This Privacy Policy is provided pursuant to Section. 13 of the European Regulation no. 679/2016 and applies exclusively to all Data collected through the Site www.notjustanalytics.com. This Privacy Policy is subject to updates which will be published punctually on the Site. This Privacy Policy and the Cookie Policy , establishes the basis on which the User's Personal Data will be processed.

1. Data Controller

The Controller of the Data collected by this Site is Hack S.r.l. Via Donatori di sangue n. 48, San Paolo (BS) Italian fiscal code/VAT ID: IT 04060600980 REA no. BS - 585461 email address: [email protected]

2. Methods of Processing Personal Data

The Personal Data provided or collected will be Processed in accordance with the principles of correctness, lawfulness, transparency and protection of confidentiality pursuant to the current legislation. The Controller processes the Users' Personal Data by taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. Processing is carried out by means of computer and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. Personal Data may be collected independently by the Data Controller or through third parties. Personal Data may include Cookies, Usage Data, email and name. They may include public Personal Data (e.g. first name, last name, profile picture, email) present in the User's Instagram account according to the terms of use and made public by the account holders. Personal Data may be provided voluntarily by the User when using the Site, when filling out the filling in the Contact Form, subscribing to the newsletter, communicating with the Controller by email, Messenger or telephone.

The optional, explicit and voluntary sending of electronic mail through the Contact Form or by means of the addresses indicated on this Site entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other Personal Data included in the email. Consent to the provision of Data by the User is necessary in order to be included in the Data Controller's databases and for the purposes of the establishment and proper performance of what the Controller offers to their Users, as well as to third parties for the fulfilment of the single activity requested. Failure to provide this information therefore prevents registration in the Data Controller's databases, the execution of any contracts, as well as the performance of such contracts and any other activities. Therefore, failure by the User to provide certain Personal Data may prevent this Site from providing its services. The User assumes responsibility for the Personal Data of third parties published or shared through this Site and guarantees that he/she has the right to communicate or disseminate them, releasing the Controller from any liability towards third parties. Specific summary statements will be progressively reported or displayed on the pages of the Site set up for particular services on request.

3. Communication and dissemination of Data

In addition to the Controller, in some cases, the Data can be accessed by:

a) categories of specially trained Processors involved in the organisation of the Site (administrative, commercial, marketing, legal staff, system administrators);

b) external parties (such as third party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Controller pursuant to Section 28 of GDPR. The updated list of Data Processors, if appointed, may always be requested from the Data Controller;

(c) public or private entities that may access the Data in compliance with legal obligations;

d) subjects who perform ancillary and instrumental tasks with respect to the Controller's activity;

e) Users of the Site who may view certain Data on their public profile either during the process of posting a product review;

f) external subjects such as partners in the organisation of initiatives and events promoted and/or sponsored by the Data Controller to whom the communication of the Data Proves to be necessary for organisational reasons.

4. Place of Processing

The Data are processed at the operational headquarters of the Data Controller. For further information, please contact the Data Controller.

5. Recipients of Data and Transfer of Data Abroad

The Data may be processed by natural persons and/or legal entities operating on behalf of the Data Controller and under specific contractual obligations and based in EU Member States. Personal Data will not be transferred to countries outside the EU.

The Data may be communicated to third parties in order to fulfil legal obligations, to comply with orders from public authorities or to exercise a right of the Controller before the judicial authorities. The management of databases and the processing of Data are related to the Purposes of the Processing and are carried out in accordance with applicable Data protection legislation.

6. Purposes of the processing of collected data

The User's Data are collected to enable the Site to provide its services, as well as for the following Purposes:

a) for purposes attributable to the legitimate interest of the Controller;

b) to fulfil the obligations arising from the contract concluded between the User and the Controller for the sale of packages on the Site and to provide the information requested by the User. This Processing is mandatory for the execution of the contract to which the User is a party, for the execution of pre-contractual measures or to comply with a legal obligation to which the Data Controller is subject;

c) to comply with any type of obligation contemplated and provided for by applicable laws, regulations, related rules and business practices, in particular, in taxation/tax matters. This Processing is mandatory to comply with a legal obligation to which the Data Controller is subject;

d) to follow up on specific requests made to the Controller by the User through the Site (Contact form, information request forms, emails) and for communications of an informative nature relating to the Controller's products, following requests for information by e-mail or by filling in the Contact form and other communication tools. This Processing is optional and based on the User's consent. However, failure to provide one or more pieces of Data will make it impossible to respond to the request for information and to use the services offered by the Controller;

e) for sending promotional and commercial information and offers via the newsletter service. This Processing is based on the consent freely expressed by the User;

f) for profiling activities for marketing purposes. This Processing is based on the consent freely expressed by the User;

g) to carry out statistical analysis in pseudonymised form in order to analyse the User's behaviour, habits and propensity to consume for the purpose of improving the products and services provided by the Controller as well as meeting the User's expectations.

7. Nature of the Data processed and consequences of refusal

The provision of browsing data by Users, for the above purposes, depends on the level of privacy that the User have enabled or disabled through their browser. In some cases, disabling it may affect the navigation of this Site. For certain modules of this Site, the provision of navigation Data and/or the use of technical cookies is mandatory for the proper functioning of the Site itself. The provision of certain Personal Data is in any case necessary for the very structure of the Site and its procedures.

8. Timing of the Processing

The Data are kept for the time necessary for the Processing of the same in relation to the performance of the service requested by the User, or required by the Purposes described in this document.

Specifically:

- Data collected for Purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied;

- Data collected pursuant to User Consent may be retained until such Consent is revoked;

- Data collected for fiscal/administrative or contractual obligations will be kept for the time necessary to fulfill the above purposes and in accordance with the law, for a period not exceeding that dictated by civil law and in any case for a period not exceeding 10 (ten) years.

- Data collected for marketing and profiling purposes will be kept for a period not exceeding 24 (twenty-four) months from the acquisition of consent;

The Data may be retained by the Controller for a longer period of time in compliance with legal obligations, by order of an authority or for legitimate interest.

The User can always ask for the interruption of the Processing or the cancellation of the Data.

9. Cookies

Questo Sito web utilizza i cookie. Cookies are small text files that can be used by websites to make the experience more efficient for the user and to personalize content and ads, provide social network functions and analyse traffic. Cookie Policy

10. Personal Data Processing Details

Data is collected using the following services:

Address management and email sending

These services allow the management of a database of email contacts, telephone contacts or contacts of any other type used to communicate with the User. These services may also allow you to collect data relating to the date and time of viewing of messages by the User, as well as the User's interaction with them, such as information on clicks on links in messages. The User can choose to unsubscribe from the mailing list at any time by clicking on a specific button in the emails. After clicking on the delete button the User Data will be deleted immediately from the “email marketing” software. This Site uses the service provided by Customerly Limited, Place of Processing: Ireland - Privacy Policy

Contact form

The User, by filling in the Contact Form with his/her Data, consents to their use to respond to requests for information, or any other purpose indicated in the header of the form. Personal Data collected: Email, Name and Surname.

Commenting on the contents of the Blog

Comment services allow Users to formulate and publish their comments on the content of the blog section. The email released by the User under Personal Data may be used to send notifications of comments on the same content. Users are responsible for the content of their comments.

The Site hosts a commenting service provided by Facebook Ireland Ltd which collects traffic data about the pages where the commenting service is installed. Place of processing: Ireland - Privacy Policy

11. Registration and authentication

With the registration and authentication service, the User allows the application to identify him/her and give him/her access to dedicated services. The registration and authentication services may also take place with the help of third parties. In this case, the application may access certain Data stored by the third-party service used for registration and identification.

Direct Registration

The user registers directly on the site by filling in the form and providing his data.

Facebook Connect (Facebook Ireland Ltd)

Facebook Connect is a service provided by Facebook Ireland Ltd which facilitates and integrates the connection of the website with the social network. Personal Data collected: various types specified in the Privacy Policy

12. Security measures taken

This Site, in order to secure the moment when you enter your Personal Data, has an SSL certificate and uses the HTTPS protocol. By the use of this protocol, the transactions and data that are transmitted on the websites take place with the utmost security and the content of the communication is not read or manipulated in any way by third parties.

13. Statistics

The services contained in this section only allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User's behaviour.

Google Analytics (Google Ireland Limited)

Google Analytics is an analysis service provided by Google Ireland Limited. Google will use the Personal Data collected for the purpose of evaluating your use of this Site, compiling reports on this and sharing them with other services provided by Google. Google may use Personal Data to contextualise and personalise ads on its advertising network. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The IP address anonymisation function is active on this site. The IP address transferred by your browser for the purpose of Google Analytics will not be merged with other data already held by Google.

The browser add-on for the deactivation of Google Analytics is made available by Google at the following link: https://tools.google.com/dlpage/gaoptout?hl=it. Data Personal data collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

Facebook pixel conversion monitoring (Facebook Ireland Ltd.)

The Facebook conversion monitoring (Facebook pixel) is a statistical service provided by Facebook. The Facebook pixel monitors the conversions that can be attributed to Facebook advertisements. Data Personal data collected: Cookies; Usage Data. Place of processing: Ireland - Privacy Policy

Hotjar (Hotjar Ltd.)

Hotjar is a statistics service provided by Hotjar Ltd. For more information and to deactivate Hotjar you can click on the following link https://www.hotjar.com/legal/compliance/opt-out. Personal data collected: Cookies, Usage Data. Place of processing: Malta - Privacy Policy

Customerly (Customerly Limited)

This Site uses the analysis service provided by Customerly Limited. Personal data collected: Cookies; Usage Data. Place of processing: Irlanda - Privacy Policy

14. Interaction with Social Networks

These services allow you to interact with social networks or other external platforms directly from the pages of this Site. Interactions and information acquired from this Site are in each case subject to the User's privacy settings for each social network. If a service for interaction with social networks is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages on which it is installed.

Facebook (Facebook Ireland Ltd.)

The Facebook buttons are services for interaction with the social network Facebook, provided by Facebook Ireland Ltd. Personal data collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

Instagram (Facebook Ireland Ltd.)

The Instagram buttons are services for interaction with the social network Instagram, provided by Facebook. Personal data collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

15. Remarketing and Retargeting

These services allow this Site to communicate, optimise and serve advertisements based on the User's past use of this Site. This activity is carried out by means of tracking of Usage Data and the use of Cookies.

Facebook Remarketing (Facebook Ireland Ltd)

Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, which links the activity of this website with the Facebook advertising network. This Site makes use of the Facebook Pixel tool in order to measure conversions. Thanks to the Facebook Pixel, you can understand what people do on the Site. The Data collected may be used for:

- make sure that advertisements are shown to the right people;

- create target audience groups;

- take advantage of the additional advertising tools of the platform on which you are advertising

The information collected is anonymous to the operators of this Site and cannot be used to identify an individual user. However, the information is saved and analysed by Facebook, which may link the action back to an individual profile and use this information for internal Facebook advertising purposes, as outlined in Facebook's privacy policy. This will enable Facebook to show advertisements both on Facebook and on third-party sites. The Site Owner has no control over how this data is used. For more information on how users can protect their privacy, see the Facebook Privacy Policy.

16. Payment management

Payment processing services enable this Site to process payments by credit card, bank transfer or other means. The data used for payment are acquired directly by the operator of the payment service requested and are not in any way processed by this Site. Some of these services may also allow for the scheduled sending of messages to the User, such as emails containing invoices or payment notifications.

Stripe (Stripe Payments Europe, Ltd)

Stripe is a payment service provided by Stripe Payments Europe, Ltd., which allows the User to make donations or payments online using their Stripe credentials. Personal data collected: Various types of Data as specified by the privacy policy of the service. Place of processing: Ireland - Privacy Policy

17. Further information on processing

If requested by the User, in addition to the information contained in this Privacy Policy, this Site may provide the User with additional and contextual Statements regarding specific services, or the collection and processing of Personal Data.

18. Information not contained in this Privacy Policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact information.

19. Exercise of data subject's rights

The Data Subject is entitled to exercise the rights provided for in Sections 7, 15-22 of European Regulation 679/2016. In particular, the Data Subject has the right to withdraw his/her consent at any time and, upon simple request to the Data Controller, may request access to his/her Personal Data, receive the Personal Data provided to the Data Controller and, where possible, transmit them to another Data Controller without hindrance (so-called portability), obtain the updating, limitation of the processing, rectification of the Data and the erasure of Data processed in breach of the applicable legislation. He/she has the right, for legitimate reasons, to object to the Processing of his/her Personal Data and to the Processing for the purpose of sending advertising materials, direct selling or carrying out market research. He/she also has the right to lodge a complaint with the Italian Data Protection Authority as the supervisory authority for the protection of Personal Data. The Data Subject may exercise his/her rights by contacting the Controller by email to the address: [email protected]

20. Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Therefore, please consult this page often page often, taking as reference the date of last modification indicated at the bottom. In the event of non-acceptance of the changes made to this Privacy Policy, the User must cease to use this Site and may request the Data Controller to remove his/her Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to be applied to the Personal Data collected up to that time.

The Controller is not responsible for updating all the links displayed in this Privacy Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they should always refer to the document and/or section of the websites referred to by such link.

Privacy Policy updated in January 2020.