Skip to main content

Privacy Policy

The company Jewels of Italy srl based in Viale Manzoni 31, Valenza (AL), as the Data Controller pursuant to the applicable Italian pro tempore legislation on the protection of personal data (the "National Legislation") and the EU Regulation 679/2016 - General Data Protection Regulation ("GDPR") (hereinafter the National Legislation and the GDPR are collectively referred to as the "Applicable Legislation"), recognizes the importance of the protection of personal data and considers its protection one of the main objectives of its activity.

Before communicating any personal data, the company Jewels of Italy srl invites you to read carefully this privacy policy, as it contains important information on the protection of personal data and the security measures taken to ensure their confidentiality in full compliance with the Applicable Legislation.

The Data Controller informs you that the processing of your personal data will be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality. Your personal data will therefore be processed in accordance with the legislative provisions of the Applicable Legislation and the confidentiality obligations therein.

Pursuant to Article 13 of the GDPR, the following information is provided:

  • IDENTITY OF THE DATA CONTROLLER
  • DATA TRANSFER
  • RIGHTS OF THE DATA SUBJECT
  • WITHDRAWAL OF CONSENT
  • LODGING OF COMPLAINT
  • AUTOMATED DECISION-MAKING PROCESSES
  • CHANGES

In addition, again in accordance with Article 13 of the GDPR we supplement the previous information with the following:

  • STAKEHOLDERS
  • SOURCE OF DATA.
  • PURPOSE OF PROCESSING
  • LEGAL BASIS FOR PROCESSING
  • RECIPIENTS OF THE DATA
  • DATA RETENTION PERIOD
  • REFUSAL TO PROVIDE DATA
  • DATA PROCESSING METHODS

For each of the following cases:

  • INTERNET SITE.
  • CUSTOMERS
  • SUPPLIERS
  • RECIPIENTS OF E-MAIL MESSAGES
  • CANDIDATES AND TO THOSE WHO SUBMIT RESUMES.

Therefore, in accordance with Article 13 of the GDPR, the following information is provided:

1) IDENTITY OF THE DATA CONTROLLER

In light of the Applicable Legislation, the Data Controller is:
Jewels of Italy srl
Manzoni Avenue 31, Valenza, AL
N. REA AL250512 - P. IVA 02377890062
Mail: monile@monile.it

The Data Controller guarantees the security, confidentiality and protection of the personal data in its possession, at any stage of the data processing process.
Personal data are collected and used in compliance with the Applicable Legislation.

2) DATA TRANSFER

The Data Controller does not intend to transfer the personal data it holds to a third country or international organizations.
However, it reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide appropriate and adequate safeguards, as provided by Article 46 GDPR 679/16.

3) RIGHTS OF THE DATA SUBJECT

With reference to Articles 15 - right of access, 16 - right to rectification, 17 - right to erasure, 18 - right to restriction of processing, 20 - right to portability, 21 - right to object, 22 right to object to automated decision making, of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the above address, or by e-mail, specifying the subject of his/her request and the right he/she intends to exercise.

4) REVOCATION OF CONSENT

Where the processing is based on Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, the data subject may exercise the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal.

5) LODGING OF COMPLAINT

Without prejudice to any other administrative or jurisdictional recourse, a data subject who believes that the processing concerning him or her violates the Applicable Legislation has the right to lodge a complaint with a competent supervisory authority (Data Protection Supervisor) as provided for in Article 77 of the GDPR or to take appropriate legal action (Article 79 of the GDPR).

6) AUTOMATED DECISION-MAKING PROCESSES

The Data Controller informs that under no circumstances does it carry out on personal data processing that consists of automated decision-making processes including profiling as referred to in Art.22 paras. 1 and 4.

7) MODIFICATIONS.

This Privacy Policy is effective as of May 25, 2018. The Data Controller reserves the right to modify or simply update its content, in part or in full, including due to changes in Applicable Law. The Data Controller will inform of such changes as soon as they are introduced and will be binding as soon as they are posted on the Company Site. The Data Controller therefore invites you to regularly visit this section of the Company Site to review the most recent and updated version of the Privacy Policy.

INTERNET SITE.

To supplement the information set forth in points 1) to 7) of this privacy policy, the Data Controller provides data subjects with the following additional information, pursuant to Article 13 of the GDPR, specifying that it applies only to the website that can be reached at the link https://www.monile.it ("Site") while it does not apply to other websites that may be consulted through external links;

STAKEHOLDERS

Data subjects are individuals who interact with the Data Controller's Website.

SOURCE OF DATA.

The personal data processed are those provided by the data subject through the following methods:

  • Data provided voluntarily: through the Site you have the opportunity to voluntarily provide Personal Data such as your name, surname and e-mail address to request subscription to the newsletter service (which will allow you to receive e-mails with the latest news on products, services, events and offers proposed by the Data Controller) or to contact the Data Controller through the "Contact" form on the Contact page of the Site itself. The Data Controller will process these data in compliance with the Applicable Regulations, assuming that they refer to You or to third parties who have expressly authorized You to give them on the basis of a suitable legal basis legitimizing the processing of the data in question. With respect to such hypotheses, you stand as an autonomous Data Controller, assuming all the legal obligations and responsibilities. In this sense, you confer on the point the widest indemnity with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by the Data Controller from third parties whose Personal Data have been processed through your use of the Site in violation of the Applicable Regulations.
  • Mailing List or Newsletter: with the registration to the newsletter, the name, surname and e-mail address of the data subject are automatically included in a list of contacts, managed through a digital cluod computing platform, to which e-mail messages containing information, also of a commercial and promotional nature, relating to the Data Controller may be transmitted. The interested party by subscribing freely consents to the use of his data and in any case may at any time exercise his rights as indicated in point 3) of this privacy policy.
  • Contact Form or Form: the interested party consents to the use of the data entered through the "Contact" form on the Contact page of the Site in order to respond to requests for information, or any other reason.
  • Navigation data: the computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, at present, data on web contacts do not persist for more than seven days.
  • Cookies and Related Technologies: the Data Controller collects Personal Data through so-called cookies. However, the site does not use third-party profiling cookies that may collect users' browsing data, the provision of which is optional and is done through the expression of free and informed consent. The cookies operate only for the purpose of analyzing the effectiveness of the site and making it easier and more intuitive over time. For more information, a separate cookie policy is available here.

PURPOSE OF PROCESSING

Personal data of individuals who interact with the Website are processed by the Data Controller for the following purposes:

  • Processing of requests received through the form on the Contact page of the Site;
  • Subscription to the mailing list or newsletter service;
  • Enrollment in training courses offered by the Data Controller;
  • Exchange information aimed at the execution of the contractual relationship, including pre- and post-contractual activities;
  • Entering into and executing the contract and all related activities, such as, but not limited to, billing, credit protection, administrative, management, organizational and functional services for contract execution;
  • purposes of statistical research/analysis on aggregated or anonymous data, thus without the possibility of identifying the user, aimed at measuring the operation of the Site, measuring traffic and evaluating usability and interest;
  • Fulfillment of obligations under the law, regulations, applicable legislation and other provisions issued by authorities vested with the law and supervisory and control bodies.

LEGAL BASIS FOR PROCESSING

Personal data of individuals who interact with the Corporate Website are lawfully processed under the following conditions:

  • Providing a service or responding to a request;
  • Pursuit of the legitimate interest of the Data Controller (promotion of services and activities);
  • fulfillment of legal obligations to which the Data Controller is subject.

RECIPIENTS OF THE DATA

Personal data may be disclosed, to the extent strictly relevant to the above obligations, tasks and purposes and in compliance with the relevant Applicable Regulations, to the following categories of subjects:

  • workers who are employed by the Data Controller and who, on the basis of their roles and work duties, have been legitimized to process personal data, within the limits of their competence and in accordance with the instructions given to them by the Data Controller;
  • companies belonging to the business group of the Data Controller or parent companies, subsidiaries or affiliates pursuant to Art. 2359 of the Civil Code, acting as Data Processors pursuant to Art. 28 GDPR or for administrative accounting purposes (purposes related to the performance of activities of an internal organizational, administrative, financial and accounting nature, in particular, functional to the fulfillment of contractual and pre-contractual obligations);
  • Subjects to whom such communication must be made in order to fulfill or require the fulfillment of specific obligations under laws, regulations and/or EU legislation;
  • External natural and/or legal persons who provide services to the Controller's activities for the above purposes and who act as Data Processors pursuant to Article 28 GDPR.

The incumbent Data Controllers and Processors are punctually identified in the company's Privacy Management System updated periodically.

Based on the above, the following individuals are to be considered recipients of personal data - collected as a result of consulting the site - designated by the Data Controller, pursuant to Article 28 of the GDPR, as Data Processors:

  • Look&Feel by Francesco Audano as the provider of web platform development and maintenance services;
  • Register (website: https://www.register.it) as the provider of development, delivery and operational management services for the technology platforms used.

The personal data processed by the Holder will not be disseminated in any way, i.e., it will not be made known to unspecified parties, in any possible form, including making it available or mere consultation.

DATA RETENTION PERIOD

The Data Controller retains and processes personal data for as long as necessary to fulfill the stated purposes or according to the deadlines stipulated by legal regulations. For example, for the newsletter service until the data subject decides to unsubscribe from the service.

REFUSAL TO PROVIDE DATA

Data subjects who interact with the Website may refuse to provide the Data Controller with their personal data. However, any refusal, even partial, to provide such data would make it impossible for the Data Controller to provide the requested service.

DATA PROCESSING METHODS

The processing of personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, for the purposes mentioned above, whether on paper or computer, by means of electronic or otherwise automated tools, in compliance with the Applicable Legislation in particular on confidentiality and security, in accordance with the appropriate security measures pursuant to Art. 5 par. 1 letter F of the GDPR, and in accordance with the principles of fairness, lawfulness and transparency and protection of the rights of the data subject.
The processing is carried out directly by the organization of the Data Controller and the Data Processors appointed by the Data Controller pursuant to art.28 GDPR.

CUSTOMERS

To supplement the information in points 1) to 7) of this privacy policy, the Data Controller provides data subjects with the following additional information, pursuant to Article 13 of the GDPR:

STAKEHOLDERS

Data subjects are individuals acting on behalf of and for clients (legal entities) of the Data Controller.

SOURCE OF DATA.

The personal data processed are those provided by the data subject in connection with:

  • visits or phone calls;
  • Business inquiries, including by e-mail;
  • previous transactions.

PURPOSE OF PROCESSING

Personal data of individuals acting on behalf of clients (legal persons) are processed by the Data Controller for the following purposes:

  • Make requests or process requests received;
  • Exchange information aimed at the execution of the contractual relationship, including pre- and post-contractual activities;
  • Carry out operations necessary for the execution of assignments and other requests;
  • Entering into and executing the contract and all related activities, such as, but not limited to, billing, credit protection, administrative, management, organizational and functional services for contract execution;
  • Fulfillment of obligations under the law, regulations, applicable legislation and other provisions issued by authorities vested with the law and supervisory and control bodies.

LEGAL BASIS FOR PROCESSING

Personal data of natural persons acting on behalf of clients (legal persons) are lawfully processed under the following conditions:

  • performance of a contract to which the data subject is a party or performance of pre-contractual measures taken at the request of the data subject;
  • Pursuit of the legitimate interest of the Data Controller (promotion of services and activities);
  • fulfillment of legal obligations to which the Data Controller is subject.

RECIPIENTS OF THE DATA

Personal data may be disclosed, to the extent strictly relevant to the above obligations, tasks and purposes and in compliance with the relevant Applicable Regulations, to the following categories of subjects:

  • workers who are employed by the Data Controller and who, on the basis of their roles and work duties, have been legitimized to process personal data, within the limits of their competence and in accordance with the instructions given to them by the Data Controller;
  • companies belonging to the business group of the Data Controller or parent companies, subsidiaries or affiliates pursuant to Art. 2359 of the Civil Code, acting as Data Processors pursuant to Art.28 GDPR or for administrative accounting purposes (purposes related to the performance of activities of an internal organizational, administrative, financial and accounting nature, in particular, functional to the fulfillment of contractual and pre-contractual obligations);
  • Subjects to whom such communication must be made in order to fulfill or require the fulfillment of specific obligations under laws, regulations and/or EU legislation;
  • External natural and/or legal persons who provide services to the Controller's activities for the above purposes and who act as Data Processors pursuant to art.28 GDPR.

The personal data processed by the Holder will not be disseminated in any way, i.e., it will not be made known to unspecified parties, in any possible form, including making it available or mere consultation.

DATA RETENTION PERIOD

The Data Controller retains and processes personal data for the time necessary to fulfill the stated purposes. Thereafter, personal data will be retained, and not further processed, for the time stipulated by current civil and tax regulations, i.e., for a time not exceeding 10 years.

REFUSAL TO PROVIDE DATA

Persons acting on behalf of clients (legal persons) of the Data Controller may refuse to provide the Data Controller with their personal data.
In some cases, however, the provision of such personal data is necessary for the proper and efficient management of the contractual relationship and the stated purposes. Therefore, any refusal, even partial, to provide such data would make it impossible for the Data Controller to establish and manage the relationship itself and to provide the requested service.

DATA PROCESSING METHODS

The processing of personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, for the purposes mentioned above, whether on paper or computer, by means of electronic or otherwise automated tools, in compliance with the Applicable Legislation in particular on confidentiality and security, in accordance with the appropriate security measures pursuant to Art. 5 par. 1 letter F of the GDPR, and in accordance with the principles of fairness, lawfulness and transparency and protection of the rights of the data subject.
The processing is carried out directly by the organization of the Data Controller and the Data Processors appointed by the Data Controller pursuant to art.28 GDPR.

SUPPLIERS

To supplement the information in points 1) to 7) of this privacy policy, the Data Controller provides data subjects with the following additional information, pursuant to Article 13 of the GDPR:

STAKEHOLDERS

Data subjects are individuals acting on behalf of and for suppliers (legal entities) of the Data Controller.

SOURCE OF DATA.

The personal data processed are those provided by the data subject in connection with:

  • visits or phone calls;
  • Business inquiries, including by e-mail;
  • post-order transmissions and transactions;
  • Direct contacts for participation in exhibitions, expositions, etc;
  • bidding proposition.

PURPOSE OF PROCESSING

Personal data of individuals acting on behalf of clients (legal persons) are processed by the Data Controller for the following purposes:

  • Make requests or process requests and proposals received;
  • Exchange information aimed at the execution of the contractual relationship, including pre- and post-contractual activities;
  • Carry out operations necessary for the execution of assignments and other requests;
  • Entering into and executing the contract and all related activities, such as, but not limited to, billing, credit protection, administrative, management, organizational and functional services for contract execution;
  • Fulfillment of obligations under the law, regulations, applicable legislation and other provisions issued by authorities vested with the law and supervisory and control bodies.

LEGAL BASIS FOR PROCESSING

Personal data of natural persons acting on behalf of clients (legal persons) are lawfully processed under the following conditions:

  • performance of a contract to which the data subject is a party or performance of pre-contractual measures taken at the request of the data subject;
  • fulfillment of legal obligations to which the Data Controller is subject.

RECIPIENTS OF THE DATA

Personal data may be disclosed, to the extent strictly relevant to the above obligations, tasks and purposes and in compliance with the relevant Applicable Regulations, to the following categories of subjects:

  • workers who are employed by the Data Controller and who, on the basis of their roles and work duties, have been legitimized to process personal data, within the limits of their competence and in accordance with the instructions given to them by the Data Controller;
  • companies belonging to the business group of the Data Controller or parent companies, subsidiaries or affiliates pursuant to Art. 2359 of the Civil Code, acting as Data Processors pursuant to Art.28 GDPR or for administrative accounting purposes (purposes related to the performance of activities of an internal organizational, administrative, financial and accounting nature, in particular, functional to the fulfillment of contractual and pre-contractual obligations);
  • Subjects to whom such communication must be made in order to fulfill or require the fulfillment of specific obligations under laws, regulations and/or EU legislation;
  • External natural and/or legal persons who provide services to the Controller's activities for the above purposes and who act as Data Processors pursuant to art.28 GDPR.

The personal data processed by the Holder will not be disseminated in any way, i.e., it will not be made known to unspecified parties, in any possible form, including making it available or mere consultation.

DATA RETENTION PERIOD

The Data Controller retains and processes personal data for the time necessary to fulfill the stated purposes. Thereafter, personal data will be retained, and not further processed, for the time stipulated by current civil and tax regulations, i.e., for a time not exceeding 10 years.

REFUSAL TO PROVIDE DATA

Persons acting for and on behalf of suppliers (legal persons) of the Data Controller may refuse to provide the Data Controller with their personal data.
In some cases, however, the provision of such personal data is necessary for the proper and efficient management of the contractual relationship and the stated purposes. Therefore, any refusal, even partial, to provide such data would make it impossible for the Data Controller to establish and manage the relationship itself.

DATA PROCESSING METHODS

The processing of personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, for the purposes mentioned above, whether on paper or computer, by means of electronic or otherwise automated tools, in compliance with the Applicable Legislation in particular on confidentiality and security, in accordance with the appropriate security measures under Art. 5 par. 1 letter F of the GDPR, and in accordance with the principles of fairness, lawfulness and transparency and protection of the rights of the person concerned.

The processing is carried out directly by the organization of the Data Controller and the Data Processors appointed by the Data Controller pursuant to Art.28 GDPR.

RECIPIENTS OF E-MAIL MESSAGES

The contents of e-mails are to be considered confidential. Therefore, the information in them or in any attachments contained therein is confidential to the recipients only. Persons or entities other than the recipients themselves, including under Article 616 of the Criminal Code, are not authorized to read, copy, modify, or disseminate the message to third parties. Anyone who receives a communication in error shall not use it or bring it to the attention of anyone, but shall delete it from his box and notify the sender.
The authenticity of the sender and the contents are not guaranteed, except for digitally signed documents.
In addition, in accordance with Article 13 GDPR, we inform you that the data controller's archives include e-mail addresses relating to individuals, companies, entities with whom previous communications have taken place by e-mail, or by other means of communication, or who have spontaneously provided their e-mail address during direct contacts. These addresses are used in accordance with the will and willingness of the interested parties to receive communications by electronic mail from the Data Controller.
The Data Controller also informs that all mailboxes in the domain monile@monile.it are business mailboxes and, as such, are used for business-related communications.

CANDIDATES AND THOSE WHO SUBMIT RESUMES.

To supplement the information in points 1) to 7) of this privacy policy, the Data Controller provides data subjects with the following additional information, pursuant to Article 13 of the GDPR:

STAKEHOLDERS

Data subjects are individuals who apply to the organization of the Data Controller or who spontaneously send in their resumes.

SOURCE OF DATA.

The personal data processed are those provided by the data subject in connection with:

  • sending the curriculum;
  • assessment interviews;
  • direct contacts at exhibitions, fairs, expositions, etc;
  • reporting by third parties.

PURPOSE OF PROCESSING

The personal data of individuals who spontaneously, or as a result of a job search, send in their resumes are processed for the following purposes:

  • Evaluation and selection of personnel for the purpose of eventual employment;
  • Proposed job offers consistent with the job profile of the person concerned.

LEGAL BASIS FOR PROCESSING

Personal data of individuals who voluntarily submit their resumes are lawfully processed under the following conditions:

  • performance of a contract to which the data subject is a party or performance of pre-contractual measures taken at his or her request (the submission of the application);
  • Pursuit of the legitimate interest of the data controller (verification and insights).

RECIPIENTS OF THE DATA

Personal data may be disclosed, to the extent strictly relevant to the above obligations, tasks and purposes and in compliance with the relevant Applicable Regulations, to the following categories of subjects:

  • workers who are employed by the Data Controller and who, on the basis of their roles and work duties, have been legitimized to process personal data, within the limits of their competence and in accordance with the instructions given to them by the Data Controller;
  • companies belonging to the business group of the Data Controller or parent companies, subsidiaries or affiliates pursuant to Art. 2359 of the Civil Code, acting as Data Processors pursuant to Art.28 GDPR or for administrative accounting purposes (purposes related to the performance of activities of an internal organizational, administrative, financial and accounting nature, in particular, functional to the fulfillment of contractual and pre-contractual obligations);
  • Subjects to whom such communication must be made in order to fulfill or require the fulfillment of specific obligations under laws, regulations and/or EU legislation;
  • External natural and/or legal persons who provide services to the Controller's activities for the above purposes and who act as Data Processors pursuant to art.28 GDPR.

The personal data processed by the Holder will not be disseminated in any way, i.e., it will not be made known to unspecified parties, in any possible form, including making it available or mere consultation.

DATA RETENTION PERIOD

The Data Controller retains and processes personal data for as long as necessary to fulfill the above purposes, but in any case, resumes are destroyed after 24 months from when received.

REFUSAL TO PROVIDE DATA

The data subject may refuse to provide the Data Controller with his/her personal data as such provision is optional, but a refusal to provide it in whole or in part may result in the Data Controller's inability to evaluate and select the application.

DATA PROCESSING METHODS

The processing of personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, for the purposes mentioned above, whether on paper or computer, by means of electronic or otherwise automated tools, in compliance with the Applicable Legislation in particular on confidentiality and security, in accordance with the appropriate security measures pursuant to Art. 5 par. 1 letter F of the GDPR, and in accordance with the principles of fairness, lawfulness and transparency and protection of the rights of the data subject.
The processing is carried out directly by the organization of the Data Controller and the Data Processors appointed by the Data Controller pursuant to art.28 GDPR.