INFORMATIVA SULLA PRIVACY

Benvenuti su Avvera Interiors. La tutela della vostra privacy è per noi di fondamentale importanza. La presente Informativa sulla privacy illustra le modalità con cui Avvera Interiors (“noi”, “ci” o “nostro”) raccoglie, utilizza e protegge i vostri dati quando interagite con il nostro sito web all’indirizzo www.avvera-interiors.com (“sito web”).

Informazioni

With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as "data") we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Last Update: 10. December 2024

Responsabilità

AVVERA INTERIORS
Isabella Klabacher, MA

Via Ennio 12
20137 Milano, Italia

Rappresentanti autorizzati: Isabella Klabacher, MA

Indirizzo e-mail: info@avvera-interiors.com
Telefono: +39 3494068104

Basi giuridiche pertinenti

Basi giuridiche pertinenti ai sensi del GDPR: di seguito è riportata una panoramica delle basi giuridiche del GDPR su cui fondiamo il trattamento dei dati personali. Si prega di notare che, oltre alle disposizioni del GDPR, potrebbero essere applicabili le norme nazionali in materia di protezione dei dati del vostro o del nostro paese di residenza o domicilio. Qualora, inoltre, in singoli casi fossero applicabili basi giuridiche più specifiche, ve ne informeremo nell'informativa sulla privacy.

Consenso (articolo 6, paragrafo 1, lettera a) del GDPR) - L'interessato ha prestato il proprio consenso al trattamento dei propri dati personali per una o più finalità specifiche.
Esecuzione di un contratto e richieste preliminari (articolo 6, paragrafo 1, lettera b) del GDPR) - Esecuzione di un contratto di cui l'interessato è parte o per l'adozione di misure su richiesta dell'interessato prima della conclusione di un contratto.
Adempimento di un obbligo legale (articolo 6, paragrafo 1, lettera c) del GDPR) – Il trattamento è necessario per l'adempimento di un obbligo legale a cui è soggetto il titolare del trattamento.
Interessi legittimi (articolo 6, paragrafo 1, lettera f) del GDPR) - il trattamento è necessario per la tutela degli interessi legittimi del titolare del trattamento o di terzi, a condizione che non prevalgano gli interessi, i diritti fondamentali e le libertà dell'interessato che richiedono la protezione dei dati personali.

Base giuridica applicabile ai sensi della legge svizzera sulla protezione dei dati:

Se l'utente risiede in Svizzera, trattiamo i suoi dati in base alla legge federale sulla protezione dei dati (di seguito denominata «LPD»). A differenza del GDPR, ad esempio, la LPD non richiede in generale che venga indicata una base giuridica per il trattamento dei dati personali e che il trattamento dei dati personali sia effettuato in buona fede, in modo lecito e proporzionato (art. 6 cpv. 1 e 2 della LPD). Inoltre, raccogliamo i dati personali solo per una finalità specifica e riconoscibile dall'interessato e li trattiamo esclusivamente in modo compatibile con tale finalità (art. 6, cpv. 3, della LPD).

Riferimento all'applicabilità del GDPR e della legge federale svizzera sulla protezione dei dati:

La presente informativa sulla privacy ha lo scopo di fornire informazioni sia ai sensi della legge federale svizzera sulla protezione dei dati (LPD) sia ai sensi del Regolamento generale sulla protezione dei dati (GDPR). Per questo motivo, vi preghiamo di tenere presente che, in ragione della più ampia portata territoriale e della maggiore comprensibilità, vengono utilizzati i termini previsti dal GDPR. In particolare, al posto dei termini utilizzati nella LPD svizzera, quali «trattamento» dei «dati personali», «interesse prevalente» e «dati personali particolarmente sensibili», vengono utilizzati i termini previsti dal GDPR, ovvero «trattamento» dei «dati personali», nonché «interesse legittimo» e «categorie particolari di dati». Tuttavia, il significato giuridico di questi termini continuerà a essere determinato in base alla LPD svizzera nell’ambito del suo campo di applicazione.

Precauzioni di sicurezza

Adottiamo misure tecniche e organizzative adeguate, in conformità con i requisiti di legge, tenendo conto dello stato dell'arte, dei costi di attuazione, della natura, dell'ambito di applicazione, del contesto e delle finalità del trattamento, nonché del rischio, in termini di probabilità e gravità, per i diritti e le libertà delle persone fisiche, al fine di garantire un livello di sicurezza adeguato al rischio.

Le misure comprendono, in particolare, la tutela della riservatezza, dell'integrità e della disponibilità dei dati attraverso il controllo dell'accesso fisico ed elettronico agli stessi, nonché l'accesso, l'inserimento, la trasmissione, la protezione e la separazione dei dati. Inoltre, abbiamo definito procedure volte a garantire il rispetto dei diritti degli interessati, la cancellazione dei dati e la nostra capacità di reagire tempestivamente alle minacce alla sicurezza dei dati. Inoltre, teniamo conto della protezione dei dati personali sin dalle prime fasi di sviluppo o selezione di hardware, software e fornitori di servizi, in conformità con i principi di «privacy by design» e «privacy by default».

Mascheramento dell'indirizzo IP: qualora gli indirizzi IP vengano trattati da noi o dai fornitori di servizi e dalle tecnologie da noi utilizzate e il trattamento dell'indirizzo IP completo non sia necessario, l'indirizzo IP viene abbreviato (operazione nota anche come «mascheramento dell'IP»). In questo processo, le ultime due cifre o l'ultima parte dell'indirizzo IP dopo un punto vengono rimosse o sostituite da caratteri jolly. L'occultamento dell'indirizzo IP ha lo scopo di impedire l'identificazione di una persona tramite il suo indirizzo IP o di rendere tale identificazione significativamente più difficile.

Protezione delle connessioni online tramite la tecnologia di crittografia TLS/SSL (HTTPS): per proteggere dall'accesso non autorizzato i dati degli utenti trasmessi tramite i nostri servizi online, utilizziamo la tecnologia di crittografia TLS/SSL. Secure Sockets Layer (SSL) e Transport Layer Security (TLS) sono i pilastri della trasmissione sicura dei dati su Internet. Queste tecnologie crittografano le informazioni trasferite tra il sito web o l'app e il browser dell'utente (o tra due server), salvaguardando così i dati da accessi non autorizzati. TLS, in quanto versione più avanzata e sicura di SSL, garantisce che tutte le trasmissioni di dati siano conformi ai più elevati standard di sicurezza. Quando un sito web è protetto con un certificato SSL/TLS, ciò è indicato dalla visualizzazione di HTTPS nell'URL. Questo serve da indicatore per gli utenti che i loro dati vengono trasmessi in modo sicuro e crittografato.

Trasmissione dei dati personali

Nel corso del trattamento dei dati personali, può accadere che tali dati vengano trasmessi o comunicati ad altri soggetti, società, unità organizzative giuridicamente indipendenti o persone fisiche. Tra i destinatari di tali dati possono figurare fornitori di servizi incaricati di svolgere mansioni informatiche o fornitori di servizi e contenuti integrati in un sito web. In tali casi, rispettiamo i requisiti di legge e, in particolare, stipuliamo con i destinatari dei dati contratti o accordi mirati a proteggere i dati dell’utente.

Trasmissione dei dati all'interno del gruppo di società: Trasferimento dei dati all'interno del gruppo aziendale: potremmo trasferire dati personali ad altre società all'interno del nostro gruppo aziendale o concedere loro l'accesso agli stessi. Questa condivisione dei dati si basa sui nostri legittimi interessi commerciali ed economici. Con ciò intendiamo, ad esempio, il miglioramento dei processi aziendali, la garanzia di una comunicazione interna efficiente ed efficace, l'utilizzo ottimale delle nostre risorse umane e tecnologiche, nonché la capacità di prendere decisioni aziendali informate. In determinati casi, la condivisione dei dati può anche essere necessaria per adempiere ai nostri obblighi contrattuali o può basarsi sul consenso degli interessati o su un'autorizzazione legale.

Trasferimento dei dati all'interno dell'organizzazione: potremmo trasferire i dati personali ad altri reparti o unità all'interno della nostra organizzazione oppure consentire loro l'accesso a tali dati. Qualora i dati vengano condivisi per finalità amministrative, ciò avviene sulla base dei nostri legittimi interessi commerciali ed economici oppure qualora sia necessario per adempiere ai nostri obblighi contrattuali, oppure ancora qualora gli interessati abbiano prestato il proprio consenso o sussista un'autorizzazione legale.

Trasferimenti internazionali di dati

Trattamento dei dati in paesi terzi: qualora trattiamo dati in un paese terzo (ovvero al di fuori dell’Unione Europea (UE) o dello Spazio Economico Europeo (SEE)), oppure qualora il trattamento avvenga nell’ambito dell’utilizzo di servizi di terzi o della comunicazione o del trasferimento di dati ad altre persone fisiche, entità o società, ciò avviene esclusivamente in conformità con i requisiti di legge. Se il livello di protezione dei dati nel paese terzo è stato riconosciuto da una decisione di adeguatezza (articolo 45 del GDPR), ciò costituisce la base per il trasferimento dei dati. In caso contrario, i trasferimenti di dati avvengono solo se il livello di protezione dei dati è altrimenti garantito, in particolare attraverso clausole contrattuali standard (articolo 46, paragrafo 2, lettera c) del GDPR), consenso esplicito o in caso di trasferimenti contrattuali o richiesti dalla legge (articolo 49, paragrafo 1 del GDPR). Inoltre, vi forniamo le basi dei trasferimenti verso paesi terzi da singoli fornitori di paesi terzi, con le decisioni di adeguatezza che fungono principalmente da fondamento. "Le informazioni relative ai trasferimenti verso paesi terzi e alle decisioni di adeguatezza esistenti possono essere ottenute dalle informazioni fornite dalla Commissione UE: https://commission.europa.eu/law/law-topic/data-protection/international-dimension -data-protection_en. Nel contesto del cosiddetto “Data Privacy Framework” (DPF), la Commissione UE ha inoltre riconosciuto il livello di protezione dei dati di alcune aziende statunitensi come sicuro nell'ambito della decisione di adeguatezza del 10 luglio 2023. L'elenco delle aziende certificate e ulteriori informazioni sul DPF sono disponibili sul sito web del Dipartimento del Commercio degli Stati Uniti all'indirizzo https://www.dataprivacyframework.gov/s/. Vi comunicheremo quali dei nostri fornitori di servizi sono certificati ai sensi del Data Privacy Framework nell'ambito delle nostre informative sulla protezione dei dati.

Trasferimento di dati personali all'estero: in conformità con la Legge federale sulla protezione dei dati (LPD), trasferiamo dati personali all'estero solo qualora sia garantito un livello adeguato di protezione per le persone interessate (art. 16 LPD). Se il Consiglio federale non stabilisce che esiste un livello di protezione adeguato (elenco degli Stati: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), adottiamo misure di sicurezza alternative. Tali misure possono includere accordi internazionali, garanzie specifiche, clausole di protezione dei dati nei contratti, clausole standard di protezione dei dati approvate dall’Incaricato federale della protezione dei dati e dell’informazione (IFPDI) o regolamenti interni aziendali sulla protezione dei dati precedentemente riconosciuti dall’IFPDI o da un’autorità competente in materia di protezione dei dati di un altro Paese. Ai sensi dell'art. 16 della DSG svizzera, è possibile fare delle eccezioni per la divulgazione di dati all'estero se vengono soddisfatte determinate condizioni, tra cui il consenso della persona interessata, l'esecuzione del contratto, l'interesse pubblico, la protezione della vita o dell'integrità fisica, i dati resi pubblici o i dati provenienti da un registro previsto dalla legge. Tali divulgazioni sono sempre conformi ai requisiti di legge. Nell'ambito del cosiddetto “Data Privacy Framework” (DPF), la Svizzera ha riconosciuto il livello di protezione dei dati di alcune aziende statunitensi come adeguato ai sensi della decisione di adeguatezza del 7 giugno 2024. È possibile consultare l'elenco delle

aziende certificate e ulteriori informazioni sul DPF sul sito web del

Dipartimento del Commercio degli Stati Uniti all'indirizzo https://www.dataprivacyframework.gov/ (in inglese). Nella nostra informativa sulla privacy vi comunichiamo quali dei nostri fornitori di servizi sono certificati nell'ambito del Data Privacy Framework.

Informazioni generali sulla conservazione e la cancellazione dei dati

Cancelliamo i dati personali che trattiamo in conformità alle disposizioni di legge non appena vengono revocati i consensi su cui si basa il trattamento o non sussistono più fondamenti giuridici per il trattamento. Ciò vale nei casi in cui lo scopo originario del trattamento non sia più applicabile o i dati non siano più necessari. Esistono eccezioni a questa regola qualora obblighi di legge o interessi particolari richiedano una conservazione o un'archiviazione più lunga dei dati.

In particolare, i dati che devono essere conservati per motivi di diritto commerciale o fiscale, o la cui conservazione è necessaria per l'azione legale o la tutela dei diritti di altre persone fisiche o giuridiche, devono essere archiviati di conseguenza.

Le nostre informative sulla privacy contengono ulteriori informazioni sulla conservazione e la cancellazione dei dati specificamente applicabili a determinati processi di trattamento.

Nei casi in cui siano specificati più periodi di conservazione o scadenze di cancellazione per una data, prevale sempre il periodo più lungo.

Se un periodo non ha inizio espressamente in una data specifica e dura almeno un anno, esso decorre automaticamente alla fine dell'anno solare in cui si è verificato l'evento che lo ha determinato. Nel caso di rapporti contrattuali in corso nell'ambito dei quali vengono conservati i dati, l'evento che determina la scadenza è il momento in cui la risoluzione o altra cessazione del rapporto giuridico ha effetto.

I dati che non vengono più conservati per lo scopo originariamente previsto, ma che vengono trattati in virtù di obblighi di legge o per altri motivi, vengono trattati esclusivamente per i motivi che ne giustificano la conservazione.

Ulteriori informazioni sulle modalità di trattamento, sulle procedure e sui servizi utilizzati:

Conservazione e cancellazione dei dati: ai sensi della normativa tedesca, per la conservazione e l'archiviazione si applicano i seguenti termini generali:
- 10 anni - Codice fiscale/Codice commerciale - Periodo di conservazione per libri e registri, bilanci annuali, inventari, relazioni sulla gestione, bilancio di apertura, nonché le necessarie istruzioni di lavoro e altri documenti organizzativi, ricevute contabili e fatture (Sezione 147, paragrafo 3 in combinato disposto con il paragrafo 1, n. 1, 4 e 4a del Codice fiscale generale tedesco (AO), § 14b comma 1 della Legge tedesca sull'IVA (UStG), § 257 comma 1 nn. 1 e 4, comma 4 del Codice commerciale tedesco (HGB)).
- 6 anni - Altri documenti aziendali: lettere commerciali o d'affari ricevute, copie di lettere commerciali o d'affari inviate e altri documenti nella misura in cui siano rilevanti ai fini fiscali, ad esempio buste paga orarie, fogli di contabilità operativa, documenti di calcolo, cartellini dei prezzi, nonché documenti di contabilità salariale, a condizione che non si tratti già di documenti contabili e scontrini fiscali (art. 147, comma 3, in combinato disposto con il comma 1, n. 2, 3, 5 del Codice Fiscale Generale tedesco (AO), Sezione 257, paragrafo 1, n. 2 e 3, paragrafo 4 del Codice Commerciale tedesco (HGB)).
- 3 anni - I dati necessari per valutare potenziali richieste di garanzia e risarcimento o simili pretese e diritti contrattuali, nonché per elaborare le relative richieste, sulla base di precedenti esperienze commerciali e prassi comuni del settore, saranno conservati per la durata del regolare termine di prescrizione legale di tre anni. Tale periodo decorre dalla fine dell'anno in cui ha avuto luogo la transazione contrattuale in questione o in cui il rapporto contrattuale è cessato nel caso di contratti continuativi (artt. 195, 199 del Codice civile tedesco).
Conservazione e cancellazione dei dati: ai sensi del diritto svizzero si applicano i seguenti termini generali di conservazione e archiviazione:
- 10 anni – Termine di conservazione per libri e registri, conti annuali, inventari, relazioni di gestione, bilanci di apertura, documenti contabili e fatture, nonché per tutte le istruzioni operative necessarie e gli altri documenti organizzativi (articolo 958f del Codice delle obbligazioni (CO)).
- 10 anni - I dati necessari per valutare eventuali richieste di risarcimento danni o pretese contrattuali simili, nonché per l'elaborazione delle relative richieste sulla base delle precedenti esperienze commerciali e delle consuete prassi del settore, saranno conservati per il termine di prescrizione legale di dieci anni, a meno che non sia applicabile un termine più breve di cinque anni, rilevante in determinati casi (artt. 127, 130 CO). I crediti relativi a canoni di locazione, affitti e interessi sul capitale, nonché ad altre prestazioni periodiche, alla fornitura di generi alimentari, al vitto e all’alloggio, ai debiti degli albergatori, nonché all’artigianato, alla vendita al dettaglio di merci, all’assistenza medica, alle prestazioni professionali di avvocati, avvocati di parte, procuratori e notai, e derivanti dal rapporto di lavoro dei dipendenti, si estinguono dopo cinque anni (art. 128 CO).

Rights of Data Subjects

Diritti degli interessati ai sensi del GDPR: in qualità di interessato, Lei gode di diversi diritti ai sensi del GDPR, che derivano in particolare dagli articoli da 15 a 21 del GDPR:

Diritto di opposizione: hai il diritto, per motivi connessi alla tua situazione particolare, di opporti in qualsiasi momento al trattamento dei tuoi dati personali basato sull’articolo 6, paragrafo 1, lettere e) o f) del GDPR, compresa la profilazione basata su tali disposizioni. Qualora i dati personali siano trattati per finalità di marketing diretto, hai il diritto di opporti in qualsiasi momento al trattamento dei dati personali che ti riguardano a tali fini, compresa la profilazione nella misura in cui sia connessa a tale marketing diretto.

Diritto di revoca del consenso: hai il diritto di revocare il consenso in qualsiasi momento.
Diritto di accesso: avete il diritto di chiedere conferma del trattamento dei dati in questione, di essere informati su tali dati e di ricevere ulteriori informazioni e una copia dei dati in conformità con le disposizioni di legge.
Diritto di rettifica: avete il diritto, in conformità con la legge, di chiedere l’integrazione dei dati che vi riguardano o la rettifica dei dati errati che vi riguardano.
Diritto alla cancellazione e diritto alla limitazione del trattamento: in conformità con le disposizioni di legge, avete il diritto di richiedere che i dati in questione vengano cancellati immediatamente o, in alternativa, di richiedere che il trattamento dei dati venga limitato in conformità con le disposizioni di legge.
Diritto alla portabilità dei dati: avete il diritto di ricevere i dati che vi riguardano e che ci avete fornito in un formato strutturato, di uso comune e leggibile da dispositivo automatico, in conformità con i requisiti di legge, oppure di richiederne la trasmissione a un altro titolare del trattamento.
Reclamo all'autorità di controllo: in conformità con la legge e fatti salvi eventuali altri rimedi amministrativi o giudiziari, avete inoltre il diritto di presentare un reclamo a un'autorità di controllo della protezione dei dati, in particolare a un'autorità di controllo dello Stato membro in cui risiedete abitualmente, all'autorità di controllo del vostro luogo di lavoro o del luogo della presunta violazione, se ritenete che il trattamento dei dati personali che vi riguardano violi il GDPR.

Diritti degli interessati ai sensi della LPD:

In qualità di interessato, avete i seguenti diritti ai sensi delle disposizioni della LPD:

Diritto di informazione: avete il diritto di chiedere la conferma del trattamento dei dati personali che vi riguardano e di ricevere le informazioni necessarie per far valere i vostri diritti ai sensi della LPD e per garantire la trasparenza del trattamento dei dati.
Diritto alla consegna o al trasferimento dei dati: avete il diritto di richiedere la consegna dei vostri dati personali, che ci avete fornito, in un formato elettronico comune, nonché il loro trasferimento a un altro titolare del trattamento, a condizione che ciò non richieda uno sforzo sproporzionato.
Diritto di rettifica: avete il diritto di richiedere la rettifica dei dati personali inesatti che vi riguardano.
Diritto di opposizione, cancellazione e distruzione: avete il diritto di opporvi al trattamento dei vostri dati, nonché di richiedere che i dati personali che vi riguardano siano cancellati o distrutti.

Servizi aziendali

Trattiamo i dati dei nostri partner contrattuali e commerciali, ad esempio clienti e soggetti interessati (di seguito denominati collettivamente “partner contrattuali”), nell'ambito di rapporti contrattuali e giuridici analoghi, nonché delle relative attività e comunicazioni con i partner contrattuali o in fase precontrattuale, ad esempio per rispondere a richieste di informazioni.

Trattiamo questi dati al fine di adempiere ai nostri obblighi contrattuali. Questi includono, in particolare, gli obblighi di fornire i servizi concordati, eventuali obblighi di aggiornamento e rimedi in caso di garanzia e altre interruzioni del servizio. Inoltre, trattiamo i dati per tutelare i nostri diritti e per lo svolgimento di compiti amministrativi associati a tali obblighi e all'organizzazione aziendale. Inoltre, trattiamo i dati sulla base dei nostri legittimi interessi a una gestione aziendale corretta ed economica, nonché delle misure di sicurezza volte a proteggere i nostri partner contrattuali e le nostre operazioni commerciali da abusi, pericoli per i loro dati, segreti, informazioni e diritti (ad es. per il coinvolgimento di servizi di telecomunicazione, trasporto e altri servizi ausiliari, nonché subappaltatori, banche, consulenti fiscali e legali, fornitori di servizi di pagamento o autorità fiscali). Nel quadro della normativa applicabile, divulghiamo i dati dei partner contrattuali a terzi solo nella misura in cui ciò sia necessario per le finalità sopra menzionate o per adempiere agli obblighi di legge. I partner contrattuali saranno informati su ulteriori forme di trattamento, ad esempio per finalità di marketing, nell’ambito della presente informativa sulla privacy.

Informiamo i partner contrattuali in merito ai dati necessari per le finalità sopra menzionate prima o nel contesto della raccolta dei dati, ad esempio nei moduli online tramite una marcatura speciale (ad es. colori) e/o simboli (ad es. asterischi o simili), oppure personalmente.

Cancelliamo i dati dopo la scadenza dei termini di garanzia previsti dalla legge e di obblighi analoghi, ovvero in linea di principio dopo 4 anni, a meno che i dati non siano memorizzati in un account cliente o debbano essere conservati per motivi legali di archiviazione. Il periodo di conservazione previsto dalla legge per i documenti rilevanti ai fini fiscali, nonché per i libri contabili, gli inventari, i bilanci di apertura, i bilanci annuali, le istruzioni necessarie per la comprensione di tali documenti e altri documenti organizzativi e registrazioni contabili è di dieci anni, mentre per le lettere commerciali e d'affari ricevute e le copie delle lettere commerciali e d'affari inviate è di sei anni. Il periodo decorre dalla fine dell'anno solare in cui è stata effettuata l'ultima registrazione nel libro, è stato redatto l'inventario, il bilancio di apertura, il bilancio annuale o la relazione sulla gestione, è stata ricevuta o inviata la lettera commerciale o d'affari, o è stato creato il documento contabile, inoltre è stata effettuata la registrazione o sono stati creati gli altri documenti.

Tipi di dati trattati: Dati di inventario (ad esempio, nome completo, indirizzo di residenza, informazioni di contatto, numero cliente, ecc.); Dati di pagamento (ad es. coordinate bancarie, fatture, cronologia dei pagamenti); Dati di contatto (ad es. indirizzi postali ed e-mail o numeri di telefono). Dati contrattuali (ad es. oggetto del contratto, durata, categoria del cliente).
Interessati: Destinatari dei servizi e clienti; Potenziali clienti. Partner commerciali e contrattuali.
Finalità del trattamento: Fornitura di servizi contrattuali e adempimento degli obblighi contrattuali; Comunicazione; Procedure d'ufficio e organizzative; Procedure organizzative e amministrative; Processi aziendali e procedure di gestione; Monitoraggio delle conversioni (Misurazione dell'efficacia delle attività di marketing); Marketing. Fornitura dei nostri servizi online e usabilità.
Conservazione e cancellazione: cancellazione in conformità con le informazioni fornite nella sezione “Informazioni generali sulla conservazione e la cancellazione dei dati”.
Base giuridica: Esecuzione di un contratto e richieste precedenti (articolo 6, paragrafo 1, lettera b) del GDPR); Adempimento di un obbligo legale (articolo 6, paragrafo 1, lettera c) del GDPR). Interessi legittimi (articolo 6, paragrafo 1, lettera f) del GDPR).

Ulteriori informazioni sulle modalità di trattamento, sulle procedure e sui servizi utilizzati:

Consulenza: trattiamo i dati dei nostri clienti, dei potenziali clienti e di altri committenti o partner contrattuali (di seguito denominati collettivamente «clienti») al fine di poter fornire loro i nostri servizi. I processi che fanno parte della consulenza e sono finalizzati alla stessa includono: contatto e comunicazione con i clienti, analisi delle esigenze e dei requisiti, pianificazione e realizzazione di progetti di consulenza, documentazione dello stato di avanzamento e dei risultati dei progetti, raccolta e gestione di informazioni e dati specifici del cliente, pianificazione e organizzazione di appuntamenti, fornitura di risorse e materiali di consulenza, fatturazione e gestione dei pagamenti, elaborazione post-progetto e follow-up dei progetti di consulenza, processi di garanzia della qualità e di feedback. I dati trattati, la natura, l'ambito, la finalità e la necessità del loro trattamento sono determinati dal rapporto contrattuale sottostante con il cliente.

Se necessario per l'adempimento del nostro contratto, per la tutela di interessi vitali o se richiesto dalla legge, oppure se vi è il consenso dei clienti, divulghiamo o trasmettiamo i dati dei clienti in conformità con i requisiti legali professionali a terzi o agenti quali autorità, subappaltatori o nel campo dei servizi informatici, d'ufficio o simili; Base giuridica: esecuzione di un contratto e richieste precedenti (articolo 6, paragrafo 1, lettera b) del GDPR).
Analisi dei dati: trattiamo i dati dei nostri clienti per consentire loro di effettuare analisi dei dati, valutazioni e consulenze, nonché servizi correlati. Le informazioni richieste includono quelle necessarie per l’analisi, la valutazione e la fatturazione, nonché le informazioni di contatto per il coordinamento necessario. Nella misura in cui abbiamo accesso a informazioni provenienti da clienti finali, dipendenti o altre persone, le trattiamo in conformità con i requisiti legali e contrattuali; Base giuridica: esecuzione di un contratto e richieste precedenti (articolo 6, paragrafo 1, lettera b) del GDPR), adempimento di un obbligo legale (articolo 6, paragrafo 1, lettera c) del GDPR), interessi legittimi (articolo 6, paragrafo 1, lettera f) del GDPR).
Servizi di marketing: trattiamo i dati dei nostri clienti (di seguito denominati collettivamente “clienti”) per offrire servizi di marketing quali ricerche di mercato, campagne pubblicitarie, creazione di contenuti e gestione dei social media. Le informazioni necessarie sono indicate come tali al momento dell'invio dell'ordine e comprendono i dettagli richiesti per la fornitura del servizio e la fatturazione, nonché le informazioni di contatto per poter effettuare eventuali consultazioni. Nella misura in cui otteniamo accesso a informazioni provenienti da clienti finali, dipendenti o altre persone, le trattiamo in conformità con i requisiti legali e contrattuali; Base giuridica: esecuzione di un contratto e richieste preliminari (articolo 6, paragrafo 1, lettera b) del GDPR), adempimento di un obbligo legale (articolo 6, paragrafo 1, lettera c) del GDPR), interessi legittimi (articolo 6, paragrafo 1, lettera f) del GDPR).
Studio di progettazione e architettura d'interni: trattiamo i dati dei nostri clienti e committenti (di seguito denominati uniformemente “clienti”) al fine di consentire loro di selezionare, acquisire o commissionare i servizi o i lavori scelti e le relative attività, nonché il loro pagamento e la consegna, o l'esecuzione o la fornitura. Nell'ambito delle nostre attività, possiamo anche trattare categorie particolari di dati, in particolare informazioni sulla salute dei clienti. A tal fine, otteniamo, se necessario, il consenso esplicito del cliente e trattiamo le categorie particolari di dati solo se ciò corrisponde ai nostri obblighi contrattuali. I dati richiesti sono identificati come tali nell'ambito della conclusione dell'ordine, del contratto o di un accordo analogo e comprendono i dati necessari per la fornitura del servizio e la fatturazione, nonché le informazioni di contatto per poter effettuare eventuali consultazioni.
Pianificazione territoriale: trattiamo i dati dei nostri clienti e committenti per consentire loro di sviluppare, pianificare e realizzare progetti di pianificazione territoriale e servizi correlati. Le informazioni richieste includono quelle necessarie per la realizzazione del progetto e la fatturazione, nonché le informazioni di contatto per il necessario coordinamento. Nella misura in cui abbiamo accesso a informazioni provenienti da clienti finali, progettisti o altre persone, le trattiamo in conformità con i requisiti legali e contrattuali; Base giuridica: esecuzione di un contratto e richieste preliminari (articolo 6, paragrafo 1, lettera b) del GDPR), adempimento di un obbligo legale (articolo 6, paragrafo 1, lettera c) del GDPR), interessi legittimi (articolo 6, paragrafo 1, lettera f) del GDPR).
Servizi di progettazione e consulenza: trattiamo i dati dei nostri clienti e committenti (di seguito denominati collettivamente “clienti”) per consentire loro di selezionare, acquistare o commissionare i servizi o i lavori scelti e le attività correlate, nonché per il relativo pagamento, la fornitura, l'esecuzione o l'adempimento. Le informazioni richieste sono contrassegnate come tali durante il processo di stipula del contratto, dell’ordine o di accordi analoghi e comprendono i dettagli necessari per la fornitura del servizio e la fatturazione, insieme alle informazioni di contatto per facilitare eventuali consultazioni necessarie. Nella misura in cui otteniamo l'accesso a informazioni provenienti da clienti finali, dipendenti o altre persone, le trattiamo in conformità con i requisiti legali e contrattuali; Base giuridica: esecuzione di un contratto e richieste preliminari (articolo 6, paragrafo 1, lettera b) del GDPR), interessi legittimi (articolo 6, paragrafo 1, lettera f) del GDPR).

processi e operazioni aziendali

Personal data of service recipients and clients - including customers, clients, or in specific cases, mandates, patients, or business partners as well as other third parties - are processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relations. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data is used to fulfil contractual obligations and make business processes efficient. This includes the execution of business transactions, the management of customer relationships, the optimisation of sales strategies, and ensuring internal invoicing and financial processes. Additionally, the data supports the protection of the rights of the controller and promotes administrative tasks as well as the organisation of the company.

Personal data may be transferred to third parties if necessary for fulfilling the mentioned purposes or legal obligations. After legal retention periods expire or when the purpose of processing no longer applies, the data will be deleted. This also includes data that must be stored for longer periods due to tax law and legal obligations to provide evidence.

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Contract data (e.g. contract object, duration, customer category); Log data (e.g. log files concerning logins or data retrieval or access times.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).

Data subjects: Service recipients and clients; Prospective customers; Communication partner (Recipients of e-mails, letters, etc.); Business and contractual partners; Third parties; Users (e.g. website visitors, users of online services); Employees (e.g. employees, job applicants, temporary workers, and other personnel.). Customers.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Office and organisational procedures; Business processes and management procedures; Communication; Marketing; Sales promotion; Public relations; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).); Assessment of creditworthiness. Financial and Payment Management.

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR). Compliance with a legal obligation (Article 6 (1) (c) GDPR).

Further information on processing methods, procedures and services used:

Customer Management and Customer Relationship Management (CRM): Processes required in the context of customer management and Customer Relationship Management (CRM) include customer acquisition in compliance with data protection regulations, measures to promote customer retention and loyalty, effective customer communication, complaint management and customer service with consideration of data protection, data management and analysis to support the customer relationship, management of CRM systems, secure account management, customer segmentation and targeting; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Contact management and contact maintenance: Processes required in the context of organizing, maintaining, and securing contact information (e.g., setting up and maintaining a central contact database, regular updates of contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, conducting backups and restorations of contact data, training employees in effective use of contact management software, regular review of communication history and adjustment of contact strategies); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

General Payment Transactions: Procedures required for carrying out payment transactions, monitoring bank accounts, and controlling payment flows (e.g., creation and verification of transfers, processing of direct debit transactions, checking of account statements, monitoring of incoming and outgoing payments, management of chargebacks, account reconciliation, cash management); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Financial Accounting and Taxes: Procedures required for the collection, management, and control of finance-related business transactions as well as for the calculation, reporting, and payment of taxes (e.g., accounting and posting of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, handling of dunning processes, account reconciliation, tax consulting, preparation and submission of tax returns, management of tax affairs); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Purchasing: Processes required in the procurement of goods, raw materials, or services (e.g., selection and evaluation of suppliers, price negotiations, placement and monitoring of orders, inspection and control of deliveries, invoice verification, management of orders, inventory management, creation and maintenance of purchasing policies); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Marketing, advertising, and sales promotion: Processes required in the context of marketing, advertising, and sales promotion (e.g., market analysis and audience targeting, development of marketing strategies, planning and execution of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade show participation, customer loyalty programs, sales promotion measures, performance measurement and optimisation of marketing activities, budget management and cost control); Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Public Relations: Processes required in the context of public relations and public relations activities (e.g., development and implementation of communication strategies, planning and execution of PR campaigns, creation and distribution of press releases, maintenance of media contacts, monitoring and analysis of media response, organisation of press conferences and public events, crisis communication, creation of content for social media and corporate websites, management of corporate branding); Legal Basis:Legitimate Interests (Article 6 (1) (f) GDPR).

Utilizzo di piattaforme online per la pubblicazione di annunci e la vendita di prodotti.

We offer our services on online platforms operated by other service providers. In addition to our privacy policy, the privacy policies of the respective platforms apply. This is particularly true with regard to the payment process and the methods used on the platforms for performance measuring and behaviour-related marketing.

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and email addresses or phone numbers); Contract data (e.g. contract object, duration, customer category); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties). Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.).

Data subjects: Service recipients and clients; Business and contractual partners. Users (e.g. website visitors, users of online services).

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Marketing; Business processes and management procedures; Provision of our online services and usability. Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).).

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".

Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Wix: Hosting and software for the creation, provision and operation of websites, blogs and other online services; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.wix.com; Privacy Policy: https://www.wix.com/about/privacy; Data Processing Agreement:https://www.wix.com/about/privacy-dpa-users. Basis for third-country transfers: EEA - Adequacy decision (Israel), Switzerland - Adequacy decision (Israel).

Instagram: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data, which is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. It also includes details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as profile details of users, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum,"https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of users (particularly the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by our agreements with LinkedIn. The joint responsibility is limited to the collection of data and its transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly concerning the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Fornitori e servizi utilizzati nel corso dell'attività aziendale

As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (in short, "services") in compliance with legal requirements. Their use is based on our interests in the proper, legal and economic management of our business operations and internal organization.

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Contract data (e.g. contract object, duration, customer category); Location data (Information on the geographical position of a device or person); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).

Data subjects: Service recipients and clients; Prospective customers; Business and contractual partners; Users (e.g. website visitors, users of online services); Communication partner (Recipients of e-mails, letters, etc.). Third parties.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Office and organisational procedures; Business processes and management procedures; Provision of our online services and usability; Marketing; Profiles with user-related information (Creating user profiles); Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).); Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Remarketing; Affiliate Tracking; Communication; Direct marketing (e.g. by e-mail or postal). Artificial Intelligence (AI).

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

Google Maps: We integrate the maps of the service "Google Maps" from the provider Google. The data processed may include, in particular, IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy:https://policies.google.com/privacy. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

Instagram plugins and contents: Instagram plugins and contents - This can include content such as images, videos or text and buttons with which users can share content from this online service within Instagram . - We are jointly responsible (so-called "joint-controllership") with Meta Platforms Ireland Limited for the collection or transmission (but not further processing) of "Event Data" that Facebook collects or receives as part of a transmission using Instagram functions that run on our website for the following purposes: a) displaying content advertising information that matches users' presumed interests; b) delivering commercial and transactional messages (e.g. b) delivering commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) improving ad delivery and personalizing features and content (e.g., improving recognition of which content or advertising information is believed to be of interest to users). We have entered into a special agreement with Facebook ("Controller Addendum",https://www.facebook.com/legal/controller_addendum), which specifically addresses the security measures that Facebook must take (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to comply with the rights of data subjects (i.e., users can, for example, submit information access or deletion requests directly to Facebook). Note: If Facebook provides us with measurements, analyses and reports (which are aggregated, i.e. do not contain information on individual users and are anonymous to us), then this processing is not carried out within the scope of joint responsibility, but on the basis of a DPA ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing/update), the "Data Security Conditions" (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of Standard Contractual Clauses ("Facebook EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).

Instagram: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

Wix: Hosting and software for the creation, provision and operation of websites, blogs and other online services; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.wix.com; Privacy Policy: https://www.wix.com/about/privacy; Data Processing Agreement:https://www.wix.com/about/privacy-dpa-users. Basis for third-country transfers: EEA - Adequacy decision (Israel), Switzerland - Adequacy decision (Israel).

WIX Cookie-Banner: Cookie Consent Management: Procedures for obtaining, recording, managing, and revoking consents, particularly for the use of cookies and similar technologies for storing, accessing, and processing information on users' devices as well as their processing; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.wix.com; Privacy Policy: https://www.wix.com/about/privacy. Basis for third-country transfers: EEA - Adequacy decision (Israel), Switzerland - Adequacy decision (Israel).

LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data, which is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. It also includes details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as profile details of users, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum," https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of users (particularly the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by our agreements with LinkedIn. The joint responsibility is limited to the collection of data and its transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly concerning the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Opt-Out:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Pinterest: Social network, allows for the sharing of photos, commenting, favouriting and curating of posts, messaging, subscribing to profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.pinterest.com; Privacy Policy:https://policy.pinterest.com/en/privacy-policy. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).

TikTok: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to accounts; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com;

TikTok Business: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to accounts - We and TikTok are jointly responsible for the collection and transmission of event data as well as for the measurement and creation of insights reports (statistics) for profile holders. These event data include information about the types of content users view or interact with, actions taken by them, information about devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data), and information from user profiles such as country or location. Data protection information regarding the processing of user data by TikTok can be found in TikTok's privacy policy:https://www.tiktok.com/legal/page/eea/privacy-policy/en. We have concluded a special agreement on joint responsibility with TikTok that specifically regulates which security measures TikTok must observe and in which TikTok has agreed to fulfil the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to TikTok). The rights of users (in particular the right to access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with TikTok. The agreement on joint responsibility can be found in TikTok's "Jurisdiction Specific Terms":https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. Basis for third-country transfers: EEA - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms), Switzerland - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).

WhatsApp: Text messages, voice and video calls, sending images, videos and documents, group chat functionality, end-to-end encryption for enhanced security; Service provider: WhatsApp Ireland Limited, Merrion Road 4, D04 X2K5 Dublin, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.whatsapp.com/; Privacy Policy:https://www.whatsapp.com/legal. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

ChatGPT: AI-based service designed to understand and generate natural language and related input and data, analyze information, and make predictions ("AI", meaning "Artificial Intelligence" shall be construed in the applicable legal sense of the term); Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://openai.com/product; Privacy Policy:https://openai.com/policies/privacy-policy/; Basis for third-country transfers: Switzerland - Adequacy decision (Ireland). Opt-Out: https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZ SOcIWzcUYUXQ1xttjBgDpA/viewform.

DeepL: Translation of texts into various languages and provision of synonyms as well as context examples. Support with the correction and improvement of texts in different languages; Service provider: DeepL SE, Maarweg 165, 50825 Köln, Germany; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.deepl.com; Privacy Policy:https://www.deepl.com/en/privacy; Data Processing Agreement: Provided by the service provider. Basis for third-country transfers: Switzerland - Adequacy decision (Germany).

Grammarly: AI-powered writing and communication tool designed to improve text, correct grammatical errors, and provide stylistic suggestions. It helps users to communicate more clearly and effectively; Service provider: Grammarly, Inc., 548 Market St, San Francisco, CA 94104, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.grammarly.com; Privacy Policy: https://www.grammarly.com/privacy-policy; Data Processing Agreement: Provided by the service provider. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

Procedura di pagamento

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively referred to as "payment service providers").

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e. we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment.

Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contract data (e.g. contract object, duration, customer category); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).

Data subjects: Service recipients and clients; Business and contractual partners. Prospective customers. Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and management procedures.

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

American Express: Payment-Service-Provider (technical integration of online-payment-methods); Service provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Website: https://www.americanexpress.com/; Privacy Policy:https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/onlin e-datenschutzerklarung/. Basis for third-country transfers: Switzerland - Adequacy decision (Germany).

Giropay: Payment-Service-Provider (technical integration of online-payment- methods); Service provider: giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Website: https://www.giropay.de; Privacy Policy: https://www.giropay.de/rechtliches/datenschutzerklaerung/. Basis for third-country transfers: Switzerland - Adequacy decision (Germany).

Mastercard: Payment-Service-Provider (technical integration of online- payment-methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Website: https://www.mastercard.co.uk; Privacy Policy: https://www.mastercard.co.uk/en-gb/vision/terms-of-use/commitment-to-priva cy/privacy.html. Basis for third-country transfers: Switzerland - Adequacy decision (Belgium).

PayPal: Payment-Service-Provider (technical integration of online-payment- methods) (e.g. PayPal, PayPal Plus, Braintree, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Website: https://www.paypal.com; Privacy Policy:https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Basis for third- country transfers: Switzerland - Adequacy decision (Luxembourg).

Visa: Payment-Service-Provider (technical integration of online-payment- methods); Service provider: Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon Square, London W2 6TT, UK; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Website: https://www.visa.de; Privacy Policy: https://www.visa.de/datenschutz. Basis for third-country transfers: EEA - Adequacy decision (UK), Switzerland - Adequacy decision (UK).

Fornitura di servizi online e hosting web

We process user data in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

Processed data types: Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties); Log data (e.g. log files concerning logins or data retrieval or access times.). Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.).

Data subjects: Users (e.g. website visitors, users of online services). Purposes of processing: Provision of our online services and usability; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).). Security measures.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Provision of online offer on rented hosting space: For the provision of our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web hoster"); Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Collection of Access Data and Log Files: Access to our online service is logged in the form of so-called "server log files". Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, known as DDoS attacks), and to ensure server load management and stability; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Retention period: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
E-mail Sending and Hosting: The web hosting services we use also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients and senders, as well as other information relating to the sending of e-mails (e.g. the providers involved) and the contents of the respective e-mails are processed. The above data may also be processed for SPAM detection purposes. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of e-mails between the sender and reception on our server; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Wix: Hosting and software for the creation, provision and operation of websites, blogs and other online services; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.wix.com; Privacy Policy: https://www.wix.com/about/privacy; Data Processing Agreement: https://www.wix.com/about/privacy-dpa-users. Basis for third-country transfers: EEA - Adequacy decision (Israel), Switzerland - Adequacy decision (Israel).
World4You: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: World4You, Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.world4you.com/en; Privacy Policy: https://www.world4you.com/en/company/data-privacy-statement. Basis for third-country transfers: Switzerland - Adequacy decision (Austria).

Utilizzo dei cookie

The term "cookies" refers to functions that store information on users' devices and read it from them. Cookies can also be used for different purposes, such as ensuring the functionality, security, and convenience of online services, as well as analyzing visitor traffic. We use cookies in accordance with legal regulations. If necessary, we obtain users' consent in advance. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to provide explicitly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We clearly inform users about the scope of the consent and which cookies are used.

Information on legal data protection bases: Whether we process personal data using cookies depends on users' consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as outlined in this section and in the context of the respective services and procedures.

Storage duration: The following types of cookies are distinguished based on their storage duration:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).

Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a website. Additionally, the user data collected with cookies may be used for audience measurement. Unless we provide explicit information to users about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that these are permanent and may have a storage duration of up to two years.

General information on withdrawal and objection (opt-out): Users can withdraw their consent at any time and also object to the processing according to legal regulations, including through the privacy settings of their browser.

Processed data types: Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties). Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features).

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: Provision of our online services and usability.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

Processing Cookie Data on the Basis of Consent: We implement a consent management solution that obtains users' consent for the use of cookies or for the processes and providers mentioned within the consent management framework. This procedure is designed to solicit, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies employed to store, read from, and process information on users' devices. As part of this procedure, user consents are obtained for the use of cookies and the associated processing of information, including specific processing and providers named in the consent management process. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated queries and to provide proof of consent according to legal requirements. The storage is carried out server- side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to associate the consent with a specific user or their device.If no specific details about the providers of consent management services are provided, the following general notes apply: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details on the scope of consent (e.g., relevant categories of cookies and/or service providers), as well as information about the browser, system, and device used; Legal Basis: Consent (Article 6 (1) (a) GDPR).

Cookie-Opt-Out: In the footer of our website you will find a link that allows you to change your cookie settings as well as revoke corresponding consents.

Consentmanager: Cookie Consent Management: Procedures for obtaining, recording, managing, and revoking consents, particularly for the use of cookies and similar technologies for storing, accessing, and processinginformation on users' devices as well as their processing; Service provider: Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden; Website: https://www.consentmanager.net/; Privacy Policy: https://www.consentmanager.de/datenschutz/; Data Processing Agreement: https://www.consentmanager.net/tac.php; Basis for third- country transfers: Switzerland - Adequacy decision (Sweden). Further Information: The following data is stored on the service provider's servers in the EU: identification number, (for the user, his browser, operating system and terminal equipment used), IP address, date and time, country, language, type, scope and purpose of the consent, cookie settings of the browser, website on which the consent was given, technical information about the browser and operating system.

Note speciali sulle applicazioni (App)

We process the data of the users of our application to the extent necessary to provide the users with the application and its functionalities, to monitor its security and to develop it further. Furthermore, we may contact users in compliance with the statutory provisions if communication is necessary for the purposes of administration or use of the application. In addition, we refer to the data protection information in this privacy policy with regard to the processing of user data.

Legal basis: The processing of data necessary for the provision of the functionalities of the application serves to fulfil contractual obligations. This also applies if the provision of the functions requires user authorisation (e.g. release of device functions). If the processing of data is not necessary for the provision of the functionalities of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimising the application or security purposes), it is carried out on the basis of our legitimate interests. If users are expressly requested to give their consent to the processing of their data, the data covered by the consent is processed on the basis of the consent.

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties); Payment Data (e.g. bank details, invoices, payment history); Contract data (e.g. contract object, duration, customer category); Images and/ or video recordings (e.g. photographs or video recordings of a person). Audio recordings.

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures. Provision of our online services and usability.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Commercial use: We process the data of the users of our application, registered and any test users (hereinafter uniformly referred to as "users") in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our application and to develop it further. The required details are identified as such within the scope of the conclusion of a contract for the use of the application, the conclusion of an order, an order or a comparable contract and may include the details required for the provision of services and any invoicing as well as contact information in order to be able to hold any consultations; Legal Basis:Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Storage of the universally unique identifier (UUID): The application stores a so-called Universally Unique Identifier (UUID) for the purpose of analysing the use and functionality of the application and storing the user's settings. This identifier is generated when the application is installed (but is not connected to the device, so no device ID in this sense), remains stored between the start of the application and its updates and is deleted when users remove the application from their device.
Device authorizations for access to functions and data: The use of certain functions of our application may require access to the camera and the stored recordings of the users. By default, these authorizations must be granted by the user and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the user's device and software. Users can contact us if they require further explanation. We would like to point out that the refusal or revocation of the respective authorizations can affect the functionality of our application.
Accessing the camera and stored recordings: In the course of using our application, image and/or video recordings (whereby audio recordings are also included) of the users (and of other persons captured by the recordings) are processed by accessing the camera functions or stored recordings. Access to the camera functions or stored recordings requires an authorization by the user that can be withdrawn at any time. The processing of the image and/or video recordings serves only to provide the respective functionality of our application, according to its description to the users or the typical and expectable functionality of the application.
Use of the microphone functions: The use of certain functions of our application may require access to the camera and the stored recordings of the users. By default, these authorizations must be granted by the user and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the user's device and software. Users can contact us if they require further explanation. We would like to point out that the refusal or revocation of the respective authorizations can affect the functionality of our application.
Processing of stored contacts: When using our application, the contact information of persons (e.g. name, e-mail address and telephone number) stored in the contact directory of the device is processed. The use of the contact information requires user authorization, which can be withdrawn at any time. The use of the contact information serves only to provide the respective functionality of our application, according to its description to the users, or its typical and expectable functionality. Users are advised that permission to process the contact information must be granted and, especially in the case of natural persons, their consent or a legal permission is required.

Gestione dei contatti e delle richieste

When contacting us (e.g. via mail, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties); Event Data (Facebook) ("Event Data" is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences). Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account).
Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services). Business and contractual partners.

Purposes of processing: Communication; Organisational and Administrative Procedures; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability; Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Conversion tracking (Measurement of the effectiveness of marketing activities); Affiliate Tracking; Marketing. Profiles with user-related information (Creating user profiles).

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

Contact form: Upon contacting us via our contact form, email, or other means of communication, we process the personal data transmitted to us for the purpose of responding to and handling the respective matter. This typically includes details such as name, contact information, and possibly additional information provided to us that is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Instagram: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

Instagram Ads: Placement of ads within the Instagram platform and analysis of ad results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland); Opt-Out: We refer to the data protection and advertising settings in the user's profile on the Instagram platform as well as Instagram's consent procedure and Instagram's contact options for exercising information and other data subject rights in Instagram's privacy policy. Further Information: User event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and audience building on the basis of the joint controllership agreement ("Controller Addendum",https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).

TikTok: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to accounts; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/de/privacy-policy. Basis for third- country transfers: EEA - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms), Switzerland - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
TikTok Business: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to accounts - We and TikTok are jointly responsible for the collection and transmission of event data as well as for the measurement and creation of insights reports (statistics) for profile holders. These event data include information about the types of content users view or interact with, actions taken by them, information about devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data), and information from user profiles such as country or location. Data protection information regarding the processing of user data by TikTok can be found in TikTok's privacy policy:https://www.tiktok.com/legal/page/eea/privacy-policy/en. We have concluded a special agreement on joint responsibility with TikTok that specifically regulates which security measures TikTok must observe and in which TikTok has agreed to fulfil the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to TikTok). The rights of users (in particular the right to access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with TikTok. The agreement on joint responsibility can be found in TikTok's "Jurisdiction Specific Terms": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. Basis for third-country transfers: EEA - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms), Switzerland - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).

LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data, which is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. It also includes details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as profile details of users, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum,"https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of users (particularly the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by our agreements with LinkedIn. The joint responsibility is limited to the collection of data and its transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly concerning the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Pinterest: Social network, allows for the sharing of photos, commenting, favouriting and curating of posts, messaging, subscribing to profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.pinterest.com; Privacy Policy:https://policy.pinterest.com/en/privacy-policy. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).

Gmail: Email sending and receiving, storage of contacts in the address book, filter rules for sorting incoming emails, spam and virus protection, cloud storage for attachments and other content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website:https://www.google.com/gmail/about/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfers:Switzerland - Adequacy decision (Ireland).

Google Workspace: Cloud storage, cloud infrastructure services and cloud- based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://workspace.google.com/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://cloud.google.com/terms/data-processing-addendum; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Further Information: https://cloud.google.com/privacy.

Comunicazione tramite Messenger

We use messenger services for communication purposes and therefore ask you to observe the following information regarding the functionality of the messenger services, encryption, use of the metadata of the communication and your objection options.

You can also contact us by alternative means, e.g. telephone or e-mail. Please use the contact options provided to you or use the contact options provided within our online services.

In the case of encryption of content (i.e. the content of your message and attachments), we point out that the communication content (i.e. the content of the message and attachments) is encrypted end-to-end. This means that the content of the messages is not visible, not even by the messenger service providers themselves. You should always use a current version of the messenger service with activated encryption, so that the encryption of the message contents is guaranteed.

However, we would like to point out to our communication partners that although messenger service providers do not see the content, they can find out that and when communication partners communicate with us and process technical information on the communication partner's device used and, depending on the settings of their device, also location information (so-called metadata).

Information on Legal basis: If we ask communication partners for permission before communicating with them via messenger services, the legal basis of our processing of their data is their consent. Otherwise, if we do not request consent and you contact us, for example, voluntarily, we use messenger services in our dealings with our contractual partners and as part of the contract initiation process as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via messenger services. We would also like to point out that we do not transmit the contact data provided to us to the messenger service providers for the first time without your consent.

Withdrawal, objection and deletion: You can withdraw your consent or object to communication with us via messenger services at any time. In the case of communication via messenger services, we delete the messages in accordance with our general data retention policy (i.e. as described above after the end of contractual relationships, archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and there are no legal obligations to store the messages to prevent their deletion.

Reservation of reference to other means of communication: For your security, we kindly ask for your understanding that we may not respond to enquiries via messenger for specific reasons. This applies in situations where contract details require heightened confidentiality or a response via messenger does not meet formal requirements. In such cases, we recommend using more appropriate communication channels.

Processed data types: Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).

Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services). Business and contractual partners.

Purposes of processing: Communication; Direct marketing (e.g. by e-mail or postal); Marketing; Profiles with user-related information (Creating user profiles). Organisational and Administrative Procedures.

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Legal Basis: Consent (Article 6 (1) (a) GDPR); Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Apple iMessage: Send and receive text messages, voice messages, and video calls. Conduct group conversations. Share files, photos, videos, and locations. Secure communication through end-to-end encryption. Synchronise messages across multiple devices; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.apple.com/. Privacy Policy: https://www.apple.com/privacy/privacy-policy/.
Instagram: Messaging via the social network Instagram; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).
WhatsApp: Text messages, voice and video calls, sending images, videos and documents, group chat functionality, end-to-end encryption for enhanced security; Service provider: WhatsApp Ireland Limited, Merrion Road 4, D04 X2K5 Dublin, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.whatsapp.com/; Privacy Policy:https://www.whatsapp.com/legal. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).
TikTok: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to accounts; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/de/privacy-policy. Basis for third- country transfers: EEA - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms), Switzerland - Standard Contractual Clauses(https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
Instagram plugins and contents: Instagram plugins and contents - This can include content such as images, videos or text and buttons with which users can share content from this online service within Instagram . - We are jointly responsible (so-called "joint-controllership") with Meta Platforms Ireland Limited for the collection or transmission (but not further processing) of "Event Data" that Facebook collects or receives as part of a transmission using Instagram functions that run on our website for the following purposes: a) displaying content advertising information that matches users' presumed interests; b) delivering commercial and transactional messages (e.g. b) delivering commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) improving ad delivery and personalizing features and content (e.g., improving recognition of which content or advertising information is believed to be of interest to users). We have entered into a special agreement with Facebook ("Controller Addendum",https://www.facebook.com/legal/controller_addendum), which specifically addresses the security measures that Facebook must take (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to comply with the rights of data subjects (i.e., users can, for example, submit information access or deletion requests directly to Facebook). Note: If Facebook provides us with measurements, analyses and reports (which are aggregated, i.e. do not contain information on individual users and are anonymous to us), then this processing is not carried out within the scope of joint responsibility, but on the basis of a DPA ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing/update), the "Data Security Conditions" (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of Standard Contractual Clauses ("Facebook EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).
Gmail: Email sending and receiving, storage of contacts in the address book, filter rules for sorting incoming emails, spam and virus protection, cloud storage for attachments and other content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website:https://www.google.com/gmail/about/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).
Google Workspace: Cloud storage, cloud infrastructure services and cloud- based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://workspace.google.com/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://cloud.google.com/terms/data-processing-addendum; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Further Information: https://cloud.google.com/privacy.

Intelligenza artificiale (IA)

We use artificial intelligence (AI), which involves the processing of personal data. The specific purposes and our interest in using AI are mentioned below. According to the term "AI system" as defined in Article 3 No. 1 of the AI Regulation, we understand AI to be a machine-based system designed for varying degrees of autonomous operation, capable of adaptation after deployment, and producing outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.

Our AI systems are used in strict compliance with legal requirements. These include both specific regulations for artificial intelligence and data protection requirements. In particular, we adhere to the principles of lawfulness, transparency, fairness, human oversight, purpose limitation, data minimisation, integrity and confidentiality. We ensure that the processing of personal data is always based on a legal foundation. This may either be the consent of the data subjects or a statutory permission.

When using external AI systems, we carefully select their providers (hereinafter referred to as "AI providers"). In accordance with our legal obligations, we ensure that the AI providers comply with applicable provisions. We also observe our duties when using or operating the acquired AI services. The processing of personal data by us and the AI providers is carried out exclusively on the basis of consent or legal authorisation. We place particular emphasis on transparency, fairness and maintaining human oversight over AI-supported decision-making processes.

To protect processed data, we implement appropriate and robust technical as well as organisational measures. These ensure the integrity and confidentiality of processed data and minimise potential risks. Through regular reviews of AI providers and their services, we ensure ongoing compliance with current legal and ethical standards.

Processed data types: Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.). Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features).

Data subjects: Users (e.g. website visitors, users of online services). Third parties.

Purposes of processing: Artificial Intelligence (AI).

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

ChatGPT: AI-based service designed to understand and generate natural language and related input and data, analyze information, and make predictions ("AI", meaning "Artificial Intelligence" shall be construed in the applicable legal sense of the term); Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://openai.com/product; Privacy Policy: https://openai.com/policies/privacy-policy/; Basis for third-country transfers: Switzerland - Adequacy decision (Ireland). Opt-Out:https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZ SOcIWzcUYUXQ1xttjBgDpA/viewform.
DeepL: Translation of texts into various languages and provision of synonyms as well as context examples. Support with the correction and improvement of texts in different languages; Service provider: DeepL SE, Maarweg 165, 50825 Köln, Germany; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.deepl.com; Privacy Policy:https://www.deepl.com/en/privacy; Data Processing Agreement: Provided by the service provider. Basis for third-country transfers: Switzerland - Adequacy decision (Germany).
Midjourney: Creation of AI-generated images based on text inputs. Adjustment and refinement of images through iterative feedback loops. Storage and management of created content in an online gallery; Service provider: Midjourney, Inc., 795 Folsom Street, 1st Floor, San Francisco, CA 94107 USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.midjourney.com/. Privacy Policy: https://docs.midjourney.com/docs/privacy-policy.

OpenAI API: An AI API that provides developers with access to a variety of advanced language and image models, including GPT-4 and DALL-E. The OpenAI API enables the integration of complex tasks such as text generation,language processing, and image analysis into applications; Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://openai.com/product; Privacy Policy: https://openai.com/policies/privacy-policy/; Data Processing Agreement: https://openai.com/policies/data-processing-addendum; Basis for third- country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Opt-Out: https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZ SOcIWzcUYUXQ1xttjBgDpA/viewform.

Grammarly: AI-powered writing and communication tool designed to improve text, correct grammatical errors, and provide stylistic suggestions. It helps users to communicate more clearly and effectively; Service provider: Grammarly, Inc., 548 Market St, San Francisco, CA 94104, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.grammarly.com; Privacy Policy: https://www.grammarly.com/privacy-policy; Data Processing Agreement: Provided by the service provider. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

Videoconferenze, riunioni online, webinar e condivisione dello schermo.

We use platforms and applications of other providers (hereinafter referred to as "Conference Platforms") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as "Conference"). When using the Conference Platforms and their services, we comply with the legal requirements.

Data processed by Conference Platforms: In the course of participation in a Conference, the Data of the participants listed below are processed. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific Conference (e.g., provision of access data or clear names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participants' Data may also be processed by the Conference Platforms for security purposes or service optimization. The processed Date includes personal information (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the internet access, information on the participants' end devices, their operating system, the browser and its technical and linguistic settings, information on the content-related communication processes, i.e. entries in chats and audio and video data, as well as the use of other available functions (e.g. surveys). The content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the Conference Platforms, then further data may be processed in accordance with the agreement with the respective Conference Provider.

Logging and recording: If text entries, participation results (e.g. from surveys) as well as video or audio recordings are recorded, this will be transparently communicated to the participants in advance and they will be asked - if necessary - for their consent.

Data protection measures of the participants: Please refer to the data privacy information of the Conference Platforms for details on the processing of your data and select the optimum security and data privacy settings for you within the framework of the settings of the conference platforms. Furthermore, please ensure data and privacy protection in the background of your recording for the duration of a Conference (e.g., by notifying roommates, locking doors, and using the background masking function, if technically possible). Links to the conference rooms as well as access data, should not be passed on to unauthorized third parties.

Notes on legal bases: Insofar as, in addition to the Conference Platforms, we also process users' data and ask users for their consent to use contents from the Conferences or certain functions (e.g. consent to a recording of Conferences), the legal basis of the processing is this consent. Furthermore, our processing may be necessary for the fulfillment of our contractual obligations (e.g. in participant lists, in the case of reprocessing of Conference results, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Images and/ or video recordings (e.g. photographs or video recordings of a person); Audio recordings; Log data (e.g. log files concerning logins or data retrieval or access times.). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).

Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services). Persons depicted.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organisational procedures. Direct marketing (e.g. by e-mail or postal).

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Google Hangouts / Meet: Conference and communication software; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://hangouts.google.com/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://cloud.google.com/terms/data-processing-addendum. Basis for third- country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).
Microsoft Teams: Audio and video conferencing, chat, file sharing, integration with Office 365 applications, real-time collaboration on documents, calendar functions, task management, screen sharing, optional recording; Service provider: Microsoft Irland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.microsoft.com/microsoft-teams/; Privacy Policy:https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).
Zoom: Video conferences, online meetings, webinars, screen sharing, optional recording of sessions, chat function, integration with calendars and other apps; Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://zoom.us; Privacy Policy:https://explore.zoom.us/en/privacy/; Data Processing Agreement: https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf. Basis for third- country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
WhatsApp: Text messages, voice and video calls, sending images, videos and documents, group chat functionality, end-to-end encryption for enhanced security; Service provider: WhatsApp Ireland Limited, Merrion Road 4, D04 X2K5 Dublin, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.whatsapp.com/; Privacy Policy:https://www.whatsapp.com/legal. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

Servizi cloud

We use Internet-accessible software services (so-called "cloud services", also referred to as "Software as a Service") provided on the servers of its providers for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with certain recipients or publication of content and information).

Within this framework, personal data may be processed and stored on the provider's servers insofar as this data is part of communication processes with us or is otherwise processed by us in accordance with this privacy policy. This data may include in particular master data and contact data of data subjects, data on processes, contracts, other proceedings and their contents. Cloud service providers also process usage data and metadata that they use for security and service optimization purposes.

If we use cloud services to provide documents and content to other users or publicly accessible websites, forms, etc., providers may store cookies on users' devices for web analysis or to remember user settings (e.g. in the case of media control).

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Images and/ or video recordings (e.g. photographs or video recordings of a person).

Data subjects: Prospective customers; Communication partner (Recipients of e-mails, letters, etc.); Business and contractual partners. Users (e.g. website visitors, users of online services).

Purposes of processing: Office and organisational procedures; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).). Provision of contractual services and fulfillment of contractual obligations.

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Adobe Creative Cloud: Cloud storage, cloud infrastructure services, and cloud-based application software, among others for photo editing, video editing, graphic design, web development; Service provider: Adobe Systems Software Ireland, 4-6, Riverwalk Drive, Citywest Business Campus, Brownsbarn, Dublin 24, D24 DCW0, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.adobe.com/creativecloud.html; Privacy Policy: https://www.adobe.com/privacy.html; Data Processing Agreement: Provided by the service provider. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

Dropbox: Cloud storage service; Service provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.dropbox.com; Privacy Policy: https://www.dropbox.com/privacy; Data Processing Agreement: https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreemen t.pdf. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

Google Cloud Services: Cloud infrastructure services and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://cloud.google.com/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement:https://cloud.google.com/terms/data-processing-addendum; Basis for third- country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Further Information: https://cloud.google.com/privacy.

Google Cloud Storage: Cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://cloud.google.com/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement:https://cloud.google.com/terms/data-processing-addendum; Basis for third- country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Further Information: https://cloud.google.com/privacy.

Google Workspace: Cloud storage, cloud infrastructure services and cloud- based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://workspace.google.com/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://cloud.google.com/terms/data-processing-addendum; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Further Information: https://cloud.google.com/privacy.

Microsoft Cloud Services: Cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Microsoft Irland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://microsoft.com; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Data Processing Agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Servic es-Data-Protection-Addendum-DPA. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

Comunicazioni commerciali tramite e-mail, posta ordinaria, fax o telefono.

We process personal data for the purposes of promotional communication, which may be carried out via various channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.

The recipients have the right to withdraw their consent at any time or to object to the advertising communication at any time.

After revocation or objection, we store the data required to prove the past authorization to contact or send up to three years from the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. Based on the legitimate interest to permanently observe the revocation, respectively objection of the users, we further store the data necessary to avoid a renewed contact (e.g. depending on the communication channel, the e-mail address, telephone number, name).

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).

Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services). Business and contractual partners.

Purposes of processing: Direct marketing (e.g. by e-mail or postal); Marketing; Sales promotion; Communication. Organisational and Administrative Procedures.

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Instagram: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).
WhatsApp: Text messages, voice and video calls, sending images, videos and documents, group chat functionality, end-to-end encryption for enhanced security; Service provider: WhatsApp Ireland Limited, Merrion Road 4, D04 X2K5 Dublin, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.whatsapp.com/; Privacy Policy:https://www.whatsapp.com/legal. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).
Gmail: Email sending and receiving, storage of contacts in the address book, filter rules for sorting incoming emails, spam and virus protection, cloud storage for attachments and other content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website:https://www.google.com/gmail/about/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfers:Switzerland - Adequacy decision (Ireland).
Google Workspace: Cloud storage, cloud infrastructure services and cloud- based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://workspace.google.com/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://cloud.google.com/terms/data-processing-addendum;
Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Further Information: https://cloud.google.com/privacy.

Sondaggi e questionari

We conduct surveys and interviews to gather information for the survey purpose communicated in each case. The surveys and questionnaires ("surveys") carried out by us are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical execution of the survey (e.g. processing the IP address to display the survey in the user's browser or to enable a resumption of the survey with the aid of a cookie).

Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.). Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features).

Data subjects: Participants.

Purposes of processing: Feedback (e.g. collecting feedback via online form). Polls and Questionnaires (e.g. surveys with input options, multiple choice questions).

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".

Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Instagram: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

Analisi, monitoraggio e ottimizzazione web

Web analytics (also referred to as "reach measurement") is used to evaluate the visitor flows of our online services and may include pseudonymous values related to visitor behavior, interests, or demographic information such as age or gender. Through reach analysis, we can, for example, identify when our online services or their functions and content are most frequently used or likely to encourage repeat visits. It also enables us to determine which areas need optimization.

In addition to web analytics, we may also use testing procedures to test and optimize different versions of our online services or their components.

Unless otherwise specified below, profiles (i.e., data combined from a usage process) may be created for these purposes, and information can be stored in and later retrieved from a browser or device. The data collected includes, in particular, visited websites and elements used on them, as well as technical information such as the browser used, the computer system, and information about usage times. If users have given consent to the collection of their location data to us or to the providers of the services we use, the processing of location data is also possible.

Additionally, users' IP addresses are stored. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analytics, A/B testing, or optimization. Instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the respective procedures.

Legal basis information: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., our interest in efficient, economic, and user-friendly services). In this context, we would also like to point out the information on the use of cookies in this privacy policy.

Processed data types: Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Remarketing; Affiliate Tracking; Web Analytics (e.g. access statistics, recognition of returning visitors); Profiles with user- related information (Creating user profiles). Provision of our online services and usability.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).
Security measures: IP Masking (Pseudonymization of the IP address).
Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Google Analytics: We use Google Analytics to perform measurement and analysis of the use of our online services by users based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognize which content users have accessed within one or various usage processes, which search terms they have used, have accessed again or have interacted with our online services. Likewise, the time of use and its duration are stored, as well as the sources of users referring to our online services and technical aspects of their end devices and browsers.
In the process, pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. Google Analytics does not log or store individual IP addresses. Analytics does provide coarse geo-location data by deriving the following metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU-based traffic, IP- address data is used solely for geo-location data derivation before being immediately discarded. It is not logged, accessible, or used for any additional use cases. When Analytics collects measurement data, all IP lookups are performed on EU-based servers before forwarding traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Security measures: IP Masking (Pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement:https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland); Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff. Further Information: https://business.safety.google/adsservices/ (Types of processing and data processed).

Google Analytics Audiences: We use Google Analytics to specifically present ads, placed through Google's advertising services and those of its partners, to users who have already shown interest in our online offering or exhibit certain characteristics (e.g., interests in specific topics or products determined based on the websites they have visited). We transmit this data to Google as part of what is known as "Remarketing" or "Google Analytics Audiences". The purpose of using Remarketing Audiences is to ensure that our ads align as closely as possible with the potential interests of the users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Legal Basis: https://business.safety.google/adsprocessorterms/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland); Further Information: Types of processing and data processed: https://business.safety.google/adsservices/. Data Processing Conditions for Google Advertising Products and standard contractual clauses for data transfers to third countries: https://business.safety.google/adsprocessorterms .

Marketing online

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedure is used by which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times and used functions. If users have consented to the collection of their sideline data, these can also be processed.

The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user's by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.

As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.

Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.

Notes on revocation and objection:

We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called "opt-out"). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area:

a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices.
d) Cross-regional: https://optout.aboutads.info.

Processed data types: Contact Information (Facebook) ("Contact Information" is data that (clearly) identifies data subjects, such as names, email addresses and phone numbers, that can be transmitted to Facebook, e.g. via Facebook pixels or uploads for matching purposes to form Custom Audiences; After the matching to create target groups, the Contact Information is deleted); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties); Event Data (Facebook) ("Event Data" is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account). Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.).

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Affiliate Tracking; Marketing; Profiles with user-related information (Creating user profiles); Conversion tracking (Measurement of the effectiveness of marketing activities); Provision of our online services and usability; Remarketing; Clicktracking. Cross-Device Tracking (Device- independent processing of user data for marketing purposes).

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).

Security measures: IP Masking (Pseudonymization of the IP address).
Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Meta - Custom Audiences from File: Creation of target groups for marketing purposes - We submit Contact Information (names, email addresses and phone numbers) to Meta in list form for the purpose of creating Custom Audiences for content and advertising information based on the presumed interests of users. The transmission and matching with data available on Meta is not in plain text, but as so-called "hash values", i.e. mathematical representations of the data (this method is used, for example, in the storage of passwords). After the matching to create target groups, the Contact Information is deleted; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).
Google Ad Manager: We use the service "Google Ad Manager" to place ads in the Google advertising network (e.g. in search results, videos, websites, etc.). The Google Ad Manager stands out because ads are displayed in real time based on users' presumed interests. This allows us to display ads for our online offering to users who may have a potential interest in our offering or who have previously shown interest, and measure the success of the ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland); Further Information: Types of processing and data processed: https://business.safety.google/adsservices/; Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms. where Google acts as processor, Data Processing Conditions for Google Advertising Products and standard contractual clauses for data transfers to third countries: https://business.safety.google/adsprocessorterms apply.
Google Ads and Conversion Tracking: Online marketing process for purposes of placing content and advertisements within the provider's advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. Furthermore, we measure the conversion of the ads, i.e. whether the users took them as a reason to interact with the ads and make use of the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland); Further Information: Types of processing and data processed: https://business.safety.google/adsservices/. Google Ads Controller- Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.
Google Ads Remarketing: Google Remarketing, also known as retargeting, is a technology that adds users who use an online service to a pseudonymous remarketing list so that users can be shown ads on other online services based on their visit to the online service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland); Further Information: Types of processing and data processed: https://business.safety.google/adsservices/. Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.
Instagram Ads: Placement of ads within the Instagram platform and analysis of ad results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland); Opt-Out: We refer to the data protection and advertising settings in the user's profile on the Instagram platform as well as Instagram's consent procedure and Instagram's contact options for exercising information and other data subject rights in Instagram's privacy policy. Further Information: User event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and audience building on the basis of the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
LinkedIn Insight Tag: Code that is loaded when a user visits our online offering and tracks the user's behavior and conversions, as well as stores it in a profile (possible use cases: measuring campaign performance, optimizing ad delivery, building custom and similar target groups); Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy, cookie policy: https://www.linkedin.com/legal/cookie_policy; Data Processing Agreement:https://www.linkedin.com/legal/l/dpa; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Pinterest Tag: Interest- and behavior-based measurement and analysis of the interaction of users with our online services (in particular page visits, search entries, transactions, video and page views along with time and period) for the purpose of forming target groups for the purpose of displaying content and promotional content within the platform Pinterest and the partners participating in its ad network; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://help.pinterest.com/en/business/article/track-conversions-with-pinterest -tag; Privacy Policy: https://policy.pinterest.com/en/privacy-policy; Basis for third-country transfers: Switzerland - Adequacy decision (Ireland); Opt- Out: https://help.pinterest.com/de/article/personalized-ads-on-pinterest. Further Information: Agreement on Joint Responsibility in the "Pinterest Advertising Services Agreement, Annex B: Pinterest Annex for Joint Controllers"https://business.pinterest.com/de/pinterest-advertising-services-agreement/.

Programmi di affiliazione e link di affiliazione

Within our online services, we include so-called affiliate links or other references (which for example may include search forms, widgets or discount codes) to the offers and services of third parties (collectively referred to as "affiliate links"). When users follow affiliate links or subsequently take advantage of offers, we may receive commission or other benefits (collectively referred to as "commission") from these third parties.

In order to be able to track whether the users have followed the offers of an affiliate link used by us, it is necessary for the respective third party to know that the users have followed an affiliate link used within our online services. The assignment of affiliate links to the respective business transactions or other actions (e.g., purchases) serves the sole purpose of commission settlement and is removed as soon as it is no longer required for this purpose.

For the purposes of the aforementioned affiliate link assignment, the affiliate links may be supplemented by certain values that may be a component of the link or otherwise stored, for example, in a cookie. The values may include in particular the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

Information on legal basis: If we ask the users for their consent to the use of third party providers, the legal basis of the processing is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
Processed data types: Contract data (e.g. contract object, duration, customer category); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties); Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history). Contact data (e.g. postal and email addresses or phone numbers).
Data subjects: Prospective customers; Users (e.g. website visitors, users of online services). Service recipients and clients.
Purposes of processing: Affiliate Tracking; Web Analytics (e.g. access statistics, recognition of returning visitors); Office and organisational procedures; Provision of our online services and usability. Provision of contractual services and fulfillment of contractual obligations.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Amazon Affiliate Program: Affiliate partner program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or one of its affiliates); Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.amazon.com; Privacy Policy: https://www.amazon.com/gp/help/customer/display.html?nodeId=201909010. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Luxembourg).
Canva: Creation and editing of graphic designs, use of pre-made templates, uploading personal images and text, collaboration on projects in real-time, publishing features; Service provider: Canva Pty Ltd, 110 Kippax St, 2010 Surry Hills, Australien; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.canva.com/. Privacy Policy:https://www.canva.com/policies/privacy-policy/.
Etsy: Online marketplace for e-commerce; Service provider: Etsy, Inc., 55 Washington Street, Suite 712, Brooklyn, NY 11201, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.etsy.com. Privacy Policy: https://privacy.rakuten.co.jp/english/.
Pinterest: Social network, allows for the sharing of photos, commenting, favouriting and curating of posts, messaging, subscribing to profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.pinterest.com; Privacy Policy:https://policy.pinterest.com/en/privacy-policy. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).

Profili sui social network (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users' rights.

In addition, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the associated interests of users. The user profiles can then be used, for example, to place advertisements within and outside the networks which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective networks or will become members later on).

For a detailed description of the respective processing operations and the opt-out options, please refer to the respective data protection declarations and information provided by the providers of the respective networks.

Also in the case of requests for information and the exercise of rights of data subjects, we point out that these can be most effectively pursued with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

Processed data types: Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties). Inventory data (For example, the full name, residential address, contact information, customer number, etc.).

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: Communication; Feedback (e.g. collecting feedback via online form); Public relations; Provision of our online services and usability; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).). Marketing.

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".

Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

Instagram: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data, which is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. It also includes details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as profile details of users, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum,"https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of users (particularly the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by our agreements with LinkedIn. The joint responsibility is limited to the collection of data and its transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly concerning the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Pinterest: Social network, allows for the sharing of photos, commenting, favouriting and curating of posts, messaging, subscribing to profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.pinterest.com; Privacy Policy:https://policy.pinterest.com/en/privacy-policy. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).
Threads: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.threads.net/; Privacy Policy: https://help.instagram.com/515230437301944?locale=en_GB. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).
TikTok: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to accounts; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP;
Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/de/privacy-policy. Basis for third- country transfers: EEA - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms), Switzerland - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
TikTok Business: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to accounts - We and TikTok are jointly responsible for the collection and transmission of event data as well as for the measurement and creation of insights reports (statistics) for profile holders. These event data include information about the types of content users view or interact with, actions taken by them, information about devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data), and information from user profiles such as country or location. Data protection information regarding the processing of user data by TikTok can be found in TikTok's privacy policy:https://www.tiktok.com/legal/page/eea/privacy-policy/en. We have concluded a special agreement on joint responsibility with TikTok that specifically regulates which security measures TikTok must observe and in which TikTok has agreed to fulfil the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to TikTok). The rights of users (in particular the right to access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with TikTok. The agreement on joint responsibility can be found in TikTok's "Jurisdiction Specific Terms":https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en. Basis for third-country transfers: EEA - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms), Switzerland - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).

Plugin, funzioni e contenuti incorporati

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as "Content").

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

Processed data types: Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties). Location data (Information on the geographical position of a device or person).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and usability; Provision of contractual services and fulfillment of contractual obligations; Marketing. Profiles with user-related information (Creating user profiles).
.Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.)
Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Google Fonts (Provision on own server): Provision of font files for the purpose of a user-friendly presentation of our online services; Service provider: The Google Fonts are hosted on our server, no data is transmitted to Google; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Google Fonts (from Google Server): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform presentation and consideration of possible restrictions under licensing law. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted which are necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the provider of the fonts in the USA - When visiting our online services, users' browsers send their browser HTTP requests to the Google Fonts Web API. The Google Fonts Web API provides users with Google Fonts' cascading style sheets (CSS) and then with the fonts specified in the CCS. These HTTP requests include (1) the IP address used by each user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the referral URL (i.e., the web page where the Google font is to be displayed). IP addresses are not logged or stored on Google servers and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must match the font that is generated for the particular browser type. The user agent is logged primarily for debugging purposes and is used to generate aggregate usage statistics that measure the popularity of font families. These aggregate usage statistics are published on Google Fonts' Analytics page. Finally, the referral URL is logged so that the data can be used for production maintenance and to generate an aggregate report on top integrations based on the number of font requests. Google says it does not use any of the information collected by Google Fonts to profile end users or serve targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Further Information:https://developers.google.com/fonts/faq/privacy?hl=en.
Font Awesome (Provision on own server): Display of fonts and symbols; Service provider: The Font Awesome icons are hosted on our server, no data is transmitted to the provider of Font Awesome; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Google Maps: We integrate the maps of the service "Google Maps" from the provider Google. The data processed may include, in particular, IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy:https://policies.google.com/privacy. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).

Instagram plugins and contents: Instagram plugins and contents - This can include content such as images, videos or text and buttons with which users can share content from this online service within Instagram . - We are jointly responsible (so-called "joint-controllership") with Meta Platforms Ireland Limited for the collection or transmission (but not further processing) of "Event Data" that Facebook collects or receives as part of a transmission using Instagram functions that run on our website for the following purposes: a) displaying content advertising information that matches users' presumed interests; b) delivering commercial and transactional messages (e.g. b) delivering commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) improving ad delivery and personalizing features and content (e.g., improving recognition of which content or advertising information is believed to be of interest to users). We have entered into a special agreement with Facebook ("Controller Addendum",https://www.facebook.com/legal/controller_addendum), which specifically addresses the security measures that Facebook must take (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to comply with the rights of data subjects (i.e., users can, for example, submit information access or deletion requests directly to Facebook). Note: If Facebook provides us with measurements, analyses and reports (which are aggregated, i.e. do not contain information on individual users and are anonymous to us), then this processing is not carried out within the scope of joint responsibility, but on the basis of a DPA ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing/update), the "Data Security Conditions" (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of Standard Contractual Clauses ("Facebook EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Switzerland - Adequacy decision (Ireland).
LinkedIn plugins and contents: LinkedIn plugins and contents - This can include content such as images, videos or text and buttons with which users can share content from this online service within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website:https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement:https://legal.linkedin.com/dpa; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
MyFonts: fonts; data processed in the font request process includes the identification number of the web font project (anonymized), the URL of the licensed website associated with our number to identify the licensee and the licensed web fonts, and the referrer URL; the anonymized web font project identification number is stored in encrypted log files with such data for 30 days to determine the monthly number of page views; after such extraction and storage of the number of page views the log files are deleted; Service provider: Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.myfonts.co. Privacy Policy: https://www.myfonts.com/info/legal/#Privacy.
Pinterest plugins and contents: Pinterest plugins and contents- This can include content such as images, videos or text and buttons with which users can share content from this online service within Pinterest; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.pinterest.com. Privacy Policy: https://policy.pinterest.com/en/privacy-policy.
reCAPTCHA: We integrate the "reCAPTCHA" function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically operating machines (so-called "bots"). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). The data processing is based on our legitimate interest to protect our online services from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, , parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.google.com/recaptcha/; Privacy Policy:https://policies.google.com/privacy; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF). Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff.
Adobe Fonts: Provision of fonts for integration into web and print designs, synchronisation of fonts across devices, access to a library of licensed fonts for creative projects, management and organisation of fonts in projects; Service provider: Adobe Systems Software Ireland, 4-6, Riverwalk Drive, itywest Business Campus, Brownsbarn, Dublin 24, D24 DCW0, Ireland;
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.adobe.com; Privacy Policy:https://www.adobe.com/de/privacy.html; Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Further Information: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

Gestione, organizzazione e servizi di pubblica utilità

We use services, platforms and software from other providers (hereinafter referred to as " third-party providers") for the purposes of organizing, administering, planning and providing our services. When selecting third-party providers and their services, we comply with the legal requirements.

Within this context, personal data may be processed and stored on the servers of third-party providers. This may include various data that we process in accordance with this privacy policy. This data may include in particular master data and contact data of users, data on processes, contracts, other processes and their contents.

If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third- party provider processing may process usage data and metadata that can be processed by them for security purposes, service optimisation or marketing purposes. We therefore ask you to read the data protection notices of the respective third party providers.

Processed data types: Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties); Inventory data (For example, the full name, residential address, contact information, customer number, etc.). Contact data (e.g. postal and email addresses or phone numbers).

Data subjects: Communication partner (Recipients of e-mails, letters, etc.). Users (e.g. website visitors, users of online services).

Purposes of processing: Communication; Provision of contractual services and fulfillment of contractual obligations; Office and organisational procedures; Provision of our online services and usability; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).). Web Analytics (e.g. access statistics, recognition of returning visitors).

Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

AI software (on own server): Use of "artificial intelligence" in the applicable legal sense of the term, i.e., software that is primarily based on specific logic and is essentially autonomous in its ability to understand and produce natural language or other input, output, and data, analyze information, and make predictions; Service provider: Executed on servers and/or computers under our controllership; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Miro: Online whiteboard and collaboration platform; Service provider: Realtimeboard Inc. dba Miro, 201 Spear Street Suite 1100, San Francisco, California 94105, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://miro.com/; Privacy Policy: https://miro.com/legal/privacy-policy/; Data Processing Agreement: https://miro.com/legal/vendor-data-processing-addendum/. Basis for third- country transfers: EEA - Standard Contractual Clauses (https://miro.com/legal/vendor-data-processing-addendum/), Switzerland - Standard Contractual Clauses (https://miro.com/legal/vendor-data-processing-addendum/).
WeTransfer: Transferring files over the Internet; Service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW, Netherlands; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://wetransfer.com; Privacy Policy:https://wetransfer.com/legal/privacy. Basis for third-country transfers: Switzerland - Adequacy decision (Netherlands).
Instagram: Social network, allows the sharing of photos and videos, commenting on and favouriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy:https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EEA - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland).
Wix: Hosting and software for the creation, provision and operation of websites, blogs and other online services; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal Basis: Legitimate Interests
(Article 6 (1) (f) GDPR); Website: https://www.wix.com; Privacy Policy: https://www.wix.com/about/privacy; Data Processing Agreement: https://www.wix.com/about/privacy-dpa-users. Basis for third-country transfers: EEA - Adequacy decision (Israel), Switzerland - Adequacy decision (Israel).
Canva: Creation and editing of graphic designs, use of pre-made templates, uploading personal images and text, collaboration on projects in real-time, publishing features; Service provider: Canva Pty Ltd, 110 Kippax St, 2010 Surry Hills, Australien; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.canva.com/. Privacy Policy:https://www.canva.com/policies/privacy-policy/.

Modifiche e aggiornamenti

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.

Supervisory authority competent for us:

RAUM ITALIA GmbH

Etschweg 2/2
39040 Kurtatsch (BZ) South Tyrol – Italy

+39 0471 817 009

info@raumitalia.com https://www.raumitalia.com/

Terminologia e definizioni

In this section, you will find an overview of the terminology used in this privacy policy. Where the terminology is legally defined, their legal definitions apply. The following explanations, however, are primarily intended to aid understanding.

Affiliate Tracking: Affiliate tracking logs links that the linking websites use to refer users to websites with products or other offers. The owners of the respective linked websites can receive a commission if users follow these so- called "affiliate links" and subsequently take advantage of the offers (e.g. buy goods or use services). To this end, it is necessary for providers to be able to track whether users who are interested in certain offers subsequently follow the affiliate links. It is therefore necessary for the functionality of affiliate links that they are supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie. The values include in particular the source website (referrer), time, an online identification of the owner of the website on which the affiliate link was located, an online identification of the respective offer, an online identifier of the user, as well as tracking specific values such as advertising media ID, partner ID and categorizations

Artificial Intelligence (AI): The purpose of processing data through Artificial Intelligence (AI) includes the automated analysis and processing of user data to identify patterns, make predictions, and improve the efficiency and quality of our services. This involves the collection, cleansing, and structuring of data, training and applying AI models, as well as the continuous review and optimisation of results, and is carried out exclusively with users' consent or based on legal authorisation grounds.
Clicktracking: Clicktracking allows users to keep track of their movements within an entire website. Since the results of these tests are more accurate if the interaction of the users can be followed over a certain period of time (e.g. if a user likes to return), cookies are usually stored on the computers of the users for these test purposes.

Contact data: Contact details are essential information that enables communication with individuals or organizations. They include, among others, phone numbers, postal addresses, and email addresses, as well as means of communication like social media handles and instant messaging identifiers.
Content data: Content data comprise information generated in the process of creating, editing, and publishing content of all types. This category of data may include texts, images, videos, audio files, and other multimedia content published across various platforms and media. Content data are not limited to the content itself but also include metadata providing information about the content, such as tags, descriptions, authorship details, and publication dates.
Contract data: Contract data are specific details pertaining to the formalisation of an agreement between two or more parties. They document the terms under which services or products are provided, exchanged, or sold. This category of data is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may encompass the start and end dates of the contract, the nature of the agreed- upon services or products, pricing arrangements, payment terms, termination rights, extension options, and special conditions or clauses. They serve as the legal foundation for the relationship between the parties and are crucial for clarifying rights and duties, enforcing claims, and resolving disputes.
Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Conversion tracking: Conversion tracking is a method used to evaluate the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the devices of the users within the websites on which the marketing measures take place and then called up again on the target website (e.g. we can thus trace whether the advertisements placed by us on other websites were successful).

Cross-Device Tracking: Cross-Device Tracking is a form of tracking in which behavior and interest information of the user is recorded across all devices in so-called profiles by assigning an online identifier to the user. This means that user information can usually be analysed for marketing purposes, regardless of the browser or device used (e.g. mobile phone or desktop computer). With most Cross-Device Tracking providers, the online identifier is not linked to plain data such as names, postal addresses or e-mail addresses.
Employees: As employees, individuals are those who are engaged in an employment relationship, whether as staff, employees, or in similar positions. Employment refers to a legal relationship between an employer and an employee, established through an employment contract or agreement. It entails the obligation of the employer to pay the employee remuneration while the employee performs their work. The employment relationship encompasses various stages, including establishment, where the employment contract is concluded, execution, where the employee carries out their work activities, and termination, when the employment relationship ends, whether through termination, mutual agreement, or otherwise. Employee data encompasses all information pertaining to these individuals within the context of their employment. This includes aspects such as personal identification details, identification numbers, salary and banking information, working hours, holiday entitlements, health data, and performance assessments.
Inventory data: Inventory data encompass essential information required for the identification and management of contractual partners, user accounts, profiles, and similar assignments. These data may include, among others, personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data form the foundation for any formal interaction between individuals and services, facilities, or systems, by enabling unique assignment and communication.
Location data: Location data is created when a mobile device (or another device with the technical requirements for a location determination) connects to a radio cell, a WLAN or similar technical means and functions of location determination. Location data serve to indicate the geographically determinable position of the earth at which the respective device is located. Location data can be used, for example, to display map functions or other information dependent on a location.
Log data: Protocol data, or log data, refer to information regarding events or activities that have been logged within a system or network. These data typically include details such as timestamps, IP addresses, user actions, error messages, and other specifics about the usage or operation of a system. Protocol data is often used for analyzing system issues, monitoring security, or generating performance reports.
Meta, communication and process data: Meta-, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Meta-data, also known as data about data, include information that describes the context, origin, and structure of other data. They can include details about file size, creation date, the author of a document, and modification histories. Communication data capture the exchange of information between users across various channels, such as email traffic, call logs, messages in social networks, and chat histories, including the involved parties, timestamps, and transmission paths. Procedural data describe the processes and operations within systems or organisations, including workflow documentations, logs of transactions and activities, and audit logs used for tracking and verifying procedures.

Payment Data: Payment data comprise all information necessary for processing payment transactions between buyers and sellers. This data is crucial for e-commerce, online banking, and any other form of financial transaction. It includes details such as credit card numbers, bank account information, payment amounts, transaction dates, verification numbers, and billing information. Payment data may also contain information on payment status, chargebacks, authorizations, and fees.
Personal Data: "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: The term "processing" covers a wide range and practically every handling of data, be it collection, evaluation, storage, transmission or erasure.
Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any kind of automated processing of personal data that consists of using these personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.
Remarketing: Remarketing" or "retargeting" is the term used, for example, to indicate for advertising purposes which products a user is interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
Targeting: "Tracking" is the term used when the behaviour of users can be traced across several websites. As a rule, behavior and interest information with regard to the websites used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users presumably corresponding to their interests.
Usage data: Usage data refer to information that captures how users interact with digital products, services, or platforms. These data encompass a wide range of information that demonstrates how users utilise applications, which features they prefer, how long they spend on specific pages, and through what paths they navigate an application. Usage data can also include the frequency of use, timestamps of activities, IP addresses, device information, and location data. They are particularly valuable for analysing user behaviour, optimising user experiences, personalising content, and improving products or services. Furthermore, usage data play a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
Web Analytics: Web Analytics serves the evaluation of visitor traffic of online services and can determine their behavior or interests in certain information, such as content of websites. With the help of web analytics, website owners, for example, can recognize at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of their websites to the needs of their visitors. For the purposes of web analytics , pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online service.

contattaci

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at info@izz-design.com.

INFORMATIVA SULLA PRIVACY

telefono

+39 3494068104

email

studio@avvera-interiors.com

indirizzo

milano, italia

social