Legal references Directive 2002/58/EC - on "the processing of personal data and the protection of privacy in the electronic communications sector". Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ec (General Data Protection Regulation).

2. The data controller

Following consultation of this site, data relating to identified or identifiable persons may be processed. THE OWNER of their treatment Z GROUP SRL VAT number IT 04737720286 , with registered office in Corso Stati Uniti 1/47 cap 35127 Padua and operational and administrative headquarters in Corso Stati Uniti 1/47 cap 35127 Padua hereinafter referred to as "Owner".

3. Personal Data Processor

The Data Controller, in accordance with the provisions of Regulation (EU) 2016/679 has appointed a Personal Data Processor who can be contacted at [email protected] by placing "attention personal data processor" in the subject line.

4. Place of data storage and retention times

The processing operations related to the web services of this site take place at the aforementioned headquarters of the Data Controller and are handled only by personnel expressly authorized by the Data Controller, or by any third party suppliers in charge of occasional operations, appointed as Data Processors pursuant to Article 28 of the RGPD. The data collected will be kept for each type of data processed exclusively for the time necessary to fulfill the specific purposes indicated in the specific summary information displayed on the pages of the site and prepared for particular services.

Purposes and methods of personal data processing

Z Group Srl processes the user's personal data (provided by the user when interacting with the Site for the following purposes: management of registration to the Site, to newsletters and mailing lists, management of purchase of products through the Site (which includes all activities functional to the sale and after-sales services, e.g. fraud prevention, management of returned products, warranty, customer support, interaction with customer service), management of participation in promotions and other initiatives carried out through the Site (e.g. contests, discounts and similar initiatives), management of user requests for information, questions, communications and feedback. Z Group Srl also processes the user's personal data in order to fulfill obligations under laws, regulations and EU legislation and to assert or defend a right in court. In these cases, the provision of data is mandatory and failure by the User to provide such data will make it impossible for the User to register to the Site, newsletters, proceed to purchase, other initiatives, use the Consumer Opinions service, or receive feedback to requests and communications. With the user's consent, which is free and optional, Z Group Srl may process personal data for the purposes of statistical research, market analysis, creation of individual profiles (profiling) and marketing, i.e. to send also by e- mail, sms and possible mms information and material of a promotional nature on products and special promotions and initiatives and discounts. The user will always be able to object to the sending of

promotional communications by e-mail: in each communication will be specified the modalities (easy and free) to object to the processing and not to receive any more communications.

In these cases, the provision of data is optional and failure to provide the data will result in the failure to send commercial communications and the absence of profiling. Z Group Srl may also retain the User's own purchase history and specifically the list of orders placed online and in-store for the period of time the User's account is active and for the next five years after deactivation. Regarding the purchase of products through the Site please refer site to "terms and conditions of use), available at the following address: www.zhanggroup.net.

Z Group Srl processes personal data mainly with electronic , paper and automated tools, according to logics and procedures related to the purposes specified above. The data are kept only for the time functional to the achievement of the specific purpose from time to time pursued and in any case for the term provided by law(invoices) of 10 years.

Z Group Srl processes personal data mainly with electronic , paper and automated tools, according to logics and procedures related to the purposes specified above. The data are kept only for the time functional to the achievement of the specific purpose from time to time pursued and in any case for the term provided by law(invoices) of 10 years.

Z Group Srl does not associate browsing data with specific cookies in order to prepare targeted advertising (for example, to display ads tailored to your profile on third-party sites, ads that may be of interest to you or a sales return when you read an email containing a particular offer). However, this type of targeting is made possible by our advertising partners' technologies that link the same user's browsing data on these sites, social network platforms, and third-party sites, regardless of the device used.

On social network platforms (e.g., Facebook or Instagram): you can disable this processing at any time by configuring the advertising settings in your account

On third-party sites: you can refer to our Cookie Policy to learn how to withdraw your consent

Rejecting only targeted advertising means that you will no longer be the recipient of advertising specifically targeted to you. This will not affect or prevent you from viewing or receiving other non-targeted advertising

6 Types of data processed

6.1 Browsing Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check that it is working properly and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

6.2 Data provided voluntarily by the user

The optional, explicit and voluntary sending of personal data by the user in the registration forms on this site involves the subsequent acquisition of the data provided by the sender, necessary for the provision of the requested service. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.

7. Links to other websites

This site may contain links or references for access to other sites, such as the social networks Facebook, Instagram, Youtube. By clicking on the appropriate links you can, for example, share our content. Please note that the Data Controller does not control the cookies or other tracking technologies of such websites to which this Policy does not apply.

8. Optional provision of data

Apart from what is specified for navigation data, the user is free to provide his/her own personal data. However, failure to provide them may result in the impossibility of obtaining what is requested.

9. Processing methods and retention times

Personal data are processed, including through the use of automated tools, for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The Data Controller has adopted all the minimum security measures required by law and inspired by the main international standards, it has also adopted additional security measures to minimize the risks pertaining to the confidentiality, availability and integrity of the personal data collected and processed.

10. Sharing, communication and dissemination of data

The data collected may be transferred or communicated to other companies for activities strictly related and instrumental to the operation of the service, such as the management of the computer system. The personal data provided by users who forward requests for the sending of informative material (brochures, informational material, etc.) are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose (companies that provide enveloping, labeling, shipping services). Outside of these cases, personal data will not be communicated unless provided for by contract or law, or unless specific consent is requested from the data subject.

In this sense, personal data could be transmitted to third parties, but only and exclusively in cases where:

  • (a) there is explicit consent to share data with third parties;
  • (b) there is a need to share information with third parties in order to provide the requested service;
  • (c) this is necessary to comply with requests from the Judicial or Public Security Authorities.

No data from the web service is disseminated.

11. Rights of data subjects

The legislation protecting personal data expressly provides for certain rights of the subjects to whom the data refer (so-called data subjects). In particular, pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to access, rectification, erasure, restriction of processing, notification, data portability, objection and not to be subject to decisions based solely on automated processing, including profiling. The data subject also has, in addition, the right to lodge a complaint with a supervisory authority if he or she believes that the rights indicated herein have not been granted to him or her.

12. Changes to these privacy policies

The Data Controller periodically checks its privacy and security policy and, where appropriate, revises it in relation to regulatory, organizational or technological changes. If the policies are changed, the new version will be posted on this page of the site.

13. Questions, complaints, suggestions and exercise of rights

By writing to the data controller Z Group Srl , with operational and administrative headquarters at Corso Stati Uniti 1/47 in Padua, Italy; or by sending an email to the address [email protected]