PRIVACY NOTICE PURSUANT TO EU GDPR 2016/679
Welcome to our website. Please read our Privacy Policy carefully as it applies both if you access the website and simply browse its contents and if you use its advanced services. This notice is provided pursuant to the European Regulation on the Protection of Personal Data (General Data Protection Regulation, also GDPR) 2016/679, which provides for the protection of natural persons with regard to the processing of personal data. According to the indicated legislation, such processing will be based on principles of fairness, lawfulness, transparency, and the protection of your privacy and rights.
Data Controller
Bevagna – S.R.L. | Via soldato di leo 19 – 70014 – Conversano (BA) | Tax Code and VAT IT07170310721
Types of Data Collected
Among the Personal Data collected, independently or through third parties, there are: Cookies, Usage Data, email, various types of Data, phone number, country, city, province. Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed prior to the collection of the data.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of the portal.
If not otherwise specified, all Data requested are mandatory. If the User refuses to provide them, it may be impossible to provide the Service. In cases where the portal indicates some Data as optional, Users are free to refrain from communicating such Data without any consequences on the availability or operation of the Service.
Users who have doubts about which Data are mandatory are encouraged to contact the Controller.
The possible use of Cookies – or other tracking tools – by the portal or the owners of third-party services used by the portal, unless otherwise specified, is aimed at providing the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available. The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through the portal and guarantees that they have the right to communicate or disseminate them, freeing the Controller from any responsibility towards third parties.
Methods and Place of Processing the Collected Data
Methods of Processing
The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Controller, in some cases, the Data may be accessible to other subjects involved in the organization (administrative, commercial, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies, consultancy agencies) appointed, if necessary, as Data Processors by the Controller. The updated list of Processors can always be requested from the Data Controller.
Legal Basis of Processing
The Controller processes Personal Data relating to the User if one of the following conditions exists:
the User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be authorized to process Personal Data without the User’s consent or another legal basis specified below, until the User objects (“opts out”) to such processing. This, however, does not apply if the processing of Personal Data is regulated by European data protection legislation;
processing is necessary for the execution of a contract with the User and/or for pre-contractual measures;
processing is necessary for compliance with a legal obligation to which the Controller is subject;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
processing is necessary for the purposes of the legitimate interests pursued by the Controller or by third parties.
In any case, it is always possible to request the Controller to clarify the concrete legal basis of each processing operation and, in particular, to specify whether the processing is based on law, required by a contract, or necessary to conclude a contract.
Place
The Data are processed at the operational offices of the Controller and any other places where the parties involved in the processing are located. For further information, contact the Controller.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User can refer to the section detailing the processing of Personal Data. The User has the right to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or consisting of two or more countries, such as the UN, as well as about the security measures adopted by the Controller to protect the Data. If one of the transfers described above takes place, the User can refer to the respective sections of this document or request information from the Controller by contacting him at the contact details provided at the beginning.
Retention Period
The Data are processed and stored for the time required by the purposes for which they were collected. Therefore:
Personal Data collected for purposes related to the execution of a contract between the Controller and the User will be retained until the contract has been fully performed.
Personal Data collected for purposes attributable to the legitimate interest of the Controller will be retained until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When processing is based on the User’s consent, the Controller can retain the Personal Data longer until such consent is revoked. Furthermore, the Controller might be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period, Personal Data will be deleted. Therefore, at the expiration of this term, the right of access, deletion, rectification, and the right to data portability can no longer be exercised.
Purposes of Processing the Collected Data
The User’s Data are collected to allow the Controller to provide its Services, as well as for the following purposes: Statistics, Remarketing and behavioral targeting, Handling support and contact requests, Content performance and features testing (A/B testing), Contacting the User, Social features, Managing Users database, Tag management, Heat mapping and session recording, Hosting and backend infrastructure, Interaction with online survey platforms, Interaction with data collection platforms and other third parties, Infrastructure monitoring, and Managing contacts and sending messages. To obtain detailed information on the purposes of processing and on the Personal Data concretely relevant for each purpose, the User can refer to the respective sections of this document.
Details on the Processing of Personal Data
Personal Data are collected for the following purposes and using the following services:
Contacting the User
Social Features
Managing Contacts and Sending Messages
This type of service allows the management of a database of email, phone, or any other type of contacts to communicate with the User. These services may also allow the collection of data concerning the date and time of the viewing of messages by the User, as well as the User’s interaction with them, such as information on clicks on links included in messages.
