Privacy Policy

Types of data collected

Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies, Usage Data, First Name, Last Name, Phone Number and Email.

Other Personal Data collected may be described in other sections of this privacy policy or by means of dedicated explanation texts displayed at the point of collection of the Data.

Personal Data may be freely provided by the User, or, in the case of Usage Data, collected automatically when using this Application.

Any use of Cookies – or of other tracking tools – by this Application or by the owners of third-party services used by this Application, unless stated otherwise, serves to identify the User and record their preferences for purposes strictly related to the provision of the service requested by the User.

Failure to provide certain Personal Data may make it impossible for this Application to provide its services.

The User assumes responsibility for the Personal Data of third parties published or shared through this Application and declares that they have the right to communicate or disseminate them, thereby relieving the Data Controller of all liability towards third parties.

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

• Meta ads conversion tracking (Meta pixel)
• Google ads conversion tracking
• Google Tag Manager
• Meta Events Manager
• WhatsApp Business Chat widget
• Google reCAPTCHA
• Google Analytics 4
• Direct registration

Methods of processing

The Data Controller processes the Personal Data of Users by adopting appropriate security measures intended to prevent unauthorised access, disclosure, modification or destruction of the Personal Data.

The processing is carried out using IT and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain categories of persons in charge involved with the operation of the site (administrative, sales, marketing, legal and system administration staff) or external parties (such as third-party technical service providers, postal carriers, hosting providers, IT companies and communications agencies) appointed, where necessary, as Data Processors by the Data Controller. The updated list of Data Processors may be requested from the Data Controller at any time.

Place

The Data is processed at the Data Controller's operating offices and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.

The User's Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User may refer to the section detailing the processing of Personal Data.

Retention period

Unless otherwise indicated in this document, Personal Data is processed and retained for as long as required by the purpose for which it was collected and may be retained for a longer period due to any applicable legal obligations or on the basis of the Users' consent.

Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User shall be retained until such contract has been fully performed.
• Personal Data collected for purposes related to the legitimate interest of the Data Controller shall be retained until such interest has been satisfied. The User may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
• Where the processing is based on the User's consent, the Data Controller may retain the Personal Data for a longer period until such consent is withdrawn. Furthermore, the Data Controller may be obliged to retain the Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

Once the retention period has expired, the Personal Data shall be deleted. Therefore, upon expiry of this term, the right of access, erasure, rectification and the right to data portability may no longer be exercised.

Legal basis of processing

The Data Controller processes Personal Data relating to the User where one of the following conditions applies:

• the User has given their consent for one or more specific purposes; Note: in some jurisdictions the Data Controller may be permitted to process Personal Data without the User's consent or without another of the legal bases specified below, until the User objects ("opts out") to such processing. This is, however, not applicable where the processing of Personal Data is governed by European data protection legislation;
• the processing is necessary for the performance of a contract with the User and/or for the performance of pre-contractual measures;
• the processing is necessary to comply with a legal obligation to which the Data Controller is subject;
• the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
• the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

It is, in any case, always possible to ask the Data Controller to clarify the specific legal basis of each processing operation and, in particular, to specify whether the processing is based on the law, provided for by a contract or necessary to enter into a contract.

User rights

Users may exercise certain rights with regard to the Data processed by the Data Controller.

In particular, within the limits provided by law, the User has the right to:

Users have the right to obtain information regarding the legal basis for the transfer of Data abroad, including to any international organisation governed by international law or set up by two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect their Data.

Details on the right to object

Where Personal Data is processed in the public interest, in the exercise of official authority vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing on grounds relating to their particular situation.

Users are reminded that, where their Data is processed for direct marketing purposes, they may object to the processing at any time, free of charge and without providing any justification. Should Users object to the processing for direct marketing purposes, the Personal Data shall no longer be processed for such purposes. To find out whether the Data Controller processes Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

To exercise their rights, Users may submit a request to the Data Controller's contact details indicated in this document. The request may be submitted free of charge and the Data Controller shall respond as soon as possible, and in any case within one month, providing the User with all the information required by law. Any rectification, erasure or restriction of processing shall be communicated by the Data Controller to each of the recipients, if any, to whom the Personal Data has been disclosed, unless this proves impossible or involves a disproportionate effort. The Data Controller shall inform the User of such recipients should the User so request.

Further information on processing

Legal defence

The User's Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages leading to their possible commencement, in defence against misuse of this Application or of the related Services by the User.

The User declares to be aware that the Data Controller may be required to disclose the Data by order of the public authorities.

Specific information notices

At the User's request, in addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services it uses may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User's IP address.

Information not contained in this policy

Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, within this Application as well as, where technically and legally feasible, by sending a notice to Users through one of the contact details it holds. Users are therefore advised to consult this page frequently, referring to the date of the last modification indicated at the bottom.

Should the changes affect processing operations whose legal basis is consent, the Data Controller will collect the User's consent again, where necessary.

Definitions and legal references