Privacy policy

Privacy Policy

Pursuant to EU Regulation no. 679/2016 (“GDPR”) on the protection of individuals with regard to the processing of personal data, the processing of information concerning any data subject will be based on the principles of fairness, lawfulness and transparency, so as to ensure the security and confidentiality of all data.

We invite you to carefully read the information below so that the User of the Site can be aware of and consciously express their consent to the use of their Data, thus allowing us to provide a high-level service in full respect of the rights of all data subjects.

Data Controller

VENINI S.p.A. with registered office in MURANO (VE), Fondamenta Vetrai 50, Tax Code and VAT no. 00577980279 (hereinafter, the “Controller”), owner of the website http://www.privatecollection.venini.com/ (hereinafter, the “Website”), as the Controller of all personal data provided by users who browse and register on the Website (hereinafter, the “Users”), hereby communicates its privacy policy pursuant to art. 13 of EU Regulation 2016/679 of April 27, 2016 (hereinafter, the “Regulation” or, together with local regulations/clarifications and later amendments and integrations to the Regulation, the “Applicable Legislation”) concerning the processing of User’s Personal Data (the “Data”).

This Website and any services offered through this Website are reserved for individuals who are eighteen years of age or older. The Controller will therefore not collect any personal data relating to subjects under the age of 18. At the request of the Users, the Controller will promptly delete all personal data that may have been involuntarily collected and is related to minors.

Type of Personal Data processed by Controller.

The following types of Personal Data concerning Users may be collected:

Contact data

information concerning the person’s first name/surname, address, telephone number, mobile phone number, email address;

Other personal data

information that the User provides voluntarily by filling in the optional fields provided by the Controller for the purposes specified below, such as the date of birth, possible wedding date, educational background or occupational status. If any Personal Data is provided on behalf of third parties, the User must first make sure that the data subjects have read this Policy;

Interests

information that the User provides about their interests, including the products of the Controller they are interested in;

Website use

information about the way in which the user uses the Website, opens or forwards our communications, including information collected through cookies (see our dedicated Cookie Policy).

Purpose and legal basis for processing

The User’s Data will be lawfully processed by the Controller pursuant to art. 6 of the Regulation for the following purposes:

  • navigation on the website, collecting the User’s data needed for technical reasons, such as, for instance, the IP address, while the User is browsing the site. This User’s Data will be employed by the Controller for the sole purpose of ascertaining the User’s identity (also through e-mail address validation), in order to avoid possible fraud or abuse.
  • contractual obligations and provision of service in the event of online purchases, to execute requests to purchase the products offered in the “e-commerce” section of the Website, according to the General Conditions of Sale, which the User accepts during registration on the Website, and in order to fulfil any subsequent claims and requests the User may make. Providing contact Data is in fact mandatory to comply with the contractual obligations.
  • administrative-accounting purposes in the event of online purchases, namely to carry out activities of an organizational, administrative, financial and accounting nature that are functional to the managing of the contractual relationship. Providing the User’s contact Data is in fact mandatory to comply with the contractual obligations.
  • egal obligations, i.e to comply with any obligations provided for by law, by an authority, by regulations or by the European legislation with which the Controller must comply. Providing the User’s contact Data is in fact mandatory.

Failure to provide contact details will make it impossible for the User to navigate on the Website, register, or use the services offered by the Controller on the Website.

The relevant legal basis for the processing is the execution of a contractual relationship requested by the User (pursuant to article 6, paragraph 1, letter b) of the Regulation) or the fulfilment of legal obligations (pursuant to article 6, paragraph 1, letter c) of the Regulation).

Further processing purposes: marketing (sending newsletters, advertising material and commercial communications).

With the User’s free and optional consentthe User’s Contact Data and any Other Personal Data provided by the User may also be processed by the Controller for marketing and newsletter purposes (sending advertising material, direct sales, commercial communications, newsletters containing information about the latest news in the industry related to the Website’s activities), or so that the Controller can contact the User by regular mail, email, telephone (landline or mobile, using automated calling systems or through an operator), SMS/MMS to present the Controller’s products and services to the User, as well as to send invitations, promotions and communicate business opportunities.

Providing Personal Data is optional and, should the User refuse to consent, the possibility to register on the Website will not be jeopardized in any way.

The relative legal basis of the processing is the User’s possible and free consent to allow the aforementioned marketing activities (pursuant to article 6, paragraph 1, letter a) of the Regulation).

Should the User decide to consent, they may revoke their consent at any time, submitting a request to the Controller in the manner indicated in the paragraph “Rights of Data Subjects”.
The User is also free to easily object to any further sending of promotional messages and newsletters via email by clicking on the dedicated link to revoke their consent. This link is included in each promotional email and newsletter. Once the User has revoked their consent, the Controller will send the User an email confirming that their consent has been successfully revoked.

The Controller hereby informs that, following the User’s decision to exert their right to object to the receiving of any promotional messages and newsletters via email, the User may continue to receive some messages due to technical and operational reasons. In the event that the User continues to receive promotional messages and/or newsletters, we kindly ask to report this issue to the Controller through one of the contact channels indicated in the paragraph “Rights of Data Subjects”.

Further processing purposes: profiling

With the User’s free and optional consent, the User’s Personal Data (i.e. Contact Data, Other Personal Data, Data concerning Website Use and information relating to the services the User has expressed interest in) may also be processed by the Controller for profiling purposes, i.e. to reconstruct the User’s preferences and consumption habits, in order to send the User commercial offers that are consistent with their profile.
 
Providing Personal Data is optional and, should the User refuse to consent, the possibility to register on the Website will not be jeopardized in any way.

The relative legal basis of the processing is the User’s possible and free consent to allow the aforementioned profiling activities (pursuant to article 6, paragraph 1, letter a) of the Regulation).

Should the User decide to consent, they may revoke their consent at any time, submitting a request to the Controller in the manner indicated in the paragraph “Rights of Data Subjects”.

Further communications: communication of data to the Controller’s Partners

With the User’s free and optional consent, the User’s Contact Data may be communicated by the Data Controller to companies belonging to the Data Controller’s Group, as well as to companies offering goods and services in the financial and “luxury” industries (for example, in the jewellery, fashion, travel, automotive/yachting industries) with which the Data Controller may establish co-marketing relationships (collectively, the “Data Controller’s Partners“).

The Controller’s Partners, as independent data controllers, will process the User’s personal data for their own marketing purposes and may contact the User either through traditional means (regular mail, phone calls with operator) or through automated means (email, SMS/MMS).

The Controller’s Partners - pursuant to art. 14 par. 3 of the Regulation – must send the User their own privacy policy notice containing, in addition to the elements provided for in art. 13, paragraph 1, also the origin of the personal data communicated to them, so that each data subject can also contact the person who collected and communicated the data to oppose the processing in accordance with the Applicable Legislation.

Data processing methods

The Data Controller shall process the Users’ Personal Data by means of manual and computerized means, in manners strictly related to the purposes stated above and, in any case, in such a way as to guarantee the security and confidentiality of the data itself. The freely provided data is collected electronically directly by the Controller and/or by means of third parties expressly appointed as Data Processors or Persons in Charge of Processing, including through Customer Relationship Management (CRM) IT systems. The CRM system is used by the Controller both to improve the management of customer data from an administrative and IT point of view, and to offer higher quality services and, if the User gives their consent, for direct and profiled marketing purposes.

Data Retention

The Users’ Personal Data will be kept for the time strictly necessary to carry out the purposes for which it was collected, and until consent is revoked by the User. In any event, the retention period shall comply with the provisions of the Applicable Legislation.

The Contact Data will be kept for the necessary period of time to fulfil the company’s contractual obligations with the User, to fulfil tax obligations and for the civil protection of the interests of both Users and the Controller.

Any Personal Data about the Users collected for marketing or profiling purposes will be retained in accordance with the Applicable Legislation and the provisions of the applicable Personal Data Protection Authority.

Scope of communication and disclosure of personal data

The Data Controller shall designate specific Data Processors and Persons in Charge of Processing, each according to their respective area of responsibility, who shall operate under the direct authority of the Data Controller. The former shall receive adequate operating instructions from the Controller and may operate both inside and outside the European Union.

Employees and/or collaborators of the Controller who are in charge of managing the Website may become aware of the Users’ Personal Data. These subjects, who are formally appointed by the Data Controller as “data processors”, will process the User’s data exclusively for the purposes indicated in this privacy notice and in compliance with the provisions of the Applicable Legislation.

Third parties who may process personal data on behalf of the Data Controller in their capacity as “External Data Processors” may also become aware of the Users’ Personal Data, such as, by way of example, providers of IT and logistics services for the operations of the Site, outsourcing or cloud computing service providers, professionals and consultants

Users have the right to obtain an updated list of the data processors appointed by the Data Controller, by sending a request to the Data Controller writing to the addresses indicated below.

Data Transfer

In the event that the Data Controller were to communicate the Personal Data to data processors or persons in charge of processing who operate on behalf of the Data Controller and by virtue of specific contractual obligations in EU or non-EU Member States (for which there is a decision of adequacy by the Commission pursuant to art. 45 of the Regulation), the transfer would be limited to the Data that is strictly necessary and bound to the purposes for which it was collected. In any case, all appropriate measures to ensure an adequate level of data protection, in full compliance with the Applicable Legislation, would be adopted.

Data Protection Officer (“DPO”)

The Data Protection Officer appointed on a voluntary basis by the Data Controller may be contacted at the following addresses: Fondamenta Vetrai 50, 30141 Murano (Venice); email: privacy@venini.com.

Rights of Data Subject

Users of the Website have the power to ask to exert the rights provided for in art. 7 of the Code, in the manner established by art. 8 of the Code. At any time, the User may exercise his rights towards the Data Controller, pursuant to EU Regulation no. 679/2016. In particular, by contacting the Data Controller indicated below, the User may request:

  • to be informed about the existence of data processing that may concern them and, should there be any, to obtain access to their personal data pursuant to art. 15 of EU Regulation no. 679/2016 and to obtain communication, without delay and in intelligible form, about such data and its origin, about the recipients or categories of recipients to whom the personal data is or will be communicated;
  • to obtain, without undue delay, the rectification or integration of personal data that concerns them pursuant to art. 16 of EU Regulation no. 679/2016;
  • to obtain the immediate deletion of their personal data in case they decide to revoke their consent, or if the data is no longer necessary for the purposes for which it was collected or otherwise processed, or again if the legal basis for the processing has ceased to exist, if the data has been unlawfully processed or this obligation is imposed by law or the judicial authorities, pursuant to art. 17 of EU Regulation no. 679/2016;
  • to obtain a limitation on the processing of data concerning them if the data subject contests its accuracy or opposes its processing or if the processing is unlawful or in the event that, although the Data Controller no longer needs it for the purposes of processing, the personal data is still necessary to establish, exercise or defend a right in court, pursuant to art. 18 of EU Regulation no. 679/2016;
  • to exercise the right to data portability, understood as the right to obtain personal data concerning them from the Data Controller, in a structured and commonly used format readable on an automatic device, and to transmit such data without hindrance to another data controller pursuant to art. 20 of EU Regulation no. 679/2016;

Any User interested in exercising these rights can simply send a request by e-mail to privacy@venini.com.

It should be noted that any corrections or deletions or limitations to the processing carried out at the request of the User, unless this proves impossible or involves a disproportionate effort, will be communicated by the Controller to each of the recipients to whom the Personal Data may have been transmitted. The Controller shall notify such recipients should the User request it.

Right of objection

Should the conditions set forth in art. 21 of the Regulation apply, the User shall have the right to object to the processing of their Personal Data, unless there are legitimate reasons for the Data Controller to continue with the processing. In order to object, the User can simply send a request by e-mail to privacy@venini.com.

Revocation of consent

The User has the right to revoke their consent at any time, without prejudice to the lawfulness of the processing based on the consent obtained before revocation, pursuant to art. 7, par. 3 of EU Regulation no. 679/2016. Such withdrawal may make it impossible for the Data Controller to continue providing the service and to pursue the purposes indicated above.

Complaint with the Personal Data Protection Authority

Should the User consider that the processing of their personal data violates the Regulations or the Code, they may lodge an appeal or complaint with the Personal Data Protection Authority (Garante per la protezione dei Dati Personali, Piazza di Monte Citorio n. 121 – 00186 Rome – Italy; Email: garante@gpdp.it).