top of page

Privacy Notice

EU Regulation No. 679/2016 (General Data Protection Regulation - GDPR)

The personal data provided by you, along with any photos and video recordings for which a release will be requested for processing, in accordance with Articles 10 and 320 of the Civil Code, as well as Articles 96 and 97 of Law No. 633/1941 (Copyright Law) and Law No. 101/2018, will be collected by Graf Srl (hereinafter referred to as "Graf"), who will process them as the Data Controller, using manual, computer, and telematic tools, ensuring the security and confidentiality of the data, even when using remote communication techniques, and in compliance with the following purposes:

  1. Participation in the event managed by Graf Srl. Providing the data for this purpose is a necessary requirement for participating in the event, and processing this data does not require your consent.

  2. Promotion of Graf products and services, as well as other companies in the Group, including market research (so-called direct marketing), carried out through letters, landline and/or mobile phone calls, advertising material, automated communication systems, emails, MMS (Multimedia Messaging Service), and SMS (Short Message Service); Article 130, paragraph 3-bis, remains without prejudice to the provisions of Article 1, paragraph 14, of Law No. 5 of January 11, 2018.

  3. Promotion of Graf, the Group, or third-party event partners or marketing and territorial communication initiatives, specifically identified, through the processing and analysis of information regarding preferences, habits, and consumption choices, aimed at dividing interested parties into “profiles” or homogeneous groups based on behaviors or specific characteristics (customer profiling). This processing may also involve cross-referencing the data with new information obtained through third parties (data enrichment).

  4. Sharing your contact data with our Partner companies for the purpose of receiving commercial communications by mail, email, and SMS.

The provision of data for the promotional purposes described in points (2-4) requires your consent, without which it will not be possible to use the data for these purposes.

Your data will be processed throughout the duration of the contractual relationship and even after, for contractual needs and related legal and fiscal obligations, and for effective management of financial and commercial relationships, operations as indicated in Article 4 of the Privacy Code and Article 4, No. 2 of the GDPR. The Data Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no more than 5 years after the termination of the relationship for Service Purposes.

As the data subject, you may exercise the rights outlined in Article 7 of the Privacy Code and Articles 15 to 22 and Article 34 of the GDPR:

I. Obtain confirmation of the existence of personal data concerning you, even if not yet registered, and its communication in an intelligible form;

II. Obtain the indication:

a) The origin of the personal data;

b) The purposes and methods of the processing;

c) The logic applied in case of processing carried out with the help of electronic tools;

d) The identity of the data controller, the data processors, and the designated representative under Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR.

The rights provided by Articles 16-21 of the GDPR, including the right to access, rectify, delete, or limit the processing of data, as well as the right to object in whole or in part:

a) For legitimate reasons to the processing of data concerning you, even if relevant to the purpose of the collection;

b) To the processing of personal data concerning you for the purposes of sending advertising material or direct sales, conducting market research, or for commercial communication, using automated calling systems without the intervention of an operator via email and/or using traditional marketing methods via phone and/or postal mail.

Data Controller and Processor:
The Data Controller is: Graf Srl, Via Isonzo 19 – 03100 Frosinone, VAT No. 06537370154.
The Data Processor, whom you can contact to exercise your rights or for any clarifications regarding personal data protection, can be reached at: privacy.gdpr@graf.it or at:

Graf Srl, Via Isonzo 19 – 03100 Frosinone, VAT No. 03288430600.

bottom of page