PRIVACY POLICY

Jewel Box & Co. S.r.l., in qualità di Titolare della omonima ditta, avente sede legale in Via Isonzo 8, Milano, è il Titolare del trattamento dei dati personali raccolti su questo sito ai sensi e per gli effetti del Regolamento UE 679/2016 (di seguito GDPR):

Personal Browsing Data

Jewel Box & Co. S.r.l. is committed to protecting personal data and asks you to take a few minutes to read how we collect, use, disclose, and transfer the personal data provided to us through our website jewelbox.it or by interacting with the data transmitted to Jewel Box & Co. S.r.l. by third-party companies that provide technological, logistical, and commercial services.

Furthermore, this privacy notice explains how we collect data through the use of cookies and related technologies when using our Platforms

  • Personal Data Processed for Contractual Purposes, Legal Obligations, and Rights of the Controller
    • Personal data, contact data.
  • Personal Data Processed for Generic Marketing Purposes of the Controller
    • Personal data, contact data.
  • Personal Data Processed for Marketing and Profiling Purposes
    • Personal data, contact data, data collected from cookies installed by the Sites.
  • Personal Data Processed for Sending Newsletters
    • Dati di contatto.
  • Personal Data Processed for the Functioning of the Sites

The IP addresses or domain names of the computers used by users connecting to the Sites, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters related to the user’s operating system and computing environment are all included in the information regarding user behavior on the Sites, the pages that have been visited or searched, in order to select and deliver specific advertisements to the user of the Sites, as well as data related to browsing behavior on the Sites, for example, using cookies. For Jewel Box & Co. S.r.l., it is essential to ensure the security and privacy of children. It is not our intention to knowingly collect and use personal data from anyone under the age of sixteen (16) years or any age limit established by the legislation of their country of residence. By registering on the Site, you confirm that you have reached the age of majority in your country of residence.

Purposes and Legal Bases for Processing

The data and cookies received will be processed by Jewel Box & Co. S.r.l. exclusively in ways and procedures necessary to provide the requested services and for further purposes for which consent has been given.
- Generic marketing purposes of the Controller: by way of example, sending promotional and commercial communications related to similar services/products already used by the Controller through automated contact methods (email), such as notifications of company events, webinars, whitepapers, or subscriptions to newsletters.
- Marketing purposes of third parties (with data communication) belonging to the sectors of services (particularly ICT and digital) and consulting, manufacturing, commerce, and public administration: sending promotional and commercial communications, advertising material related to service/product offers, notifications of company events, as well as conducting market studies and statistical analyses by third parties specified above, to whom the data are communicated, using automated contact methods (such as SMS, MMS, email) and traditional methods (such as operator phone calls).
- Marketing purposes by the Controller for the benefit of third parties (without data communication) belonging to the sectors of services (particularly ICT and digital) and consulting, manufacturing, commerce, and public administration: sending promotional and commercial communications, advertising material related to service/product offers, notifications of company events, as well as conducting market studies and statistical analyses by the Controller on behalf of third parties using automated contact methods (such as SMS, MMS, email) and traditional methods (such as operator phone calls).
- Profiling purposes: analysis of preferences, habits, behaviors, and inferred interests, for example, from online clicks on articles/sections of the websites of Jewel Box & Co. S.r.l., in order to send personalized commercial communications or carry out targeted promotional actions and business intelligence.

The processing of personal data for profiling purposes will occur, with consent, using data processing tools that will create a personal commercial and behavioral profile online through data matching. This data processing tool links the data collected during navigation on the Sites through the use of first-party profiling cookies personally accepted with the data collected through registration at Jewel Box & Co. S.r.l. via the appropriate forms. Furthermore, such data and/or information will be associated with any additional data and/or information already in our possession due to the subscription to our services.
- Legal obligations: to comply with obligations set by regulations and applicable national and international legislation.
- Sending Newsletters: if explicitly requested by registration for this service.
- Rights of the Controller: if necessary, to ascertain, exercise, or defend the rights of the Controller in court.
- Functioning of the Sites: the computer systems and software procedures used for the functioning of the Sites acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects but, by its very nature, could, through processing and associations with data held by the Controller or third parties, allow the identification of users of the Sites.

Disclosure, Communication, and Subjects Accessing the Data

The data may be processed by external parties acting as data controllers, such as, by way of example, authorities and supervisory and control bodies, and, in general, parties, including private entities, authorized to request the data, public authorities that expressly request it from the Controller for administrative or institutional purposes, in accordance with applicable national and European legislation, as well as individuals, companies, associations, or professional firms providing assistance and consulting services.
The data may also be processed on behalf of the Controller by external parties designated as Data Processors under Article 28 of the GDPR, to whom appropriate operational instructions are provided. These parties are essentially included in the following categories:

 

- Companies that provide maintenance services for websites and information systems;
- Companies that provide support in conducting market studies;
- Companies that manage and maintain the Controller's database;
- Companies that offer email sending services;
- Companies that provide marketing automation platform management services;
- Companies that provide organizational and reception support services for events.

Personal data may be processed, if explicitly consented to, by third parties to whom the data are communicated.
Personal data will not be disseminated.

Transfer of Data Abroad

Data may be transferred abroad to non-European countries, particularly to the United States, only after verifying the standard contractual clauses adopted/approved by the European Commission under Article 46, paragraph 2, letters c) and d) of the GDPR, or binding corporate rules as provided for in Article 47 of the GDPR, or, in the absence thereof, based on one of the derogatory measures referred to in Article 49 of the GDPR.
A copy of the guarantees referred to in Article 46, paragraph 2, letters c) and d) of the GDPR adopted by the Controller can be obtained by sending an email to the following address: [email protected].

Duration of Processing and Storage of Personal Data

According to Article 5.1(e) of the GDPR, Jewel Box & Co. S.r.l. will process the data provided for the period necessary to pursue the purposes for which they were collected. Generally, we retain personal data for one year from the end of our relationship or the last contact, unless otherwise prescribed by local legislation. In some cases, it may be necessary for us to retain personal data for a longer period, for example, if requested for legal, tax, or financial reasons:
- Contractual purposes, Legal obligations, and Sending Newsletters: for the entire duration of the contract and, after termination, for 10 years.
- Generic marketing purposes of the Controller: until the exercise of the right to object, which can be exercised via the specific unsubscribe button (“Click here”) or by directly contacting the Controller.
- Marketing and profiling purposes: until the revocation of consent for this purpose.
- Rights of the Controller: in the event of judicial litigation, for the entire duration of the litigation, until the expiration of the terms for the appeal actions.
- Functioning of the Sites: for the entire duration of the browsing session on the Sites.
- After the above retention periods have elapsed, personal data will be destroyed, deleted, or anonymized, in accordance with technical deletion and backup procedures.

Security

In Jewel Box & Co. S.r.l., personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected, in compliance with the principles of necessity and proportionality, avoiding the processing of personal data when the operations can be carried out using anonymous data or by other means.
We have implemented specific security measures to prevent the loss of personal data, unlawful or incorrect use, and unauthorized access. However, it is essential for the security of personal data that the device is equipped with tools such as constantly updated antivirus software and that the internet service provider ensures the secure transmission of data through firewalls, anti-spam filters, and similar safeguards.

Rights of the Data Subject

By contacting the Controller via email at [email protected], you can request access to your data, deletion of your data, correction of inaccurate data, completion of incomplete data, and limitation of processing as provided by Article 18 of the GDPR.
Additionally, if the processing is based on consent or a contract and is carried out using automated tools, you can request data portability and receive your data in a structured, commonly used, and machine-readable format, as well as, if technically feasible, transmit it to another controller without hindrance.
You have the right to withdraw consent granted at any time for marketing and/or profiling purposes and to object to the processing of your data for reasons related to your particular situation, in cases of the exercise of a public interest or legitimate interest of the Controller, as well as for marketing purposes, including profiling related to direct marketing. You can still be contacted for this purpose solely through traditional means and express your objection only to receiving communications through automated means. The Controller refrains from processing, except for legitimate reasons that prevail over the interests, rights, and freedoms of the data subject, or for the ascertainment, exercise, or defense of a right in court.
You have the right to lodge a complaint with the competent supervisory authority in the Member State where you usually reside or work or in the State where the alleged violation occurred.

Data Protection Officer

Data may be processed by employees of the Controller’s business functions responsible for pursuing the purposes indicated above, who have been expressly authorized to process the data and have received appropriate operational instructions.
Personal data processed for the functioning of the sites, collected during navigation on them, will be processed by employees, collaborators of the Controller, or external parties, acting as authorized persons and data processors, properly trained by the Controller, who perform technical and organizational tasks related to the Sites on behalf of the Controller