Privacy
PRIVACY POLICY This Privacy Policy is provided, in compliance with Articles 13 and 14 of the EU Regulation 679/2016 (hereinafter: "Regulation"), to the users (hereinafter: "Users" or "User") of the Website https://bloglaprimades.plako.net (hereinafter: "Website") owned by the company La Prima s.r.l. with registered office in Via Carlo Curotti n. 21, 24060 - Castelli Calepio (BG), VAT No. 04254580162, REA No. BG-448403 (which is the Data Controller, hereinafter: "Data Controller") or to those who subsequently register for the newsletter service provided on the Website itself (hereinafter: "Newsletter"), providing their consent for a specific purpose (hereinafter: "Subscribers" or "Subscriber"). The purpose of this Privacy Policy is to describe to Users of the Website the purposes and methods of the processing of their personal data by the Data Controller when such data is provided to the latter through the sending/publication of User Submissions (as defined in the General Terms and Conditions for the Use of the Website) or through the other methods available on the Website (hereinafter better specified). Instead, if, while browsing the Website, the User accesses pages or Websites operated by third parties through links, the User should refer to the privacy policies published therein for the processing of his/her personal data. In particular, this Privacy Policy describes how the Data Controller collects, uses, processes and communicates the User's personal data in case of access to the Website and use of the same and of the services provided therein, specifically: 1. Who is the Data Controller? 2. Applicable principles to the processing of personal data 3. What categories of data are collected and used by the Data Controller? 4. Why are personal data collected? 5. Who sees, receives and uses personal data and where are these processed or transferred? 6. Methods of processing and storage of personal data 7. What are the data protection rights and how can they be exercised? 8. Contact details of the data controller 9. Information about cookies 10. Updates and previous versions of this Privacy Policy This Privacy Policy is also aimed at informing the User on how to exercise his/her rights (including the right to oppose to the data management carried out by the Data Controller). Further information about the rights and how to exercise them are reported in the following paragraphs of this Privacy Policy. As specified in the General Terms and Conditions for the Use of the Website, the services offered by the Data Controller are intended for persons over 18 years of age. Should the Data Controller become aware of the processing of data of minors under 18 years of age without the valid consent of their parents or legal guardian, the Data Controller reserves the right to unilaterally interrupt the use of the service offered as well as to delete the data acquired. Please note that the terms that are not defined in this Privacy Policy (such as "Service", "Product", "Seller" or "User Submission/s") have the same meaning as described in the General Terms and Conditions for the Use of the Website available at the following link: https://bloglaprimades.plako.net/terms-and-conditions. Who is the Data Controller? When this Privacy Policy mentions “Company”, “we,” “us,” “our” or “Data Controller”, it refers to: La Prima s.r.l., company incorporated under the Italian law, enrolled in the Register of Companies of the Chamber of Commerce of Bergamo with number REA BG-448403, VAT number 04254580162, and with registered office in Via Carlo Curotti n. 21, 24060 – Castelli Calepio (BG), who is the data controller of Users’ data in accordance with this Privacy Policy. 2. Applicable principles to the processing of personal data The Data Controller, pursuant to and for the purposes of the Regulation, informs the User that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of confidentiality and fundamental rights. 3. What categories of data are collected and used by the Data Controller? In case the User visits the Website and uses or subscribes to one of the services offered by the Website itself, the Data Controller collects the following categories of personal data: 3.1 Personal data provided by the User This is the personal data shared with the Data Controller when: the User uses the Blog Service provided by the Company (as defined in the General Terms and Conditions for the Use of the Website), for example, to publish User Submissions and/or read comments/reviews of other Users or contents provided on the Website by the Company; the User provides information during the use of the services offered on the Website by the Company, including information shared by the User through the publication on the Website of User Submissions (in particular through comments posted by the latter with reference to articles published on the Website) or sent through the channels made available by social networks; the User registers for the Newsletter service to receive marketing communications; the User decides to contact the Data Controller through the appropriate "Contact Us" section available on the Website.) More specifically: When a User Submission is shared on the Website, the latter (or directly the user account manager, i.e. Google and/or Facebook) may provide to the Data Controller with the following information: personal data referring to the User such as name, surname, e-mail address, profile photo and language preference and/or information relating to any other person included or represented in the User Submission; When the User contacts the Data Controller via email or through social media or through the "Contact Us" Section available on the Website, the Data Controller may collect the following personal data: name and surname, telephone number (where necessary and/or required) and email address. In case the User wants to share with the Data Controller personal data relating to third parties, the same shall provide such data only with the consent of the latter and only after giving them access to this Privacy Policy. Therefore, when the User shares personal data relating to other individuals, the same declares to have obtained their consent to such sharing. Collection of personal data relating to minors: please note that, where applicable to User Submissions shared on the Website, the Data Controller may collect and use personal information relating to minors only if provided by their parents or guardians or only with their consent. It follows that, where the data controller realizes that it has processed - through the publication of a User Submission - personal data of a minor without the valid consent of a parent or guardian, the Data Controller reserves the right to delete the relevant User Submissions as well as all personal data related to it. The abovementioned personal data, where required, are necessary for the proper performance of the contract by the Data Controller (i.e. publication on the Website of User Submissions) and to allow the same to fulfill its legal obligations, except in cases where the processing of personal data depends on the consent of the person concerned (i.e. the User) as a legal basis for the treatment itself and/or the legitimate interest of the Data Controller. Without them, the latter may not be able to provide the requested service (i.e. publish User Submissions on the Website). It is essential that all personal data provided by the User is accurate. This means, purely by way of example, that the User should always ensure that the contact details held by the Data Controller (including the email address) are always correct. 3.2. Personal data automatically collected by the Website, from communications sent by the Data Controller and/or from third parties The Data Controller collects information relating to visits to the Website and use of the Website, such as the device and browser used, the IP address or domain names of the computers connected to the Website, the URI (Uniform Resource Identifier) notation addresses of the requests made, the time of the request, the date and time of the visit, the duration of the visit, the referral Website and the navigation path on the Website relating to the visit and interactions on the Website itself, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.. ) and other parameters relating to the User's operating system and computer environment. For further information on the purposes for which the Data Controller collects and uses this information, see the paragraph on Cookies in this Privacy Policy (9. Information about cookies). Please note that personal information may also be linked to cookies, e.g. to collect information on how the User uses the Website and the services offered therein. The Data Controller may automatically collect some of the User’s personal data also to understand how he/she interacts with the communication material sent to the User by the Data Controller (e.g. e-mails), including the actions he/she takes in relation to such communications, e.g. the clicks made on links in the text of the e-mail, the duration and frequency of interactions with the e-mail itself. 3.3. Personal data provided by the User by logging in with their Facebook and/or Google account for the publication of User Submissions on the Website As better specified in the General Terms and Conditions for the Use of the Website, in order to share User Submissions (in particular comments) it may be necessary to connect with his/her Facebook and/or Google account, which is an access system managed entirely by third parties. Therefore, since this is a service provided by third parties, the latter may send the Data Controller the User's personal data, such as registration information and data relating to the profile used (such as user name, user ID associated with the account created on the social network of reference, profile photo and e-mail address), as well as any other information that the User has previously consented to be shared with third parties through the social network of reference. However, the transmission as well as the type of personal data received by the Data Controller through the aforementioned social networks depends on the privacy settings that the User has chosen to adopt on the social network of reference and/or with reference to the sharing of his/her personal data with third parties. Therefore, before connecting with the Website through his/her Facebook and/or Google account (even if only for sharing User Submissions), the User should always check and, where necessary, change privacy settings with reference to third party’s websites and services. In addition, since this is an access system provided by a third party, please note that personal data may be transferred to, stored and/or processed by these third parties in the United States or other countries outside the European Union, in accordance with their privacy policy as further described below. Moreover, it may happen that some national programs adopted by countries outside the European Union allow - for security reasons - access by public authorities to personal data shared by the User with such third parties. Facebook Log-in Should the User decide to take advantage of the services provided on the Website by connecting with his/her Facebook account, he/she agrees to share his/her personal information (including username, email address, user ID associated with the account used, phone number and profile picture) with the Data Controller. Please note that the latter will also record the fact that the User has connected through Facebook. In addition, when the User decides to connect to the Website through his/her Facebook account, Facebook may receive information such as the IP address and URL of the User’s browser, as well as data about his/her activity on the Website. For more information on the collection and use of data by Facebook, on the User’s rights with regard to this processing of personal data and how to protect his/her privacy, please read the Privacy Policy provided by Facebook available at the following link: https://it-it.facebook.com/policy.php Google Log-in If the User decides to use the services provided on the Website by connecting with his/her Google account, the User agrees to share his/her personal information (including username, e-mail address, user ID associated with the account used, language preference and profile picture) with the Data Controller. Please note that the latter will also record the fact that the User has connected through Google. In addition, when the User decides to connect to the Website through Google, it may receive information such as the IP address and URL of the browser used by the User. For more information on the collection and use of data by Google, on the User’s rights with regard to the aforementioned processing of personal data as well as on how to protect his/her privacy, please read the Privacy Policy provided by Google available at the following link: https://policies.google.com/privacy?hl=it 4. Why are personal data collected? In general terms, the Data Controller uses personal data to provide the services requested by the User (i.e. to allow the latter to publish User Submissions on the Website), to report important changes to the Website and possibly propose content, promotions and offers that the Data Controller believes may be of interest to the User. More specifically, the personal data provided by Users through the use of the Website will be processed for the purposes described below: Performance of the services accessible through the Website: In order to provide certain services such as, for example: creating and maintaining the contractual relationship established for the provision of the requested Service in every phase and through any possible integration and/or modification requested by the User; in-depth analysis of the activities, events and other initiatives organized or carried out by the Data Controller; management and elaboration, in relation to what is indicated in the previous point, of the questions and requests for interaction with the Data Controller and the subjects referable to the organization of the latter. On what legal basis? To fulfill a contract or to perform a service or measures related to a contract and/or a service (i.e., to publish User Submissions on the Website, to allow the User to use the Service as defined in the General Terms and Conditions for the Use of the Website, and/or to provide the User with assistance at every stage of the contractual relationship, for example, by handling requests received through the abuse reporting form) Compliance with Legal, Regulatory and Compliance Requirements To meet legal, regulatory and compliance requirements and to respond to requests made by governmental authorities or law enforcement entities that are investigating. On what legal basis? To comply with the law (i.e., to share personal data with regulatory authorities). Aggregate statistical and behavioral analysis To perform aggregate statistical analysis on anonymous groups or to analyze the behavior of identifiable individuals so that we can see how they use the Website, the services provided therein, and verify the performance of the related activity. On what legal basis? To pursue the legitimate interest of the Data Controller (i.e. to improve the Website, its functionality and the services offered therein) Sending Non-Personalized Marketing Communications To send to the User (where permitted by law and unless he/she objects) advertising materials via email or, where permitted by law, other equivalent electronic communications about products and/or services similar to those already offered to the User on the Website. On what legal basis? Soft Opt-in/ To pursue the legitimate interest of the Data Controller (i.e. for marketing purposes) Sending personalized and profiled marketing communications To send personalized and profiled marketing communications only with the User’s consent, and to share via email the best offers and promotions on products and services that the Data Controller believes may be of interest to the User. Personalized services or offers may be marketed by the Data Controller or its business associates and/or advertisers operating in the following sectors: tourism, leisure, entertainment, high-tech, fashion, decoration, consumer goods, food & beverage, finance, banking, insurance, energy, environment, communication, mass media, real estate, pharmaceutical, clothing and textiles, education and training, publications and publishing, information and communication technology, retail, sports, telecommunications and services in general. For this purpose, the Data Controller may: analyze the personal data collected to create a profile of the User's interests and preferences, in order to create personalized and targeted communications that are relevant and consistent with the User's profile; analyze information about the interaction with the communication material sent by the Data Controller, for example, data about when the emails were opened temporarily share an encrypted version of the User's email address with partners scrupulously selected by the Data Controller, who may combine this information with other forms of online identifiers or other personal data in order to show the same User the Data Controller's offers on multiple devices or channels, for example on social networks (Facebook, Pinterest, Instagram, Twitter). use automated decision-making processes to segment and target product offers based on the User's requests and needs, reducing the risk of proposing inappropriate or irrelevant information and/or offers to the same User. The User has the right to request that a manual decision-making process be carried out, to express his/her opinion or to contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects. For further details, the User may contact our Data Protection Officer, whose contact details are provided in Article 8 of this Privacy Policy. On what legal basis? Where the User provides his/her explicit consent. F. Security of the Website and the systems used by the Data Controller To ensure the security of the Website and of the systems used by the Data Controller for the provision of the Services and to prevent and detect fraud, security incidents and/or other crimes. On what legal basis? To pursue the legitimate interest of the Data Controller (i.e. to ensure the security of the Website and of the systems). G. Verification of compliance and legal action To verify compliance with the General Terms and Conditions for the Use of the Website and for the establishment, exercise, or defense of a legal claim. On what legal basis? To pursue the legitimate interest of the Data Controller (i.e. in accordance with the General Terms and Conditions for the Use of the Website, to protect the rights of the Data Controller in the event of disputes or claims). Where the processing of personal information is based on legitimate interest, the Data Controller conducts a determination to ensure that its interest in the use of the data is legitimate and that the User's fundamental privacy rights are not overridden by its legitimate interests ("balancing test"). Further information about the comparative assessment can be found by contacting the Data Controller at privacy@witaocean.com. 5. Who sees, receives and uses personal data and where are these processed or transferred? 5.1. Categories of data recipients The Data Controller shares personal data, for the purposes described in this Privacy Policy, with the following categories of recipients: its employees and/or authorized collaborators who provide assistance and consulting services in the areas of administration, product, legal advice, information systems, as well as to the staff in charge of maintaining the network and hardware and software equipment of the Data Controller; the competent authorities, where required by the regulations in force the competent authorities and third-party law enforcement authorities, if this is necessary in order to enforce the General Terms and Conditions for the Use of the Website and to protect and defend the rights or property of the Data Controller or the rights and property of third parties; with particular reference to User Submissions, other Users who access the Website and wish to read the User Submissions published there; third parties who receive the data (e.g., business consultants, professionals in the provision of tax due diligence services, "due diligence" or who estimate the value and capabilities of the business), if it is necessary in connection with sales of the business or assets of the Data Controller (in which case the data will be disclosed to the Data Controller's consultants and the consultants of any potential buyer and will be transferred to the new owners); the personal data collected may also be processed by subjects or categories of subjects who act as Data Processors pursuant to art. 28 of the Regulation or who are authorized to process the data pursuant to art. 29 of the Regulation; furthermore, for some services, the personal data may be communicated to companies that collaborate with or use the services of the Data Controller with the sole intent of providing the services requested by the User. In these cases, such companies act as autonomous data controllers with regard to the processing of personal data, so the Data Controller is not responsible for the processing of data carried out by them. The Data Controller is also not responsible for the content and compliance with legislation on the protection of personal data from Websites not operated by the same. The complete list of subjects to whom personal data may be communicated is available at the registered office of the Data Controller and may be requested by writing to privacy@witaocean.com. 5.2. Data transfer The User's personal data will be processed at the registered office of the Data Controller (see Article 1 of this Privacy Policy), on the Data Controller's servers and at the offices of any other parties to which the data may be transmitted/communicated in order to provide the services requested by the User to the Data Controller. In addition, personal data collected through the Website may be transferred outside the national territory, solely and exclusively for the purpose of providing the services requested through the Website and in accordance with the specific provisions of the Regulation. Some personal data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients will be in compliance with the Regulation. However, if the User would like further details on the safeguards in place, he/she can contact the Data Controller by writing to privacy@witaocean.com. 6. Methods of processing and storage of personal data The Data Controller assures that personal data will be processed in full compliance with the Regulation, by means of manual, computerized or telematic systems and, where necessary, in paper format and will be stored in the Data Controller's database, protecting the privacy and rights of the User through the adoption of appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The data processing can also be carried out through automated tools to store, manage and transmit the data. The data collected and processed will be protected with physical and logical methods such as to minimize the risk of unauthorized access, disclosure, loss and destruction of personal data, according to art. 25 and 32 of the Regulation. Pursuant to art. 7 paragraph 3 of the Regulation, the interested party has the right to obtain at any time the revocation of consent to treatment. If the Data Controller does not receive a request for elimination, personal data will be retained by the Data Controller for as long as necessary to achieve the purposes and perform the activities described in this Privacy Policy, or as otherwise communicated to the User, or for as long as permitted by applicable law. Additional information regarding the retention period of personal data by the Data Controller is available here below. Data relating to User Submissions published on the Website Retention period: until the contractual relationship established between the Data Controller and the User is terminated by the latter. Starting date of the retention period: from the date of publication of the User Submission on the Website. Data used for marketing purposes (data subject to the consent of the User and used for marketing activities towards the same) Retention period: 5 years from the consent or the renewal of the consent by the User through the interaction with marketing communications. The following retention periods apply to personal data collected through tags: Technical cookies - Retention period: maximum 3 years, starting from the date of navigation on the Website; 7. What are the data protection rights and how can they be exercised? The User can exercise the rights guaranteed by the Regulation (Articles 15-22), including the rights to: Right of access: to receive confirmation of the existence of personal data, to access the content of personal data and to obtain a copy of it. Right to rectification: to update, rectify and/or correct personal data. Right to erasure/right to be forgotten and right to restriction of processing: to request the erasure of data or the limitation of data that have been processed in breach of the law, including data whose storage is not necessary for the purposes for which the data were collected or processed; if we have made personal data public, the User also has the right to request the erasure of personal data and the adoption of reasonable measures, including technical measures, to inform other data controllers who are processing personal data of the request to erase any link, copy or reproduction of such personal data. Right to data portability: to receive in a structured, commonly used and machine-readable format a copy of the personal data provided to the Data Controller for the purposes of a contract or with the User's consent and to request to transfer such personal data to another Data Controller. Right to revoke consent: in the event that the Data Controller depends on the User's consent, the User will always have the opportunity to revoke such consent, although the Data Controller may have other legal bases for processing such data for other purposes. Right to object, at any time: right to object at any time to the processing of personal data in certain circumstances (particularly in cases where it is not necessary to process the data in order to meet contractual or legal requirements, or where the Company uses such data for direct marketing activities. Right not to be subjected to a decision based solely on automated processing, including profiling: the User can always request that a manual decision-making process be carried out instead, express his/her opinion or challenge decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects. The User can exercise these rights at any time in the following ways: by contacting the Data Controller by e-mail at privacy@witaocean.com. The rights relating to personal data may be limited in certain situations. For example, if fulfilling this request would reveal the personal data of another person or if there are legal requirements or compelling legitimate reasons, the Data Controller may continue to process the personal data for which deletion has been requested. The User also has the right to lodge a complaint if he/she believes that personal information has been handled incorrectly. The User is encouraged to first contact the Data Controller, but may, to the extent that this right applies to him/her, lodge a complaint directly with the competent data protection supervisory authority. 8. Contact details of the data controller The contact details of the Data Controller of the above-mentioned data are: La Prima s.r.l., company incorporated under the Italian law, enrolled in the Register of Companies of the Chamber of Commerce of Bergamo with number REA BG-448403, VAT number 04254580162, and with registered office in Via Carlo Curotti n. 21, 24060 – Catelli Calepio (BG). 9. Information about cookies For any further information regarding cookies please visit the following webpage: https://bloglaprimades.plako.net/cookies. 10. Updates and previous versions of this Privacy Policy This Privacy Policy may be subject to changes over time - also connected to the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations. Therefore, the Data Controller reserves the right to modify this Privacy Policy at any time in accordance with this paragraph. If the Data Controller makes changes to this Privacy Policy, it will publish the revised Privacy Policy on the Website and insert the "last updated" date at the beginning of this Privacy Policy.