PRIVACY POLICY

Pursuant to and for the purposes of Article 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such Data (the “Regulation” or the “GDPR”) and of Legislative Decree No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such Data (the “Regulation” or the “GDPR”) and of Legislative Decree No 2016/679 of the European Parliament and of the Council of 30 June 2003, No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such Data (the “Regulation” or the “GDPR”). 196 “Personal Data Protection Code” (“Code”) (Code and Regulations also jointly defined as “Regulations”) users are informed (“Users”) that their Personal Data will be processed in compliance with the current Regulations and as specified below.

Definitions

  • Authorized, the natural persons authorized to carry out Processing operations under the direct authority of the Owner or the Manager, pursuant to art. 29 of the Regulation and art. 2-quaterdecies of the Code.
  • Communication, giving knowledge of the Personal Data to one or more determined subjects other than the Data Subject, the representative of the Data Controller in the territory of the State, the Manager and the Authorized persons, in any form, also by making them available or consulting them.
  • Designated, the natural persons to whom specific tasks and functions related to the processing of Personal Data are attributed and who operate under the authority of the Data Controller or the Manager, pursuant to art. 2-quaterdecies of the Code.
  • Personal Data or Data, any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his/her physical, physiological, genetic, psychic, economic, cultural or social identity. For the purposes of this Information Notice, the notion of Personal Data or Data also includes the notion of “Particular Categories of Personal Data” referred to in Article 9 of the Regulation.
  • Dissemination, giving knowledge of Personal Data to unspecified subjects, in any form, also by making them available or consulting them.
  • Guarantor, the supervisory authority referred to in Article 51 of the Regulation.
  • Information or Privacy Policy, this document.
  • Interested, the User of Breaters.
  • Security Measures, the set of technical, computer, organizational, logistical and procedural measures adopted by the Owner to ensure a level of security appropriate to the risk of processing, pursuant to art. 32 of the Regulation.
  • Data Processor, the natural or legal person, public authority, service or other body processing Personal Data on behalf of the Data Controller.
  • Services, the services as better indicated and regulated in the Terms and Conditions of Use.
  • Terms and Conditions of Use or Contract, the contract between the Data Controller and the Data Subject.
  • Controller, the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria applicable to its designation may be determined by Union or Member State law.
  • Processing means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

For the purposes of this Information Notice, the following pairs of terms are to be considered equivalent: “Interested Party/User”, “Breaters/Titular”.

 

Information on the Processing of Personal Data

  1. Types of Data Processed

    1.1 Data processed automatically by the site, understood as those Data processed automatically by the computer systems responsible for the functioning of the site, the transmission of which is implicit in the use of internet communication protocols. This category includes, for example, the IP addresses of the devices used by Users who connect to the site, the URI addresses of the resources requested, the time of the request, the method used to submit the request to the server, the numerical code of the response provided by the server, some parameters relating to the operating system and the User’s computer environment.1.2 Data provided directly by the Interested Party, understood as those Data provided voluntarily by the Interested Party for the execution of pre-contractual measures or for the performance of the Services indicated in the Terms and Conditions of Use. We inform the Interested Party that: (i) the provision of the Data is optional; (ii) in case the Data Subject refuses to provide the Data, the Data Controller will not be able to follow up the pre-contractual measures or the provision of the Services. The Interested Parties are also informed that the Services are in no way comparable to medical, health, psychological and/or psychotherapeutic treatment, but that, despite this, it is possible that the Data Controller may, even involuntarily, process some Data that abstractly fall within the “Particular Categories of Personal Data” referred to in Article. 9 of the Regulations (by way of example, health-related data that are spontaneously communicated by Users in chat conversations); in this regard, the Data Controller will ask the Data Subject to give his/her consent during the Registration phase. Interested parties are informed that, for the above mentioned reasons (e.g. communication of Health Data spontaneously by Users in chat conversations), the Data Controller is obliged by the Regulations to request consent, which will constitute the legal basis of the Processing. This is without prejudice to the right of the Interested Parties to revoke the consent, it being understood that, in this case, the Data Controller may no longer be able to provide the Services.

    2. Purpose of Treatment

Purpose of Treatment Legal basis
The Personal Data of the interested party are processed in order to fulfill the legal obligations incumbent on the Owner (e.g. accounting, administrative, tax obligations concerning the management and invoicing of services provided for in the Contract). The Treatments carried out for these purposes are carried out according to a legal obligation to which the Owner is subject and do not require the specific consent of the interested party.
The User’s Personal Data is processed in order to ensure the proper functioning of the Site, to prevent fraud and to obtain anonymous statistics on the use of the Site. The processing operations carried out for these purposes are carried out on the basis of a legitimate interest of the Data Controller.
The Personal Data of the interested party are processed in order to provide the Services requested by the latter or to process the pre-contractual requests of the same. The Treatments put in place for these purposes are necessary for the fulfilment of contractual obligations or to carry out pre-contractual measures requested by the Interested Party and do not require specific consent from the Interested Party.
The Data of the Interested Party abstractly falling within the “Particular Categories of Personal Data” referred to in Article 9 of the Regulation may be processed, albeit involuntarily, in the context of the provision of the Services. The treatments carried out for this purpose are carried out on the basis of the consent expressed by the interested party.
The Personal Data of the interested party are processed in order to send the latter communications by e-mail or messages via social networks regarding new initiatives of the Owner, such as, by way of example, new services provided by the Owner similar to those already provided. The Treatments carried out for this purpose are carried out on the basis of a legitimate interest of the Owner (recital 47 of the Regulations and art. 130, paragraph IV of Legislative Decree 196/2003) and the consent of the interested party is not required, without prejudice to the right of subsequent opposition.
Some Personal Data of the interested party (for example name, surname, social profile photo) may be processed by Breaters on its communication channels (eg. on its website). The treatments carried out for this purpose are carried out on the basis of the consent expressed by the interested party.
Some Personal Data of the Interested Party may be processed in order to provide Services tailored to the needs of the Interested Party (e.g. customized video material). The treatments carried out for this purpose are carried out on the basis of the consent expressed by the interested party.

3. Methods of Treatment and categories of Recipients.

3.1 Unless expressly provided otherwise in this Information Notice, the Data Subject is informed that the Processing of his/her Personal Data is carried out by means of manual systems and/or computerised, telematic or automated systems, in compliance with the principles of pertinence, lawfulness, correctness and purposes provided for by the Regulations.

3.2 The Data Controller processes the Personal Data of the Data Subject by adopting the appropriate Security Measures aimed at minimizing the risks of unauthorized access, dissemination, loss and destruction of said Data, in accordance with the Regulations.

3.3 The Data Subject is also informed that the Processing of Personal Data for the purposes indicated above may be carried out by the Data Controller directly or with the collaboration of other subjects, in their capacity as Managers, Designated or Authorized (e.g. employees and/or collaborators of the Data Controller). In particular, Personal Data may be communicated to the following categories of Managers:

– External companies, professionals or IT (information technology) consulting and support companies
– Companies, professionals or consulting and assistance companies in accounting matters (e.g. accountants)
– Managers of e-mail services (e.g. aruba mail, gmail, etc.).
– Managers of third party services used (for example ManyChat, Calendly, Facebook, Google Meet, Active Campaign, Stripe, etc.).

3.4 The list of Managers can be consulted at any time, by sending a request to the e-mail address indicated in art. 7.1 below.

4. Data Transfer

4.1 We inform the interested party that the Personal Data processed by the Data Controller may be transferred to other countries in the European Union.

4.2 We inform the interested party that the Personal Data processed by the Data Controller may be transferred to other countries outside the European Union, for which there is a Commission adequacy decision.

5. Data Retention Period

5.1 Without prejudice to the provisions of art. 10.2 of the Contract, the Personal Data processed by the Owner will be processed for the entire duration of the contractual relationship, for the execution of the fulfilments inherent and consequent to the same, as well as for its own defensive purposes until the expiration of the limitation period of the applicable law.

5.2 This is without prejudice to the right to process certain Personal Data even for a longer period of time, where required by specific legal regulations (e.g. invoicing and related obligations, debt collection).

 

6. Rights of the interested party

6.1 The interested party may at any time exercise the rights provided for in the Regulations pursuant to Articles 15-22. In particular:

  • The Data Subject has the right to request access to Personal Data from the Data Controller, pursuant to and within the limits set forth in art. 15 of the Regulations.
  • The Data Subject has the right to ask the Data Controller to correct inaccurate Personal Data, pursuant to and within the limits set forth in Article 16 of the Regulations.
  • The interested party has the right to ask the Data Controller to delete the Personal Data, pursuant to and within the limits set forth in Article 17 of the Regulations.
  • The interested party has the right to ask the Data Controller to limit the processing of Personal Data, pursuant to and within the limits set forth in Article 18 of the Regulations.
  • The Data Subject has the right to request the Data Controller to communicate his/her Personal Data in a structured and machine-readable format, pursuant to art. 20 of the Regulation.
  • The Data Subject has the right to object to the Processing by the Data Controller, pursuant to and within the limits set out in Article 21 of the Regulation.
  • The Data Subject has the right to lodge a complaint with a supervisory authority.
  • The Interested Party has the right to revoke the consent to the Processing, with reference to the Processing that is based on the legal basis referred to in Article 6.1, letter a) or 9.2, letter a) of the Regulation. Pursuant to art. 7, paragraph 3 and art. 13, paragraph 2, letter c) of the Regulation, the Data Subject is informed that, in any case, the revocation of consent does not affect the lawfulness of the Processing based on consent before the revocation.

7. Owner of the treatment

  1. For the purposes of this information, the Owner means: Breaters S.r.l., with registered office in 27100 Pavia (PV), Via Mincio 10, Italy C.F./P.I. 02727260180, email: [email protected]

8. Changes to this Privacy Policy

The Owner reserves the right to make changes to this Privacy Policy at any time, advertising it to Users on this page and/or by email.

8.1 Users are therefore invited to consult this page frequently, taking as reference the date of last modification indicated at the bottom.

8.2 Unless otherwise specified and without prejudice to the rights under Articles 15-22 of the Regulation, the previous Privacy Policy will continue to apply to Personal Data processed until that moment.

 

This Notice was published on 11 March 2020.

LIST OF THIRD PARTY SERVICES USED

This section indicates the services of Third Parties that may be used to perform the Treatments indicated in the above Information.

  1. Gmail
    Purpose: sending emails related to the provision of Services or falling within the soft spam category

Privacy Policy: https://policies.google.com/privacy?hl=it

2. Active Campaign
Purpose: User Data Base Management and sending emails related to the provision of Services or falling within the soft spam category.

Privacy Policy: https://www.activecampaign.com/privacy-policy/

3. ManyChat
Purpose: execution Services

Privacy Policy: https://manychat.com/privacy.html

4. Calendly
Purpose: booking Services

Privacy Policy: https://calendly.com/pages/privacy

5. Facebook
Purpose: execution Services

Privacy Policy: https://www.facebook.com/privacy/explanation

6. Google Meet
Purpose: Execution Services

Privacy Policy: https://policies.google.com/privacy?hl=en&gl=ZZ

7. Stripe
Purpose: Execution of payments

Privacy Policy: https://stripe.com/it/privacy