The Data Controller of this website is John Steventon email: email@example.com
Methods of personal data processing
The personal data provided or acquired are subjected to a treatment based on principles of correctness, lawfulness, transparency, and protection of privacy pursuant to current legislation. The Data Controller processes the user’s personal data adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of personal data. Data are processed by means of IT and/or telematic tools, by implementing organizational methods and strategies that are connected to the purposes of the activity.
Purposes for processing the collected data and legal basis
Personal data can be collected autonomously by the Data Controller or by third party. In this case, the computer systems and software used by the website acquire certain user’s personal data, IT-related (for example, the IP address, the browser used, the operative system, the domain name, and the websites addresses from which you have accessed or exit, etc.), whose transmission is inherent to the correct functioning of the Internet. Such data can be processed for the sole purpose of obtaining anonymous statistical information on the use of the website and/or controlling its correct functioning; after their processing, they are immediately erased. The data the user chooses to provide spontaneously are collected to allow the website to provide its services and for the following purposes:
a) to fulfill any kind of obligation required by the contract made between the user and the Data Controller for the sale of the Services offered on the website and to provide the information required by the user. This processing is mandatory for the execution of the contract to which the User is a party, for the execution of pre-contractual measures or to fulfill a legal obligation to which the Data Controller is subject;
b) for a possible registration procedure aimed at the purchase of the Services and for the purchase procedure needing the insertion of own personal data, tax billing profiles, and the like. In that case, data are processed for the execution of the contract, to contact the user in relation to the contract and for its management, the management of statutory warranty claims, assistance, requests for withdrawal, management, and termination of the contract. This processing is mandatory for the execution of the contract to which the User is a party;
c) for a possible registration procedure of the User on the website in order to access some of the Services offered free of charge by the Data Controller, as well as to access to the website’s Forum area;
d) to fulfill any kind of obligation required by current laws, regulations, associated regulations, commercial use, and taxation/fiscal subjects. This processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
e) to act on specific requests made by the user to the Data Controller for informative communications related to the Data Controller’s services by e-mail or filling in contact forms and using other communication tools like a phone. This processing is optional, and it is based on the user’s consent, nevertheless, the non-reporting of one or more data will cause the impossibility of responding to the information request and of using the services offered by the Data Controller;
f) for the sending of promotional and commercial information and offers sent by e-mail, mailbox or SMS. This processing is based on the consent freely expressed by the user;
g) for the sending through the newsletter service of information and promotional and commercial offers in order to stay updated on the activities carried out by the Data Controller;
h) for soft spam purposes to allow the Data Controller to send the user via e-mail promotional communication concerning Products and/or Services purchased without the need for the express and prior consent of the user, as required by art. 130, paragraph 4, Code of Privacy, and provided that the user does not exercise the right of opposition. This processing is based on art. 130, paragraph 4 of the Code of Privacy as told by Legislative Decree no.101 of 2018;
i) for carrying out statistical analysis on aggregated and anonymous data to analyze the user’s behavior, improve the products and services provided by the Data Controller and meet the user’s expectations;
l) for other additional purposes or related to that indicated above and falling within the sphere of the activities of the website.
Category of personal data processed
Among the personal data processed by this website, autonomously, or by a third party, there are common data for example Cookies, usage data, name, email, phone, tax data useful for purchasing. The optional, explicit, or voluntary transmission of emails by Contact Form or by the addresses specified on this website entails the successive acquisition of the sender’s address, which is necessary to answer the requests, and of any other personal data included in the email. The user’s consent to the provision of data is necessary to be inserted in the Data Controller’s database and in the interest of the establishment and correct functioning of what is offered to users, as well as third party for the fulfillment of the single activity required. Therefore, failure to provide it will hinder the registration in the Data Controller’s database, the refinement of any contract, as well as their execution and that of any other activity.
In some cases, in addition to Data Controller, may have access to data:
a) categories of persons specifically trained involved in the organization of the website (administrative staff, commercial staff, marketing staff, lawyers, system administrators);
b) external parties (like third-party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Data Controller ex art. 28 GDPR. The updated list of Data Processors, if appointed, can always be requested from the Data Controller;
c) public or private entities that can access the data in compliance with legal obligations;
d) subjects that perform instrumental tasks with respect to the activity of the Data Controller;
As expressly stipulated by art. 5.1.e) of the GDPR, data are stored for a period of time necessary to provide the service requested by the user, or for the time required for the purposes described in this document, particularly:
– The data collected for contractual obligations will be stored for the time necessary for the accomplishment of the mentioned purposes and in accordance with current legislation;
– The data collected for tax / administrative obligations will be stored for the time necessary for the accomplishment of the mentioned purposes and in accordance with current legislation;
– The data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is met; the user can obtain more information regarding the Data Controller’s legitimate interest by contacting him/her;
– The data collected based on the user’s consent can be stored until the withdrawal of the consent;
The Data Controller can store the data for a longer time in accordance with a legal obligation or by order of an authority.
At the end of the storing time, personal data will be deleted and consequently, access rights, deletion rights, rectification rights, and data portability rights can no longer be exercised.
Place of processing and transfer of data abroad
The data are processed at the Data Controller’s operating office. For more information, contact the Data Controller. The data can be processed by natural persons and/or legal entities acting on behalf of the Data Controller, under specific contractual obligations, and located in UE or non-UE countries. If the data are transferred outside the EEA, the Data Controller will adopt any contractual measure suitable to ensure adequate data protection.
Tools used for personal data processing
The user, filling in the contact Form with his/her data, agrees to their use to answer any request of information or any other purpose indicated by the form header. Personal data collected by the contact Form: email, name, and surname.
Contact Form 7 (Rock Lobster LLC)
EMAIL ADDRESSES MANAGING
These services permit to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the user. Furthermore, these services could permit to collect data related to the user’s data and time of viewing of messages, as well as track user’s interactions with them, such as information on clicks on the links included in the messages.
By subscribing to the newsletter, the user’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to this website may be transmitted. The user’s email address might also be added to this list as a result of signing up to this website or after making a purchase. The user can choose at any time to unsubscribe from the newsletter by clicking on a specific button he/she will find within the emails. After clicking the button, the user’s data will be immediately deleted by the “email marketing” software. Personal data collected: email and name.
This type of service analyzes the traffic of this website, potentially containing users’ personal data, with the purpose of filtering it from parts of traffic, messages, and content that are recognized as SPAM.
Akismet (Automattic Inc.)
SECURITY MEASURES ADOPTED
This website has an SSL certificate and uses the HTTPS protocol to secure the moment your personal data is entered. By using this protocol, the transactions and the data transmission to the websites take place with maximum security and the content of the communication is not read or manipulated by third parties anyway.
WORDFENCE SECURITY (Defiant, Inc)
To prevent cyberattacks and block suspicious users and IP addresses, this Website uses the Wordfence Security plugin, which installs a technical cookie (wfwaf-authcookie*) that helps determine if the user has suspicious characteristics. The Data Controller does not collect, store or share any personal data through this cookie. The data collected by this plugin is kept for 24 hours.
REGISTRATION ON THE WEBSITE
With the registration service, the user allows the website to identify her/him and give her/him access to the services dedicated.
The user registers directly on the website by filling out the form and providing her/his own data.
Statistics services allow the Data Controller only to monitor and analyze the traffic data and keep track of the user’s behavior. This website uses the following services:
Google Analytics (Google Ireland Limited)
Google Analytics is an analysis service offered by Google Ireland Limited. Google uses the collected personal data with the aim of tracking and examining the use of this website, compiling reports, and sharing them with other services developed by Google. Google may use the personal data collected to contextualize and personalize notices on its advertising network. Google can also transmit this information to third parties in case there are any legal requirements or in cases where such third parties process the information on Google’s behalf. On this website the function of anonymization of the IP address is active. The IP address transmitted by the browser for purposes connected to Google Analytics will not be embedded with other data that Google already possesses.
At the following link, https://tools.google.com/dlpage/gaoptout, Google provides the Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics. Personal data collected: cookies and usage data. Place of processing: Ireland – https://policies.google.com/privacy
INTERACTION WITH SOCIAL NETWORKS
Facebook (Meta Platforms Inc.)
The Facebook buttons are services for interaction with Facebook, offered by Meta Platforms Inc. Personal data collected: Cookies and usage data. Place of processing: Ireland – https://www.facebook.com/privacy/explanation
LinkedIn (LinkedIn Ireland Unlimited Company)
The LinkedIn buttons are services for interaction with LinkedIn, offered by LinkedIn Corporation. Personal data collected: Cookies and usage data. Place of processing: Ireland – https://www.linkedin.com/legal/privacy-policy
Twitter (Twitter International Company)
The Twitter buttons are services for interaction with Twitter, offered by Twitter, Inc. Personal data collected: Cookies and usage data. Place of processing: Ireland – https://twitter.com/privacy
Youtube (Google Ireland Limited)
The YouTube buttons are services for interaction with the video content viewing service managed by Google that allows this website to integrate such content within its pages. Personal data collected: Cookies and usage data. Place of processing: Ireland – https://policies.google.com/privacy
GitHub (GitHub Inc.)
The GitHub buttons are services for interaction with the web and cloud-based service offered by GitHub Inc. that allows developers to store and manage their code, as well as track and control its changes. Place of processing: Netherlands – https://docs.github.com/en/github/site-policy/github-privacy-statement
CONTENTS HOSTED ON EXTERNAL PLATFORMS
These services allow to display content hosted on external platforms directly from this website pages and to interact with them. If a service for interaction with social networks is installed, the website may collect traffic data about the pages, even if users do not use the service.
This website uses
YouTube (Google Ireland Limited)
YouTube is a video content viewing service managed by Google that allows this website to integrate such content within its pages. Personal data collected: Cookies and usage data. Place of processing: Ireland – https://policies.google.com/privacy
Payment processing services allow this website to process payments by credit card, bank transfer, or other means. The data used for payment are acquired directly from the manager of the payment service requested without being in any way processed by this website. Some of these services may also allow for the scheduled sending of messages to the user, such as emails containing invoices or notifications regarding payment. This website uses the following services:
Taxamo (Vertex Inc.)
Exercise of the rights of the data subject
The data subject may exercise the rights as described in the art. 7, 15-22 of the EU Regulation 679/2016. In particular, the right to withdraw his/her consent at any time and, simply asking the Data Controller, he/she may request access to personal data, receive the personal data provided by the Data Controller and, where possible, transmit them to another Data Controller of the processing without impediment (c.d. portability), obtain the update, the limitation of the processing, the rectification of data and the deletion of that processed in contrast with current legislation. The data subject has the right, for legitimate reasons, to oppose the processing of personal data concerning him/her processing for purposes of sending advertising materials, direct selling, and market research. The interested party also has the right to lodge a complaint with the Privacy Authority in its quality of supervisory authority. The data subject may exercise the rights by emailing the owner at: firstname.lastname@example.org.
Updated on November 4th 2023