In accordance with EU Regulation 2016/679 (“GDPR“) and the applicable national legislation on the protection of personal data, UNCOMMON DIGITAL S.R.L., Viale dei Pittori Europei 4, Quartu S.Elena (CAGLIARI – ITALY), VAT 03913860924, in its capacity as data controller (hereinafter “Data Controller”), hereby informs you that your personal data will be processed for the following purposes.
CONTACT DETAILS OF DATA CONTROLLER
UNCOMMON DIGITAL S.R.L.
Viale dei Pittori Europei, 4
(CAGLIARI – ITALY)
1. CATEGORIES OF PERSONAL DATA PROCESSED
The Data Controller processes personal identification data and other personal data (not belonging to special categories) which are communicated by users when requesting services from the Data Controller through the Website, or when otherwise using the Website. Most notably, the personal data include, but are not limited to:
- in the context of the use of the Website: e-mail address, IP address and session ID;
The Data Controller also processes, exclusively in anonymous form, data relating to the use of the Website (including the overall number of downloads and the most frequently viewed screens).
2. PURPOSES OF THE PROCESSING AND LEGAL BASIS
Personal data may be processed for the following purposes and legal basis:
A) “Service Purposes” such as:
- to process and accommodate the user’s requests;
- to enable the user to access and use our service;
- to enable the use of the Website and its operational functions, including the resolution of technical problems (also using the customer support function displayed on the Website).
For the “Service Purposes” referred to in this letter A), personal data will be processed without the need to collect the user’s prior consent.
B) Purpose of fulfilment of the Data Controller’s legal obligations
Personal data will be processed in order to ensure the compliance of the Data Controller with the obligations provided for by applicable laws, regulations or national and EU legislation or imposed by the competent authorities, without the need to collect the user’s prior consent (i.e. KYC/AML obligations pursuant to relevant European and Italian laws).
C) Purposes related to the pursuit of a legitimate interest of the Data Controller, in particular:
- to prevent and repress unlawful acts, as well as to exercise the Data Controllers’ rights in court and manage claims: the Data Controller’s interest lies in the constitutional right to take judicial action (art. 24 of Italian Constitution) and, as such, is socially recognized as prevailing over the interests of the individual data subject concerned;
- to manage and maintain the Website: the Data Controller’s interest lies in the general interest of a company to ensure its business operations, also through the operation of the Website, as well as in the implementation of possible improvements of the service offered;
- to prevent or uncover fraudulent activities or abuse harmful to the Website (including to verify the entitlement of users acting on behalf of third-party): the interest of the Data Controller lies in the legitimate, actual and current interest not to suffer damages as a result of the unlawful conduct of third-parties;
- to send commercial communications by e-mail relating to services and products of the Data Controller which are similar to those that the user has already used, if the user is already a customer of the Data Controller: the interest of the Data Controller lies in the general interest of a company to promote its services and is considered legitimate because in line with the reasonable expectations of the data subjects, in light of the relationship between them and the Data Controller. Each e-mail will allow the user, by clicking on the specific link provided therein, to refuse further mailings.
For the purposes referred to in this letter C), personal data will be processed to pursue a legitimate interest of the Data Controller, without the need to collect the user’s prior consent.
D) “Marketing purposes”:
- to contact the user with communications and/or newsletters about the activities, initiatives and commercial offers of the Data Controller, as well as to conduct market researches and surveys or other activities aimed at measuring the quality of the services offered (including by mail, telephone, e-mail, SMS notifications, Whatsapp).
For the marketing purposes referred to in this letter D), personal data will be processed only with the prior express consent of the user.
3. PROCESSING METHODS
The processing of personal data is carried out, electronically and on paper, by means of the collection, recording, updating, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, restriction, erasure and destruction of personal data. Personal data are protected so as to minimize the risk of destruction, loss (including accidental loss), unauthorized access/use or use incompatible with the initial purpose for which the personal data have been collected. This is achieved through the technical and organizational security measures implemented by the Data Controller.
4. RETENTION OF PERSONAL DATA
The Data Controller processes the personal data for the time necessary to fulfil the purposes for which they have been collected, and in any case for no later than the periods detailed below. It being understood that, at the end of the periods indicated below, the Data Controller will nevertheless be entitled to further retain the personal data, in whole or in part, for certain purposes, as expressly required by specific legal provisions or to exercise or defend a right within the ten-year limitation period provided for in Article 2946 of the Italian Civil Code (for example, in the event of a legal proceeding against the user).
In the context of the use of the Website, the Data Controller processes personal data for the time necessary to fulfill the purposes set out in Section 2 above (Purposes and legal basis of the processing) and in any case:
- since your account in the Website is active for the purposes in letter A, B and C above;
- no later than 10 years since the closing of your account in the Digital Platform for the purposes in letter A, B and C above;
- Until you revoke your consent for marketing purposes in letter D above.
5. PROVISION OF PERSONAL DATA
In the context of the use of the Website, the provision of personal data:
- for the “Service Purposes” of the Website and/or the App is necessary. These personal data are necessary for the relationship with the Data Controller and the use of the services. The user may, however, decide not to provide personal data, but in such case he/she will not be able to use the services of the Data Controller;
- for the “Marketing purposes” in the context of the use of the Website and/or the App is optional. Failure to provide personal data does not prevent the user from using the services of the Data Controller, but the user will not receive the information and offers of the Data Controller’s and will not be contacted to participate in market researches, surveys or activities aimed at measuring the quality of the services offered;
6. ACCESS TO PERSONAL DATA
Personal data will be processed by our staff in charge for the processing of personal data and by the following categories of subjects (including, but not limited to):
- employees and/or collaborators of the Data Controller in their capacity as data processors and/or persons authorized to process personal data and/or system administrators (by way of example, consultants authorized to manage the Website and to provide the relevant services in the context of the use of the Website; real estate analysts in the context of the use of the App);
- employees and consultants of the legal, marketing (in case you consented to the Marketing Purposes), finance, administration and accounting departments and our other departments, in their capacity as data processors and/or persons authorized to process personal data;
- third parties to whom the Data Controller outsources certain services, including processing operations, as external data processors (e. IT service providers, hosting providers, etc..).
7. COMMUNICATION OF PERSONAL DATA
In the context of the use of the Website, the Data Controller may communicate the personal data of the users:
without the user’s consent:
- to third parties in their capacity as independent data controllers for the performance of the activities in letter A, B and C above, as well as to allow the web site data processors to provide their respective services. The user may at any time request the Data Controller, by writing to the address indicated in Section 10 (How to exercise rights) below, further information on the subjects to whom his personal data may be communicated;
- to control bodies, law enforcement agencies or the judiciary, financial and tax administrations, ministerial bodies and competent authorities, local authorities (regions, provinces, municipalities), upon their express request, which will process the personal data as autonomous data controllers for institutional purposes and/or in accordance with the law in the context of investigations and controls.
8. TRANSFER OF PERSONAL DATA
In the context of the use of the Website personal data will not be in any way disseminated or transferred to third countries located outside the European Union and/or the EEA.
9. DATA SUBJECT’S RIGHTS
As data subject, save for the limitations provided by law, you have the right:
- to obtain confirmation of the existence of your personal data, even if not yet recorded, and that such data are made available to you in an intelligible form;
- to receive indication of and, if necessary, copy: a)the origin and category of personal data; b) in case of automated processing carried out with electronic means, information about the logic involved; c) the purposes and methods of processing; d) the identity of the data controller and the data processors; e) the recipients or categories of recipients to which the personal data may be communicated or which may otherwise get to know said personal data, in particular if they are recipients located in third countries or international organizations; f) where possible, the period of retention of the personal data or the criteria used to determine that period; g) the existence of an automated decision-making and, if so, the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; h) the existence of adequate safeguards in case of transfer of the personal data to a non-EU country or to an international organization;
- to obtain, without undue delay, the updating and rectification of inaccurate personal data or to have incomplete personal data completed;
- to withdraw at any time, easily and without hindrance, any consents given, using, if possible, the same channels used to give such consents;
- to obtain the cancellation, transformation into anonymous form or blocking of data: a)unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if the consent on which the processing is based has been withdrawn and if there is no other legal basis, d) if the user has objected to the processing and there is no prevailing legitimate grounds to continue processing; e) in the event of fulfilment of a legal obligation; f) in the case of data relating to minors. The Data Controller may refuse the erasure only if necessary: (1) for the exercise of the right to freedom of expression and information; (2) for the compliance with a legal obligation, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; (3) for reasons of public interest in the area of public health; (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; (5) for the establishment, exercise or defense of legal claims;
- to obtain the limitation of the processing in the case of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their erasure; c) exercise of a right of the user in court; d) verification whether the legitimate grounds of the Data Controller override those of the data subject;
- if the processing is carried out by automatic means, to receive the personal data concerning you without hindrance and in a structured, commonly used and machine-readable format, in order to transmit them to another data controller or – if technically feasible – to obtain direct transmission by Casavo to another data controller;
- to object, in whole or in part, to the processing of personal data: a) for legitimate reasons, related to the particular situation of the user,; b) for the purpose of sending communication material, using automated calling systems without the intervention of an operator by e-mail and/or by traditional means by telephone and/or mail;
- to lodge a complaint with a supervisory authority (i.e. the Garante per la protezione dei dati personali).
Where necessary, in the above cases, the Data Controller will inform the recipients to whom the personal data of the user are communicated of the possible exercise of rights by the latter, except in specific cases (e.g. when this proves impossible or involves disproportionate efforts).
10. EXERCISE OF DATA SUBJECTS’ RIGHTS
The user may at any time exercise the rights set out in the above Section 9 (Data subjects’ rights):
- by sending a registered letter to the Data Controller’s address; and/or
- by sending an email to email@example.com