Privacy & Cookies Policy
DATA PROTECTION OFFICER
PURPOSES OF PROCESSING
|a. Purpose of entering into a contract and provision of services;
b. Direct marketing;
c. Indirect marketing;+ information
LEGAL BASIS FOR PROCESSING
a. Performance of a contract;
RECIPIENTS OR CATEGORIES OF
a. Third party hosting providers;
CATEGORIES OF PERSONAL DATA CONCERNED
social id, e-mail address, name, surname, location, language, IP address.
TRANSFER OF PERSONAL DATA OUTSIDE THE EU
DATA STORAGE PERIOD
criteria used to determine the storage period
DATA SUBJECT RIGHTS
|COOKIES POLICY||Please read the full Cookies Policy
INFORMATION ABOUT THE DATA CONTROLLER
- Name: ROIALTY S.r.l.
- Address: Milano, piazza San Sepolcro 2, 20123 Milano, Italia
- E-mail address: [email protected]
INFORMATION ABOUT THE DATA PROTECTION OFFICER
- Name: Alessandra Castagna
- Address: Milano, Via privata Stefanardo da Vimercate, 20148 Milano, Italia
- E-mail address: [email protected]
- Pec: [email protected]
- Mob: +39 3397248450
PURPOSES OF THE PROCESSING
- A. Entering into a contract.
The Data Controller will process personal data for the purpose of entering into a contract. Personal data will be collected through the online contact forms available on our website. Specifically, personal data will be processed in order to allow data subject to:
- Use and browse on our website;
- Allowing you to contact us in order to receive information on our services;
- Receive information on the contractual and economic terms applicable to our services;
- B. Marketing Purpose of Data Controller.
We will process personal data obtained from You in the context of the sale of our service for contacting You by email with information related Our services. We will only use the electronic contact details for direct marketing of our own similar products or services. Personal data will be collected through the online contact forms. You have the right to object to such processing and will always have the opportunity to opt-out and withdraw your consent.
LEGAL BASIS FOR DATA PROCESSING
- A. Taking steps at the request of the data subject prior to entering into a contract and for the performance of a contract
Under Regulation EU 2016/679, Data Controller must always have a lawful basis for processing personal data. In this circumstance, the data is necessary in the context of entering into a contract with You and for the performance of a service. We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected, as better explained under “Data Storage Period” chapter. Your personal data will therefore be kept until you intend to use our services and will be deleted thereafter. If you do not accept and agree to such processing, We will not able to provide the requested services and information.
- B. Consent
With your consent We will also disclose Your personal data for direct marketing purposes (including market analysis and sending e-mails). You will always have the opportunity to opt-out and withdraw your consent, by contacting Us directly by e-mail at [email protected] or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received, or by accessing the control panels of the marketing services providers. We will also be requesting Your consent to access your social media data for the use of “SOCIAL DNA” tool, as better explained under “CATEGORIES OF PERSONAL DATA CONCERNED” chapter.
- C. Legitimate interest
In compliance with article 13 paragraph 2 of Directive 2009/136/EC, as well as with reference to Recital (27) of REGULATION 2016/679, We may use your e-mail address obtained through the online forms and obtained in the context of the sale of our services, to send You electronic communications concerning the direct marketing of Our products or services and as long similar to those You showed an interest for. You have the right, at any time and free of charge, to oppose this processing of Your data for direct marketing purposes by sending Us a written communication at [email protected].
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
In order for us to provide You with the services, allow You to use our site and for our marketing purposes, may share your data with the following recipients.
- A. Hosting service provider.
Hetzner Online GmbH Industriestr. 25 91710, Gunzenhausen, Germany (Data Processor). Under EU Regulation 2016/679 General Data Protection Regulation (“the GDPR”) (Article 28, paragraph 3), the Data Controller is required to put in place an agreement in writing between the Data Controller and any organization which processes personal data on its behalf governing the processing of that data. Therefore, the Data Controller has entered into a data processing agreement to ensure compliance with the said provisions of the GDPR in relation to all processing of the Personal Data by the Data Processor for the Data Controller. Here You can find more information on how Hetzner is processing personal data at the following link: https://www.hetzner.com/rechtliches/datenschutz
- B. Providers of marketing services and advertising;
The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA (“Mailchimp”). The Rocket Science Group is the owner of a marketing automation platform known as “MAILCHIMP”. Newsletters will be sent using Mailchimp platform. The provision of the services by Mailchimp involves it in processing the personal data on behalf of the Data Controller. Under EU Regulation 2016/679 General Data Protection Regulation (“the GDPR”) (Article 28, paragraph 3), the Data Controller is required to put in place an agreement in writing between the Data Controller and any organization which processes personal data on its behalf governing the processing of that data. Therefore, the Data Controller has entered into a data processing agreement with MailChimp (“Data Processor”) to ensure compliance with the said provisions of the GDPR in relation to all processing of the Personal Data by the Data Processor for the Data Controller. You can find more information on how Aruba is processing personal data at the following link: https://mailchimp.com/legal/privacy/?_ga=2.212925458.74393180.1526551979-315691423.1526306073
CATEGORIES OF PERSONAL DATA CONCERNED
Depending upon your use of Our website, We may collect some or all of the following personal and non-personal data: e-mail, name, surname, location, language, innformation about your access to the website, web browser type, page views and browsing, details on the number of times the website is accessed, time zone settings and the devices used to access the site, data We have access to through Social Login. Data will be processed to manage Our website, to ensure the safety of our website using security plugins, including backups. If you log in with the “Social DNA” tool available on our website, we will collect certain information necessary to provide You with the results of the service demo. The information processed depends on what you have chosen to share via the settings of the social network used, and could include:
- Facebook user ID, specific to the Social DNA application (this is a different ID from the ID assigned by the Facebook platform to other applications);
- LikeIDs of the pages You like or follow on Facebook;
- Facebook user e-mail address;
- Tweets published on the Twitter platform;
- Any information on the social profile that a user has chosen to share publicly;Users will login to the Social DNA application via Facebook and Twitter Login, communicating the likes expressed on Facebook or the generated Tweets. Both the likes and tweets published on the social networks will be processed to show you, through the API (Application Programming Interface), your interests and your interactions. We will not publish any data on your wall, nor will we store the information from your Facebook profile or any results generated by the analysis of data made through the “Social DNA” application. Any personal information that a user discloses us to use “Social DNA” is strictly confidential and will not be disclosed to third parties. We will never disclose your personal data to external third parties for marketing purposes without your explicit consent. Use of the service is strictly personal. If someone intends to use the Social DNA service on behalf of a third party, he/she assumes the responsibility of obtaining the consent in line with EU Regulation 2016/679.
TRANSFER OF PERSONAL DATA OUTSIDE THE EU
Transfer of data to: United States
All data recipients participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework and are therefore deemed to ensure, according to the European Commission, an adequate level of protection for personal data transferred from the data Controller to the Data Processors. CRITERIA
CRITERIA TO DETERMINE PERSONAL DATA STORAGE
The account information will be retained until you decide to delete your account or until the contract expires or till the end of the service. Personal data will be kept only for the time strictly necessary to provide the service and thereafter deleted. The information and data used for marketing purposes will be deleted as soon as you ask us to do so by withdrawing Your consent, either through the optout links present in the commercial communications or through the control panels, or by sending us a communication.
YOUR RIGHTS AS DATA SUBJECT
Under the GDPR, You have the following rights:
a) The right to obtain from Us confirmation as to whether or not personal data concerning You are being processed;
b) The right to access your personal data;
c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or the right to have incomplete personal data completed, including by means of providing a supplementary statement.
d) The right to be forgotten, including to delete the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or because You withdraw consent on which the processing is based.
e) The right to restrict the processing of your personal data according to article 18 of GDPR.
f) The right to object to Us using your personal data for a particular purpose or purposes.
g) The right to data portability. This means that, if you have provided personal data to Us directly, We are using it with your consent or for the performance of a contract, and that data is processed using automated means, You can ask us for a copy of that personal data to re-use with another service or business in many cases. h) Rights relating to automated decision-making and profiling.
i) You have the right to lodge a complaint with a supervisory authority.
HOW DO YOU ENFORCE YOUR RIGHTS?
You can enforce your rights at any time by sending us an e-mail to the following address: [email protected]
We have a duty to respond to your requests at the latest within one month of receiving them. This deadline may be extended by two additional months if necessary, taking into account the complexity and the number of requests received. In case of extension you will be informed of the delay and the reasons.
If We do not take action on your request, We will inform you without delay and at the latest within one month of receipt of your request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
What are cookies?
A Cookie is a small text file that can be stored on the computer of users when they access a website to be then transmitted again to the same website when users return. Generally speaking, cookies may be used for different purposes: to perform the log-in and to monitor use of the website, but also to store information on specific configurations regarding users who access the server, to store their preferences and for other purposes. The website uses technical, analytics and remarketing cookies, namely:
Technical or strictly necessary cookies.
The website also uses Google Analytics cookies to collect information in aggregate form on the number of users and on how users use the website. This is a web analysis service provided by Google Inc. The generated information is used to indicate the trends of users on this website without identifying individual visitors and to make reports on use of the website itself. The data generated by Google Analytics is stored by Google as indicated in the policy which can be found at the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
The data controller masked the IP address on Google Analytics as described at this link: https://support.google.com/analytics/answer/2763052?hl=it , deactivated all data sharing through its analytics account settings, accepted the The Google Ads Data Processing Term as provided for by Google Analytics according to the General Data Protection Regulation (GDPR). Google is therefore committed to process persona data according to its customer’s requirements and not sharing them with other services. To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. For more details on installing and uninstalling the add-on, please see the relevant help resources for your specific browser.
Third party cookies installed through this website allow to process tracking statistics and data analysis. They also provide data about a user’s visit of the website and may be used to provide users with offers and commercial communications that meet their specific needs. They may track users by collecting some information about the pages they visit in order to send tailored advertising. Users will still have the option of denying the automatic installation of cookies through the banner. To ensure greater transparency, hereinafter it follows a list of third-party social network widgets currently used on the website. Below I list third party service providers and tracking cookies currently featured on the website.
|name: __cfduid –||roialty.com||Used by the content network, Cloud flare, to identify trusted web traffic.|
|name: _gat||roialty.com||Used by Google Analytics to throttle request rate|
|name: _gid||roialty.com||Registers a u n iqu e ID th at is u sed to gen erate statistical data on h ow th e visitor u ses th e w ebsite.|
|name: vuid||vimeo.com||Collects data on the user’s visits to the website, such as which pages have been read.|
|name: r/collect||doubleclick.net||Un classified|
How do you enable or disable cookies via the cookie banner or browser?
If you decide not to allow technical cookies to be installed on your computer many functions and services may not be available. Therefore, if you decide to block the storing or remove the technical cookies, we can no longer guarantee the correct functioning of the website. Instead, blocking tracking/remarketing cookies does not affect your use of the website. Tracking cookies are automatically disabled. You can however activate them by customizing the settings on the cookie banner, where you can allow some or all of the cookies. Subject to what is indicated above in relation to cookies required for browsing, you may delete other cookies via your browser. Each browser allows you to limit and delete cookies by way of the settings. For further information on the management of cookies, consult the relevant link indicated below.
The Data Controller hereby informs You that You can make recourse to Your Online Choices and modify cookies setting according to your preferences http://www.youronlinechoices.com/it
Last Update: [29-05-2018].