DATA CONTROLLER AND CONTACT DETAILS
PERSONAL DATA BEING PROCESSED
The personal data processed through the Site are those indicated below.
The computer systems in charge of the Site's operation acquire, in the course of their normal operation, some personal data in aggregate and not immediately identifiable form, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could allow users to be identified through processing and association with data held by third parties. This technical/informational data is used exclusively for the purpose of obtaining statistical information in anonymous or aggregate form on the use of the Site, checking the proper functioning of the services offered through the Site and identifying anomalies and/or abuses. This information is deleted immediately after being processed.
Data provided voluntarily by the user
Through the Site, the User may voluntarily provide personal data such as, for example, name, surname and e-mail address by filling in the forms present in the "Give new life to your Plant", "Are you interested in purchasing miners?" and "Contacts" sections of the Site in order to request information or to contact the Controller in order to request a personalised quote. The User may also choose to provide his/her e-mail address in order to subscribe to the newsletter. The Data Controller shall process the User's data in compliance with the Applicable Regulations, assuming that they refer to the User himself or to third parties who have expressly authorised him to confer them or whose personal data the User was entitled to confer. With respect to such assumptions, the User undertakes to indemnify and hold harmless the Data Controller from any dispute, claim, or request for compensation for damages from the processing of personal data that may be received from such third parties.
Cookies and other tracking tools
PURPOSE AND LEGAL BASIS OF PROCESSING
The data acquired will be processed for the purposes and on the basis of the legal bases set out below.
• Provide feedback to any requests for information/clarification sent using the forms available on the Site.
• Provide a customised quote.
• Fulfilling the legal obligations to which the Controller is bound, including responding to any requests to exercise the User's rights as a data subject under current data protection legislation.
• Carrying out promotional/marketing activities by sending, by e-mail, promotional newsletters relating to Alps Blockchain S.p.A. and/or the products/services offered by the latter.
• Check for any fraudulent or illegal use of the Site and ensure its security and functionality in the interests of the Users and the Owner.
• Carry out statistical research/analysis on aggregated or anonymous data, without, therefore, being able to identify the User and measure traffic and evaluate the use of the Site and the interest shown by Users.
• Establishing, exercising or defending legal claims in court or whenever judicial authorities act in this capacity.
• The processing is necessary for the performance of pre-contractual measures taken at the request of the User and/or a contract to which the data subject is party (Art. 6(1)(b) of the GDPR).
• The processing is necessary to comply with a legal obligation to which the Data Controller is subject (Art. 6(1)(c) of the GDPR).
• The processing is based on any consent given by the User (Art. 130 of Legislative Decree No. 196/2003 (so-called "Privacy Code") - Art. 6(1)(a) of the GDPR).
• The legitimate interest of the Controller and the Users themselves in preventing or detecting any fraudulent or otherwise unlawful use of the Site [Art. 6(1)(f) of the GDPR].
• The legitimate interest of the Controller in verifying the usability and attractiveness of the Site [Art. 6(1)(f) of the GDPR].
• The legitimate interest in establishing, exercising or defending a right in judicial proceedings or whenever the judicial authorities exercise their functions (Art. 6(1)(f) of the GDPR).
NATURE OF PROVIDING PERSONAL DATA
The provision of data by the User is optional. Nonetheless, failure to provide the data, in whole or in part, may make it impossible to respond to any requests for information/clarifications and/or requests to exercise the rights of the User as data subject. Failure to provide consent to the sending of commercial communications, on the contrary, will not entail any consequence except for the impossibility to benefit from updates and learn about news about Alps Blockchain S.p.A. and/or its products/services.
PERSONAL DATA PROCESSING METHODS
Data are processed by manual and/or computerised means, in all cases in such a way as to guarantee their security and confidentiality. To this end, the Data Controller has adopted and implements security measures, both technical and organisational, appropriate to the level of risk correlated to the processing carried out. In particular, the Site's functions are provided on HTTPS encrypted connection and personal data are collected, filed and stored on secure servers, protected by firewalls and physically located within the European Union.
RECIPIENTS OF PERSONAL DATA
Processing is carried out by the Data Controller's staff specifically authorised for this purpose by virtue of their respective duties, as well as by the Data Processors specifically identified in writing, within the scope of their respective functions and in compliance with the instructions issued by the Data Controller, ensuring the use of appropriate measures for the security of the data processed and guaranteeing their confidentiality, for example, companies, consultants or professionals in charge of installing, maintaining and updating the Site and, more generally, of managing the Data Controller's hardware and software, including the hosting provider and providers of cloud computing and e-mail marketing services (in this case, "MailUp®"). The full list of Data Processors is available upon request.
The Data may also be disclosed to the following categories of recipients:
• subjects, bodies or Public Authorities to which, in their capacity as independent data controllers, it is mandatory to communicate your personal data by virtue of legal provisions or orders by the authorities or to prevent and/or ascertain any fraudulent activities or abuses in the use of the Site and the services offered by the Data Controller;
• companies including lawyers, associated firms, consultants or professionals (e.g. legal, administrative and/or tax consultancy firms) that may be appointed to support the data controller in the proper fulfilment of legal obligations with which the data controller is required to comply and/or in the establishment, exercise or defence of a right in or out of court, or whenever the judicial or administrative authorities exercise their functions.
TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
PERSONAL DATA RETENTION PERIOD
The User's personal data or data provided by the User will be kept for a period not exceeding that which is necessary to pursue the purposes indicated above and for which they are processed. In particular, personal data will be kept for the period necessary to respond to requests for information/questions received and, in any case, for a period not exceeding three months from the date on which they are provided. This maximum storage period may be extended, if the conditions are met, in order to allow the Controller to exercise and defend a right in court or whenever the Judicial Authority exercises its functions and/or at its request. With regard to the processing for promotional/marketing communications, the data will be kept for a maximum period of 24 months from the time consent to the processing for marketing purposes was given, without prejudice to the possibility, at any time, to request revocation of the consent given, without prejudice to the lawfulness of the processing based on the consent before revocation.
RIGHTS OF THE DATA SUBJECT
The User and/or the third party on whose behalf the User has provided the data has the right to:
• to obtain confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to them and to a range of relevant information, including, by way of example, that relating to (a) the purposes of the processing; (b) the categories of personal data covered by the processing; (c) the subjects or categories of subjects to whom the personal data have been or will be communicated; (d) the data storage period or, if this is not possible, the criteria used to determine this period; (e) the origin of the personal data, if they have not been provided by you;
• request and obtain the updating of data, the rectification of inaccurate data or, when interested, the integration of incomplete data;
• request and obtain the deletion of the data if: a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) if the User objects to the processing carried out on the basis of a legitimate interest of the Controller and there is no overriding legitimate reason to continue the processing; c) the data have been processed unlawfully; e) the data must be deleted by the Controller in compliance with a legal obligation;
• request and obtain the restriction of processing in the event of: (a) contestation of the accuracy of the data for the time necessary for the Data Controller to carry out the requested verifications; (b) unlawful processing of data by the Data Controller, if the User objects to the deletion of the data and instead requests the restriction of its use; (c) ascertainment, exercise or defence of a right of the User in court, although the Data Controller no longer needs the data for processing purposes; (d) awaiting the outcome of the verification as to whether the Data Controller's legitimate reasons prevail over those of the data subject;
• in cases where the processing is based on a contract and is carried out by automated means, to request and receive, in a structured, commonly used and machine-readable format, the data concerning him/her and, if technically feasible, to obtain the direct transmission by the Controller to another controller;
• oppose, in whole or in part, for legitimate reasons related to the User's particular situation, the processing of data concerning him/her, even if relevant to the purpose of collection;
• where the processing is based on the User's consent, revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent before revocation;
• lodge a complaint with the Garante per la protezione dei dati personali pursuant to Article 77 of the GDPR and Articles 140-bis et seq. of the Italian Privacy Code, if it considers that its rights under the Applicable Regulations have been violated.
The Controller shall notify each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of processing carried out, except where this proves impossible or involves a disproportionate effort.
WAYS OF EXERCISING THE RIGHTS OF THE DATA SUBJECT
As a data subject, the User may at any time exercise the aforementioned rights by contacting the Data Controller at the contact details indicated above. To lodge a complaint with the Data Protection Authority, you may use the forms made available on the relevant website.