PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF THE REGULATION (EU) 679/2016 (General Data Protection Regulation – GDPR)

This policy describes the methods and purposes of the processing of personal data of users who access and use the following websites:

•  https://www.digitalmoka.com/
•  http://www.scopadalnegro.com
•  http://www.briscoladalnegro.com
•  http://www.assopigliatuttodalnegro.com
•  http://www.burracodalnegro.com
•  http://www.solitariodalnegro.com
•  http://www.tressettedalnegro.com

(hereinafter, simply the “Sites”) in compliance with the current legislation on the protection of personal data. In compliance with the principles recognized by the European Regulation 679/2016, this information provides the user (data subject) any further information necessary to ensure correct and transparent processing, in relation to the specific context in which the personal data are collected and subsequently processed.

This policy is provided only for the Sites listed above, and not for the websites, Apps and Social Platforms accessible through hyperlinks contained therein, for which reference should be made to the relevant information on the processing of personal data.

1. Data Controller

The Controller is “Digitalmoka S.r.l.”, with registered office in Via Ostiense 387b 00145 Rome (hereinafter “DIGITALMOKA” or “Controller “).

2. Types of data processed, purposes and legal basis of the processing

The types of data processed include:

1. browsing data, collected in aggregate form with automatic methods (including, by way of example, IP addresses, browsing times, geographic data, data relating to the interaction with the Sites and other parameters relating to the operating system and IT environment of the User); however, such information could also, through processing and / or association with other data, held by the provider or by third parties, allow the identity of the user to be traced;
2. data provided voluntarily by the User by sending, on an optional and voluntary basis, e-mail messages to the addresses indicated on the Sites or by selecting the postal envelope-shaped icon present in the footer of the same.

DIGITALMOKA processes user’s personal data for purposes related to the provision of the services offered through the Sites, as well as to guarantee of correct functioning of the same. The legal basis of the processing is, therefore, constituted by the performance of a contract to which the data subject is party , pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR). In particular, the user’s personal data are collected and processed for the following purposes:

1. browsing data: the computer systems and communication protocols used to operate the Sites acquire, during their normal operation, the information necessary to ensure the use of the services offered and to check their correct functioning. The data relating to the user’s interaction with the Sites are also collected to obtain aggregate and anonymized information relating to the use of the Sites (e.g. most visited pages, number of visitors by time or day, geographical areas of origin, etc.), to identify the most popular content and orient marketing strategies. For more information on the collection, use and storage times of browsing data, please refer to the cookie policy;
2. data provided by the user: the optional and voluntary sending of e-mail messages to the e-mail addresses indicated on the Sites or by selecting the postal envelope-shaped icon present in the footer of the same, involves the acquisition of the e-mail address of the sender and any other personal data present in the message, in order to carry out the processing activities necessary to provide feedback to the requests from the data subject.

3. Method and duration of processing

The processing will be carried out using paper and / or IT tools, by individuals authorized to do so, who operate under the direct authority and according to the instructions given by the Controller, with processing strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data processed.

The processing operations are carried out in such a way as to guarantee the security of data and systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data, of unauthorized access, of processing that is not permitted or does not comply with the purposes indicated in this policy .

However, the security measures adopted do not allow for the risk of interception or compromise of personal data transmitted via telematic devices to be absolutely ruled out. It is therefore recommended to verify that the device employed by the user is equipped with software systems suitable for the protection of the telematic transmission of data, both inbound and outbound (such as, for example, updated antivirus systems, firewalls and spam filters).

The data being processed will be kept for a period not exceeding that necessary to achieve the purposes for which they were collected and subsequently processed. In particular:

1. the data under 2.a) will be kept for the period specified in the cookie policy, which we recommend consulting;
2. the data under 2.b) will be kept for the time necessary to provide a response to the messages sent by the user.

4. Categories of recipients

The personal data of the data subject may be communicated to:

specifically authorized collaborators and employees of the Controller, within the scope of their duties;

providers of the services offered through the Sites or connected to the functioning of the same.

Under no circumstances will personal data be communicated, disseminated, sold or otherwise transferred to third parties for illegal purposes and, in any case, without providing suitable information to the interested parties and obtaining their consent, where required by law. Any communication of data at the request of the judicial or public security authorities, in the manner and in the cases provided for by law, remains unaffected. Personal data will not be transferred abroad, to Countries or international Organizations not belonging to the European Union that do not guarantee an adequate level of protection, as recognized, pursuant to art. 45 GDPR, through an adequacy decision of the EU Commission. Should it be necessary for the provision of the Services, the transfer of personal data to Countries or international Organizations outside the EU, for which the Commission has not made an adequacy decision pursuant to art. 45 GDPR, will take place only in the presence of adequate guarantees provided by the recipient Country or Organization, pursuant to art. 46 GDPR and provided that the data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision by the Commission, pursuant to art. 45 GDPR, or adequate guarantees, pursuant to art. 46 GDPR, the cross-border transfer will take place only if one of the conditions indicated in art. 49 GDPR is fulfilled.

5. Rights of the data subject

The data subject has the right to access their personal data, to request their correction, updating and deletion or limitation, if incomplete, erroneous or collected in violation of the law, as well as to oppose the processing for legitimate reasons or obtain portability.

Specifically, the data subject have the right to obtain from the controller confirmation as to whether or no personal data concerning him or her are being processed , even if it has not yet been recorded, and to its communication in intelligible form.

The data subject also has the right to obtain information on:

1. the purposes and means of data processing;
2. the logic applied in case of processing carried out with automated decision-making;
3. the identification details of the Controller, of the Processors and of the recipients or categories of recipient to whom the personal data may be communicated or who can learn about them in their capacity as individuals authorized for processing.

The data subject has the right to obtain:

1. the updating, rectification or integration of their data;
2. the erasure, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes of the processing;
3. the restriction of processing, when one of the situations referred to in Article 18 GDPR occurs;
4. the attestation that the operations referred to in letters a), b) and c) have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
5. the transmission of data concerning them, provided to the Controller and processed on the basis of the express consent of the data subject for one or more specific purposes, in a structured , commonly used and machine readable format Pursuant to art. 20 GDPR, the data subject also has the right to transmit such data to another controller without impediments and, if technically feasible, to obtain the direct transmission of personal data from one controller to another.
6. if the processing is based on consent, to withdraw their consent at any time (pursuant to Article 7, paragraph 3 of the GDPR).

The data subject has the right to object, in whole or in part:

1. the processing of personal data concerning them for legitimate reasons, even if relevant to the purpose of collection;
2. the processing of personal data concerning them for the purpose of sending advertising or direct sales material, or for carrying out market research or commercial communication.
3. automated decision-making processes that significantly affect their person.

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their usual residence, place of work or place of the alleged infringement.

6. Exercise of rights

The above rights are exercised with a request addressed to the Controller, by sending an e-mail message to the address mailto:[email protected]. The request is formulated freely and without formalities by the data subject, who has the right to receive suitable feedback within a reasonable timeframe, depending on the circumstances of the case.

The data subject may make use, for the exercise of their rights, of non-profit bodies, organizations or associations, whose statutory objectives are of public interest and which are active in the field of protection of the rights and freedoms of the interested parties with regard to the protection of personal data, providing, for this purpose, a suitable mandate. The data subject may also be assisted by a person of trust.

It is possible to receive more information on the purposes and methods of processing personal data by writing to mailto:[email protected] and indicating “Privacy” in the subject line.

To find out about your rights, lodge a complaint and always be updated on the legislation on the protection of individuals with regard to the processing of personal data, the data subject can contact the personal Data Protection Authority, by consulting the website at the address http://www.garanteprivacy.it/.

7. Final provisions

The original text of this information is drawn up in Italian and the Italian text is the only one that will be authentic in the relationship between the data subject and the Controller.

It should be noted that, for the convenience of the data subject, this information is also available in English: it is understood, in any case, that any translation is provided solely for facilitative purposes and that in any case of conflict or discrepancy, the Italian version will remain prevailing and legally binding in the relations between the Controller and the data subject, without prejudice to DIGITALMOKA’s exemption from any liability deriving from translation defects.

Information updated in June 2021