Privacy Policy

Privacy Policy

Customer privacy notice

This notice is provided to customers, whether natural persons or natural persons acting on behalf of legal entity customers, of Averla lavorazioni orafe di Averla Alessandro e C. S.A.S., pursuant to Article 13 of Legislative Decree no. 196 of 30 June 2003 – "Personal Data Protection Code" and Article 13 of GDPR 679/2016 – "European Regulation on the protection of personal data".

Identity of the Data Controller

The Data Controller for the personal data of individual customers, or of natural persons acting on behalf of legal entity customers, is Averla lavorazioni orafe di Averla Alessandro e C. S.A.S., with registered office at Via Giovanni Vincenzo Verzellino, 54/R - 17100 Savona (SV).

Source of data

The personal data processed is that provided by the data subject on the occasion of:

  • visits to our premises;
  • interactions through the website;
  • requests for information, including by email;
  • previous transactions.

Purposes of processing

Tax obligations, organisational management of the requested services and conclusion of sales contracts, appointment scheduling, order fulfilment, delivery and installation of systems, bureaucratic obligations relating to the requested services.

Finally, all personal data of the aforementioned data subjects will be entered into the Data Controller's archives and used (pursuant to Article 130, paragraph 4 of Legislative Decree 196/2003 and the General Provision of the Italian Data Protection Authority published in the Official Gazette of 1 July 2008, no. 188/C, formulation 6, points a, b, c) for the sending of communications concerning products, services, news and promotions.

Legal basis

The legal basis consists of the performance of a contract to which the data subject is party or the execution of pre-contractual measures taken at the request of the data subject. Some processing is carried out on the basis of the legitimate interests of the Data Controller (promotion of its commercial activities and pursuit of its statutory purposes).

Recipients of data

The personal data processed by the Data Controller will not be disseminated, meaning it will not be disclosed to unidentified parties in any form whatsoever, including by making it available or allowing simple consultation. It may, however, be communicated to employees working under the Data Controller and to certain external parties who collaborate with them. It may also be communicated, to the extent strictly necessary, to parties who, for the purposes of fulfilling purchases or other requests or providing services related to the transaction or contractual relationship with the Data Controller, must supply goods and/or perform work or services. Finally, it may be communicated to parties legitimately entitled to access it by virtue of legal provisions, regulations or EU legislation. In particular, based on their respective roles and duties, certain employees have been authorised to process personal data within the limits of their competence and in accordance with the instructions given to them by the Data Controller.

Data transfers

The Data Controller does not transfer personal data to third countries or international organisations. However, it reserves the right to use cloud services; in such cases, service providers will be selected from among those offering adequate guarantees, as required by Article 46 of GDPR 679/16.

Data retention

Personal data voluntarily provided by the data subject will be processed by the Data Controller and retained for a period of 5 years. Upon expiry of the fifth year, the system will send an email to the data subject, who may freely and at their own discretion express their consent again to the continuation of the processing. Failure to renew consent to the processing of data will result in the inability to continue using the service.

Rights of the data subject

With reference to Article 7 of Legislative Decree 196/2003 and Articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to object to automated decision-making of GDPR 679/16, the data subject may exercise their rights by writing to the Data Controller at the address indicated above, or by email, specifying the subject of their request, the right they intend to exercise and enclosing a copy of an identity document attesting to the legitimacy of the request.

Withdrawal of consent

With reference to Article 23 of Legislative Decree 196/2003 and Article 6 of GDPR 679/16, the data subject may withdraw any consent given at any time. However, the processing covered by this notice is lawful and permitted even in the absence of consent, as it is necessary for the performance of a contract to which the data subject is party (the supply relationship) or for the fulfilment of their requests. To withdraw consent, an email must be sent to: info@averla.it to request deletion. The Data Controller will acknowledge receipt and fulfil the request within 48 (forty-eight) working hours.

Lodging a complaint

The data subject has the right to lodge a complaint with the supervisory authority of their country of residence.

Refusal to provide data

Individual customers may not refuse to provide the Data Controller with the personal data necessary to comply with the legal provisions governing commercial transactions and taxation. The provision of additional personal data may be necessary to improve the quality and efficiency of the transaction. Therefore, refusal to provide data required by law will prevent the fulfilment of orders; while refusal to provide additional data may wholly or partly compromise the fulfilment of other requests and the quality and efficiency of the transaction itself.

Persons acting on behalf of legal entity customers may refuse to provide the Data Controller with their personal data. However, the provision of personal data is necessary for the correct and efficient management of the contractual relationship. Therefore, any refusal to provide such data may wholly or partly compromise the contractual relationship itself.

Automated decision-making

The Data Controller does not carry out any processing consisting of automated decision-making on the data of individual customers, or of natural persons acting on behalf of legal entity customers.

Notice for email recipients

The content of emails is to be considered confidential. Therefore, the information contained in them or in any attachments is intended exclusively for the recipients. Persons or parties other than the intended recipients, including pursuant to Article 616 of the Italian Criminal Code, are not authorised to read, copy, modify or forward the message to third parties. Anyone who receives one of our communications in error should not use it or disclose it to anyone, but should delete it from their inbox and notify the sender.

The authenticity of the sender and the content are not guaranteed, except for digitally signed documents. Furthermore, pursuant to Article 13 of Legislative Decree 196/2003 and Article 13 of GDPR 679/16, we inform you that our archives include email addresses relating to natural persons, companies and organisations with whom previous communications have taken place by email or other means of communication, or who have voluntarily provided their email address during direct contacts. Such addresses are used by us in accordance with the wishes and willingness of the data subjects to receive communications by email from our company. We also inform you that all mailboxes of the masonicjewels.it domain are company mailboxes and, as such, are used for work-related communications. Therefore, for reasons connected with operational activities, any message, whether outgoing or incoming, may be read by parties other than the sender and/or the recipient. Should data subjects wish to have their email address removed from our archives, or to exercise the rights referred to in Article 7 of Legislative Decree 196/2003 and Articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to object to automated decision-making of GDPR 679/16, they may write to the Data Controller Averla lavorazioni orafe di Averla Alessandro e C. S.A.S., with registered office at Via Giovanni Vincenzo Verzellino, 54/R - 17100 Savona (SV).

Rights of data subjects

The individuals to whom the personal data refers have the right at any time to obtain confirmation of the existence or otherwise of such data and to learn its content and origin, verify its accuracy or request its integration or updating, or rectification (Article 7 of the Personal Data Protection Code).

Pursuant to Regulation (EU) 2016/679, the data subject has the right to:
  • art. 15 – obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to the personal data and other specific information;
  • art. 16 – obtain from the data controller the rectification of inaccurate personal data concerning them, without undue delay;
  • art. 17 – obtain from the data controller the erasure of personal data concerning them without undue delay;
  • art. 18 – obtain restriction of processing in specific cases;
  • art. 20 – receive the personal data concerning them in a structured, commonly used and machine-readable format;
  • art. 21 – object at any time to the processing of personal data concerning them carried out for marketing purposes (commercial communications sent by the data controller). To exercise their rights, the data subject may send an email to info@averla.it. The data controller will acknowledge receipt and fulfil the request within 48 (forty-eight) working hours. Pursuant to art. 19, requests relating to the rights under arts. 16, 17 and 18 will be transmitted by the data controller to the relevant recipients.
Pursuant to the same article, the data subject has the right to request the erasure, anonymisation or blocking of data processed in violation of the law, and to object in all cases, on legitimate grounds, to their processing. Requests should be addressed:
  • by email, to: info@averla.it
  • or by post, to: Via Giovanni Vincenzo Verzellino, 54/R – 17100 Savona (SV). Right to lodge a complaint with a supervisory authority: the data subject also has the right to lodge a complaint with the competent supervisory authority – the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) – at the following PEC address: averla@prontopec.com

Service cancellation

To unsubscribe from the service, the following methods are available:

Log in to your personal area on the website, click on the "Remove Profile" link and then confirm your choice; or, where this option is not available, send an email to: info@averla.it to request deletion. The Data Controller will acknowledge receipt and fulfil the request within 48 (forty-eight) working hours.