Privacy Policy

 

The protection of your personal data is one of our top priorities. For this reason, we process personal data exclusively in accordance with the applicable legislation (General Data Protection Regulation No. 2016/679, hereinafter referred to as "GDPR"). This Privacy Policy informs data subjects of the necessary information regarding the processing of personal data through our "GL Tapes Virtual Assistant" App.

 

In accordance with European privacy law, we provide information below regarding how we process personal data.

 

Our contacts:

 

GREAT LENGTHS S.p.A. S.B.

Address: Via Piemonte, 39/A - 00187 Rome, Italy

Phone: 0039 0761 527069

e-mail: info@greatlengths.com

 

 

Explanation of terms used

 

  • at. Personal data (Art. 4(1) GDPR)  
    The GDPR applies to the processing of personal data of natural persons.
    "Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  • b. Processing (Art. 4(2) GDPR)  
    "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,  alignment or interconnection, restriction, erasure or destruction;

  • c. Data Controller (Article 4, No. 7 GDPR) and Data Processor (Article 4, No. 8 GDPR)  
    "Data Controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to its designation may be laid down by Union or Member State law.
    "Processor" means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

  • d. Consent (Art. 4, No. 11 GDPR)
    "Consent of the data subject" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject signifies his or her consent, by statement or by an unambiguous affirmative action, to the processing of personal data concerning him or her;

  • e. Pseudonymisation (Art. 4(5) GDPR)
    "Pseudonymization" means the processing of personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures designed to ensure that such personal data is not attributed to an identified or identifiable natural person.



Personal data processed

 

The operation of the web app "GL Tapes Virtual Assistant" (hereinafter, "App") and/or access to certain sections of the same may result in the collection and processing of personal data by the Data Controller. In fact, once the App has been activated, the computer systems and software procedures used to operate it automatically and/or automatically and indirectly and directly acquire some information (such as, by way of example, the so-called "cookies" - as specified in the "Cookie Policy" available at the bottom of this Privacy Policy - the "IP" addresses, the domain names of the devices used by users who connect to the App,  the request, the time of the request to the server, etc.).

Specifically, the use of the App and/or any requests for information or services by the data subject involve the collection and processing of personal data (such as name, surname, postal and e-mail address, password, age, date of birth, telephone number, gender, image, profession, marital status, etc.).

In particular, the collection of personal data may take place:
- by filling in online forms;
- through live and/or automated chat; 
- through the publication by the data subject of Contributions (as defined below), the content of which may include personal data directly provided by the data subject, on social networks managed independently by third parties - such as, by way of example but not limited to, Facebook, YouTube, etc. (hereinafter "Social Networks"). "Contributions" means the images, comments, phrases associated with what is the subject of the App, the contents and any other information published by the data subject on the pages of the Social Networks dedicated to the products of the various brands of the Data Controller, including the image that you may upload. The publication of the Contributions may also take place through a pseudonym ("nickname") chosen by the interested party during registration to the App with, possibly, an image associated with the nickname. In choosing the nickname and any image associated with it, the interested party remains solely responsible for any prejudice that the use of the nickname or image may cause to third parties.
In the event that you choose to send a request through the "Contact Us" section of the app, the provision of some personal data is necessary so that the Data Controller can meet your needs within the scope of the functionality of the App itself.

 

 

Purpose and legal basis of the processing

 

Based on the needs expressed from time to time by accessing the various functions of the App, the purposes of the processing of personal data and the related legal basis are reported below.
Personal data will be processed for the following purposes on the basis of the establishment of a contractual or pre-contractual relationship or upon acquisition of consent to the processing of data, which may be revoked at any time in the manner indicated by the Data Controller at the time of collection:

 

  • a)    Provide the service 
    personal data will be used to assist in choosing how to apply the "GL Tape" extensions. For this type of activity, the collection of personal data is necessary to ensure the possibility of providing the service;

 

  • b)    manage the data subject's requests and provide a response
    the interested party may decide to give consent to the processing of personal data for the management and response, by the Data Controller, to requests made in relation to the activities carried out on the App (see the "contact us" section of the App, or through live and/or automated chat). To this end, it is necessary for the data subject to provide his/her consent for the sending of the requests. If the data subject decides not to consent to the processing of personal data for this purpose, the request may not be followed;

 

  • c)    manage interactions with sections of the App
    personal data will be used to manage activities related to interaction with the App and the sections contained therein. For this type of activity, the collection of personal data is necessary to ensure the possibility of using the App itself;

 

  • d)    carry out e-mail marketing activities on the personal data provided using the App
    The interested party may decide to give consent to the processing of personal data for the performance of marketing activities. If the data subject decides not to consent to the processing of personal data for this purpose, the Data Controller will not be able to send advertising e-mails for promotional activities of products or services;

 

  • e)    carry out marketing activities by third parties on the personal data provided through the App
    The interested party may decide to give consent to the processing of personal data for the performance of marketing activities carried out by distributors (hereinafter also "third parties" or "licensees"). If the data subject decides not to consent to the processing of personal data for this purpose, distributors will not be able to send advertising e-mails for promotional activities of products or services;

 

  • f)    carry out profiling activities on personal data collected through the App
    the interested party may decide to give consent to the processing of personal data for the performance of the profiling activities carried out by the Data Controller. In particular, through the use of the App, tags and text traces may be collected regarding the habits of the data subject and his/her preferences regarding a product or service offered by the Data Controller. If the data subject decides not to consent to the processing of personal data for this purpose, the Data Controller will not be able to proceed with the collection of the aforementioned data and will not be able to track preferences;

 

  • g)    carry out profiling activities by third parties on personal data collected through the App
    The interested party may decide to give consent to the processing of personal data for the performance of profiling activities carried out by distributors. In particular, through the use of the App, tags and text traces may be collected regarding the habits of the data subject and his/her preferences regarding a product or service offered by the distributors. If the data subject decides not to consent to the processing of personal data for this purpose, distributors will not be able to collect the aforementioned data and will not be able to track preferences

 

  • h)    carry out remarketing activities on personal data collected through the App
    the interested party may decide to give consent to the processing of personal data for the performance of the remarketing activities carried out by the Data Controller. In particular, you may decide whether to give consent to the processing of tags and text traces collected under point d) above for the sending of advertising, promotional or marketing messages in line with your interests. If the data subject decides not to consent to the processing of personal data for this purpose, the Data Controller will not be able to send advertising, promotional or marketing messages;

 

  • i)    carrying out remarketing activities by third parties on personal data collected through the App
    The interested party may decide to give consent to the processing of personal data for the performance of remarketing activities carried out by distributors. In particular, you can decide whether to give your consent to the processing of tags and text traces collected under point e) above for the sending of advertising, promotional or marketing messages in line with your interests. If the data subject decides not to consent to the processing of personal data for this purpose, distributors will not be able to send advertising, promotional or marketing messages;

 

  • j)    Management of the newsletter service
    the interested party may decide to give consent to the processing of personal data for the subscription to the newsletter service carried out by the Data Controller, by filling out the appropriate form on the App. If the data subject decides not to consent to the processing of personal data for this purpose, the Data Controller will not be able to provide the newsletter service.

 

 

Methods of processing personal data and security measures taken

 

The processing of personal data may include any type of operation, including collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction. Personal data will be processed mainly in automated form but with logics strictly related to the purposes, through databases, electronic platforms managed by the Data Controller or by third parties appointed for this purpose as Data Processors and/or integrated IT systems of the Data Controller and the aforementioned third parties, apps and/or websites. The Data Controller has assessed the appropriate level of security taking into account the risks that may arise from loss, destruction, modification, unauthorized disclosure, accidental or unlawful access, misuse or alteration of personal data.
In particular, the Data Controller:
-    has taken security measures appropriate to the risks;
-    stores personal data on servers located mainly in the European territory (for information on how the Data Controller transfers personal data outside the European Economic Area, please see the following section "Transfer of personal data outside the European Economic Area").

 

Retention of personal data

 

In order to ensure compliance with the principles of necessity and proportionality of the processing, the Data Controller has identified different times for the storage of personal data in relation to each purpose pursued:

  • for the purposes of providing the service as well as for activities related to the provision of the service, personal data will be kept for the time strictly necessary and, in any case, at the latest for as long as the profile is active;

  • for the purposes of managing the App as well as for activities related to interaction with it and the sections contained therein, personal data will be stored for the time strictly necessary and, in any case, at the latest for as long as the profile is active;

  • in order to manage and respond to requests made through the App ("contact us" section of the App, or through live and/or automated chat), personal data will be kept for the time strictly necessary and, in any case, to pursue the purposes described in this Privacy Policy;

  • for the purpose of carrying out marketing activities on personal data collected through the App, personal data will be kept for the time strictly necessary and, in any case, to pursue the purposes described in this Privacy Policy;

  • for the performance of third-party marketing activities on the personal data provided using the App, personal data will be kept for the time strictly necessary and, in any case, to pursue the purposes described in this Privacy Policy;

  • for the purpose of carrying out profiling activities on personal data released through the use of the App, personal data will be kept for the time strictly necessary and, in any case, to pursue the purposes described in this Privacy Policy;

  • for the purpose of carrying out profiling activities on personal data collected through the use of the App, personal data will be stored for the time strictly necessary and, in any case, to pursue the purposes described in this Privacy Policy;

  • for the purpose of carrying out remarketing activities on personal data provided through the use of the App, personal data will be kept for the time strictly necessary and, in any case, to pursue the purposes described in this Privacy Policy;

  • for the purpose of carrying out third-party remarketing activities on the personal data provided using the App, personal data will be kept for the time strictly necessary and, in any case, to pursue the purposes described in this Privacy Policy;

  • for the purpose of managing the newsletter service, personal data will be kept for the time strictly necessary and, in any case, to pursue the purposes described in this Privacy Policy.

 

Personal data will be deleted if they are no longer necessary in relation to the aforementioned purposes or as soon as consent is withdrawn, in the event that the Data Controller is no longer legally bound or otherwise authorized to store them. Personal data will be stored for legal purposes where the data may be necessary for the exercise or defence of legal proceedings.

 

Recipients of personal data

 

Personal data may be communicated to:

 

  • natural or legal persons acting as Data Processors - who carry out outsourced activities - appointed by the Data Controller or Data Processors (including entities providing IT services or site managers, electronic platform managers, partners, credit institutions, professional firms);

 

  • employees and/or collaborators of Data Processors (including system administrators) who, operating under the direct authority of the Data Processors, are authorized to process personal data. Personal data will not be disseminated or communicated to third parties, except in the case in which the data should be communicated by the Data Controller, in order to protect its rights, to third parties acting as independent Data Controllers. In the event that the data subject has entered personal data in the nickname and/or has an image associated with it, such personal data may be disseminated through the App or Social Network;

 

  • distributors, formally authorized to use the CRM on the basis of the contract signed with the Data Controller, who act as Data Processors.

 

Personal data may be made available to third-party companies that provide services related to the App, as independent data controllers.

 

Transfer of personal data outside the European Economic Area

 

Personal data may be transferred to recipients in the USA. To this end, the Data Controller has adopted the Standard Contractual Clauses.

 

Contact of the Data Protection Officer

 

The address of the Data Protection Officer appointed by the Data Controller is as follows:

dpo@greatlengths.com

 

Rights of the data subjects

 

The current data protection legislation recognises a number of rights for the data subject.

In particular, the data subject has the right to:

  1. obtain confirmation from the Data Controller of the existence or otherwise of their personal data, even if not yet registered, and their communication in intelligible form, as well as access to their personal data, obtaining a copy thereof, and to the related information - including the purposes of the processing, the categories and origin of the personal data, the categories of recipients to whom they have been or may be communicated, the retention period (where possible) and the rights that can be exercised;

  2. obtain from the Data Controller the rectification of personal data and integration, if incomplete;

  3. obtain from the Data Controller the erasure of personal data without undue delay when the personal data are no longer necessary in relation to the purposes for which they were processed or if the legal basis for the processing ceases to exist;

  4. obtain from the Data Controller the transformation into anonymous form or the blocking of personal data processed in violation of the law, including those whose storage is not necessary, in relation to the purposes for which they were collected or subsequently processed;

  5. obtain from the Data Controller the restriction of the processing of personal data when the data subject contests its accuracy or objects to the processing;

  6. receive, in a structured, commonly used and machine-readable format, personal data as well as transmit or, if technically possible and in the cases provided for by applicable legislation, obtain the direct transmission of personal data to another Data Controller without hindrance, in cases where the processing is carried out by automated means, is based on consent or is necessary for the performance of a contract to which the data subject is a party;

 

In addition, if the processing of personal data is based on consent, the data subject shall have the right to withdraw it at any time by post or e-mail by writing to info@greatlengths.com.

If you believe that the processing of your data violates applicable data protection law, or that your rights are violated in any other way, you may lodge a complaint with the Supervisory Authority. In Italy, the competent supervisory authority is the Italian Data Protection Authority.

 

Right to object

 

The data subject has the right to object at any time, on grounds related to his or her particular situation, to the processing of personal data concerning him or her (including profiling) if it is based on the legitimate interest of the Data Controller. In this case, the Data Controller shall refrain from further processing the personal data unless it demonstrates the existence of compelling legitimate reasons for proceeding with the processing that prevail over the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a right in court.

 

 

Cookie Policy

 

The purpose of this Cookie Policy is to inform users about the procedures followed for the collection, through cookies and/or other tracking technologies, of the Personal Data provided when browsing this app (hereinafter referred to as the "App").

Cookies are text files that your browser stores and stores on your device. Cookies store information such as, for example, your preferred language, the items you have placed in your virtual shopping cart or other personal settings on the website.

We use cookies to make our website user-friendly. Some cookies will remain stored on your device until you delete them. They allow us to recognize your browser on your next visit. Disabling cookies may limit the functionality of our App.

 

Characteristics and purposes of cookies

 

Our App uses the following categories of cookies, either our own or those of third parties.

 

Technical and functional cookies

 

  1. a) "Technical cookies": these are used to facilitate the use of the App and the use of its features. Among the technical cookies, we point out the essential cookies, also called "strictly necessary", which enable functionalities without which it would not be possible to use the App completely, as well as the "performance cookies" that allow you to improve the functionality of the App.

  2. b) "Functionality cookies": they allow the App to remember the choices made (e.g., language or geographical area) and to propose them at subsequent accesses to provide better and personalized services (for example, they can be used to offer content similar to those previously requested by the user).

 

Third-party cookies

 

While browsing the App, the user may receive third-party cookies, i.e. cookies from third-party websites, social networks and external platforms that are also used for advertising purposes. If you choose to receive cookies from third-party companies, the communications they send in the future will be more relevant to your interests (e.g. analytical cookies).

 

Managing the installation of cookies

 

In addition to what is provided for in the cookie banner on the first screen and what is indicated in this document, the user can also manage the preferences relating to cookies directly within their browser and prevent – for example – third parties from installing them. You can also delete cookies that have been installed in the past via your browser preferences, including the cookie in which your consent to the installation of cookies by this App may be saved. It is important to note that by disabling all cookies, the operation of this App may be impaired. You can find information on how to manage cookies in your browser at the following addresses:

Google Chrome - https://support.google.com/chrome/answer/95647?hl=en&p=cpn_cookies

Mozilla Firefox – https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari – https://support.apple.com/en-us/HT201265

Microsoft Windows Explorer – http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies

 

If cookies are blocked by the user, some features of the App may not operate properly, the App may work more slowly.

 

Disabling and deleting cookies

 

All browsers allow you to delete cookies from your computer's hard drive, to receive a warning when they are saved or to disable them altogether. For information on how to do this, you can consult the instructions or the help screen of your browser.

To revoke consent, it is also possible to refer to the websites of third parties that can be reached through the following link: http://www.allaboutcookies.org/manage-cookies/index.html.

 

(C) 2024 GREAT LENGTHS Società per azioni Società Benefit - All rights reserved - VAT IT06434421001
2018-B-Corp-Logo-White-SCertification Notice

gl-logo_white-white_revcert_ACCREDIA cert_9001 cert_14001 SGS_ISO_45001_TBS2018-B-Corp-Logo-White-SCertification NoticeCompany with certified management
system for ISO 900I, ISO 14001, ISO 45001