Privacy Policy

This information is provided in compliance with Article 13 of Regulation 2016/679 (GDPR), pursuant to Article 13 of
Legislative Decree No. 196/2003 (Personal Data Protection Code) and relates to all personal data
processed in the manner indicated below.

Data Controller
The Data Controller of the Personal Data collected è: LA BOTTEGA DI SGHIO S.A.S. DI MECHI MARCO, ROCCHINI LUCIA & C.

Headquarters : PIAZZA GIOTTO 14 - 50039 - VICCHIO (FI)
Holder's email address: sghio@cgn.legalmail.it

Types of Data Collected

Full details on each type of data collected are provided in the dedicated sections of this privacy
policy. Personal Data may be freely provided by the User or, in the case of Usage Data, collected
automatically during the use of the site. Unless otherwise specified, all requested Data are mandatory. If
the User refuses to provide them, it may be impossible to provide the service. In cases where certain Data are
optional, Users are free to refrain from communicating such Data, without this having any consequence
on the availability of the Service or its operation. Users who should be in doubt as to which Data are
mandatory, are encouraged to contact the Data Controller. Any use of Cookies, or other
tracking tools, by the site or the owners of third party services used, unless otherwise specified, has the
purpose of providing the Service requested by the User. The User assumes responsibility for the Personal Data of
third parties obtained, published or shared through the site and guarantees that he/she has the right to communicate or
disseminate it, releasing the Owner from any liability towards third parties.

METHOD AND PLACE OF PROCESSING OF COLLECTED DATA

Purposes of the Processing of Collected Data

User Data are collected to enable the Owner to provide its Services, as well as for the following
purposes: Statistics, Newsletters, Personalized Advertising, Accounting, Content Performance Testing and
functionality, Interaction with social networks and external platforms, Viewing content from
external platforms and interaction with data collection platforms and other third parties. To obtain further information
detailed about the purposes of processing and the Personal Data concretely relevant for each purpose,
the User may refer to the relevant sections of this document.

Mode of treatment

The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or
destruction of Personal Data. The processing is carried out by means of computer and/or
telematic tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the
Data Controller, other parties external to the company (administrative, sales, marketing,
legal staff, system administrators) or external parties (such as third party technical service providers, couriers
postal, hosting providers, IT companies, communication agencies) also appointed, if necessary,
Data Processors by the Data Controller. The updated list of Data Processors can always be
requested from the Data Controller.

Legal basis for processing

The Owner processes Personal Data related to the User if one of the following conditions exists:

the user has given consent for one or more specific purposes;
processing is necessary for the performance of a contract with the user and/or the execution of pre-contractual measures
;
processing is necessary to fulfill a legal obligation to which the Controller is subject;
the processing is necessary for the performance of a task in the public interest or for the exercise of public
powers vested in the Controller;
processing is necessary for the pursuit of the legitimate interest of the Controller or third parties.

However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing and
in particular to specify whether the processing is based on law, required by a contract, or necessary to
conclude a contract.

Location

The Data are processed at the Holder's operational offices and at any other place where the parties involved in
processing are located. For more information, please contact the Data Controller. The User's Personal Data
may be transferred to a country other than the country where the User is located. To obtain further
information on the location of processing, the User may refer to the section on details on
processing of Personal Data. The User has the right to obtain information regarding the legal basis of the
transfer of Data outside the European Union or to an international organization under
public international law or consisting of two or more countries, such as the UN, as well as regarding the
security measures taken by the Data Controller to protect the Data. Should any of the transfers just described take place,
the User may refer to the respective sections of this document or request information from the Data Controller
by contacting him/her at the contact details given at the beginning.

Retention period

Data are processed and kept for the time required by the purposes for which they were collected:

I Personal Data collected for purposes related to the performance of a contract between the Data Controller and
the User will be retained until the performance of that contract is completed.
I Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be
retained until such interest is satisfied. The User may obtain further information regarding
the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting
Controller.

When processing is based on the User's consent, the Data Controller may keep the Personal Data longer until
that consent is revoked. In addition, the Controller may be obliged to keep the Data
Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end
of the retention period the Personal Data will be deleted. Therefore, at the expiration of this period the right
of access, deletion, rectification and the right to Data portability can no longer be
exercised.

Details of the processing of Personal Data

Personal Data are collected for the following purposes and using the following services:

Mailing List or Newsletter
By registering for the mailing list or newsletter, the User's email address is automatically
added to a contact list to which email messages containing information,
including of a commercial and promotional nature, may be sent. The User's email address may also be added to
this list as a result of registration to the site or after requesting a quote.
Data
Personal data collected.: email, first and last name.
Contact form
The User, by filling out the contact form with his/her Data, consents to their use to respond to
requests for information, quotes, or any other nature indicated by the header of the
form.
Personal Data Collected: first and last name, email (required data), telephone, and various
types of Data.
Registration for access to restricted area
The User, by filling out the registration form with his/her Data, consents to their use to create a unique
account that can be used for the various functions of the site (responding to requests for information,
quote, or e-commerce).
Personal Data Collected.: first and last name, email (required data),
phone, and various types of Data.
Interaction with social networks and external platforms
This type of service allows for interactions with social networks, or other external
platforms, directly from this site. The interactions and information acquired are in any case subject
to the User's privacy settings related to each social network. In the event that a
service for interaction with social networks is installed, it is possible that, even if Users do not use the
service, it may collect traffic data related to the pages where it is installed.
- Facebook Social Widgets (Facebook Inc.).
  Facebook social widgets are Facebook social network interaction services provided by
  Facebook, Inc.
  Personal Data Collected.: Cookies and Usage Data.
  Place of
  processing.: USA - Privacy Policy.
- YouTube Social Widgets (Google Inc.).
  YouTube social widgets are YouTube platform interaction services provided by
  Google Inc.
  Personal Data Collected.: Cookies and Usage Data.
  Place of
  processing.: USA - Privacy Policy.
Remarketing and Behavioral targeting
This type of service allows to communicate, optimize and serve advertisements based
on the User's past use of this site. This activity is carried out through
tracking of Usage Data and the use of Cookies, information that is transferred to partners to which
remarketing and behavioral targeting activity is linked.
- Remarketing with Google Analytics for display advertising (Google Inc.).
  Google Analytics for Display Advertising is a remarketing and behavioral targeting service
  provided by Google Inc. that links tracking activity performed by Google Analytics and
  its Cookies.
  Personal Data Collected.: Cookies and Usage Data.
  Place of
  processing.: USA - Privacy Policy.
Statistics
The services contained in this section allow the Data Controller to monitor and analyze
traffic data and serve to track User behavior.
- Google Analytics (Google Inc.)
  Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google uses the
  Personal Data collected for the purpose of tracking and examining site usage, compiling reports, and
  sharing them with other services developed by Google. Google may use the
  Personal Data to contextualize and personalize ads in its advertising network.
  Personal Data Collected.: Cookies and Usage Data.
  Place of processing.: USA -
  Privacy Policy - Opt Out.

More information about Personal Data

Privacy Policy

The User, by filling out the contact form with their Data, consents to their use to respond to
requests for information, quotes, or any other nature indicated by the header of the form.

User Rights

Under Articles 15 - 21 of EU Regulation 2016/679 each data subject is granted a number of
rights.

Right of Access: The data subject, pursuant to Article 15, has the right to obtain confirmation that personal data concerning him or her is
being processed and, where appropriate, to obtain a copy of that data. He/she also has
the right to obtain access to the personal data concerning him/her and to further information such as the
purpose of the processing, the categories of recipients, the period of data retention and the rights
exercisable.
Right of rectification: The person concerned, in accordance with Article 16, has the right to obtain the rectification of
inaccurate personal data concerning him or her, or the integration of the same.
Right to erasure: The data subject has the right to obtain the deletion of personal data
concerning him/her, without undue delay, if one of the reasons provided for in Article 17 exists.
Right to limitation of processing: The data subject has the right, in the cases provided for in Article 18 of
Regulation 2016/679, to obtain the restriction of processing.
Right to data portability: the data subject has the right to receive in a structured,
commonly used and machine-readable format, personal data concerning him/her and has the right to
transmit such data to another data controller without hindrance, in accordance with Article 20 of
Regulation 2016/679;
Right to object to processing: The data subject has the right to object to the processing of
personal data concerning him or her in accordance with Article 21 of Regulation 2016/679.

The data subject also has the right to lodge a complaint with the competent supervisory authority, the Privacy Guarantor.
The requests referred to in the preceding points must be addressed in writing to the Data Controller. The
Data Controller will, within the time limits established by current regulations, provide timely
response to requests to exercise the rights of data subjects.