Privacy policy


Information pursuant to Article 13 of the European Regulation 679/2016 (GDPR – General Data Protection Regulation) 

 

This Privacy Policy (the “Policy”) explains how your personal data is collected and processed when you use the Gessi Systems Website at systems.gessi.com (the “Website”).  

Depending on how you interact with the Website, your personal data may be processed either by Gessi S.p.A., which manages the Website and its content (“Gessi”) or Calicantus Srl, which manages the online sale of products on the Website and all related activities (“Calicantus”).  

The Policy applies to all interactions with the Website, including browsing, creating an account, and making purchases, as well as to related communications. Additionally, it also applies to any other communications that contain a link to this Policy.  

Throughout this Policy, we refer to the Website, its functionalities, and related communications collectively as the “Services”.   

This Privacy Policy applies specifically to the Gessi Systems Website. If you also visit gessi.com, please refer to its separate Privacy Policy for information on data processing on that site.

 

DATA CONTROLLERS 

Gessi S.p.A., having its registered office at Parco Gessi, 13037 Seravalle Sesia (VC), bearing Tax Code and VAT No.02235360027, reachable via email at gessi@pec.gessi.it, is the Data Controller for personal data processed when browsing the Website, creating and managing an account, and for marketing and promotional communication purposes.  

Calicantus Srl, having its registered office Via Mazzon, 30 - 30020 Quarto d’Altino (VE), bearing Tax Code and VAT No. 03757590272, reachable via email at privacy@calicant.us, it the Data Controller for personal data processed in relation to purchasing activities, including order management, payment processing, shipping, and related customer services.


PROCESSED DATA 

When you use the Services, we collect and process the following types of data that enable your identification as an individual or relate to you as an identifiable person (“Personal Data”): 

  • Name  

  • Mailing address (including billing address and delivery address) 

  • Telephone number  

  • E-mail address 

  • IP address (from your IP address, we can also roughly deduce your location) 

  • Social media account IDs  

  • Order history and purchase information  

  • Payment Information  

  • Delivery preferences  

  • Profile Picture  

All of these data types are collectively referred to as “Data” throughout this Policy.

 

PURPOSE OF PROCESSING AND LEGAL BASIS 

 

Purpose of Processing 

Legal Basis 

Ensuring the functionality of the Services, including allowing access to the Website, managing user accounts, and enabling shopping cart functionality 

Article 6 paragraph 1 b of the GDPR: to manage the contractual relationship with our Users 

Processing and fulfilling purchase orders, including payment processing, shipping, and delivery 

Article 6 paragraph 1 b of the GDPR: to manage the contractual relationship with our Users 

Storing data in your account, including personal data, order history, returns, and preferred addresses 

Article 6 paragraph 1 b of the GDPR: to manage the contractual relationship with our Users 

Managing returns and refunds, and providing customer service, including responding to requests for information and complaints 

Article 6 paragraph 1 b of the GDPR: to manage the contractual relationship with our Users 

Fulfilling contractual and tax obligations arising from our relationship with the User 

Article 6 paragraph 1 c of the GDPR: to fulfil a legal obligation 

Conducting accounting, invoicing, document management, and statistical analysis 

  • Article 6 paragraph 1 c of the GDPR: to fulfil a legal obligation 

  • Article 6 paragraph 1 f of the GDPR: legitimate interest of the Controller 

Analysing and improving the performance of the Services and quality control 

  • Article 6 paragraph 1 a of the GDPR: with consent of the Users 

  • Article 6 paragraph 1 c of the GDPR: to the extent required by applicable law 

  • Article 6 paragraph 1 f of the GDPR: legitimate interest of the Controller 

Transmitting administrative information, such as changes to our terms and conditions 

Article 6 paragraph 1 c of the GDPR: to fulfil a legal obligation 

Sending newsletters and/or advertising materials and sharing content on social media 

  • Article 6 paragraph 1 a of the GDPR: with consent of the Users 

  • Article 6 paragraph 1 f of the GDPR: legitimate interest of the Controller 

Personalising your shopping experience and providing product recommendations  

  • Article 6 paragraph 1 of the GDPR: with the consent of the Users 

  • Article 6 paragraph 1 f of the GDPR: legitimate interest of the Controller 

Facilitating participation in promotions, contests, or other special offers 

Article 6 paragraph 1 a of the GDPR: with the consent of the Users 

Article 6 paragraph 1 b of the GDPR: to manage the contractual relationship with our Users 

Establishing, exercising or defending a legal right 

Article 6 paragraph 1 f of the GDPR: legitimate interest of the Controller 

 

NATURE OF DATA PROVISION 

 

Providing your Personal Data for the purposes mentioned above is generally optional. However, certain Data may be necessary to provide the specific Services you request. We will indicate mandatory fields in our forms with an asterisk (*). If you choose not to provide Data marked as mandatory, we may not be able to provide the related Services.

 

DATA RECIPIENTS OR POSSIBLE CATEGORIES OF DATA RECIPIENTS

 

Your Personal Data will be processed by the relevant Data Controller and by the persons authorised by them to process Data. 

Your Data may be disclosed to the following categories of third-party recipients: 

  • External natural and/or legal persons that the Data Controllers may engage to support or facilitate the Services and that are authorised to process Personal Data as data processors under a specific agreement with the Controller(s) (GDPR Article 28), or as autonomous data controllers (GDPR Article 4, paragraph 1, no. 7), also by virtue of the law; 

  • Parties to whom such communication must be made in order to fulfil or require the fulfilment of specific obligations laid down by laws, regulations and/or national and EU legislation, such as public agencies and other public authorities;  

  • Other subsidiaries and/or associates and/or affiliates of Gessi that are part of the “Gessi Group”. 


DATA TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

 

In managing our relationship with you, we may need to transfer your Data to countries outside the EU and/or to international organisations to achieve the purposes of the processing. In such cases, we will adopt and implement all appropriate security, protection, and confidentiality measures to safeguard your Data in compliance with applicable data protection regulations.

 

RETENTION PERIOD 

 

Your Data will be kept only for as long as necessary to achieve the purposes for which it was collected and, thereafter, for the term provided by any applicable regulation.  

To determine the retention period, we consider the following:  

  • We retain data for the period of time during which we have a contractual relationship with our Users and/or during which we provide the relevant Services (e.g. as long as you have an account on the Website or use our Services); 

  • We check whether archiving is necessary depending on our legal situation (e.g. with regard to limitation periods, procedures or checks by authorities); and 

  • We check whether we are obliged by applicable law to keep the Data for a further period (e.g., in the case of purchase transactions, we may be obliged to keep records of your transactions for a certain period of time).

 

DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM 

 

You may, in any case and at any time, exercise the following rights:  

  • Request access to your Personal Data, rectification or deletion of your Personal Data, restriction of the processing, and portability of your Personal Data under Article 15-20 of the GDPR and/or object to the processing of your Personal Data via e-mail by writing to relevant Data Controller at privacy@gessi.it and/or privacy@calicant.us.  

 

EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS 

 

The processing does not involve any automated decision-making processes.

 

COOKIES 

 

A cookie is a small, simple file that is sent along with pages of this Website and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit. 

Cookies can be: 

  • First-party cookies, i.e. cookies installed directly by the Controller; 

  • Third-party cookies, i.e. cookies from sites or web servers other than the one hosting this site, used for purposes specific to those third parties. 

Gessi, as the Data Controller, has read and applies the Provision of the Italian Data Protection Authority “Identification of simplified methods for the provision of information and acquisition of consent for the use of cookies” of 8 May 2014 - [web doc. no. 3118884] (Published in the Official Gazette no. 126 of 3 June 2014) and the European Board Guidelines 5-2020 on consent.  

In this regard, Gessi applies the Cookie Policy that can be found at the following link: https://www.iubenda.com/privacy-policy/51570717/cookie-policy