Here is the literal translation of the provided document, maintaining the exact structure, wording, and details as in the original Italian text.
NOTICE TO NATURAL PERSONS PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL OF APRIL 27, 2016
The purpose of this document is to inform the data subject (hereinafter referred to as “Data Subject”) regarding the processing of their personal data (hereinafter referred to as “Personal Data”) collected by the Data Controller, SRC ECOM SCALING FZCO, with its registered office at Building A1, Digital Park, Dubai Silicon Oasis, Dubai, UAE, T.R.N. 104718163900001, email address src.ecomscaling@gmail.com, (hereinafter referred to as the “Controller”), through the website https://www.src-ecomscaling.com/ (hereinafter referred to as the “Application”).
Changes and updates will become binding as soon as they are published on the Application. If the Data Subject does not accept the changes to the Privacy Policy, they must cease using this Application and may request that the Controller delete their Personal Data.
Categories of Processed Personal Data
The Controller processes the following types of Personal Data provided voluntarily by the Data Subject:
• Contact data: Name, surname, address, email, phone number, images, authentication credentials, any additional information provided by the Data Subject, etc.
• Fiscal and payment data: Tax code, VAT number, credit card details, bank account details, etc.
• Employment relationship data: Data included in resumes, data relating to spouses or children, social security data, etc.
The Controller processes the following types of Personal Data collected automatically:
• Technical data: Personal Data generated by devices, applications, tools, and protocols used, such as device information, IP addresses, browser type, type of Internet Service Provider (ISP). Such Personal Data may leave traces that, especially when combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons.
• Browsing and usage data: Such as pages visited, number of clicks, actions performed, session durations, etc.
Failure by the Data Subject to provide Personal Data that is required by law, contract, or is necessary to conclude the contract with the Controller will make it impossible for the Controller to establish or continue the relationship with the Data Subject.
The Data Subject who communicates to the Controller Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.
Cookies and Similar Technologies
The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect the Data Subject’s Personal Data regarding pages, visited links, and other actions performed while using the Application. These are stored and transmitted on the next visit by the Data Subject.
The full Cookie Policy can be viewed at the following link: https://src-ecomscaling.com/cookie-policy/
Legal Basis and Purposes of Processing
The processing of Personal Data is necessary:
• For the performance of the contract with the Data Subject, specifically:
• Fulfillment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject.
• Registration and authentication of the Data Subject: To allow the Data Subject to register on the Application, access it, and be identified, including via external platforms.
• Support and contact with the Data Subject: To respond to the Data Subject’s requests.
• Payment management: To manage payments by credit card, bank transfer, or other methods.
• For compliance with a legal obligation, specifically:
• Fulfillment of any obligation provided by current laws, regulations, and norms, particularly in tax and fiscal matters.
• Based on the legitimate interest of the Controller, for:
• Email marketing purposes for products and/or services of the Controller: To directly sell products or services of the Controller using the email provided by the Data Subject in the context of the sale of a product or service similar to the one sold.
• Management, optimization, and monitoring of technical infrastructure: To identify and resolve technical issues, improve the Application’s performance, and manage and organize information in an IT system (e.g., servers, databases, etc.).
• Security and fraud prevention: To ensure the security of the Controller’s assets, infrastructure, and networks.
• Statistical purposes with anonymous data: To perform statistical analysis on aggregated and anonymous data, analyze the behaviors of the Data Subject, and improve the Controller’s products and/or services to better meet the Data Subject’s expectations.
• Based on the Data Subject’s consent, for:
• Profiling for marketing purposes: To provide the Data Subject with information about the Controller’s products and/or services through automated processing aimed at collecting personal information to predict or evaluate preferences or behaviors.
• Retargeting and remarketing: To reach the Data Subject with personalized advertising who has already visited or shown interest in the products and/or services offered by the Application using their Personal Data. The Data Subject may opt-out by visiting the Network Advertising Initiative page.
• Marketing of the Controller’s products and/or services: To send commercial or promotional information/materials, including newsletters, conduct direct sales activities for the Controller’s products and/or services, or conduct market research using automated and traditional methods.
• Marketing of third-party products and/or services: To send commercial or promotional information/materials for third parties, perform direct sales activities, or conduct market research for their products and/or services using automated and traditional methods.
• Communication of Personal Data for third-party marketing purposes: To communicate Personal Data to third parties operating in online marketing so they may send commercial or promotional information/materials, perform direct sales activities, or conduct market research for their products and/or services using automated and traditional methods.
Based on the legitimate interest of the Controller, the Application allows interactions with external platforms or social networks whose processing of Personal Data is governed by their respective privacy policies. These interactions and the information acquired by this Application are subject to the privacy settings chosen by the Data Subject on those platforms or social networks. In the absence of specific consent for further purposes, this information is used solely to allow the use of the Application and provide the requested information and services.
The Data Subject’s Personal Data may also be used by the Controller to defend itself in legal proceedings before competent courts.
Methods of Processing and Recipients of Personal Data
The processing of Personal Data is carried out using both paper-based and electronic tools, with organizational methods and logic strictly related to the purposes indicated, and through the adoption of appropriate security measures.
Personal Data is processed exclusively by:
• Persons authorized by the Controller to process Personal Data, who have committed to confidentiality or have an appropriate legal obligation of confidentiality.
• Entities acting independently as distinct Data Controllers or entities designated as Data Processors by the Controller, in order to perform all necessary processing activities to achieve the purposes of this privacy notice (e.g., business partners, consultants, IT companies, service providers, hosting providers).
• Entities or authorities to whom Personal Data must be communicated by legal obligation or order of competent authorities.
The above entities are required to use appropriate safeguards to protect the Personal Data and may only access the data necessary to perform their assigned tasks.
Personal Data will not be indiscriminately disseminated in any manner.
Location
If necessary, Personal Data may be transferred to entities located outside the European Economic Area (EEA). Whenever Personal Data is transferred outside the EEA, the Controller will adopt all appropriate and necessary contractual measures to ensure an adequate level of protection for the Personal Data. This includes, among other measures, agreements based on the Standard Contractual Clauses for the transfer of data outside the EEA, approved by the European Commission.
To request information about the specific safeguards adopted, the Data Subject may contact the Controller at the following email address: src.ecomscaling@gmail.com.
Retention Period of Personal Data
Personal Data will be retained for the period necessary to fulfill the purposes for which it was collected, specifically:
• For purposes related to the performance of the contract between the Controller and the Data Subject, Personal Data will be retained for the entire duration of the contractual relationship and, after termination, for the ordinary statute of limitations period of 10 years. In the case of legal disputes, for the entire duration of the dispute, until all terms for legal remedies are exhausted.
• For purposes related to the legitimate interest of the Controller, Personal Data will be retained until the completion of such interest.
• For compliance with legal obligations, orders from authorities, or defense in court, Personal Data will be retained in accordance with the timeframes provided by such obligations, regulations, and laws, and in any case, until the expiration of the statutory limitation period prescribed by applicable laws.
• For purposes based on the Data Subject’s consent, Personal Data will be retained until the consent is revoked. For marketing purposes, Personal Data will not be retained for more than 24 months.
At the end of the retention period, all Personal Data will be deleted or retained in a form that does not allow the identification of the Data Subject.
Rights of the Data Subject
Data Subjects may exercise certain rights concerning their Personal Data processed by the Controller. Specifically, the Data Subject has the right to:
• Be informed about the processing of their Personal Data.
• Withdraw consent at any time.
• Restrict processing of their Personal Data.
• Object to processing of their Personal Data.
• Access their Personal Data.
• Verify and request rectification of their Personal Data.
• Obtain the restriction of processing of their Personal Data.
• Obtain the deletion of their Personal Data.
• Transfer their Personal Data to another Controller (data portability).
• Lodge a complaint with the supervisory authority for the protection of their Personal Data and/or pursue judicial remedies.
To exercise their rights, Data Subjects may address a request to the following email: src.ecomscaling@gmail.com. Requests will be processed by the Controller immediately and fulfilled as soon as possible, in any case within 30 days.
Last Update: 16/11/2024
SRC ECOM SCALING FZCO 