Privacy Policy

Privacy Policy

With this Privacy Policy, provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR” or “Regulation”), we inform the User about how their Personal Data (i.e., any information capable of directly or indirectly identifying them) will be processed when visiting and/or purchasing on the website www.hig-relays.com (hereinafter, the “Site”). This policy, together with the Cookie Policy and the Terms of Use and General Conditions of Sale, establishes the basis on which Users’ personal data will be processed.

​

Data Controller

The Data Controller of the personal data collected through the Site is HI-G S.R.L (“Seller” or simply “HI-G”), with registered office in SABAUDIA (LT) 148 Pontina, 3192 – 04016 Sabaudia (LT), VAT number 03157850599 (hereinafter referred to as the “Data Controller” or simply “Controller”), email address: info@higrelays.it

​

Methods of Processing Personal Data

We highly value our Users’ right to privacy and personal data protection, ensuring lawful processing.

​

Personal Data provided or acquired will be processed in accordance with the principles of fairness, lawfulness, transparency, and confidentiality protection, in compliance with current regulations. Appropriate security measures are taken to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

​

These security measures include SSL certificates and the HTTPS protocol to protect entered Personal Data and prevent unauthorized third-party access.

​

Processing is carried out using IT and/or telematic tools with organizational methods and logic strictly related to the stated purposes.

​

Personal Data Processed

When the User visits the Site, contacts us (via email, telephone, mail, etc.), subscribes to the newsletter, or places an order, we process certain Personal Data, either autonomously or through third parties.

​

The categories of processed personal data include:

• Identification, contact, and access data: name and surname, tax code (optional), email address, shipping address, phone number, and any other Personal Data voluntarily provided by the User.

• Purchase data: data related to completed purchases.

• Browsing data: connection details, IP addresses, domain names, and other parameters related to the browser and operating system used.

• Usage data: information generated by visiting the Site or making purchases on it, such as log data, registration details, interaction and transaction processes, performance indicators, browsing flow, and usage of functionalities.

• Billing data: in case the User requests an invoice.

​

Purposes and Legal Basis of Processing

The Controller processes Users’ Personal Data for its economic and commercial activities, for the specific purposes outlined below.

​

Purposes related to the Contract and Legal Obligations

​

• Site navigation;

• Activities necessary for the conclusion and execution of the purchase contract for products sold through the Site;

• Order processing;

• Customer service and support activities, including responding to requests, complaints, reports, and disputes from Users via email or other communication channels;

• Managing User requests through remote communication tools, such as email, chat, phone, SMS, chatbots, banners, notification systems, and other distance communication tools available on the Site;

• Compliance with obligations arising from current laws, regulations, or EU legislation (e.g., tax and accounting obligations) and responding to requests from competent administrative, tax, and judicial authorities;

• Administrative, accounting, and tax activities related to the contract concluded via the Site, including issuing receipts and/or invoices and maintaining accounting records;

• Handling requests related to the rights recognized to Users under the contract with the Controller, applicable law, or GDPR, and related activities.

​

For these purposes, the legal basis is the necessity to execute pre-contractual and contractual obligations to which the User is a party (Art. 6.1.b of the GDPR) or compliance with legal obligations to which the Controller is subject (Art. 6.1.c of the GDPR).

​

Therefore, processing is necessary to enable the conclusion and execution of the contract via the Site or to respond to pre-contractual requests made by the User regarding the Site. Failure to provide data will make it impossible for the User to conclude a contract via the Site and/or receive responses to requests.

​

Analysis, Statistics, and Other Non-Consent-Based Purposes

​

• Conducting statistical analyses on Site usage, browsing, and product searches to improve the Site and its product offerings;

• Ensuring compliance with the Controller’s contractual rights or proving fulfillment of obligations arising from the contract with the data subject or imposed by law, to prevent and/or counter fraudulent or harmful actions;

• Reminding the User, who has started the purchase process, that they have left a product in their shopping cart.

​

The legal basis for this processing is legitimate interest (Art. 6.1.f of the GDPR). In some cases, the legal basis consists of legitimate interest (Art. 6, paragraph 1, letter f in conjunction with Recital 47 of the Regulation), for sending transactional emails (e.g., abandoned cart reminders).

​

Direct Marketing and Profiling Purposes

​

• With the User’s consent, we will send commercial emails to provide updates, news, offers, promotions, and market research, also through automated processing tools such as emails and newsletters;

• With the User’s consent, we will process their Personal Data to attribute specific characteristics and preferences, and send personalized and differentiated commercial communications, also through automated processing tools such as “retargeting” or inclusion in clusters of users with common characteristics, based on their profile.

​

For this purpose, processing—including the final decision regarding the promotional communication to be sent or displayed to the User based on their cluster—is performed automatically, without human intervention, based on previously set algorithmic parameters.

​

​

The legal basis is the User’s explicit consent for this purpose (Art. 6.1.a of the GDPR). Providing data for this purpose is optional. Failure to provide consent, withdrawal of consent, or exercise of the right to object will not in any way affect the User’s ability to make purchases on the Site.

​

Direct Marketing and Profiling Purposes

With the User’s consent, we will send commercial emails to provide updates, news, offers, promotions, and market research, including through automated processing tools such as emails and newsletters.

​

With the User’s consent, we will process their Personal Data to assign them specific characteristics and preferences and send personalized and differentiated commercial communications, including through automated processing tools such as "retargeting" or by placing them in clusters of individuals with common characteristics, based on their profile.

​

For this purpose, processing—including the final decision regarding the promotional communication to be sent or displayed to the User based on their cluster—is carried out automatically, without human intervention, using algorithms with pre-set parameters.

​

The legal basis for this processing is the User’s explicit consent for this purpose (Art. 6.1.a of the GDPR). Providing data for this purpose is optional. Failure to provide consent, withdrawal of consent, or exercising the right to object will not affect the User’s ability to make purchases on the Site.

​

Soft-Spam

​

To send commercial communications to the User's email address, provided during the purchase of products via the Site, to promote the direct sale of similar products. This activity does not require prior explicit consent from the data subject, as it is based on the legal provision of Art. 130, paragraph 4, of the Italian Privacy Code (Legislative Decree No. 196 of June 30, 2003), which expressly allows such communication, provided the User does not initially or subsequently refuse this use.

​

Modification of Choices and Withdrawal of Consent

​

If consent has been given, the User may revoke the consent at any time and/or object to the processing of personal data for general marketing and profiling purposes through the methods indicated in the section ‘Data Subject Rights’ later in this notice.

​

If consent is revoked, processing carried out based on previously given consent will still be considered lawful. In the event of withdrawal of consent and/or objection to the processing of their data for general marketing purposes, the User’s data will no longer be processed for such purposes and will be retained by the Data Controller only when another legal basis justifies the processing (e.g., contract execution, legal obligation, legitimate interest).

​

Data Retention Period

​

The Data Controller will process the User’s personal data for the time necessary to achieve the purposes for which such data were collected, as defined in this notice. However, for each of the specified purposes, the personal data collected will be retained for the following periods:

• For contract-related purposes: The Controller will process the User’s data for the time strictly necessary to carry out the individual processing activities. Once this period has expired, the Controller may retain the data for the purposes and maximum retention periods outlined in other sections of this notice, if relevant, and/or in cases provided for by the GDPR and/or law.

• For tax, administrative, accounting, and legal compliance purposes: Until the statutory deadlines for fulfilling each obligation expire and/or for the legally mandated retention periods.

• For purposes based on the Controller’s legitimate interest: The Controller will process the User’s data for the time strictly necessary to satisfy such interest unless, in the event of disputes or complaints, the Controller needs to retain personal data for legal defense activities (up to 10 years for statutory limitations) or, in the case of litigation, for as long as required by the dispute or specific authority requests. The User may obtain more information about the legitimate interest pursued by contacting the Controller.

• For marketing and profiling purposes: Until consent is withdrawn and, in any case, for a period of 5 years from when the User provided or renewed consent.

​

After these retention periods, the Personal Data will be deleted, and the User will no longer be able to exercise rights such as access, deletion, rectification, and data portability.

​

Data Disclosure and Sharing

​

In addition to the Data Controller, certain third parties may have access to the data in some cases, including:

• Third parties performing ancillary and instrumental tasks related to the Controller’s activities, processing personal data on behalf of the Controller, such as payment services, legal and accounting professionals, system administrators, logistics companies, providers of logistics management services, newsletter services, and manufacturers for product repairs.

• Public or private entities that may access the data under legal, regulatory, or authority-issued provisions.

• Potential buyers of the Data Controller’s company and entities resulting from mergers or other corporate transformations.

​

Depending on the case, these recipients process the User's personal data as appointed data processors, data controllers, or independent data controllers. The User may request the updated list of Data Processors under Art. 28 of the GDPR.

​

Location of Data Processing and Transfer of Data Abroad

​

Data processing primarily takes place in Italy and within the European Union. However, certain third-party tools may process user data outside the European Economic Area (EEA) ("Third Countries").

​

The transfer of data to Third Countries may occur through external tools that enable specific services (e.g., statistical analysis, newsletters, remarketing, advertising, social media buttons).

​

In some cases, the use of such tools may involve transferring the personal data of users visiting this website to a Third Country, such as the United States, where there is no adequacy decision by the European Commission.

​

If data needs to be transferred to Third Countries, the Data Controller commits to ensuring that the destination country guarantees an adequate level of protection, as required by Article 45 of the GDPR. Such transfers will be regulated based on the European Commission’s Standard Contractual Clauses for the transfer of personal information outside the EEA under Article 46.2 of the GDPR.

​

Cookies

​

This website uses cookies. Cookies are small text files that websites can install on users’ devices to enhance their browsing experience and personalize content, advertisements, social media functions, and traffic analysis. For more details, read the Cookie Policy.

​

Personal Data Processing Tools

​

Contact Form:

​

By filling out the contact form, the User consents to the processing of the personal data entered and their use to respond to information requests. The personal data processed includes the information requested in the form and any other personal data voluntarily provided by the User in the message body.

​

Newsletter and Direct Marketing:

​

The newsletter service allows the Data Controller to send users commercial communications, promotions, and updates on new products via email. Email addresses are managed through a database containing users who have subscribed to the newsletter by consenting to receive commercial communications or after making a purchase (in cases of soft-spam).

​

Users can unsubscribe from the newsletter at any time via the unsubscribe link in the emails. Once a user requests removal, their data will be deleted from the website’s email marketing database.

​

Personal Data processed by this service includes:

• Name and surname

• Email address

• Shipping and billing address

• Tax Code (optional)

• Payment information

• Phone number

​

Additionally, the website’s newsletter software may process data related to the date and time a message was viewed or links clicked within the email. This website uses the following email marketing service: [Insert Service Name].

​

Social Media Buttons

Users can use social media buttons to visit the website's social media pages. These tools collect users' personal data, such as traffic data on the visited pages. The website includes the following social media buttons:

• Instagram (Meta Platforms Ireland Limited): The Instagram button allows interaction with the Instagram social network.

  • Collected Personal Data: Cookies, Usage Data, and other data as per its privacy policy.

  • Processing location: Ireland – United States – Privacy Policy

• Facebook (Meta Platforms Ireland Limited): The Facebook button and widgets enable interaction with the Facebook social network.

  • Collected Personal Data: Cookies and Usage Data.

  • Processing location: Ireland – United States – Privacy Policy

​

Statistics

​

Statistical services allow the Data Controller to monitor and analyze traffic data and track User behavior. This website uses the following third-party services:

• Google Analytics (Google Ireland Limited)
  Google Analytics is a web analytics service provided by Google Ireland Limited. Google uses the collected personal data to track and examine website usage, compile reports, and share data with other Google services. Google may use this data to personalize ads within its advertising network. Google may also transfer this information to third parties when required by law or when third parties process data on Google's behalf.

  This website has activated IP anonymization in Google Analytics. The IP address transmitted by the browser for Google Analytics purposes will not be merged with other Google data.

  The use of Google Analytics may involve transferring users' personal data to a Third Country, such as the United States, which does not have an adequacy decision by the European Commission.

  To disable Google Analytics tracking, users can download the browser add-on at the following link: Google Analytics Opt-Out.

  • Collected Personal Data: Cookies, IP address, Usage Data, and other personal data as defined in Google’s privacy policy.

  • Processing location: Ireland and, in some cases, the United States – Privacy Policy.

​

REMARKETING

​

These services allow this Site to communicate, optimize, and serve advertisements based on the User’s past use of this Website. This activity is carried out by tracking Usage Data and using Cookies. This Website utilizes the following services:

​

Facebook Remarketing (Meta Platforms Ireland Limited) Facebook Remarketing is a remarketing and behavioral targeting service provided by Meta Platforms Ireland Limited (‘Meta’), which connects this Site’s activity with the Meta advertising network. This Site uses the Facebook Pixel tool to measure conversions.

Thanks to the Facebook Pixel, it is possible to understand the actions that people take on the Website. The data collected can be used to ensure that ads are shown to the right people, create target audience groups for advertisements, and leverage additional advertising tools of the platform on which advertising is performed. The information collected is anonymous to the operators of this Site and cannot be used to identify an individual user. However, the information is saved and analyzed by Facebook, which may associate the action with a single profile and use this information for internal advertising purposes within Facebook, as outlined in Facebook’s privacy policy. This allows Facebook to display ads both on Facebook and on third-party sites. The Site Owner has no control over how these data are used. For more information on how users can protect their privacy, please refer to Facebook’s Privacy Policy. Data processing location: IRELAND and UNITED STATES.

​

Google ADS (Google Ireland Limited) Google ADS is a service provided by Google Ireland Limited that connects this Website with Google’s advertising network. This Website uses Google Analytics Remarketing features combined with Google ADS’ cross-device capabilities. This functionality makes it possible to link target groups for promotional campaigns created by Google Analytics Marketing functions with the cross-device adaptability of Google ADS. This allows advertisements to be displayed based on the user’s personal interests, identified through an analysis of the user’s behavior on the web, whether on a mobile device or other devices. It is possible to permanently disable targeting and remarketing features by disabling the “personalized advertising” function in the Google account. To do so, simply follow the opt-out link. Personal Data collected: Cookies and Usage Data. Data processing location: Ireland – Privacy Policy - Opt-out.

​

Facebook Pixel (Meta Platforms Ireland Limited) This site uses the Facebook Pixel, a conversion tracking tool provided by Meta Platforms, Inc. This analyzes conversions attributable to Facebook sponsorships by using and analyzing some Personal Data of the user. Personal Data collected: Cookies; Usage Data. Data processing location: Ireland and, in some cases, the UNITED STATES - Privacy Policy.

​

PAYMENT MANAGEMENT

To manage order payments, this Site relies on the following third-party tools:

​

• PayPal (PayPal Europe S.à.r.l. et Cie, S.C.A Inc.) PayPal is a payment service provided by PayPal Europe S.à.r.l. et Cie, S.C.A Inc., which allows the User to make online payments using their PayPal credentials. Personal Data collected: Cookies and various types of Data as specified by the service’s privacy policy. Data processing location: LUXEMBOURG - Privacy Policy.

• Apple Pay (Apple Payments Inc.) Apple Pay is a non-instant mobile payment tool created by Apple Inc. Personal Data collected: Cookies and various types of Data as specified by the service’s privacy policy. Data processing location: UNITED STATES - Privacy Policy.

• Google Pay (Google LLC) Google Pay is a digital wallet system developed by Google LLC. Cookies and various types of Data as specified by the service’s privacy policy. Data processing location: EUROPEAN ECONOMIC AREA - UNITED STATES - Privacy Policy.

​

SECURITY MEASURES

This Site uses security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. The security measures adopted include the SSL certificate and the HTTPS protocol to protect entered Personal Data and prevent unauthorized third-party access.

​

Google reCAPTCHA (Google Ireland Limited) This Site uses the Google reCAPTCHA tool, a service provided by Google Ireland Limited that protects the Site from spam and abusive use by bots. The service verifies that the user is a person and not a bot by displaying questions based on texts or images, or in some cases, through a JavaScript element in the source code that analyzes the User’s behavior and operations to rule out bot activity without displaying questions. For more information on the data collected by the application, please refer to the relevant Privacy Policy and Terms of Service.

​

LIVE CHAT

​

WhatsApp (Meta Platforms Ireland Limited) The live chat via the ‘WhatsApp’ channel can be used by users to access customer support services before, during, and after the purchase. The service is provided by Meta Platforms Ireland Limited and may use various technologies to collect and store information when the services it integrates with are used. This may include the use of cookies and similar tracking technologies. Data processing location: IRELAND – Privacy Policy.

​

Rights of Data Subjects

Data subjects have the right to exercise the rights provided for in Articles 7, 15-22 of the Regulation.

​

In particular, Users have the right to obtain access, updating, rectification, or, when interested, the integration of data; the deletion, anonymization, or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed; and confirmation that the above operations have been notified, also regarding their content, to those to whom the data were communicated or disseminated, except when such compliance proves impossible or involves a disproportionate effort concerning the protected right.

​

Additionally, Users have the right to withdraw consent at any time, where processing is based on their consent, to request data portability, i.e., to receive all Personal Data concerning them in a structured, commonly used, and machine-readable format, to request the limitation of Personal Data processing and/or deletion (“right to be forgotten”), as well as the right to object to the processing of Personal Data concerning them and to the processing for direct marketing purposes.

​

Pursuant to the applicable regulations, the Data Controllers inform that Users have the right to obtain information on (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with electronic tools; (iv) the identifying details of the Data Controllers and processors; (v) the subjects or categories of subjects to whom personal data may be communicated or who may learn about them as processors or authorized persons.

​

Data subjects may exercise their rights by sending a specific communication to the Data Controller:

• By email to: Info@higrelays.it

• Using the contact section

If Users believe that the processing concerning them violates the Regulation, they also have the right to lodge a complaint with the Data Protection Authority as the supervisory authority on personal data protection (Garante per la protezione dei dati personali, located at Piazza Venezia n. 11 - 00187 – Rome (http://www.garanteprivacy.it/)).

​

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time, notifying Users on this page. Users are encouraged to check this page frequently, taking as reference the date of the last modification indicated at the bottom. If Users do not accept the changes to this Privacy Policy, they must cease using this Website and may request the Data Controller to remove their Personal Data.