Privacy Policy

This document lists the methods and purposes of the personal data processing undertaken by GTP S.r.l., in its data controller capacity (hereinafter, also the “Controller” or “GTP”) and any other additional information required by law, including information on the data subject’s rights and the exercise of those rights.
The Regulation (EU) 2016/679 on the protection of personal data (hereinafter, the “Regulation”) sets rules concerning the protection of natural persons with regard to the processing of persona data, and on the free movement of such data.
Art. 4, No. 1 of the Regulation defines “Personal Data” as any information relating to an identified or identifiable natural person (hereinafter, “Data Subject”).
On the other hand, “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4, No. 2, Regulation).
Additionally, pursuant to Articles 12 et seq. of the Regulation, the Data Subject is to be provided the appropriate information concerning (i) the Processing activities carried out by the Controller and (ii) the rights of the Data Subject.

1. Purposes of the processing and legal basis

The purposes of the processing are the following:

  • (i) Punctual provision of services to the users, including the provision of this website, in accordance with the terms and conditions aimed at regulating the same;
  • (ii) With respect to the subscriptions to the GTP service and/or partial use of the service without a transaction is successfully carried out, for the delivery of communication for assistance and support by GTP, also for the purpose of (ii) evaluating the cancellation of Data Subject’s Persona Data;
  • (iii) Fulfillment of obligation set forth by law, regulation or EU legislation, in particular related to the civil, fiscal and accounting legislation, as well as to comply with orders of Authorities authorized to do so by law or by supervisory and control bodies;
  • (iv) Delivery of promotional material, by means of e-mail, to Data Subjects regarding services similar to those already purchased, provided that the Data Subject may request GTP to not receive the above-mentioned messages;
  • (v) Respond to any requests submitted by the Data Subject through the contact form available on this website.

Considering that the Processing of Personal Data, for the purposes set out at the above-mentioned points (i), (ii), (iii) and (v) is needed for the performance of a contract, in order to take steps at request of the Data Subject prior to entering into a contract and for the fulfilment of contractual and legal obligation, the consent of Data Subjects is not required. The Processing of Personal Data for the purposes set out at point (iv) is deemed allowed pursuant to Art. 130(4) of the Italian Data Protection Code.

  • (vi) Delivery via email, from the Controller, of communications related to promotional and marketing initiatives of GTP and for carrying out market researches, subject to the consent of the Data Subject.

2. Processing methos and storage

Pursuant to art. 5 of the Regulation, the Personal Data subject to the Processing are:

  • (i) Processed lawfully, fairly and in a transparent manner in relation to the Data Subject;
  • (ii) Collected and stored for specified, explicit and legitimate purposes and further processed in a manner compatible with those purposes;
  • (iii) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • (iv) Accurate and, where necessary, kept up to date;
  • (v) Processed in a manner that ensures appropriate security;
  • (vi) Kept in a form that permits identification of the Data Subject for no longer than is necessary for the purposes for which the Personal Data are processed

The Personal Data will be processed by the Controller with automated and non-automated means; the electronic storage of Personal Data occurs in secure servers located in controlled access areas and with restricted access.

Specific security measures are observed to prevent data loss, unlawful or inaccurate uses and unauthorized accesses.

3.  Type of Personal Data. Consequences in case of failure to provide Personal Data.

Provision of Personal Data is mandatory for the purposes under point (i), (ii), and (iii) of Paragraph 1 and, accordingly, the Data Subject’s refusal to provide Personal Data determines the impossibility for GTP to accurately provide the services and to fulfill del specific obligations required by law. Similarly, with reference to the purpose under Paragraph 1, point (v) above, GTP could not respond to the requests submitted by the Data Subject if the latter does not provide his/her Personal Data to GTP.

The provision of Personal Data for the purposes listed under point (iv), Paragraph 1, is necessary to allow the Controller to submit communications related to promotional activities on products which are similar to those already purchased by the customer and/or for those in relation to which the Data Subject provided his/her Personal Data in the context of the sale. If the Data Subject does not provide his/her Personal Data, the Controller cannot submit such communications

Provision of Personal Data for the purposes under point (vi) of Paragraph 1 is optional and, therefore, there are no consequences if the user does not provide his/her Personal Data.

4. Retention of Personal Data

Personal Data are retained for the time strictly necessary to fulfill the purposes for which they were collected and processed. With regards to the purposes set out at point (i), (ii), (iii) and (v) of Paragraph 1, the Personal Data shall be retained to properly provide the services, comply with legal obligations and respond to any request of the Data Subjects. With respect to the purposes set out at point (iv) of Paragraph 1, the Personal Data shall be processed until the Data Subject will not have exercised the right of opposition. With respect to the purposes set out at point (vi) of Paragraph 1, the Personal Data shall be processed for the maximum period of 24 months.

However, it is understood that once the purposes of the Processing have been satisfied or in case of in case the consent has been revoked, the Controller shall nevertheless be obliged and/or have the right to further retain the Personal Data, in whole or in part, for certain purposes, as expressly required by specific law provisions or to exercise or defend a right in a proceeding against the customer (for instance, in case of complaints with reference to the activities carried out by the Controller).

5. Disclosure of Personal Data

Personal Data shall be accessible to those mandated to the Processing and external collaborators.

6. Dissemination of Personal Data

The Personal Data are not subject to dissemination.

7. Transfer of Personal Data abroad

The Personal Data shall not be transferred outside European Union member States.

8. Rights of the Data subject

At any time, the Data Subject may access his/her Personal Data in order to correct, delete and, in general, exercise all the rights expressly provided under Articles 15 to 22 of the Regulation, and in particular:

  • (i) the right to obtain confirmation as to whether or not Personal Data concerning him or her are being processed and to receive them in an intelligible form, to know their origin, purposes and methods of Processing;
  • (ii) the right to obtain the identification details of the Data Controller, the data processors and the subjects or categories of subjects to whom his/her Personal Data may be communicated;
  • (iii) the right to verify the accuracy of Personal Data or request their integration, update or rectification;
  • (iv) the right to request the deletion, anonymization or blocking of Personal Data processed in breach of the law, as well as their limitation under the law and to oppose in any case, in whole or in part, for legitimate reasons to their Processing;
  • (v) the right to the portability of his/her Personal Data;
  • (vi) the right to lodge a complaint, a report or an appeal to the Italian Data Protection Authority, where the conditions are met (www.garanteprivacy.it).

The Data Subject shall also have the right to object to the Processing of Personal Data in cases expressly provided for by law, as well as the right to withdraw his/her consent to the Processing at any time, without prejudice, however, to the lawfulness of the Processing carried out on the basis of the consent given before the withdrawal. The Data Subject has the right to refuse, initially or on the occasion of subsequent communications, the Processing of his/her Personal Data for the purposes referred to under (iv) of Paragraph 1 above, and to object at any time to the Processing of his/her Personal Data for the purposes referred under (vi) of the same Paragraph 1.

9. Data controller

The Controller is GTP S.r.l., place of business in Via Aldo Moro 22, 66054 Vasto.

10. Communications and exercises of the data subject’s rights

To exercise the rights listed under paragraph 8, the Data Subject may contact in any moment by sending an email to info@andreaiannone.com

11. Cookie

This website uses cookies, small piece of data stored on users’ devices to facilitate Internet navigation or obtain statistical information on the navigation behavior.

In particular, GTP uses technical cookies to ensure the essential features of its website and for statistical purposes. The use of technical cookies does not require the consent of the user.

The Processing of Personal Data through the use of technical cookies will be carried out in compliance with the Paragraphs above, the Regulation and Legislative Decree No. 196/2003 (“Italian Data Protection Code”).