Privacy Policy – Gift Card
Privacy policy on data processing
1. Data controller
The Data Controller is the company Biasuzzi S.p.A. – Divisione Turismo (hereinafter also referred to as “Data Controller”), which has its registered office in Ponzano Veneto (TV) in Via Morganella Ovest 55 and which can be contacted for matters relating to the protection of personal data at the email address privacy@biasuzzispa.com.
2. Categories of personal data processed
We will process the following categories of personal data: name, address, email address, financial data (such as credit/debit card number or other payment-related data), and data concerning the recipients of gift cards.
3. Origin of personal data and obligations of the person purchasing the gift card
To manage the gift card, the Data Controller shall use the data contained in the order, which shall also contain personal data relating to the recipient of the gift card. The purchaser of the gift card who provides the personal data of the recipient of the gift card is responsible for ensuring that this is done with the consent of the person concerned and for providing him/her with this policy.
4. Purposes of the processing, legal basis and storage period
Personal data will be processed by Biasuzzi S.p.A. – Divisione Turismo for the purposes and under the conditions indicated below.
Purposes
Sale of products and services: for the conclusion and implementation of the contract for the sale of products and services offered by the Data Controller, including the management of purchase orders, the delivery of products, the communication of any circumstances relating to the order and the management of payments.
Legal basis
Implementation of the contract.
Data storage period
For the time necessary to process the application and for a further 10 years.
5. Refusal to disclose data
If the user refuses to provide the data requested in the form, the Data Controller will not be able to process the application received.
6. Categories of recipients of personal data
For the fulfilment of the purposes indicated above, Biasuzzi S.p.A. – Divisione Turismo may disclose the data collected to the following categories of subjects: IT service providers, such as internet service and cloud computing; subjects carrying out logistics and product delivery activities; subjects carrying out customer service activities; subjects providing banking, financial, insurance and credit recovery services; subjects carrying out anti-fraud payment control activities. Where necessary, data recipients will be designated as data controllers, in accordance with the provisions of Article 28 of the GDPR.
7. Transfer of data to third countries
Personal data processed by the Data Controller may be transferred to other companies based in the United States of America (USA) exclusively for the purposes indicated in point 4. Said transfer will take place exclusively following the signing between Biasuzzi S.p.A. – Divisione Turismo and the companies receiving the data of standard contractual clauses (S.C.C.) adopted by the Commission of the European Union (Art. 46, paragraph II, points C and D of the GDPR).
8. Rights of data subjects
In relation to the personal data provided, data subjects have the right at any time to request: confirmation of whether or not personal data concerning them is being processed and, if so, to obtain access to the data and a copy thereof (Art. 15 of the GDPR); the rectification of any inaccurate personal data or the integration of incomplete data (Art. 16 of the GDPR); in the cases specifically provided for by the legislation, the cancellation of the data (Art. 17 of the GDPR), the portability of data (Art. 20 of the GDPR), the limitation of their processing (Art. 18 of the GDPR) and the opposition to their processing following the revocation of consent (Art. 21 of the GDPR). In order to exercise these rights, data subjects may send their requests by email to the Data Controller at privacy@biasuzzispa.com. Alternatively, data subjects may use the postal addresses indicated in point 1 of this Privacy Policy. If data subjects consider that their rights under data protection legislation have been infringed, they may lodge a complaint with the Supervisory Authority (www.garanteprivacy.it) pursuant to and for the purposes of Article 77 of the GDPR.