1. Data Controller
The Controller of the Data collected by this Site is Hack S.r.l. Via Donatori di sangue n. 48, San Paolo (BS) Italian fiscal code/VAT ID: IT 04060600980 REA no. BS - 585461 email address: [email protected]
2. Methods of Processing Personal Data
The optional, explicit and voluntary sending of electronic mail through the Contact Form or by means of the addresses indicated on this Site entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other Personal Data included in the email. Consent to the provision of Data by the User is necessary in order to be included in the Data Controller's databases and for the purposes of the establishment and proper performance of what the Controller offers to their Users, as well as to third parties for the fulfilment of the single activity requested. Failure to provide this information therefore prevents registration in the Data Controller's databases, the execution of any contracts, as well as the performance of such contracts and any other activities. Therefore, failure by the User to provide certain Personal Data may prevent this Site from providing its services. The User assumes responsibility for the Personal Data of third parties published or shared through this Site and guarantees that he/she has the right to communicate or disseminate them, releasing the Controller from any liability towards third parties. Specific summary statements will be progressively reported or displayed on the pages of the Site set up for particular services on request.
3. Communication and dissemination of Data
In addition to the Controller, in some cases, the Data can be accessed by:
a) categories of specially trained Processors involved in the organisation of the Site (administrative, commercial, marketing, legal staff, system administrators);
b) external parties (such as third party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Controller pursuant to Section 28 of GDPR. The updated list of Data Processors, if appointed, may always be requested from the Data Controller;
(c) public or private entities that may access the Data in compliance with legal obligations;
d) subjects who perform ancillary and instrumental tasks with respect to the Controller's activity;
e) Users of the Site who may view certain Data on their public profile either during the process of posting a product review;
f) external subjects such as partners in the organisation of initiatives and events promoted and/or sponsored by the Data Controller to whom the communication of the Data Proves to be necessary for organisational reasons.
4. Place of Processing
The Data are processed at the operational headquarters of the Data Controller. For further information, please contact the Data Controller.
5. Recipients of Data and Transfer of Data Abroad
The Data may be processed by natural persons and/or legal entities operating on behalf of the Data Controller and under specific contractual obligations and based in EU Member States. Personal Data will not be transferred to countries outside the EU.
The Data may be communicated to third parties in order to fulfil legal obligations, to comply with orders from public authorities or to exercise a right of the Controller before the judicial authorities. The management of databases and the processing of Data are related to the Purposes of the Processing and are carried out in accordance with applicable Data protection legislation.
6. Purposes of the processing of collected data
The User's Data are collected to enable the Site to provide its services, as well as for the following Purposes:
a) for purposes attributable to the legitimate interest of the Controller;
b) to fulfil the obligations arising from the contract concluded between the User and the Controller for the sale of packages on the Site and to provide the information requested by the User. This Processing is mandatory for the execution of the contract to which the User is a party, for the execution of pre-contractual measures or to comply with a legal obligation to which the Data Controller is subject;
c) to comply with any type of obligation contemplated and provided for by applicable laws, regulations, related rules and business practices, in particular, in taxation/tax matters. This Processing is mandatory to comply with a legal obligation to which the Data Controller is subject;
d) to follow up on specific requests made to the Controller by the User through the Site (Contact form, information request forms, emails) and for communications of an informative nature relating to the Controller's products, following requests for information by e-mail or by filling in the Contact form and other communication tools. This Processing is optional and based on the User's consent. However, failure to provide one or more pieces of Data will make it impossible to respond to the request for information and to use the services offered by the Controller;
e) for sending promotional and commercial information and offers via the newsletter service. This Processing is based on the consent freely expressed by the User;
f) for profiling activities for marketing purposes. This Processing is based on the consent freely expressed by the User;
g) to carry out statistical analysis in pseudonymised form in order to analyse the User's behaviour, habits and propensity to consume for the purpose of improving the products and services provided by the Controller as well as meeting the User's expectations.
7. Nature of the Data processed and consequences of refusal
The provision of browsing data by Users, for the above purposes, depends on the level of privacy that the User have enabled or disabled through their browser. In some cases, disabling it may affect the navigation of this Site. For certain modules of this Site, the provision of navigation Data and/or the use of technical cookies is mandatory for the proper functioning of the Site itself. The provision of certain Personal Data is in any case necessary for the very structure of the Site and its procedures.
8. Timing of the Processing
The Data are kept for the time necessary for the Processing of the same in relation to the performance of the service requested by the User, or required by the Purposes described in this document.
- Data collected for Purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied;
- Data collected pursuant to User Consent may be retained until such Consent is revoked;
- Data collected for fiscal/administrative or contractual obligations will be kept for the time necessary to fulfill the above purposes and in accordance with the law, for a period not exceeding that dictated by civil law and in any case for a period not exceeding 10 (ten) years.
- Data collected for marketing and profiling purposes will be kept for a period not exceeding 24 (twenty-four) months from the acquisition of consent;
The Data may be retained by the Controller for a longer period of time in compliance with legal obligations, by order of an authority or for legitimate interest.
The User can always ask for the interruption of the Processing or the cancellation of the Data.
10. Personal Data Processing Details
Data is collected using the following services:
Address management and email sending
The User, by filling in the Contact Form with his/her Data, consents to their use to respond to requests for information, or any other purpose indicated in the header of the form. Personal Data collected: Email, Name and Surname.
Commenting on the contents of the Blog
Comment services allow Users to formulate and publish their comments on the content of the blog section. The email released by the User under Personal Data may be used to send notifications of comments on the same content. Users are responsible for the content of their comments.
11. Registration and authentication
With the registration and authentication service, the User allows the application to identify him/her and give him/her access to dedicated services. The registration and authentication services may also take place with the help of third parties. In this case, the application may access certain Data stored by the third-party service used for registration and identification.
The user registers directly on the site by filling in the form and providing his data.
Facebook Connect (Facebook Ireland Ltd)
12. Security measures taken
This Site, in order to secure the moment when you enter your Personal Data, has an SSL certificate and uses the HTTPS protocol. By the use of this protocol, the transactions and data that are transmitted on the websites take place with the utmost security and the content of the communication is not read or manipulated in any way by third parties.
The services contained in this section only allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User's behaviour.
Google Analytics (Google Ireland Limited)
Google Analytics is an analysis service provided by Google Ireland Limited. Google will use the Personal Data collected for the purpose of evaluating your use of this Site, compiling reports on this and sharing them with other services provided by Google. Google may use Personal Data to contextualise and personalise ads on its advertising network. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The IP address anonymisation function is active on this site. The IP address transferred by your browser for the purpose of Google Analytics will not be merged with other data already held by Google.
Facebook pixel conversion monitoring (Facebook Ireland Ltd.)
Hotjar (Hotjar Ltd.)
Customerly (Customerly Limited)
14. Interaction with Social Networks
These services allow you to interact with social networks or other external platforms directly from the pages of this Site. Interactions and information acquired from this Site are in each case subject to the User's privacy settings for each social network. If a service for interaction with social networks is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages on which it is installed.
Facebook (Facebook Ireland Ltd.)
Instagram (Facebook Ireland Ltd.)
15. Remarketing and Retargeting
Facebook Remarketing (Facebook Ireland Ltd)
Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, which links the activity of this website with the Facebook advertising network. This Site makes use of the Facebook Pixel tool in order to measure conversions. Thanks to the Facebook Pixel, you can understand what people do on the Site. The Data collected may be used for:
- make sure that advertisements are shown to the right people;
- create target audience groups;
- take advantage of the additional advertising tools of the platform on which you are advertising
16. Payment management
Payment processing services enable this Site to process payments by credit card, bank transfer or other means. The data used for payment are acquired directly by the operator of the payment service requested and are not in any way processed by this Site. Some of these services may also allow for the scheduled sending of messages to the User, such as emails containing invoices or payment notifications.
Stripe (Stripe Payments Europe, Ltd)
17. Further information on processing
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact information.
19. Exercise of data subject's rights
The Data Subject is entitled to exercise the rights provided for in Sections 7, 15-22 of European Regulation 679/2016. In particular, the Data Subject has the right to withdraw his/her consent at any time and, upon simple request to the Data Controller, may request access to his/her Personal Data, receive the Personal Data provided to the Data Controller and, where possible, transmit them to another Data Controller without hindrance (so-called portability), obtain the updating, limitation of the processing, rectification of the Data and the erasure of Data processed in breach of the applicable legislation. He/she has the right, for legitimate reasons, to object to the Processing of his/her Personal Data and to the Processing for the purpose of sending advertising materials, direct selling or carrying out market research. He/she also has the right to lodge a complaint with the Italian Data Protection Authority as the supervisory authority for the protection of Personal Data. The Data Subject may exercise his/her rights by contacting the Controller by email to the address: [email protected]