PRIVACY POLICY

Data Controller

Owner contact email: amministrazione@inmoviesfest.com

Types of data collected

Among the Personal Data collected by this Application, either independently or through third parties, there are: email; first name; surname; Tracking Tool; Usage data; telephone number; profession; province; state; nation; POSTAL CODE; sex; date of birth; city; address; business name; website; VAT number; fax number; various types of data; Fiscal Code; business sector; User ID; number of employees; username; password; Social Security number (SSN); image; prefix; profile picture; Place of work; budget; academic training; nickname on Twitter; billing address; House number; tongue.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application.
Unless otherwise specified, all data requested by this application are mandatory. If the User refuses to communicate them, it may be impossible for this Application to provide the Service. In cases where this Application indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or on its operation.
Users who have doubts about which data are mandatory are encouraged to contact the owner.
Any use of Cookies – or of other tracking tools – by this Application or by the owners of third party services used by this Application, unless otherwise specified, is intended to provide the Service requested by the User, in addition to further purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Application and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

Method and place of processing of the collected data

Processing methods

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects involved in the organization of this Application (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, postal couriers) may have access to the Data. hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.

Legal basis of the processing

The Owner processes Personal Data relating to the User if one of the following conditions exists:

the User has given consent for one or more specific purposes; Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User’s consent or another of the legal bases specified below, as long as the User does not object (“opt-out”) to such treatment. However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
the processing is necessary for the execution of a contract with the User and / or for the execution of pre-contractual measures;
the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
the processing is necessary for the performance of a task of public interest or for the exercise of public authority vested in the owner;
the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.

Place

The Data is processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located. For more information, please contact the Data Controller.
The User’s Personal Data may be transferred to a country other than that in which the User is find. To obtain further information on the place of processing, the User can refer to the section relating to the details on the processing of Personal Data.

The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or consisting of two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data.

The User can check if one of the transfers described above takes place by examining the section of this document relating to the details on the processing of Personal Data or request information from the Data Controller by contacting him at the opening details.

Retention period

The Data are processed and stored for the time required by the purposes for which they were collected.

Therefore:

Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of this contract is completed.
Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until this interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.

When the processing is based on the User’s consent, the Data Controller may keep the Personal Data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Purpose of processing the collected data

The User Data is collected to allow the Owner to provide the Service, comply with legal obligations, respond to requests or executive actions, protect their rights and interests (or those of Users or third parties), identify any malicious activities. or fraudulent, as well as for the following purposes: Contacting the User, Managing contacts and sending messages, Registration and authentication provided directly by this Application, Statistics, Displaying content from external platforms, Managing landing pages and invitation pages, Hosting and backend infrastructure, Interaction with data collection platforms and other third parties, Interaction with external social networks and platforms, Traffic optimization and distribution, SPAM protection and Registration and authentication.

To obtain detailed information on the purposes of the processing and on the Personal Data processed for each purpose, the User can refer to the “Details on the processing of Personal Data” section.

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

• Contact the user

Mailing list or newsletter (this Application)

By registering with the mailing list or newsletter, the User’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to this Application may be sent. The User’s email address could also be added to this list as a result of registering with this Application or after making a purchase.

Personal Data processed: CAP; city; surname; date of birth; Usage data; e-mail; address; nation; first name; telephone number; profession; province; business name; sex; website; state; Tracking Tool.

Category of personal information collected under the CCPA: identifiers; commercial information; biometric information; information on the Internet; information relating to the employment relationship.

Contact form (this Application)

By filling in the contact form with their data, the User consents to their use to respond to requests for information, quotes, or any other nature indicated by the form header.

Personal Data processed: CAP; city; Fiscal Code; surname; date of birth; e-mail; User ID; address; nation; first name; number of employees; fax number; telephone number; VAT number; profession; province; business name; sex; business sector; website; state; various types of data.

Category of personal information collected under the CCPA: identifiers; commercial information; biometric information; information on the Internet; information relating to employment relationship; indirect information.

• Manage contacts and send messages

This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User.
These services may also allow the collection of data relating to the date and time the messages are displayed by the User, as well as the User’s interaction with them, such as information on clicks on links inserted in messages.

Mailchimp (The Rocket Science Group LLC)

Mailchimp is an address management and email message sending service provided by The Rocket Science Group LLC.

Personal Data processed: surname; date of birth; Usage data; e-mail; address; nation; first name; telephone number; business name; sex; Tracking Tool; username; various types of data.

Place of processing: United States – Privacy Policy.

Category of personal information collected under the CCPA: identifiers; commercial information; biometric information; information on the Internet.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

• Management of landing pages and invitation pages

This type of service allows you to build and manage landing pages and invitation pages, that is, presentation pages of a product or service, which can allow you to enter your contact information, such as your email address.
The management of these pages involves the processing, by these services, of the Personal Data collected through these pages, including those of Usage Data.

Mailchimp Landing Page (The Rocket Science Group LLC)

Mailchimp Landing Page is a landing page management service provided by The Rocket Science Group LLC that allows this Application to collect email addresses of Users interested in its service.
Mailchimp Landing Page allows the Data Controller to track and analyze the response from the User, in terms of traffic or behavior, in relation to changes to the structure, text or any other component of the landing pages created.

Personal Data processed: surname; date of birth; Usage data; e-mail; address; nation; first name; telephone number; profession; business name; sex; Tracking Tool; username.

Place of processing: United States – Privacy Policy.

Category of personal information collected under the CCPA: identifiers; commercial information; biometric information; information on the Internet; information relating to the employment relationship.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

• Hosting and backend infrastructure

This type of service has the function of hosting data and files that allow this application to function, allow its distribution and provide a ready-to-use infrastructure to provide specific features of this application.

Some of the services listed below, if any, may work on geographically distributed servers, making it difficult to determine the actual location in which Personal Data is stored.

SiteGround Hosting (SiteGround Hosting Ltd.)

SiteGround Hosting is a hosting service provided by SiteGround Hosting Ltd.

Personal Data processed: Usage data; Tracking Tool; various types of data as specified in the privacy policy of the service.

Place of processing: United Kingdom – Privacy Policy.

Category of personal information collected under the CCPA: Internet information.

• Interaction with data collection platforms and other third parties

This type of service allows Users to interact with data collection platforms or other services directly from the pages of this Application in order to save and reuse data.
In the event that one of these services is installed, it is possible that, even if the Users do not use the service, it collects Usage Data relating to the pages in which it is installed.

Mailchimp Widget (The Rocket Science Group LLC)

The Mailchimp widget allows you to interact with the email address management and mailing service Mailchimp provided by The Rocket Science Group LLC.

Personal Data processed: surname; Data of use; e-mail; first name; telephone number; Tracking Tool.

Place of processing: United States – Privacy Policy.

Category of personal information collected under the CCPA: identifiers; information on the Internet.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

• Interaction with social networks and external platforms

This type of service allows interaction with social networks or other external platforms directly from the pages of this Application.
The interactions and information acquired by this Application are in any case subject to the User’s privacy settings relating to each social network.
This type of service may still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services to make sure that the data processed on this Application is not connected back to the User’s profile.

Like button and Facebook social widgets

The “Like” button and Facebook social widgets are interaction services with the Facebook social network, provided by Facebook, Inc. or by Facebook Ireland Ltd, depending on the location in which this Application is used,

Personal Data processed: Usage data; Tracking Tool.

Place of processing: United States – Privacy Policy;; Ireland – Privacy Policy.

Category of personal information collected under the CCPA: Internet information.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

Tweet button and Twitter social widgets (Twitter, Inc.)

The Tweet button and Twitter social widgets are interaction services with the Twitter social network, provided by Twitter, Inc.

Personal Data processed: Usage data; Tracking Tool.

Place of processing: United States – Privacy Policy.

Category of personal information collected under the CCPA: Internet information.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

• Traffic optimization and distribution

This type of service allows this Application to distribute its contents through servers located throughout the territory and to optimize its performance.
The Personal Data processed depend on the characteristics and methods of implementation of these services, which by their nature filter communications between this Application and the User’s browser.
Given the distributed nature of this system, it is difficult to determine the places where the content is transferred, which may contain the User’s Personal Data.

Cloudflare (Cloudflare Inc.)

Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc.
The methods of integration of Cloudflare provide that this filters all the traffic of this Application, that is the communications between this Application and the User’s browser, also allowing the collection of statistical data on it.

Personal Data processed: Tracking Tool; various types of data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Category of personal information collected under the CCPA: Internet information.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

• SPAM protection

This type of service analyzes the traffic of this Application, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages and contents recognized as SPAM.

Google reCAPTCHA

Google reCAPTCHA is a SPAM protection service provided by Google LLC or by Google Ireland Limited, depending on the location this Application is accessed from.
The use of the reCAPTCHA system is subject to the privacy policy and terms of use of Google.

Personal Data processed: Usage data; Tracking Tool.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Category of personal information collected under the CCPA: Internet information.

• Registration and authentication

By registering or authenticating, the User allows this Application to identify him and give him access to dedicated services.
Depending on what is indicated below, the registration and authentication services could be provided with the help of third parties. If this happens, this Application will be able to access some Data stored by the third party service used for registration or identification.
Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to learn more, please refer to the description of each service.

Mailchimp OAuth (The Rocket Science Group LLC)

Mailchimp OAuth is a registration and authentication service provided by The Rocket Science Group LLC and connected to the Mailchimp service.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Category of personal information collected under the CCPA: Internet information.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

• Registration and authentication provided directly by this Application

By registering or authenticating, the User allows this Application to identify him and give him access to dedicated services. Personal Data is collected and stored solely for registration or identification purposes. The data collected are only those necessary to provide the service requested by the user.

Direct registration (this Application)

The User registers by filling out the registration form and providing his Personal Data directly to this Application.

Personal Data processed: budget; POSTAL CODE; city; Fiscal Code; surname; date of birth; Usage data; e-mail; academic training; User ID; image; profile picture; address; billing address; tongue; nation; nickname on Twitter; first name; House number; number of employees; fax number; telephone number; VAT number; password; prefix; profession; province; business name; Place of work; sex; business sector; website; Social Security number (SSN); state; Tracking Tool; username; various types of data.

Category of personal information collected under the CCPA: identifiers; commercial information; biometric information; information on the Internet; sensor-based information; information relating to the employment relationship; indirect information.

• Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

WordPress Stat (Automattic Inc.)

WordPress Stats is a statistics service provided by Automattic Inc.

Personal Data processed: Usage data; Tracking Tool.

Place of processing: United States – Privacy Policy.

Category of personal information collected under the CCPA: Internet information.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

Google Analytics

Google Analytics is a web analytics service provided by Google LLC or by Google Ireland Limited, depending on the location in which this Application is accessed, (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize the advertisements of its own advertising network.

Personal Data processed: Usage data; Tracking Tool.

Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.

Category of personal information collected under the CCPA: Internet information.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt-out of the sale.

• Viewing content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
This type of service may still collect data on web traffic relating to the pages where the service is installed, even when users do not use it.

Google Fonts

Google Fonts is a font style visualization service managed by Google LLC or by Google Ireland Limited, depending on the location in which this application is used, which allows this application to integrate such content within its pages.

Personal Data processed: Usage data; various types of data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Category of personal information collected under the CCPA: Internet information.

This type of processing constitutes a “sale of data” (“sale”) within the meaning of the CCPA. In addition to the information contained in this clause, the User can consult the section describing the rights of Californian consumers, for information on how to opt out of the sale.

Further information on Personal Data

• Analysis of User Data and forecasts (“profiling”)

The Owner may process the usage data collected through this Application to create or update user profiles. This type of processing allows the Owner to evaluate the User’s choices, preferences and behavior for the purposes specified in the respective sections of this document.
User profiles can also be created thanks to automated tools, such as algorithms, which can also be offered by third parties. To obtain further information on the profiling activity, the User can refer to the respective sections of this document.
The User has the right to object to this profiling activity at any time. To find out more about the User’s rights and how to exercise them, the User can refer to the section of this document relating to the rights of Users.

• Iubenda cookies for the CCPA (usprivacy)

Iubenda’s CCPA Cookie (usprivacy) is installed by iubenda’s Cookie Solution and stores California consumer opt-out choices in the local domain.

• Preference cookies

Preference cookie stores the User’s preferences detected on this Application, such as their time zone and region, in the local domain.

• Cookie Solution by iubenda (Cookies for remote consent)

The iubenda cookie for remote consent (_iub_cs-X) is installed by the iubenda Cookie Solution and stores the user’s preferences relating to the tracking tools in the .iubenda.com domain.

• Cookie Solution by iubenda (Cookie for consent)

The iubenda Cookie for consent (_iub_cs-X) is installed by the iubenda Cookie Solution and stores the User’s preferences relating to the Tracking Tools in the local domain.

• Personal Data collected through sources other than the User

The Owner of this Application may have legitimately collected Personal Data relating to the User without his involvement, drawing on sources provided by third parties, in accordance with the legal bases described in the section on the legal bases of the processing.
If the Owner has collected Personal Data in this way, the User can find specific information about the sources in the respective sections of this document or by contacting the Owner.

• Rights of Registered California Users under the age of 18

The Californian law “Online Eraser”, which is part of the Californian Code of commerce and professions, in articles 22580-22582, requires the operators of certain websites and online services that are aimed at registered Users under the age of 18 and residents in California, to request the removal of content posted by the latter. If a registered User matches this description and publishes content on this Application, he or she may request the removal of such content by contacting the Owner or his data protection officer using the contact details provided in this document. In response to this request, the Owner can make the contents published by the registered User invisible to other registered Users and to the public (rather than deleting them completely), in which case the content may remain on the Controller’s servers. It may also be publicly available elsewhere if a third party has copied and re-published such content.

• User identification through universal unique identifier (UUID)

This Application can track Users by saving the so-called “universal unique identifier” (UUID) for statistical analysis purposes or to store User preferences. This identifier is generated with the installation of this Application, it is not deleted when the Application is closed or updated but is permanently removed only if the User decides to uninstall the Application from their device. If the application is reinstalled, a new UUID is generated.

• Unique identification of the device

This Application can track Users by saving a unique identification code of their device, for statistical purposes or to store Users’ preferences.

• Automated decision-making processes

When a decision that can produce legal effects for the User or can affect his person in a similarly significant way is made exclusively with technological tools and without human intervention, there is an automated decision-making process.
As part of the purposes described in this document, this Application may use the User’s Personal Data to make decisions based completely or partially on automated processes. This Application uses automated decision-making processes to the extent that it is necessary to conclude or execute a contract between the User and the Owner or, if required by law, with the consent given by the User.
Automated decisions depend on technological tools provided by the Owner or by third parties and are generally based on algorithms that meet predefined criteria. The rationale behind automated decision-making aims to:

• • enable or improve decision making;
  • guarantee Users fair and impartial treatment;
  • reduce the potential harm resulting from human error, personal bias or other similar circumstances that could lead to discrimination or imbalances in the treatment of individuals;
  • reduce the risk of the User breaching the obligations of a contract.

To obtain further information on the purposes, any third-party services and on the specific logic of the automated decision-making processes adopted by this Application, the User can refer to the respective sections of this document.

Effects of automated decision-making processes and rights of Users subject to them

Users subject to this type of processing may exercise specific rights aimed at preventing or limiting the potential effects of automated decision-making processes. In particular, Users have the right to:
receive an explanation of each decision taken as a result of an automated decision-making process and express an opinion in this regard;
contest the decision by asking the Owner to reconsider it or adopt a new decision on a different basis;
request and obtain human intervention in the treatment from the Data Controller.

To obtain further information on the rights of users and their exercise, the user can refer to the section of this document relating to the rights of users.

• sessionStorage

sessionStorage allows this Application to store and access data directly from the User’s browser. Data in sessionStorage is automatically deleted when the session ends (in other words when the browser tab is closed).

User rights

Users can exercise certain rights with reference to the Data processed by the Data Controller.

In particular, the User has the right to:

• withdraw consent at any time. The User can revoke the consent to the processing of their Personal Data previously expressed.
• oppose the processing of their data. The user can oppose the processing of their data when it occurs on a legal basis other than consent. Further details on the right to object are indicated in the section below.
• access their data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.
• verify and request rectification. The User can verify the correctness of their Data and request its updating or correction.
• obtain the limitation of the treatment. When certain conditions are met, the User can request the limitation of the processing of their Data. In this case the Data Controller will not process the Data for any other purpose other than their conservation.
• obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User can request the cancellation of their Data by the Owner.
• receive their data or have them transferred to another owner. The User has the right to receive his / her Data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to obtain its unhindered transfer to another owner. This provision is applicable when the Data is processed with automated tools and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures connected to it.
• propose a complaint. The User can lodge a complaint with the competent personal data protection supervisory authority or take legal action.

Details on the right to object

When Personal Data are processed in the public interest, in the exercise of public authority vested in the Owner or to pursue a legitimate interest of the Owner, Users have the right to object to the processing for reasons related to their particular situation.

Users are reminded that, if their data are processed for direct marketing purposes, they can oppose the processing without providing any reasons. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.

How to exercise your rights

To exercise the User’s rights, Users can direct a request to the contact details of the Owner indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

Cookie Policy

This Application uses Tracking Tools. To find out more, the User can consult the Cookie Policy.

Further information on the treatment

Defense in court

The User’s Personal Data may be used by the Owner in court or in the preparatory stages for its eventual establishment for the defense against abuse in the use of this Application or related Services by the User.
The User declares to be aware that the Owner may be obliged to disclose the Data by order of the public authorities.

Specific information

At the request of the User, in addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

System log and maintenance

For needs related to operation and maintenance, this Application and any third party services used by it may collect system logs, which are files that record the interactions and which may also contain Personal Data, such as the User IP address.

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Response to “Do Not Track” requests

This Application does not support “Do Not Track” requests.
To find out if any third-party services used support them, the User is invited to consult their respective privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, on this Application as well as, if technically and legally feasible, by sending a notification to Users through one of the extremes of contact he has. Please therefore consult this page frequently, referring to the date of the last modification indicated at the bottom.

If the changes concern treatments whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.

Information for Californian consumers

This part of the document integrates and completes the information contained in the rest of the privacy policy and is provided by the company that manages this Application and, where applicable, by its parent company and its subsidiaries and affiliates (for the purposes of this section collectively referred to as “we” , “Our” or “ours”).

The provisions contained in this section apply to all Users who are considered consumers resident in the state of California, United States of America, pursuant to the “California Consumer Privacy Act of 2018” (such Users are referred to below simply as “you “,” Your “,” you “or” yours “), and, for them, these provisions prevail over any other divergent or conflicting provision contained in this privacy policy.

This part of the document uses the term “personal information” as defined by the California Consumer Privacy Act (CCPA).

Categories of personal information collected, disclosed or sold

This section summarizes the categories of personal information that we have collected, communicated or “sold” pursuant to the CCPA and the related purposes of the processing. You can find detailed information on these activities in the section entitled “Details on the processing of Personal Data” in this document.

Information We Collect: The categories of personal information we collect

We have collected the following categories of personal information about you: identifiers, business information, biometric information, Internet information, sensor-based information, employment relationship information, and indirect information.

We will not collect additional categories of personal information without first communicating a new policy to you.

How we collect information: What are the sources of the personal information we collect?

We collect the above categories of personal information, directly or indirectly, from you when you use this Application.

For example, you provide us with your personal information directly when you submit requests through any form on this Application. Furthermore, you indirectly provide us with personal information when you browse this Application, as the personal information concerning you is automatically observed and collected. Finally, we may collect your personal information from third parties who work with us in connection with the provision of the Service or the operation of this Application and its features.

How we use the information collected: sharing and communicating your personal information with third parties for operational purposes.

We may disclose your personal information to third parties for operational and service purposes. In this case, we enter into a written contract with this third party which obliges the recipient of your personal information to keep this information confidential and not to use it for purposes other than those necessary for the execution of the contract.

We may also disclose your personal information to third parties when you ask us or authorize us to do so in order to provide you with our Service.

For more information on the purposes of the processing, please consult the relevant section of this document.

Sale of your personal information

For the purposes of this document, the term “sale” means “sell, transfer, release, make public, disclose, disseminate, make available, transfer or otherwise communicate orally, in writing or by electronic means, personal information of a consumer by a company to another company or to a third party, for consideration or for another type of profit “.

This means that, for example, a sale can take place whenever an application publishes advertisements, performs statistical analysis on its traffic or views or, simply, uses tools such as social network plug-ins and similar tools.

Your right to opt out of the sale of your personal information

You have the right to opt out of the sale of your personal information. This means that whenever you ask us not to sell your data, we will execute your request.
Such requests can be made freely, at any time, and without submitting any request subject to verification, simply by following the instructions below.

Instructions for opting out from the sale of personal information

If you wish to have further information or to exercise your right to opt-out in relation to all sales made by this Application, both online and offline, you can contact us using the contact details provided in this document.

What are the purposes for which we use your personal information?

We may use your personal information to allow the proper functioning of this Application and its functions (“operational purposes”). In such cases, your personal information will be processed in an appropriate and proportionate manner to the purposes for which it was originally collected and strictly within the limits of compatible purposes.

We may also use your personal information for other reasons, such as for commercial purposes (as indicated in the “Details on the processing of Personal Data” section in this document), as well as to comply with the law and defend our rights before the competent authorities when our rights or interests are threatened or when we suffer damage.

We will not use your personal information for any other, unrelated or incompatible purpose without first communicating a new policy to you.

Your California Privacy Rights and How to Exercise Them

Right to knowledge and portability

You have the right to know the following:

• the categories of personal information we collect about you and the sources of that information, the purposes for which we use your personal information and who we share it with;
• in the event of the sale or disclosure of personal information to third parties for operational purposes, we will provide you with two separate lists in which we will notify you:
  • for the sale, the categories of personal information communicated to each category of recipients;

• • for communication to third parties for operational purposes, the categories of personal information obtained from each category of recipients;

The above information will be limited to personal information collected or used in the past 12 months.

In the event that our response is provided electronically, the information contained therein will be “portable”, ie delivered in a compatible format so that you can transmit the information to other entities without hindrance – provided this is technically feasible.

Right to request the deletion of your personal information

You have the right to request the deletion of any of your personal information, subject to the exceptions provided by law (such as, by way of example and not limited to, in the event that the information is used to identify and repair errors on this Application, to detect incidents security, for the purpose of protection from fraudulent or illegal activities, to exercise certain rights, etc.).

If no exception provided by law applies, following the exercise of your right, we will delete your personal information and ask our suppliers to do the same.

How to exercise your rights

To exercise the rights described above, you must submit a verifiable request by contacting us using the contact details provided in this document.

In order to respond to your request, it is necessary for us to be able to identify you. For this you can exercise the above rights only by submitting a verifiable request which must:

• provide sufficient information to enable us to reasonably verify that you are the person to whom the personal information we have collected relates or an authorized representative;
• describe your request with a degree of detail that is sufficient to make us understand, evaluate and respond correctly to what you ask us.

We will not respond to any requests if we are unable to verify your identity and, therefore, to confirm that the information in our possession actually refers to you.

If you cannot personally submit a verifiable request, you can delegate a person registered with the California Secretary of State to do so on your behalf.

If you are an adult, you can make a verifiable request on behalf of whoever falls under your parental responsibility.

It is possible to submit a maximum number of 2 requests within 12 months.

How and in how long will we handle your request

Within 10 days we will confirm that we have received your request and provide you with information on how we will process it.

We will respond on the merits of the request within 45 days of receiving it. If we need more time, we will explain why and let you know how much time we need. In this regard, please note that it may take up to 90 days to fulfill your request.

Our communications will cover the period of the previous 12 months.

Should we deny your request, we will explain the reason for the denial.

We will not charge any fees to process or respond to your verifiable request unless it is manifestly unfounded or excessive. In such cases, we may apply a reasonable fee, or deny the request. In both cases, we will notify you of our decisions and explain the reasons.

Information for Users residing in Brazil

This part of the document integrates and completes the information contained in the rest of the privacy policy and is provided by the entity that manages this Application and, if applicable, by its parent company and its subsidiaries and affiliates (for the purposes of this section collectively referred to as “we “,” Our “or” ours “).
The provisions contained in this section apply to all Users who are resident in Brazil, pursuant to the “Lei Geral de Proteção de Dados ”(such Users are referred to below simply as“ you ”,“ your ”,“ you ”or“ yours ”). For such Users, these provisions prevail over any other divergent or conflicting provision contained in this privacy policy.
In this part of the document, the term “personal information” is used as defined by Lei Geral de Proteção de Dados (LGPD).

Legal basis under which we process your personal information

We only process your personal information if one of the legal bases for such processing exists. The legal bases are as follows:

• your consent to the processing activities in question;
• compliance with legal obligations that we are required to meet;
• the execution of rules dictated by laws or regulations or by contracts, agreements or other similar legal instruments;
• studies conducted by research organizations, preferably carried out on anonymised personal information;
• the execution of a contract and related pre-contractual obligations, if you are a party to that contract;
• the exercise of our rights in court, in administrative procedures or in arbitration;
• the defense or physical safety of you or a third party;
  health protection – in the context of procedures put in place by entities or health professionals;
• our legitimate interest, provided that your fundamental rights and freedoms do not override those interests;
• credit protection.

To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.

Categories of personal information processed

To find out which categories of personal information are processed, you can refer to the section “Details on the processing of Personal Data” in this document.

Why we process your personal information

To find out why we process your personal information, please refer to the sections “Details on the processing of Personal Data” and “Purpose of the Processing of Collected Data” in this document.

Your privacy rights in Brazil, how to submit a request and how it will be handled by us

Your privacy rights in Brazil

You have the right to:

• obtain confirmation of the existence of processing activities regarding your personal information;
• access your personal information;
• obtain the rectification of your incomplete, inaccurate or outdated personal information;
• obtain anonymization, blocking or deletion of unnecessary or excessive personal information, or information that is processed contrary to the provisions of the LGPD;
• obtain information regarding the possibility of giving or refusing your consent and the related consequences;
• obtain information about the third parties with whom we share your personal information;
• obtain, upon your explicit request, the portability of your personal information (with the exception of anonymised information) to other suppliers of products or services, provided that our trade and industrial secrets are safeguarded;
• obtain the deletion of personal information processed if the processing was carried out on the basis of your consent, unless one or more of the exceptions provided for in Article 16 LGPD are applicable;
• withdraw your consent at any time;
• submit a complaint regarding your personal information to the ANPD (National Data Protection Authority) or to a consumer protection body;
• oppose processing activities in cases where such processing is not carried out in accordance with the provisions of the law;
• request clear and adequate information regarding the criteria and procedures used in the context of automated decision-making processes;
• request the review of decisions that harm your interests, made exclusively on the basis of automated decision-making processes of your personal information. These include decisions to outline your personal, professional, consumer or creditor profile, or other aspects of your personality.

You will never be discriminated against, nor will you suffer in any way any treatment that is unfavorable to you, following the exercise of your rights.

How to submit a request

You can make an explicit request to exercise your rights free of charge, at any time, using the contact details in this document or through your legal representative.

How and in how long will we handle your request

We will do our best to respond to your request as soon as possible.
In any case, if it is impossible for us to do this, we will make sure to inform you of the factual reasons or legal obligations that prevent us from immediately satisfying or following up on your request. If your personal information is not processed by us, if we are able to do so, we will indicate the natural or legal person to whom to address your requests.

In the event that you decide to submit an access request or a request for confirmation of the existence of the processing of personal information, please make sure to specify whether you prefer to receive your personal information in electronic or paper format.
You will also need to let us know if you would like an immediate response, in which case you will receive a simplified response, or if you need complete information instead.
In the latter case, we will respond within 15 days from the moment of your request, providing you with all the information regarding the origin of your personal information, the confirmation or not of the existence of personal information concerning you, all the criteria used for the processing. and the purposes of such processing, while safeguarding our trade and industrial secrets.

In the event that you decide to submit a request for rectification, deletion, anonymization or blocking of your personal information, we will make sure to immediately inform the other parties with whom we have shared your personal information of your request so that they can in turn fulfill your request – except in cases where such communication is impossible or excessively burdensome for us.

Transfer of personal information outside of Brazil in cases permitted by law

We may transfer your personal information outside of Brazilian territory in the following cases:

• when the transfer is necessary for international legal cooperation between intelligence services, investigative and criminal procedure bodies, as required by the tools made available by international law;
• when the transfer is necessary to defend your life or physical safety or that of third parties;
• when the transfer is authorized by the ANPD;
• when the transfer derives from an obligation assumed in the context of an international cooperation agreement;
• when the transfer is necessary for the exercise of public order or for the performance of a public service;
• when the transfer is necessary for the fulfillment of a legal obligation, the execution of a contract and related pre-contractual obligations, or the normal exercise of rights in management, administration or arbitration.

Additional information regarding Users residing in Brazil

Transfer of personal information outside of Brazil based on your consent

We may transfer your personal information outside of Brazilian territory if you consent to such a transfer.
In requesting your consent to such a transfer, we will endeavor to provide you with all the information necessary to enable you to make an informed decision and to understand all the implications and consequences of giving or refusing your consent.
This information will be provided in clear and simple language and in such a way as to allow you to distinguish this type of request from any other type of consent request that we may possibly request.
You can withdraw your consent at any time.

Transfer of personal information outside of Brazil to countries that guarantee the same protection standards as the LGPD

We can transfer your personal information outside the Brazilian territory, if the recipient country or the international organization that receives the personal information guarantees an adequate level of protection of personal information as established by the ANPD.
The ANPD authorizes such transfers when it believes that the country possesses and provides personal information protection standards comparable to those dictated by the LGPD, taking into consideration the following:

• the general and sector regulations of the legislation in force in the recipient country or in the international organization;
• the nature of the personal information being transferred;
• compliance with the general principles of protection of personal information and individual rights dictated by the LGPD;
• the adoption of adequate security measures;
• the existence of judicial and institutional guarantees for the protection of rights relating to personal information;
• any other relevant circumstances relating to the transfer.

Definitions and legal references

Personal Data (or Data)

Any information that, directly or indirectly, also in connection with any other information, including a number, constitutes personal data of personal identification, makes a natural person identified or identifiable.

Usage Data

This is information collected automatically through this Application (including from third-party applications integrated into this Application), including: IP addresses or domain names of the computers used by the User who connects with this Application, addresses in URI notation ( Uniform Resource Identifier), the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the Application, with particular reference the sequence of the pages consulted, the parameters relating to the operating system and the IT environment of the User.

User

The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

Interested

The natural person to whom the Personal Data refers.

Data Processor (or Manager)

The natural person, legal person, public administration and any other body that processes personal data on behalf of the Data Controller, as set out in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of this Application. The Data Controller, unless otherwise specified, is the owner of this Application.

This Application

The hardware or software tool through which the Personal Data of Users are collected and processed.

Service

The service provided by this application as defined in the relative terms (if available) on this site / application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document is intended to be extended to all current member states of the European Union and the European Economic Area.

Cookies

Cookies are Tracking Tools that consist of small portions of data stored within the User’s browser.

Tracking Tool

By Tracking Tool we mean any technology – eg. Cookies, unique identifiers, web beacons, integrated scripts, e-tags and fingerprinting – which allow users to be tracked, for example by collecting or saving information on the User’s device.

Legal references

This privacy statement is drawn up on the basis of multiple legislative systems, including articles. 13 and 14 of Regulation (EU) 2016/679.

Unless otherwise specified, this privacy statement only concerns this Application.

Last modification: March 2, 2021

iubenda hosts this content and collects only the Personal Data strictly necessary for its provision.