Privacy Policy

Pursuant to Article 13 of Regulation (EU) No 2016/679 (hereinafter, “GDPR”) and Article 13 of Legislative Decree No 196/2003 (the “Data Protection Code”, hereinafter, “Code”), we hereby inform you that your personal data collected by Point S.r.l., acting as Data Controller pursuant to Articles 4 and 24 of the GDPR, through the website https://www.pointhouse.it/ (hereinafter, “Website”), will be processed as follows.

1. Data Controller.

The Data Controller is Point S.r.l., VAT No. 04340830266, with registered office at Via Veneto, 10, (31040) Gorgo al Monticano (TV), Italy, certified e-mail pointcreative@pec.it, e-mail info@pointhouse.it (hereinafter, “Controller”).

2. Types of personal data collected and purposes of processing.

The personal data provided by the user will be processed for the following purposes:

  1. Contact form and other user requests: if the user contacts the Controller to submit enquiries about products and/or requests for assistance, the data provided by the user (first name, surname, nationality, province, city, e-mail, phone number, occupation) will be processed by the Controller solely for the purpose of handling the user’s request;
  2. Login area: if the user (as a registered reseller) accesses their dedicated area to place orders, check order history, activate assistance procedures, or download product-related materials, the data provided by the user (e-mail) will be processed for the management of the user’s login area and to enable the use of services offered to registered users;
  3. area riservata: nel caso in cui l’utente (quale agente registrato) acceda alla propria area dedicata per gestire la propria attività, tramite visione dei clienti e dei relativi ordini, monitorare l’attività e, se autorizzato, operare per conto dei clienti, i dati forniti dall’utente (e-mail) verranno trattati per la gestione dell’area riservata dell’utente e permettere la fruizione dei servizi offerti agli utenti registrati;
  4. newsletter and other promotional communications: if the user requests to subscribe to the newsletter service of the Controller, the data provided (e-mail) will be processed to send commercial and/or promotional communications about the Controller’s products and services (“Direct Marketing”);
  5. profiling activities: if the user provides their data for this purpose, the data provided will be processed to analyse behaviour, habits and consumer propensities in order to improve the products and services provided by the Controller, as well as to meet the specific needs of the user (“Profiling”);
  6. candidate selection procedure: if the user accesses the “work with us” section of the Website to submit their application, the data provided by the user (first name, surname, e-mail, phone number, nationality, information included in the uploaded curriculum vitae) will be processed to assess the professional aptitude and competences of the candidate;
  7. whistleblowing reports: if the user submits, in any form (written and/or oral), a report made pursuant to Legislative Decree No 24/2023, the data of the whistleblower and/or of any persons involved or mentioned in the report and those of facilitators indicated in the report will be processed for the collection and management of the report submitted.

3. Legal basis for processing.

The Controller processes data only in the presence of one of the conditions provided for under applicable law, and specifically:

  • for the purposes referred to in section 2, letter a), b), c) and f) [“Contact form and other user requests”, “login” and “candidate selection procedure”], for the performance of a contract to which the user is party or for the execution of pre-contractual measures taken at the request of the user, pursuant to Article 6(1)(b) GDPR, as well as for the pursuit of the legitimate interest of the Controller (management of commercial relationships), pursuant to Article 6(1)(f) GDPR;
  • for the purposes referred to in section 2, letter b), c) and g) [“login” and “whistleblowing reports”], to comply with a legal obligation to which the Controller is subject, pursuant to Article 6(1)(c) GDPR;
  • for the purposes referred to in section 2, letter d) and e) [“newsletter and other promotional communications” and “profiling activities”], solely and exclusively on the basis of the user’s consent, pursuant to Article 6(1)(a) GDPR.

4. Nature of data provision.

The provision of data for the purposes referred to in section 2, letter a), b), c) and f) is mandatory. Failure to provide such data will make it impossible to guarantee the fulfilment of the requested services.
The provision of data for the purposes referred to in section 2, letter d) and e) is optional. Refusal to provide such data will not affect the usability of the Controller's other services. The provision of data for the purposes referred to in section 2, letter g) is optional, but necessary for the collection and management of reports, as well as related activities, in accordance with the purposes stated above. Failure to provide, or partial or inaccurate provision of, data may result in the impossibility of collecting and managing the report.

5. Data retention periods.

Data are retained for a period determined by the type of processing and its related purpose. At the end of that period, the data will be permanently deleted or irreversibly anonymised, unless it is necessary to retain the data for a longer period in order to protect the Controller's rights before a judicial authority, to comply with requests from competent authorities, or to fulfil obligations under applicable law.
Without prejudice to the foregoing, the retention periods are as follows:

  • data processed through the Contact form and related to user requests: the data necessary to process the user's request will be retained until the request is fulfilled and in any case within the maximum limit provided by law (10 years);
  • data processed through the login area: data are retained within the maximum limit provided by law (10 years);
  • data processed for the sending of newsletters and other promotional communications: data are retained until consent is withdrawn. The user may, at any time, independently stop receiving these communications by clicking on the appropriate link at the bottom of each newsletter sent by e-mail;
  • data processed for profiling activities: data are retained until consent is withdrawn;
  • data processed through the "work with us" section: data will be retained for the time necessary to carry out the selection procedure and, in any case, data will be deleted within 2 years of their acquisition through the Website;
  • data processed for the management of whistleblowing reports: pursuant to Article 14 of Legislative Decree No 24/2023, data are retained for the time necessary for the collection and management of the report and in any case no longer than 5 years from the date of communication of the final outcome of the reporting procedure.

6. Methods of processing.

Data will be processed using manual, paper-based, electronic, computer, telematic means, stored on information media, as well as on any other suitable medium, in compliance with security and confidentiality measures in accordance with the so-called data protection by default, i.e. the application of measures designed to minimise the risks of data dissemination

7. Categories of recipients of personal data.

Solely for the purposes specified above, all data collected and processed may be disclosed to the Controller’s shareholders, employees or collaborators formally authorised to process data by virtue of their respective roles, as well as to third parties to whom it may be necessary to disclose the data (such as, by way of example, third-party companies or other entities carrying out activities in outsourcing on behalf of the Controller, data processing companies, technical service providers, hosting providers, IT companies, communication agencies, insurance companies, consultants and professionals, affiliated companies, agents acting on behalf of the Controller, credit institutions). Such recipients, where they process data on behalf of the Controller, will be designated as data processors pursuant to Article 28 of the GDPR, by means of an appropriate contract or other legal instrument. The details of the appointed data processors will be provided upon the user’s request. Data will not be disseminated.

8. Transfer of data to a third country and/or an international organisation.

Without prejudice to disclosures made in fulfilment of legal and contractual obligations, all data collected and processed may be communicated within Italy and in any case within the EU, solely for the purposes specified above.
It is understood in any case that transfers of personal data to countries not belonging to the European Economic Area or to an international organisation are permitted on the condition that the adequacy of the third country or organisation is recognised by a decision of the European Commission (Article 45 GDPR). In the absence of such a decision, the Controller may transfer the data by providing appropriate safeguards that include enforceable rights and effective remedies for the data subjects concerned (Article 46 GDPR).

9. Rights of the data subject.

We hereby inform you that you may exercise the rights granted by Articles 15 to 21 and 77 of the GDPR, and in particular:

  1. right of access: the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to such data;
  2. right to rectification and erasure: the right to obtain the rectification of inaccurate data and/or the completion of incomplete data, or the erasure of data on legitimate grounds;
  3. right to restriction of processing: the right to request the suspension of processing where legitimate grounds exist;
  4. right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format, and the right to transmit such data to another data controller;
  5. right to withdraw consent at any time without prejudice to the lawfulness of processing based on consent given prior to withdrawal;
  6. right to object: the right to object to the processing of data where legitimate grounds exist, including processing carried out for marketing and profiling purposes, where applicable;
  7. right to lodge a complaint with the supervisory authority in the event of unlawful processing of data (Italian Data Protection Authority “Garante per la protezione dei dati personali”, https://www.garanteprivacy.it/home).

The aforementioned rights may be exercised by sending a written communication by e-mail to info@pointhouse.it or by registered letter with acknowledgement of receipt to Via Veneto, 10 - (31040) Gorgo al Monticano (TV), Italy.

10. Specific information for users in the United Kingdom.

This section applies to users in the United Kingdom who interact with the Website www.pointhouse.it. The processing of personal data of such users is governed, in addition to the GDPR, also by the “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (United Kingdom General Data Protection Regulation)” (hereinafter, “UK GDPR”).
The Controller has not appointed a representative in the United Kingdom as the exemption conditions under Article 27(2)(a) UK GDPR are met (the processing of data of users in the United Kingdom does not take place on a large scale and does not involve special categories of personal data within the meaning of Article 9 UK GDPR, nor data relating to criminal convictions and offences within the meaning of Article 10 UK GDPR).
The transfer of personal data from the United Kingdom to the European Union is lawful by virtue of the adequacy decision adopted by the UK Government in respect of the countries of the European Economic Area, pursuant to Article 45 UK GDPR, which recognises a level of data protection substantially equivalent to that guaranteed by the UK GDPR. Likewise, any transfer of personal data from the European Union to the United Kingdom is permitted by virtue of the adequacy decision of the European Commission in respect of the United Kingdom, adopted pursuant to Article 45 GDPR, which has recognised the level of protection afforded by the UK legal framework as substantially equivalent to that ensured by the GDPR.
Users in the United Kingdom enjoy, by virtue of the UK GDPR, the same rights recognised under Section 9 of this privacy policy. Users in the United Kingdom also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the competent supervisory authority in the United Kingdom for data protection, located at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, www.ico.org.uk.

Should the purposes or methods of processing of personal data undergo significant changes, we will promptly update this notice.

Gorgo al Monticano (TV), 10 April 2026.
The Data Controller
Point S.r.l.