Menu

Politica di protezione dei dati personali

Last updated: 2024-09-17.

Definitions

For the purposes of this document, the following terms shall have the meanings set forth below. In particular, any grammatical form (e.g., singular, plural, possessive) of each of the following terms shall have a form-specific meaning corresponding to the defined term. All terms defined below are case-sensitive. The assigned meaning applies if the case of the characters in the term (uppercase or lowercase) exactly matches that of the defined term. For example, the meaning assigned to term that has first character in upper case not necessarily applies (may or may not apply depending on context) to same term with all characters in lower case, unless explicitly defined otherwise. A specific term may be defined either in this section or elsewhere in the document (an "inline definition"). Any terms not defined herein shall have the meaning assigned by applicable law, or if not legally defined, their meaning shall be inferred from the context within this document.

The term "Politica" or "Informativa sulla privacy"refers to this Politica di protezione dei dati personali including all updates, modifications, and amendments.

The term "Legge sulla protezione dei dati personali" refers collectively to various applicable national legislature on personal data protection, including EU General Data Protection Regulation ("GDPR"), European Directive 2002/58/EC (commonly known as the "e-Privacy Directive"), and the corresponding national legislation implementing or compatible with these EU regulations

The term "We" or "we" refers to Of Course Ltd, the legal entity that provides the Politica. We are incorporated in United Kingdom in accordance with its laws. We have a registered office at Suite A, 82 James Carter Road, Mildenhall, Suffolk, United Kingdom, IP28 7DE, United Kingdom and can be contacted using Contatti.

The term "You" or "you" refer to you, the natural person whose personal data is subject to this Politica.

The term "Piattaforma" refers to the website (hyperlink) operated by us, and any software used to deliver our products, services, and content.

Any of the terms "Servizio" or "Servizi" or "Prodotto" or "Prodotti" refers to respectively any or all of both product(s) and service(s) provided by us, particularly through the Piattaforma, including but not limited to online products, online services, and support.

The term "Contatti" refers to contacts section of the Piattaforma (hyperlink) that is to be used to contact us for any subject matter.

Politica

This Politica provides information about our implementation of appropriate technical and organisational measures of data protection policies to ensure and to be able to demonstrate that processing of your personal data is performed taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for your rights and freedoms, in accordance and in compliance with Legge sulla protezione dei dati personali. Those measures shall be reviewed and updated where necessary.

Controller of personal data

In the terms of the Legge sulla protezione dei dati personali and this Politica, we are the controller of personal data we process, which, alone or jointly with others, determines the purposes and means of the processing of personal data. You can contact us using Contatti.

Processing of anonymized data

In this Politica, the "anonymized data" and "anonymous data" refer to any data related to a natural person that cannot reasonably be used to identify that person. As such, anonymized data does not qualify as personal data under applicable Legge sulla protezione dei dati personali, and our processing of anonymized data is not subject to the requirements of Legge sulla protezione dei dati personali.

Unless legally required by law, the performance of a contract, or other legitimate reasons to process non-anonymous data (e.g., for business transactions, tax records, or other regulatory requirements), we prioritize processing anonymized data derived from personal data for business purposes (including, but not limited to, statistical analysis, service improvements, and contract execution) rather than processing personal data itself, in order to protect individuals' privacy.

To ensure that anonymized data cannot reasonably be used to identify the individuals to whom it relates, we implement reasonable measures to protect the anonymized data we process from re-identification, unauthorized access, disclosure, transfer to third parties, and mishandling, as follows:

  • No re-identification

    We commit not to attempt to re-identify the anonymized data we process. This means we will not take any action or use any method to re-link anonymized data to any individual.

  • No transfer to third parties

    We commit not to transfer control over the processing of anonymized data to any third parties unless mandated by legal obligations (e.g., in response to a lawful request by authorities). This ensures that the data remains within our control and cannot be combined with other data that could potentially lead to the re-identification of individuals using anonymized data. We may delegate the processing of anonymized data to third parties only under strict contractual terms that ensure anonymized data cannot reasonably be used to re-identify individuals. These terms include prohibitions on re-identification, prevention of unauthorized access and disclosure, and restrictions on further transfer of control over the processing by the delegate to third parties.

  • Prevention of disclosure

    Our contracts, including employment contracts, contain non-disclosure clauses that prohibit the disclosure of any information that becomes known to contractors in the course of executing their contracts, unless disclosure of specific information is explicitly permitted by contract or our consent.

    Personnel authorized to access anonymized data are bound by Non-Disclosure Agreements (NDAs) or equivalent agreements, preventing the unauthorized sharing of information.

  • Prevention of unauthorized access

    We are committed to protecting all data we process, whether anonymized or not, from unauthorized access through reasonable security measures such as data encryption and security reviews of data processing. We employ encryption techniques to secure anonymized data both in transit and at rest. See Preventing unauthorized access.

  • Best practices

    We ensure that our data handling practices align with best practices for anonymization and data protection.

Your rights

Since the anonymized data we process is not personal data, certain rights typically afforded under applicable Legge sulla protezione dei dati personali, such as the right to access, rectify, or erase your personal data, do not apply to anonymized data.

Website usage tracking

We track and record website usage by visitors in a manner that results in anonymized data.

Personal Data Protection Notice

To be transparent about processing of personal data and comply with applicable Legge sulla protezione dei dati personali, we provide Personal Data Protection Notice to inform individuals whose personal data we process about what personal data we collect and how we process it as well as their rights concerning their personal data.

Anti-fraud sharing of personal data

To help prevent fraud, we may share personal information of the payer with credit reference agencies when the payer instructs their credit card issuer to cancel a payment to us without providing a valid reason or giving us the opportunity to issue a refund.

Preventing unauthorized access

We implement reasonable measures to prevent unauthorized access to the personal data we process. Our security framework is designed to safeguard the confidentiality, integrity, and availability of personal data throughout its lifecycle and in compliance with applicable Legge sulla protezione dei dati personali.

  • Encryption and secure communication

    • All communications between your browser and the Piattaforma are encrypted using SSL/TLS protocols, ensuring that any data exchanged is secure and protected from interception by third parties.

    Personal data collected through the Piattaforma is encrypted both in transit and at rest using industry-standard encryption algorithms to prevent unauthorized access.

  • Restricted access and authentication

    • Access to our data processing systems and tools, including those used for tracking website usage, is strictly controlled and limited to authorized personnel only.

    Authorized personnel, such as employees and contractors, are required to authenticate through a secure sign-in process before accessing any system that contains personal data.

  • Employee and contractor non-disclosure obligations

    All employees, contractors, and any other personnel who have access to personal data are bound by strict non-disclosure clauses in their contracts. These non-disclosure clauses are designed to ensure that personal data remains confidential and is not disclosed to unauthorized individuals.

    Contractors, including messaging service providers and payment service providers, are required to implement appropriate security measures to prevent unauthorized access to our data, including any personal data they may process on our behalf, and/or personal data they receive from/provide to us.

  • Third-party transfers and data sharing

    • We do not transfer personal data to third parties unless it is strictly necessary and disclosed in this Politica. Any such transfer is governed by a contract that obliges the recipient to implement adequate security measures to protect personal data and to prevent unauthorized access.

    Where personal data is transferred to third-party service providers, such transfers are conducted in accordance with applicable Legge sulla protezione dei dati personali.

  • Continuous risk assessment and improvement

    • We are continuously re-assessing risks of unauthorized access to personal data and the effectiveness of our data protection measures. Our approach involves the permanent evaluation and development of secure systems, ensuring that our methods evolve alongside emerging threats and technological advancements. Through this ongoing process, we identify areas for improvement and work proactively to strengthen our security infrastructure.

Version

Last updated: 2024-09-17. Version string: 5v1.0.0AAAAAAC46wDQAADj__8YAIAB__8AAw.