“Gaori” will be the “owner” of customer’s data and all the information concerning the use of their personal data is summarised in the privacy document, in accordance with the Protection of Personal Information legislation. Customers must, therefore, accept such policy before proceeding with any purchases, with a particular focus on the following areas:
- Purposes of data processing. Commercial, promotional and/or sales purposes to identify potential customers for each specific product or service (eg, statistics, customer satisfaction feedback, preliminary gathering of information aimed at reaching an agreement or provision of a service, etc.); Customer satisfaction research (eg research on the quality of services); Fulfillment of obligations under the law, regulations or legislation.
- Data communication. The personal data collected by Gaori will be communicated and/or processed by people we trust, who, in pursuit of the above objectives, carry out operational, technical and organizational tasks. The personal data provided by Customers are used only to perform the job or related services; the data are not disclosed to third parties unless such disclosure is required by law or is directly necessary for the fulfillment of requirements.
All the details of the credit cards processed by email/ telephone/fax are processed by the PayPal secure server and immediately canceled after the transaction.
- Rights of interested parties. – It is fully established that the customer has the option to exercise specific rights. The Customer may obtain: confirmation or otherwise of the existence of data concerning them, even if not yet recorded;
Information about the origin of personal data, the purpose and methods of processing it, and the basis of processing in cases where this is done using electronic instruments;
Indication of the identity of the Owner and the Person Responsible, and the persons or categories of persons to whom the personal data may be communicated or who have access to them;
The cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as updating, rectification or, where interested, integration of data unless it is impossible or involves the use of disproportionate means. The Customer may also object, for legitimate reasons, to the processing of personal data about them, even if it relates to the purpose of the data collection. The Customer can also object to the processing of personal data for sending advertising material or otherwise, aimed at carrying out market research and business communications.
The GDPR applies to any business that does one or both of the following:
- Offers products or services to citizens of the EU
- Collects personal information from citizens of the EU
- Note that if you meet either of these criteria, it doesn’t matter where your business is located.
This means that a U.S.-based business that simply collects email addresses from EU citizens will be required to comply with the GDPR.