Dear user,
BackStudio Milan S.r.l., as data controller, (“Company” or “Data Controller“) is committed to protecting your personal data, therefore, with the privacy policy hereof, the Company wishes to inform you, in accordance with articles 13 and 14 of the European Regulation 679/2016 on the protection of personal data (“Regulation” or “GDPR“) as well as with national legislation, including the measures adopted by the Italian supervisory authority (“Supervisory Authority“), where applicable, that your personal data will be processed in compliance with the legislative provisions in force, for the purposes and with the methods indicated below. Please note that (i) this privacy policy should be read alongside the Cookie Policy and the Terms and Conditions of this website; (ii) and that it only refers to personal data collected by the Company and not by third parties.
- The personal data we collect and process about you
- Web Surfing Data
Computer systems and software procedures that make this website work regularly, collect some personal data through Internet communication protocols in order to improve the quality of the services offered by this website. These data are not collected in order to be associated to personally identifiable information, but – if processed and associated – they can identify users.
Data belonging to this category include, by way of example, IP address, domain names of computers used to reach this website, URI (Uniform Resource Identifiers) which identify the requested contents, timing of a specific request, method used to submit a request to the server, size of the contents obtained as a response, numerical code indicating the status of the server’s response (success, error, etc.) and other parameters concerning the user’s operating system and computing environment.
These data, mandatorily provided, are also used for anonymous and statistical purposes in order to (i) check how the website is used and (ii) to verify if it is working properly. Such data could be also used to ascertain responsibilities in the event of computer crimes or damages to the Company. However such data are regularly deleted and might be communicated to the competent authorities when they ask for their provision.
- Personal data provided by you
Your personal data are collected when you provide them to the Data Controller. More specifically, the Data Controller will collect and process, by way of example, the following personal data:
- personal information (such as, including but not limited to, name, surname, date and place of birth);
- identification and contact information (such as, including but not limited to, your image, your voice, your address, domicile, e-mail, telephone, identification documents);
- bank data (such as, including but not limited to, the bank account, credit card details).
- Purposes and legal basis of processing
Your personal data under paragraph 1.2 are collected and processed for the following purposes:
- management of the contractual relationship between you and the Company, management of the requests sent through the “Contact us” section, performance of the activities of recruitment and selection of personnel – including the assessment of your profile and your professional skills in the event you send to the Company your CV – processing of the payments related to the service purchased through this website as well as for other purposes strictly connected with or instrumental to the management of the contractual relationship provided for by laws, regulations and EU legislation as well as by provisions issued by authorities empowered to do so by law and by supervisory and control entities;
- marketing purposes, prior to your express consent, in order to send you promotional material to the e-mail address you will provide;
- sending of newsletters, subject to your express consent that can be revoked at any time, in order to be informed about the Company’s activities, offers and any other information related to the Company itself.
The legal basis of the processing of your personal data collected for the purposes indicated under letter (a), is to be found in article 6.1, letter b), GDPR, since such processing is necessary to fulfil obligations of a contractual or pre-contractual nature, as well as in article 6.1, letter c), GDPR, since such processing is necessary to fulfil the legal obligations to which the Data Controller is subject.
The processing of your personal data collected for the purposes indicated under letter (b) and (c), will be possible only after you have given your express consent by ticking the related box that appears at the end of the payment procedure or by ticking “Subscribe” in the newsletter section of the Site. For such purposes, the legal basis of processing is to be found in article 6.1, letter a), GDPR as well as in article 6.1, letter c), GDPR, as necessary for the fulfilment of the legal obligations to which the Data Controller is subject.
- How we process your personal data
Personal data will be processed by the Company and its employees and/or collaborators with computer and manual systems according to the principles of correctness, loyalty and transparency provided for by the applicable legislation on the protection of personal data in such a way that aims at protecting the confidentiality of your personal data as well as your rights by adopting appropriate technical and organizational measures to ensure a level of security adequate to the risk.
The provision of your personal data for the purposes indicated under letter (a) is necessary to carry out the activities contractually envisaged as well as to fulfil the obligations deriving from the contractual relationship between you and the Company. Should you not provide us with your personal data it will impossible to execute or, in certain circumstances, continue such contractual relationship.
The provision of your personal data for the purposes indicated under letters (b) and (c), is optional, should you not provide your personal data it will not be possible to achieve such purposes.
- Storage of your personal data
Your personal data will be stored at the Company’s registered office in compliance with the principle of proportionality for the entire duration of the contractual relationship. At the end of the contractual relationship for any reason occurred, including the deletion of your user account, your personal data will be processed for the period of time provided for by the legislation applicable to the aforementioned relationship, including tax and accounting law, and in any case for a period not exceeding 10 years (prescription period). At the end of this period, your personal data will be deleted or made anonymous.
As for the personal data processed for the purposes indicated under letter (b) and (c) of paragraph 1.2 above, such data will be stored until the related consent is revoked. However, at the end of the contractual relationship as well as at the revocation of your consent, your personal data will be processed for the period of time provided for by the legislation applicable to the aforementioned relationship, including tax and accounting law, and in any case for a period not exceeding 10 years. At the end of this period, your personal data will be deleted or made anonymous.
- To whom we disclose our personal data with and transfers of your personal data that we carry out
Your personal data will be accessible to some employees and/or collaborators of the Company expressly and duly authorized to process your personal data in order to fulfill the above purposes.
In addition to the above, your personal data might also be communicated to third parties, such as the web service provider and marketing and communication agencies, being understood that such third parties will be duly appointed as data processors, in compliance with the GDPR.
The Company transfers your personal data to countries that do not offer an adequate level of protection, such as the United States of America. The transfer of personal data to countries that do not guarantee an adequate level of protection is subject to appropriate safeguards in compliance with articles 45-47 GDPR as well as with the guidelines of the European Committee for the Protection of Personal Data.
With reference to the transfer of your personal data to the United States of America, such transfer is subject to the signing of the so-called standard data protection clauses adopted by the EU Commission under article 46 paragraph 2 of the GDPR.
In any case, your personal data will not be disclosed, unless this is necessary to comply with obligations provided for by law or regulations.
- Identity and contact details of the Data Controller
The Data Controller is BackStudio Milan S.r.l., with registered offices in Via Nicola Antonio Porpora No 167 cap 20131, Milan (Italy) that can be contacted at the following e-mail address info@backstudiomilan.com.
- How to access your information and your other rights
We inform you that you may exercise, in relation to the processing of your personal data described therein; the rights provided for in under articles 15-21 GDPR, such as the right:
- to receive confirmation of the existence of your personal data and access to their content (access rights);
- to update, modify and/or correct your personal data (right of correction);
- to request the cancellation or limitation of the processing of personal data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or otherwise processed (right to cancellation and right to limitation);
- to oppose the processing (right of opposition);
- to receive a copy of your personal data in electronic format and request that such personal data be transmitted to another data controller (right to data portability).
In order to exercise these rights and to revoke your consent for the processing of your personal data you can contact the Data Controller by sending an e-mail to info@backstudiomilan.com.
- Right to lodge a complaint
Should you believe that the processing of your personal data infringes any GDPR provision you have the right to lodge a complaint with the Italian supervisory authority, pursuant to articles 13 and 77 GDPR, as well as article 140-bis of Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018, or to take legal action pursuant to article 79 GDPR.
Updated on January 2021.