to download the form for exercising your data protection rights

DEFINITIONS

Definitions and legal references for the Privacy Policy and Cookie Policy of https://www.liscianigroup.com

Personal Data (or Data): personal data is any information which, directly or indirectly, also in conjunction with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage Data: this is the information automatically collected through this Website(or by third-party applications integrated into this Website), including IP addresses or domain names of the computers used by the Users connecting with this Website, Uniform Resource Identifier(URIs), the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal aspects of the visit (e.g. the time spent on each page) and the details of the path followed within the Application, with particular reference to the sequence of the pages visited, the parameters relating to the Data Subject’s operating system and IT environment.

User: the individual who uses this Website who, unless otherwise specified, is the Data Subject.

Data Subject: the natural person to whom the Personal Data refer.

Data Processor (or Processor): the natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Data Controller, as outlined in this Privacy Policy.

Data Controller (or Owner):the natural or legal person, public authority, service or other entity which, individually or jointly with others, determines the purposes and means of the processing of personal data and the instruments adopted, including the security measures relating to the operation and use of this Website. Unless otherwise specified, the Data Controller is the owner of this Website.

This Website (or this Application): the hardware or software tool through which Users’ Personal Data are collected and processed.

Service: the Service provided by this Website as defined in the relevant terms (if any) on this Website/application.

European Union (or EU): unless otherwise specified, any reference in this document to the European Union shall mean all current member states of the European Union and the European Economic Area.

Cookie: a small piece of data stored on the Data Subject’s device.

Legal references

This Privacy Policy is drafted on the basis of multiple pieces of legislation, including Articles 13 and 14 of EU Regulation 2016/679.

Unless otherwise specified, this Privacy Policy applies exclusively to this Website.