Discover our Bespoke Services, fine linens, throws and blankets Made in Como, Italy

Discover our Bespoke Services, fine linens, throws and blankets Made in Como, Italy

Discover our Bespoke Services, fine linens, throws and blankets Made in Como, Italy

Discover our Bespoke Services, fine linens, throws and blankets Made in Como, Italy

Discover our Bespoke Services, fine linens, throws and blankets Made in Como, Italy

Discover our Bespoke Services, fine linens, throws and blankets Made in Como, Italy

Toggle Nav
Search
Language
Cart 0 Shopping Cart
Menu
Account
Settings
Language
Language: IT

PRIVACY POLICY

We respect your privacy and are committed to protecting it by complying with this privacy policy (hereinafter referred to as the ‘Policy’).

Pursuant to Articles 13 and 14 of EU Regulation 679/2016 (hereinafter also referred to as ‘GDPR’), Gabel Industria Tessile s.p.a. (hereinafter also referred to as the ‘Company’ or the ‘Data Controller’), as the ‘Data Controller’, provides information about the use of any personal data provided by Users who consult and/or interact with the web services accessible electronically from the address: www.somma1867.com corresponding to the home page of the Company's official website (hereinafter ‘Website’).

The information is provided only for the Website in question and not for other websites that may be consulted by the User via links and is addressed to Users of this Website. The Website may contain links to websites, services and other Internet resources relating to third parties. In this case, the Data Controller is in no way responsible for the content, security and usability of such sites and resources, nor does it verify the policy or issue guarantees regarding the protection of privacy and personal data by such third parties.

By accessing and using the Website and Services, the User acknowledges that they have read, understood and agreed to be bound by the terms of this Policy.

1. Data controller
The data controller is: 

Gabel Industria Tessile s.p.a., (Tax Code and VAT No. 00185790185), with registered office in Rovellasca, Via XX Settembre No. 35, in the person of its pro tempore legal representative (telephone number 02964771 - e-mail: privacy@gabelgroup.com).

The list of persons authorised to process data and data processors is kept at the Data Controller's registered office and made available at the request of the data subject.

2. Personal data subject to processing

The Company will only collect and process personal data voluntarily provided by Users of this Website. Users may browse the Website without having to provide personal data, except for browsing data, as specified below. Each User of the Website may choose to provide the Data Controller with limited personal data as requested in order to obtain information about our services. Once registered, the personal data collected will only be used for the services indicated in the available Policy.

The Company does not deliberately collect sensitive or judicial personal data through the Site.
Sensitive data, pursuant to Article 4 of European Regulation GDPR 679/2016, includes personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade union nature, as well as personal data revealing health and sex life. Judicial data, again pursuant to Article 4 of European Regulation GDPR 679/2016, includes personal data revealing measures referred to in Article 3, paragraph 1, letters a) to o) and r) to u) of Presidential Decree No. 313 of 14 November 2002, No. 313, concerning criminal records, the register of administrative penalties for offences and related pending charges, or the status of defendant or suspect pursuant to Articles 60 and 61 of the Code of Criminal Procedure. We recommend that you do not provide such information through our Website.

The Company may collect the following categories of personal data for the purposes described in this Policy:

-IP address of the User's device, unique identifiers of the User's mobile device, duration of stay on the Website, services used, links and messages activated, browser characteristics (type, language, plug-ins installed, etc., cookies, etc.);

- identification and contact details obtained during contractual or pre-contractual relationships with the Company, such as, for example, name, surname, company name where it contains personal data, e-mail address, VAT number, and other contact details, username and password;

- administrative and accounting data necessary for payments and administrative obligations, such as, for example, name, surname, billing and delivery address, IBAN data or payment references;

- information contained in the application submitted in order to request information about our products, request updates on the latest news, request collaborations and partnerships;

- information on online purchases, such as, for example, the products purchased and their price;

- information on the browser used or browsing behaviour;

- information disclosed or published by the User in a public place, on social media pages or on the Company's Website.

3. Purpose of processing

The User's personal data will be processed for the following purposes:

a)    browsing this Website and in particular for:

- activities aimed at the functioning of the Website. During normal operation, the system acquires some personal data whose transmission is implicit in the use of Internet communication. This category of data includes IP addresses or domain names of computers and terminals used by Users, URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User's operating system and IT environment. 

b)    creation of an account on the www.somma1867.com website and in particular for:

-  registering and managing the registration process and the reserved area for access to all features, such as the purchase of products and services;

c)    contacting the User in response to a request sent via the sections ‘Would you like to become a Somma1867 retailer?’, ‘Furnish with exclusive solutions?’, ‘Contact us’ and ‘Hospitality’ or by email or telephone, and in particular to: 

-  validate, manage and respond to a question or request;

- satisfy requests for information on products, offers and quotes;

- send information material or other communications;

- inform about changes to the Website or updates to services;

- offer the best possible service and improve the User's experience;

- allow the User/Applicant to exercise their rights;

d)    manage requests for the purchase of products and services and requests for collaborations and partnerships received through the reserved area on the Website or as a ‘guest’ or through the Website (via the sections ‘Would you like to become a Somma1867 retailer?’, ‘Furnish with exclusive solutions?’, ‘Contact us’ and ‘Hospitality’) or by email or telephone, and in particular for:

- execution of the contract and/or pre-contractual measures;

- receiving, validating and managing requests for purchase orders for products and services and requests for collaboration and partnership for the possible establishment of a contractual relationship;

- executing purchase requests, supplying products and services and establishing collaborations and partnerships;

- managing and carrying out the necessary customs procedures for import/export activities (including storage in its customs warehouses and assistance with inspections by the relevant authorities);

-executing administration, accounting, transport, logistics and goods shipment management services, storage of goods entrusted for safekeeping, execution of all procedures necessary for the correct and complete management of shipments and/or goods in transit;

-providing any third parties with the necessary information for the sole purpose of fulfilling contractual obligations;

-processing payments;

-communicating with the User regarding their orders, products, services and related promotional offers;

-managing any exchanges or returns and refunds after purchase;

e)    manage applications received via the email address published on the Website, and in particular to:

-send CVs;

-carry out recruitment, analysis, evaluation and selection of personnel;

-archive CVs for future personnel search requirements;

f)    carrying out profiling, direct marketing and forwarding commercial communications in response to requests received by email or by filling in the form in the dedicated section of the Website, and forwarding newsletters following an express request from the recipient received by email or by filling in the form in the ‘Subscribe to our newsletter’ section of the Website, and in particular for:

- carry out profiling activities by the Company in order to analyse behaviour, habits and propensities towards certain types of consumption and to meet needs and improve the Company's products, services and offers;

- carry out and manage marketing activities, forward commercial communications and newsletters in order to propose advertisements for offers, promotions, events, news, presentations of new services/products, regulatory news using automatic contact methods (e.g. e-mail);

g)    prevent and detect unauthorised use of the Website, as well as potential fraud committed against the User and the Company, and in particular to:

- activate the necessary mechanisms to prevent and ascertain improper use of the Website, together with possible attempts at fraud against the User and the Company;
-in the event of a fraudulent transaction or detection of abnormal behaviour indicating an attempt to fraudulently use the Company's features, products or services, block the transaction or cancel the account;

- ascertain responsibility in the event of hypothetical computer crimes against the site;

h)    for legal, administrative and audit purposes, and in particular for:

- compliance with obligations under the law, regulations, EU legislation or an order from the Authority, for example, accounting and financial reporting obligations, anti-money laundering, antitrust, as well as customs (including storage in its customs warehouses), tax, health, labour and safety obligations, etc.)

i)      asserting or defending a right in court, out of court or in administrative proceedings; 

4. Legal basis

In accordance with art. 6 of Reg. EU 679/2016, the conditions of lawfulness (legal basis) for the processing of Users' personal data are as follows:

-regarding the treatments referred to in letters a), g), and i): legitimate interest of the data controller, in compliance with art. 6 letter f) GDPR;

-regarding the treatments referred to in letter f): consent of the Site User, in compliance with Article 6, paragraph 1, letter a) GDPR;

-regarding the treatments referred to in letters b), c), d) and e): execution of the contract or pre-contractual measures, in compliance with art. 6 letter b) GDPR;

-regarding the treatments referred to in letter h): legal obligation, in compliance with art. 6 par. 1 letter c).

The provision of personal data is necessary for the establishment and correct fulfillment of the Contract, as well as to correctly fulfill the obligations set forth in current legislation. Therefore, any refusal by the interested party to provide personal data, in whole or in part, in pursuit of the indicated purposes, will result in the impossibility of establishing or implementing the Contract or of correctly carrying out the obligations set forth in the current rules.

The provision of the personal data processed, only with the prior consent of the data subject, for the profiling, marketing, sending of commercial communications and newsletters by the Company is optional. Any failure to consent for these purposes will have the only consequence of preventing the processing of personal data by the Data Controller for the aforementioned purposes.

The revocation of consent to the profiling, marketing, sending of commercial communications and newsletters by the Company may be carried out through the use of the link “unsubscribe” where present at the bottom of the relevant communications transmitted by email or by sending an email to privacy@gabelgroup.com.

5. Methods of processing personal data

In relation to the purposes described above, the processing of personal data takes place using manual, IT and telematic tools, in any case, in order to guarantee the security and confidentiality of the data themselves. Collection, recording, storage, organization, processing, selection, extraction, comparison, interconnection, communication, blocking, erasure, destruction is permitted. Still with regard to data security, specific security measures are observed to protect personal data and prevent its loss and/or destruction, improper and/or unauthorized use, improper and/or unauthorized access, disclosure and modification, and in general unlawful use. 

6. Period of retention of personal data

The User's personal data will be processed:

- with regard to personal, contact, accounting and payment data relating to the conclusion of the contract: for the period strictly necessary to fulfill the contract and in any case no later than 31.12 of the tenth year following the exhaustion of the contractual obligations, unless the receipt of documents interrupting the statute of limitations or the existence of the conditions for the suspension of the statute of limitations; or, in any case, for the different period provided by law for proof of compliance with legal or tax obligations or the period necessary to allow the Company to potentially protect its rights in judicial, administrative proceedings or in any case before a Public Authority);

-regarding data relating to the creation of the account on the Site and identification as a User of the Site: for the entire duration in which the User is registered, i.e. until the User decides to delete his online account;

-as for navigation data: for the period relating to the navigation session;

- with regard to personal and contact data released on the occasion of the contact request: for the period not exceeding 5 years from their collection by the Owner;

-as for applications, the personal data of candidates will be stored and processed for a period not exceeding 12 months from their collection by the Owner;

-as for data relating to profiling activity: 12 months from data collection;

-as for data relating to marketing and commercial communications activity: 5 years from data collection or from the last update of the relevant data;

-as for data relating to newsletter forwarding activity: 5 years from data collection.
In any case, the data processed will be retained for the entire duration of any out-of-court and/or judicial proceedings, until the deadlines for obtaining judicial protection and/or appeal actions have been exhausted. Verification of the obsolescence of the data retained in relation to the purposes for which they were collected is carried out periodically and, once the aforementioned retention periods have expired, the data are deleted or anonymized.

7. Recipients of personal data and the possibility of transferring personal data to third countries

The User's personal data may be communicated to:

-authorized processing persons and processors pursuant to art. 28 GDPR;

-companies, producers, distributors, suppliers, commercial partners of the Owner within the limits necessary to carry out the activities covered by the negotiating reports and/or requests of the interested party;

-transport companies for freight shipments and customs procedures;

- banking institutions for payment management;

- third parties exclusively for accounting, tax, legal, insurance needs, or in the event of checks by police bodies or if required by law;

-financial administrations, public bodies, judicial authorities, law enforcement;

-credit recovery company;

- companies that detect financial risks and carry out fraud prevention activities;

- supervisory and control authorities;

-judicial and/or public safety authorities;

-any business partners of the Owner involved in the contractual relationship;

- Data Protection Officer (DPO).

For the pursuit of the above purposes, the personal data of Users will be processed in the European Union and will be transferred to non-EU territory, only in the terms and with the guarantees provided by the Privacy Regulation and, in particular, pursuant to Articles 44 – 49 of the GDPR.
It should be noted, in particular, that such data will not be disseminated and will be processed by entities duly responsible for carrying out these tasks, constantly identified and/or appointed, appropriately instructed and informed by the constraints imposed by law, as well as through the use of security measures aimed at ensuring the protection of its confidentiality and avoiding the risks of loss or destruction, unauthorized access, of treatments not permitted or not in accordance with the above purposes.

8. Minors 16 years old

The Company does not allow browsing to minors under the age of 16 for the purpose of protecting their personal data and information, especially in an online environment. Therefore, the Company does not deliberately collect or maintain personal data relating to minors.

9. Right of access to personal data and complaint methods 

Please note that, with reference to the personal data provided, the User holds the following rights pursuant to Articles 15 to 22 of the GDPR:

-withdraw your consent to the processing of your Personal Information. To the extent that the legal basis for processing personal information is consent, the User has the right to withdraw such consent at any time. The revocation does not affect the lawfulness of the processing carried out before the revocation;

-be subjected to lawful, correct and transparent treatment (art. 6 GDPR);

-obtain confirmation that personal data is being processed or not and, in this case, obtain access to personal data - including a copy thereof - and communication of, among other things, the following information: purpose of processing, categories of personal data processed, recipients to whom these have been or will be communicated, data retention period, (right of access - Article 15 GDPR;

-obtain, without undue delay, the rectification of inaccurate personal data and/or the integration of incomplete personal data (right to rectification - Article 16 GDPR);

-obtain, without unjustified delay, the deletion of personal data (right to deletion – art. 17 GDPR);

-receive personal data in a structured, commonly used, and machine-readable format, if processing is based on consent and carried out by automated means (right to data portability - Article 20 GDPR);

-oppose the processing at any time, for reasons related to one's situation (right to object – art. 21 GDPR). In the event of exercising this right, the Company will refrain from further processing personal data, provided that there are no compelling legitimate reasons to proceed with the processing anyway;

-to assert one's point of view with respect to automated decisions and in particular that of requiring a review of the decision by a human being (right not to be subjected to an automated individual decision – art. 22 GDPR);

-file a complaint with the Italian Data Protection Authority, following the procedures and instructions published on the Authority's official website (art. 77 GDPR) if you believe there is a problem with the way personal data is managed.

The data subject may request a copy of the personal data being processed and may exercise his or her rights in the following ways

- by email: sending a request to the Company at the following email address: privacy@gabelgroup.com;

- by regular mail, to the Company's registered office (Gabel Industria Tessile spa).

When contacting the Data Controller, the data subject should make sure to include his/her name, e-mail address, postal address and/or telephone number/s, to be sure that the same can handle your request correctly. 

The Company will comply with such requests, revocations or objections as required by applicable data protection rules at the latest within one month of receipt of the request. This period could be extended by up to two months depending on the complexity or number of requests and the Company will explain to you the reason for the extension.

10. Personal Data Protection Officer (DPO)

The Company has appointed a Personal Data Protection Officer (DPO) and, pursuant to Article 37 of the GDPR, has appointed Francesco Tagliabue, with a firm in Como, Piazzale Gerbetto no. 6. The details that allow you to quickly contact the Owner and communicate directly and effectively with him, including the email address, are the following: mail francesco.tagliabue@legaliassociati.it - pec: francesco.tagliabue@como.pecavvocati.it - tel.+39.031.262591 – fax. 031.279179.  

11. More information – Using social networks

The Company manages its institutional accounts on the following social networks platforms managed, in turn by providers

SOMMA

https://www.facebook.com/Somma1867

https://www.instagram.com/somma1867/

https://www.youtube.com/@Somma1867.official

PRETTI

https://www.instagram.com/prettispugna/

https://www.facebook.com/spugnapretti

https://www.youtube.com/@Pretti1957.official

LINKEDIN

https://it.linkedin.com/company/gabel---industria-tessile-spa

The holder uses his corporate accounts on the social networks referred to above to provide information about the company, products, services, offers and current developments, as well as to communicate with Users. Users can send messages, comment, share, or like “like” published content; in such cases, the Owner processes profile data (especially the user's name) and related interactions (such as messages or comments) to process requests and provide feedback. The processing takes place in compliance with the applicable legal framework pursuant to the GDPR and, where required, the processing of the User's personal data could be based on the legitimate interest of the Data Controller in compliance with Article 6, letter f) GDPR. 

It should be noted that, when visiting accounts, social network providers can independently process personal data and install cookies on users' devices, activities over which the Owner has no control. For further information on how individual providers process data and on users' rights, please consult their privacy policies.

12. Changes

The Owner reserves the right to modify this Policy at any time and at its own discretion. The User will not receive proactive communications from the Owner regarding any changes. An updated version of this Policy will be effective immediately upon the publication of the new Policy, unless otherwise specified. The continued use of the Site by the User after the effective date of the updated Policy will constitute his consent to such changes. However, without the User's consent, the Owner will not use the User's personal information in a substantially different way than stated at the time of collecting the Personal Information.

Effective date 01/11/2025