PRIVACY POLICY
Pursuant to and for the purposes of Article 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such Data (the “Regulation” or the “GDPR”) and of Legislative Decree No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such Data (the “Regulation” or the “GDPR”) and of Legislative Decree No 2016/679 of the European Parliament and of the Council of 30 June 2003, No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such Data (the “Regulation” or the “GDPR”). 196 “Personal Data Protection Code” (“Code”) (Code and Regulations also jointly defined as “Regulations”) users are informed (“Users”) that their Personal Data will be processed in compliance with the current Regulations and as specified below.
Definitions
For the purposes of this Information Notice, the following pairs of terms are to be considered equivalent: “Interested Party/User”, “Breaters/Titular”.
Information on the Processing of Personal Data
2. Purpose of Treatment
Purpose of Treatment | Legal basis |
The Personal Data of the interested party are processed in order to fulfill the legal obligations incumbent on the Owner (e.g. accounting, administrative, tax obligations concerning the management and invoicing of services provided for in the Contract). | The Treatments carried out for these purposes are carried out according to a legal obligation to which the Owner is subject and do not require the specific consent of the interested party. |
The User’s Personal Data is processed in order to ensure the proper functioning of the Site, to prevent fraud and to obtain anonymous statistics on the use of the Site. | The processing operations carried out for these purposes are carried out on the basis of a legitimate interest of the Data Controller. |
The Personal Data of the interested party are processed in order to provide the Services requested by the latter or to process the pre-contractual requests of the same. | The Treatments put in place for these purposes are necessary for the fulfilment of contractual obligations or to carry out pre-contractual measures requested by the Interested Party and do not require specific consent from the Interested Party. |
The Data of the Interested Party abstractly falling within the “Particular Categories of Personal Data” referred to in Article 9 of the Regulation may be processed, albeit involuntarily, in the context of the provision of the Services. | The treatments carried out for this purpose are carried out on the basis of the consent expressed by the interested party. |
The Personal Data of the interested party are processed in order to send the latter communications by e-mail or messages via social networks regarding new initiatives of the Owner, such as, by way of example, new services provided by the Owner similar to those already provided. | The Treatments carried out for this purpose are carried out on the basis of a legitimate interest of the Owner (recital 47 of the Regulations and art. 130, paragraph IV of Legislative Decree 196/2003) and the consent of the interested party is not required, without prejudice to the right of subsequent opposition. |
Some Personal Data of the interested party (for example name, surname, social profile photo) may be processed by Breaters on its communication channels (eg. on its website). | The treatments carried out for this purpose are carried out on the basis of the consent expressed by the interested party. |
Some Personal Data of the Interested Party may be processed in order to provide Services tailored to the needs of the Interested Party (e.g. customized video material). | The treatments carried out for this purpose are carried out on the basis of the consent expressed by the interested party. |
3. Methods of Treatment and categories of Recipients.
3.1 Unless expressly provided otherwise in this Information Notice, the Data Subject is informed that the Processing of his/her Personal Data is carried out by means of manual systems and/or computerised, telematic or automated systems, in compliance with the principles of pertinence, lawfulness, correctness and purposes provided for by the Regulations.
3.2 The Data Controller processes the Personal Data of the Data Subject by adopting the appropriate Security Measures aimed at minimizing the risks of unauthorized access, dissemination, loss and destruction of said Data, in accordance with the Regulations.
3.3 The Data Subject is also informed that the Processing of Personal Data for the purposes indicated above may be carried out by the Data Controller directly or with the collaboration of other subjects, in their capacity as Managers, Designated or Authorized (e.g. employees and/or collaborators of the Data Controller). In particular, Personal Data may be communicated to the following categories of Managers:
– External companies, professionals or IT (information technology) consulting and support companies
– Companies, professionals or consulting and assistance companies in accounting matters (e.g. accountants)
– Managers of e-mail services (e.g. aruba mail, gmail, etc.).
– Managers of third party services used (for example ManyChat, Calendly, Facebook, Google Meet, Active Campaign, Stripe, etc.).
3.4 The list of Managers can be consulted at any time, by sending a request to the e-mail address indicated in art. 7.1 below.
4. Data Transfer
4.1 We inform the interested party that the Personal Data processed by the Data Controller may be transferred to other countries in the European Union.
4.2 We inform the interested party that the Personal Data processed by the Data Controller may be transferred to other countries outside the European Union, for which there is a Commission adequacy decision.
5. Data Retention Period
5.1 Without prejudice to the provisions of art. 10.2 of the Contract, the Personal Data processed by the Owner will be processed for the entire duration of the contractual relationship, for the execution of the fulfilments inherent and consequent to the same, as well as for its own defensive purposes until the expiration of the limitation period of the applicable law.
5.2 This is without prejudice to the right to process certain Personal Data even for a longer period of time, where required by specific legal regulations (e.g. invoicing and related obligations, debt collection).
6. Rights of the interested party
6.1 The interested party may at any time exercise the rights provided for in the Regulations pursuant to Articles 15-22. In particular:
7. Owner of the treatment
8. Changes to this Privacy Policy
The Owner reserves the right to make changes to this Privacy Policy at any time, advertising it to Users on this page and/or by email.
8.1 Users are therefore invited to consult this page frequently, taking as reference the date of last modification indicated at the bottom.
8.2 Unless otherwise specified and without prejudice to the rights under Articles 15-22 of the Regulation, the previous Privacy Policy will continue to apply to Personal Data processed until that moment.
This Notice was published on 11 March 2020.
LIST OF THIRD PARTY SERVICES USED
This section indicates the services of Third Parties that may be used to perform the Treatments indicated in the above Information.
Privacy Policy: https://policies.google.com/privacy?hl=it
2. Active Campaign
Purpose: User Data Base Management and sending emails related to the provision of Services or falling within the soft spam category.
Privacy Policy: https://www.activecampaign.com/privacy-policy/
3. ManyChat
Purpose: execution Services
Privacy Policy: https://manychat.com/privacy.html
4. Calendly
Purpose: booking Services
Privacy Policy: https://calendly.com/pages/privacy
5. Facebook
Purpose: execution Services
Privacy Policy: https://www.facebook.com/privacy/explanation
6. Google Meet
Purpose: Execution Services
Privacy Policy: https://policies.google.com/privacy?hl=en&gl=ZZ
7. Stripe
Purpose: Execution of payments
Privacy Policy: https://stripe.com/it/privacy