1) Privacy Rules
The following Privacy Rules describe the methods employed by the owner of Secret Maps LLC (henceforth referred to as “the Owner”) in the process of gathering, recording, preserving, elaborating and making use of personal data submitted by users of the www.secretmaps.net website (henceforth referred to as “the Site”) and the Secret Maps app (henceforth referred to as “the App”). Secret Maps LLC, through its legal representative, based in Corso Lodi 123 Milan Italy, operates as a Data Controller and can be contacted at firstname.lastname@example.org. These Rules are to be considered an official briefing on the subject of personal data treatment in accordance with the European Union Regulation No. 679/2016 (“GDPR”). These Rules only apply to the Secret Maps Site and to no other website which may be reachable via links hosted on the Site itself, for which the Owner is not responsible.
The Owner encourages Site and App users to read the following and contact him via the methods indicated below for any information and/or clarification.
By using the Site and App, the user acknowledges and accepts that Internet-based interactions are never entirely private and secure, and that the Site and App are not employing an advanced data cryptography system. The user acknowledges that any data or message sent to the Site and App – including personal data submitted by filling in the forms required to use the products and services offered by the Site and App – could be accessed or intercepted by third parties, even in the presence of explicit indication that a data exchange (such as the submission of credit card info) is protected by cryptography or other forms of online security.
The Owner makes users aware of the following items:
a) Data voluntarily provided by users/visitors.
Anagraphic data. The user may be required to provide anagraphic data (name, surname, e-mail address) when submitting comments, opinions, suggestions, notifications or commercial requests. Failure to provide such data shall result in the Site’s managers’ inability to comply with requests for information or documentation, or to provide the products and services for which the data is required.
Sensitive data. Should the user/visitor willingly disclose personal data of a sensitive nature (specifically, concerning their own health, religious beliefs, political opinions or participation in labor unions) the Site’s owners hereby declare that under no circumstances and for no reason shall such data be exploited.
b) The Owner shall acquire anagraphic data through the Site and App for the purpose of replying to comments, opinions, suggestions and notifications, and to the end of providing commercial services including, but not limited to:
- selling advertising spaces and/or banners;
- publishing paid promotional content for events.
c) Treatment of personal data is performed by the Owner and/or by appointed personnel with the aid of manual and/or digital instruments. The Owner has appointed a Person Responsible for the Protection of Personal Data (Date Protection Officer-DPO) that can be contacted for any information or requests at: email@example.com
d) In cases of strict necessity, and within the scope of previously-indicated purposes, the user’s personal data subjected to treatment on the Owner’s part may be relayed to (i) persons, companies, associations or professional practices from which the Owner receives assistance or counseling services in areas including but not limited to accountancy, legal and tributary matters, technical support; (ii) persons whose right of access to the data is stated by laws and regulations. The Owner imposes on Third Party suppliers and Data Processors the respect of security measures equal to those adopted towards interested users, restricting the perimeter of action of the Manager to the related treatment and requested service. The data is not subject to disclosure or communication by the Owner abroad.
e) Users provide personal data on an optional, voluntary basis. However, complete or partial failure to fill forms with the requested data shall result in the Owner’s inability to comply with requests for products and/or services.
f) The personal data provided by the interested parties, unless they express their will to be removed, will be kept, with respect to the legitimate purposes for which the data was collected. The data will be kept for a period of no more than 12 months, without prejudice for the fulfillment of the obligations (eg tax and accounting) that remain even after the termination of the contract (art.2220 c.c.); for these purposes the Data Controller will retain only the data necessary for the relative prosecution.
2) Internet activity data
The IT systems that allow the Site and App to function may, in the course of their normal activity, acquire some personal data the transmission of which is implicit in the use of Internet-based communication protocols. Such data shall not be associated with identified users, and shall instead only be used by the Owner for the purpose of gathering anonymous statistical data on Site and App usage, and to ascertain their correct functioning.
Cookies are small text files sent by a Web server to a user’s computer while surfing the Internet. Cookies are largely employed to facilitate the personalization of online services, and to safely manage access to a website’s restricted sections. The information stored in cookies can only be anonymously accessed by the Web server itself. Cookies do not retain any personal data such as names, family names or e-mail addresses. No individual can be identified solely from cookie-gathered information, and their usage is broadly accepted. The user can nonetheless alter his or her browser’s configuration and disable cookies. In that case, some of the user’s options for access, usage and customization available on the Site and App may be limited, and some of the products and/or services provided by the Site and App may not function or display correctly.
4) User rights
The interested party has the right to obtain the following from the Data Controller:
a) Confirmation that their personal data is being processed and in this case, in order to obtain access to personal data and the following information:
- The purposes of the processing;
- The categories of personal data in question;
- The recipients or categories of recipients to whom the personal data have been or will be communicated;
- When possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
- The existence of the right of the data subject to request the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
- The right to lodge a complaint with a control authority;
- If the data is not collected from the interested party, all information available on the data origin;
- The existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
b) The right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others. In case of further copies requested by the interested party, the Data Controller may charge a reasonable fee based on administrative costs;
c) The right to obtain the correction of inaccurate personal data from the Data Controller without unjustified delay;
d) The right to obtain the deletion of personal data from the Data Controller without unjustified delay, for reasons provided for by the GDPR in Article 17. among which, for example, the data is no longer necessary for the purposes of processing or if this is assumed to be illicit, while respecting the conditions provided for by law; and furthermore, if the treatment is not unjustified by another equally legitimate reason;
e) The right to obtain the limitation of processing from the Data Controller, in the cases provided for in Article 18 of the GDPR, for example where the interested party has contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in reasonable time, also when the suspension period is completed or the cause of the limitation has ceased, and therefore the limitation has been revoked;
f) The right to obtain communication, from the Owner, regarding the recipients to whom the requests for any corrections, cancellations or limitations of the processing have been transmitted, unless this proves impossible or involves a disproportionate effort;
g) The right to receive, in a structured, commonly used and automatically readable form, personal data concerning themselves and the right to transmit such data to another data controller without impediments by the data controller who provided the data, in the cases provided for in Article 20 of the GDPR, and the right to obtain direct transmission of personal data from one controller to another, if technically feasible.
For further information and to send your request, contact the Data Controller at: firstname.lastname@example.org.
5) Complaints to the supervisory authority
Without prejudice to any action in administrative or judicial proceedings, the interested party may lodge a complaint with the competent supervisory authority in Italy (the Personal Data Protection Authority) or with the authority carrying out its duties and exercising its power in the Member State where the GDPR violation took place.
To exercise the above-stated rights and for any further clarification concerning Privacy Rules, users can contact the Owner of Secret Maps LLC, with registered offices at Corso Lodi 123 – Milan (Italy), via the following e-mail address: email@example.com.