Privacy Policy

JOINT CONTROLLERSHIP WEBSITE PRIVACY POLICY

Giochi Preziosi S.p.A. with registered offices at Via delle Primule, 5 - 20815 Cogliate (MB), (“Giochi Preziosi HQ”) and Giochi Preziosi Hellas A.E., with registered offices at Agriniou 14 Pefki 15121, Greece, (“Giochi Preziosi Hellas”), are committed to protecting the online privacy of the users of this website (“Website”), as joint-controllers (“Joint Controllers”). As such, this Privacy Policy has been written in order to allow you to understand the Joint Controllers’ policy regarding your privacy, as well as how your personal information will be handled when using the Website. This Privacy Policy will also provide you with information so that you are able to consent to the processing of your personal data in an explicit and informed manner, where appropriate.

In general, any information and data which you provide to the Joint Controllers over the Website, or which is otherwise gathered via the Website, in the context of the use of the services (“Services”) as better defined in Section 3 below, will be processed by the Joint Controllers in a lawful, fair and transparent manner. To this end, and as further described below, the Joint Controllers take into consideration internationally recognised principles governing the processing of personal data, such as purpose limitation, storage limitation, data minimisation, data quality and confidentiality.

CONTENTS

1. Data controllers
2. Personal Data processed
   1. Name, contact details and other Personal Data
   2. Special categories of Personal Data
   3. Other persons’ Personal Data
   4. Browsing data
   5. Cookies
3. Purposes of processing
4. Grounds for processing and mandatory or discretionary nature of processing
5. Recipients of Personal Data
6. Transfer of Personal Data
7. Retention of Personal Data
8. Data subjects’ rights
9. Amendments

 

1. Data controllers

Giochi Preziosi HQ together with Giochi Preziosi Hellas, as identified at the top of this Privacy Policy, are the Joint Controllers regarding the Personal Data processing listed below (as defined in Section 3 below):

• Marketing;
• Profiling;
• Soft Opt-in

Giochi Preziosi Hellas is the sole Controller for Service Provision.

Giochi Preziosi HQ and Giochi Preziosi Hellas will be autonomous Controllers for Compliance and Misuse/Fraud.

2. Personal Data processed

When you use the Website, the Joint Controllers will collect and process information regarding you (as an individual) which allows you to be identified either by itself, or together with other information which has been collected. The Joint Controllers may also be able to collect and process information regarding other persons in this same manner, if you choose to provide it to them.

This information may be classified as “Personal Data” and can be collected by the Joint Controllers both when you choose to provide it (e.g., when you subscribe to the newsletter or request a Services provided by GP Hellas over the Website) or simply by analysing your behaviour on the Website.

Personal Data which can be processed by the Joint Controllers through the Website are as follows:

a. Name, contact details and other Personal Data

In various sections of the Website – in particular, if you decide to create an account on the Website – you will be asked to submit information about yourself, such as your name and surname, phone/mobile numbers, e-mail address,, country of residence and address, tax registry number and/ or competent Public Finance Authority, addresses, profession (for clients who issue invoices), data relating to other natural persons associated with the subject (e.g. name, contact details, spouse profession), internet social media accounts data, email, names (i.e. Facebook, Google, Twitter, LinkedIn, Instagram), Identification data for electronic access and identification, any other data allowing physical or online identification of a person (e.g. registration number), Search History, Address history, Order history, Electronic and Network Connections data (e.g. Internet Protocol- IP, Password and/ or User name). Furthermore, should you answer positively to the question on whether you have children or not, you may communicate to the Joint Controllers also the name, gender and date of birth of your children.

In addition, whenever you participate in surveys and other promotions which may be available on the Website, as well as whenever you communicate with Giochi Preziosi Hellas through the contact details provided in the Website or with Customer Service, the Joint Controllers may collect additional information which you choose to provide.

b. Special categories of Personal Data

Certain areas of the Website may include free text fields, where you can write messages to the Joint Controllers, which may contain Personal Data.

Where these fields are completely free, you may use them to disclose (inadvertently or not) more sensitive categories of Personal Data, such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you upload in these fields may also (inadvertently or not) include other types of sensitive information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation.

The Joint Controllers ask that you do not disclose any sensitive Personal Data on the Website, unless you consider this to be strictly necessary. As it is totally optional to provide this information, if you nonetheless choose to do so, please mind that the Joint Controllers require your explicit consent to process this sort of Personal Data.

c. Other persons’ Personal Data

As mentioned in the previous section, certain areas of the Website include free text fields where you can write messages to the Joint Controllers, or otherwise allow you to post various types of content on the Website. These messages and content may (inadvertently or not) include Personal Data related to other persons.

In any situation where you decide to share Personal Data related to other persons, you will be considered as an independent data controller regarding that Personal Data and must assume all inherent legal obligations and responsibilities. This means, among other things, that you must fully indemnify the Joint Controllers against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, brought by the third parties whose information you provide through the Website.

As the Joint Controllers do not collect this information directly from these third parties (but rather collects them, indirectly, from you), you must make sure that you have these third parties’ consent before providing any information regarding them to the Joint Controllers; if not, then you must make sure there is some other appropriate grounds on which you can rely to lawfully give the Joint Controllers this information.

The Joint Controllers remind you that if you are under 16 years old, they invite you to browse the site in the company of a parent.

If through the ways indicated in the previous paragraphs, you share with the Joint Controllers personal data relating to a minor, you guarantee from now - assuming all related responsibility - that this particular provision of information is based only if and to the extent that consent is given or authorised by the holder of parental authority or the legal representative over the child.

d. Browsing data

The Website’s operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While the Joint Controllers do not collect this information to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.

This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.

These data are used to compile statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website. Save for this last purpose, these data are not retained for more than 14 months.

e. Cookies

- Definitions, characteristics, and application of standards

Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is thanks to these cookies that those websites can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.

Cookies are used for electronic authentication, monitoring of sessions and storage of information regarding your activities when accessing a website. They may also contain a unique ID code which allows tracking of your browsing activities within a website, for statistical or advertising purposes. Some operations within a website may not be able to be performed without the use of cookies which, in certain cases, are technically necessary for operation of the website.

When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “third-party cookies”).

There are various types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods of time: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.

According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “technical cookies” – i.e. cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and function cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).

On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.

- Types of cookies used by the Website

The Website uses the following types of cookies:

• Browsing or session cookies, which are strictly necessary for the Website’s operation, and/or to allow you to use the Website’s content and Services.
• Analytics cookies, which allow the Joint Controllers to understand how users make use of the Website, and to track traffic to and from the Website.
• Function cookies, which are used to activate specific Website functions and to configure the Website according to your choices (e.g., language), to improve your experience.
• Profiling cookies, which are used to observe the preferences you reveal through your use of the Website and to send you advertising messages in line with those preferences.

The Joint Controllers also use third-party cookies – i.e. cookies from websites / web servers other than the Website, owned by third parties. These third parties will either act as independent data controllers from the Joint Controllers regarding their own cookies (using the data they collect for their own purposes and under terms defined by them) or as data processors for the Joint Controllers (processing personal data on the Joint Controllers’ behalf). For further information on how these third parties may use your information, please refer to their privacy policies:

• Google
  • https://www.google.com/policies/privacy/partners/
  • https://tools.google.com/dlpage/gaoptout

For more details please see “Settings and cookie policy” at https://www.gptoys.gr/en/about-us/cookie-policy-settings/

- Cookie settings

You can block or delete cookies used on the Website via your browser options. Your cookie preferences will be reset if different browsers are used to access the Website. For more information on how to set the preferences for cookies via your browser, please refer to the following instructions:

• Internet Explorer
• Firefox
• Chrome
• Safari

You may also provide set your preferences on third-party cookies by using online platforms such as AdChoice.

 

CAUTION: If you block or delete technical and/or function cookies used by the Website, the Website may become impossible to browse, certain services or functions of the Website may become unavailable or other malfunctions may occur. In this case, you may have to modify or manually enter some information or preferences every time you visit the Website.

3. Purposes of processing

Giochi Preziosi Hellas, as autonomous Controller, intend to use your Personal Data, collected through the Website for the following purpose:

• To verify your identity and assist you, in case you lose or forget your login / password details for any of the registration services, to allow you to create and maintain a registered user profile, to finalise purchase orders and deliver products bought on the Websites and to provide any other Services which you may request (“Service Provision”);

The Joint Controllers intend to use your Personal Data, collected through the Website, for the following purposes:

• For future marketing, promotional and publicity purposes, including to carry out direct marketing, market research and surveys, via e-mail, SMS, app, bot, traditional mail, phone, through the Joint Controllers’ official social media pages, regarding Giochi Preziosi products and services, as well as those of selected third parties (“Marketing”);
• For future marketing, promotional and publicity purposes, by sending you direct e-mail marketing communication regarding products and services provided by the Joint Controllers and which are identical or similar to those you have previously purchased or requested via the Website (“Soft Opt-in”);
• To create a profile of you as a Website user, through the use of profiling cookies and by collecting and analysing information on the preferences you select and choices you make in the Website, as well as your general activities on the Website. This profile will be used to give you information about other websites / services which the Joint Controllers believe you may be interested in, and to show you information and advertisements which may be relevant to you and your interests. All algorithms involved in this processing are regularly tested, to ensure the processing’s fairness and control for bias (“Profiling”);

  Giochi Preziosi HQ or Giochi Preziosi Hellas may, individually and autonomously, use your Personal Data, collected through the Website for the following purposes:

• For compliance with laws which impose upon Giochi Preziosi Hellas or Giochi Preziosi HQ the collection and/or further processing of certain kinds of Personal Data (“Compliance”);
• To prevent and detect any misuse of the Website, or any fraudulent activities carried out through the Website (“Misuse/Fraud”).

4. Grounds for processing and mandatory / discretionary nature of processing

Individually and autonomously, Giochi Preziosi HQ and Giochi Preziosi Hellas legal bases to process your Personal Data, according to the purposes identified in Section 3, are as follows:

• Service Provision: processing for these purposes is necessary to provide the Services and, therefore, is necessary for the performance of a contract with you. It is not mandatory for you to give Giochi Preziosi Hellas your Personal Data for these purposes; however, if you do not, Giochi Preziosi Hellas will not be able to provide any Services to you.
• Compliance: processing for this purpose is necessary for Giochi Preziosi HQ or Giochi Preziosi Hellas to comply with its legal obligations. When you provide any Personal Data to Giochi Preziosi HQ or Giochi Preziosi Hellas, they must process it in accordance with the laws applicable to it, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations.
• Misuse/Fraud: Information collected for this purpose is used exclusively to prevent and detect fraudulent activities or misuse of the Website (for potentially criminal purposes).

  The Joint Controllers’ legal bases to process your Personal Data, according to the purposes identified in Section 3, are as follows:

• Marketing: processing for these purposes is based on your consent. It is not mandatory for you to give consent to the Joint Controllers for use of your Personal Data for these purposes, and you will suffer no consequence if you choose not to give it (aside from not being able to receive further marketing communications from the Joint Controllers). Any consent given may also be withdrawn at a later stage (please see Section 8 for more information).
• Soft Opt-in: processing for these purposes is based on the Joint Controllers’ interest in sending you direct e-mail marketing communication regarding products and services provided by the Joint Controllers and which are identical or similar to those you have previously purchased through the Website. You can block these communications, and you will suffer no consequence if you do so (aside from not being able to receive further communications from the Joint Controllers), by objecting through the link provided at the bottom of all such communications.
• Profiling: processing for this purpose is based on your consent, collected by means of the cookie pop-up banner and/or a specific tick box. It is not mandatory for you to give consent to the Joint Controllers for use of your Personal Data for this purpose, and you will suffer no consequence if you choose not to (aside from not being able to benefit from greater personalisation of your user experience regarding the Website). Any consent given may also be withdrawn at a later stage (please see Section 8 for more information).

 

5. Recipients of Personal Data

Your Personal Data may be shared with the following list of persons / entities (“Recipients”):

• Entities which act typically as data processors on behalf of the Joint Controllers like:  i) persons, companies or professional firms providing the Joint Controllers with advice and consultancy regarding accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services; ii) entities engaged in order to provide the Services (e.g., hosting providers, e-mail platform providers, or courier providers) and/or to perform technical maintenance, like IT service providers (including maintenance of network equipment and electronic communications networks);
• Persons authorised by the Joint Controllers to process Personal Data needed to carry out activities strictly related to the provision of the Services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of the Joint Controllers);
• Other companies within the Giochi Preziosi Group for internal administrative purposes, including the processing of clients' or employees' Personal Data; and
• Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities;

6. Transfers of Personal Data

Considering the Joint Controllers’ worldwide presence and business operations, your Personal Data may be transferred to Recipients located in several different countries. The Joint Controllers implement appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, such as by relying on adequacy decisions from the European Commission, standard data protection clauses adopted by the European Commission, or other safeguards or conditions considered adequate to the transfer at hand.

More information on these transfers is available upon written request to the Joint Controllers at the following address:

Giochi Preziosi HQ privacy@giochipreziosi.it.

Giochi Preziosi Hellas privacy@giochipreziosi.gr.

 

7. Retention of Personal Data

Personal Data processed for Service Provision will be kept by Giochi Preziosi Hellas for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of the Services, Giochi Preziosi Hellas may continue to store this Personal Data for a longer period, as may be necessary to protect their autonomous interests related to potential liability related to the provision of the Services.

Personal Data processed for Compliance will be kept by Giochi Preziosi HQ and Giochi Preziosi Hellas for the period required by the specific legal obligation or by the applicable law.

Personal Data processed for preventing Misuse/Fraud will be kept by Giochi Preziosi HQ and Giochi Preziosi Hellas for as long as deemed strictly necessary to fulfil the purposes for which it was collected.

Personal Data processed for Marketing and Profiling will be kept by the Joint Controllers from the moment you give consent until it is withdrawn. Once consent is withdrawn, Personal Data will no longer be used for these purposes, although it may still be kept by the Joint Controllers, in particular as may be necessary to protect the Joint Controllers’ interests related to potential liability related to this processing.

Personal Data processed for Soft Opt-In will be kept by the Joint Controllers from the moment where it is provided by you to the Joint Controllers (in the context of purchases via the Website) until you object to this processing. Once you have objected, Personal Data will no longer be used for these purposes, although it may still be kept by the Joint Controllers, in particular as may be necessary to protect the Joint Controllers’ interests related to potential liability related to this processing.

8. Data subjects’ rights

As a data subject, are entitled to exercise the following rights before the Joint Controllers, at any time:

• Access your Personal Data being processed by the Joint Controllers (and/or a copy of that Personal Data), as well as information on the processing of your Personal Data;
• Correct or update your Personal Data processed by the Joint Controllers, where it may be inaccurate or incomplete;
• Request erasure of your Personal Data being processed by the Joint Controllers, where you feel that the processing is unnecessary or otherwise unlawful;
• Request the restriction of the processing of your Personal Data, where you feel that the Personal Data processed is inaccurate, unnecessary or unlawfully processed, or where you have objected to the processing;
• Exercise your right to portability: the right to obtain a copy of your Personal Data provided to the Joint Controllers, in a structured, commonly used and machine-readable format, as well as the transmission of that Personal Data to another data controller;
• Object to the processing of your Personal Data, based on relevant grounds related to your particular situation, which you believe must prevent the Joint Controllers from processing your Personal Data; or
• Withdraw your consent to processing (for Marketing and Profiling).

 

When requesting Services via the Website, you may have selected one or more means of communication via which Personal Data processing for Marketing purposes may be carried out (e.g., phone, SMS, email, mail, social media). You may withdraw your consent to this processing for all selected means of communication, or you can choose to block specific means only (e.g., if you only withdraw consent for SMS marketing communications, you will not receive further communications via SMS, but may continue to receive them via e-mail).

You can also withdraw consent for Marketing (for communications received via e-mail) or object to Soft Opt-in by selecting the appropriate link included at the bottom of every marketing e-mail message received.

Consent for Profiling carried out by cookies may be withdrawn as described in Section 2(f).

Aside from the above means, you can always exercise your rights described above by sending a written request to the Joint Controllers at the following address:

Giochi Preziosi HQ privacy@giochipreziosi.it.

Giochi Preziosi Hellas privacy@giochipreziosi.gr.

In any case, please note that, as a data subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out through the Website is unlawful.

9. Amendments

This Privacy Policy entered into force on 28/05/2018.

The Joint Controllers reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law. The Joint Controllers will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Website. The Joint Controllers therefore invites you to regularly visit this Privacy Policy in order to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how the Joint Controllers collects and uses Personal Data.