Data Controller

CANELLA BUSINESS S.R.L.

VAT: IT04651170278

info@canellabusiness.com

Types of Data Collected

Among the Personal Data collected by this Application, either independently or through third parties, there are: email, Cookies, Usage Data, password, first name, last name, and Email. Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed prior to data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically while using this Application. Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide them, it may be impossible for this Application to provide the Service. In cases where this Application specifically states some Data as optional, Users are free not to provide them without affecting the availability or operation of the Service. Users who have any doubts about which Data is mandatory are encouraged to contact the Controller. The possible use of Cookies – or other tracking tools – by this Application or by the owners of third-party services used by this Application, unless otherwise specified, is intended to provide the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available. The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Application and guarantees that they have the right to communicate or disseminate them, releasing the Controller from any liability towards third parties.

Methods and Place of Data Processing

Processing Methods

The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the indicated purposes. In addition to the Controller, in some cases, the Data may be accessible to certain types of persons involved with the operation of this Application (administrative, sales, marketing, legal, system administration staff) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Controller. The updated list of these parties may be requested from the Controller at any time.

Legal Basis for Processing

The Controller processes Personal Data relating to the User if one of the following conditions applies:

• The User has given their consent for one or more specific purposes; Note: In some jurisdictions, the Controller may be allowed to process Personal Data without the User’s consent or another legal basis specified below, as long as the User does not object to such processing (“opt-out”). However, this does not apply where the processing of Personal Data is subject to European data protection legislation.
• Processing is necessary for the performance of a contract with the User and/or for any pre-contractual obligations thereof.
• Processing is necessary for compliance with a legal obligation to which the Controller is subject.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
• Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.

It is always possible to ask the Controller to clarify the specific legal basis that applies to each processing activity, particularly whether the processing is required by law, is contractually mandated, or necessary to conclude a contract.

Location

The Data is processed at the Controller’s operating offices and in any other places where the parties involved in the processing are located. For more information, contact the Controller. The User’s Personal Data may be transferred to a country other than their own. To find out more about the processing location, the User can refer to the relevant sections of this document. Users also have the right to learn about the legal basis of data transfers to countries outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Controller to safeguard their Data. If such a transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Controller using the contact information provided.

Data Retention Period

Data is processed and stored for as long as required by the purpose for which it was collected. Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until such contract has been fully performed.
• Personal Data collected for purposes related to the legitimate interests of the Controller will be retained as long as necessary to fulfill such interests. Users may find specific information regarding the legitimate interests pursued by the Controller in the relevant sections of this document or by contacting the Controller.

When processing is based on the User’s consent, the Controller may retain Personal Data longer until such consent is withdrawn. Additionally, the Controller may be required to retain Personal Data for a longer period to comply with a legal obligation or an order from an authority. Once the retention period expires, Personal Data will be deleted. Therefore, the right to access, delete, rectify, and the right to data portability cannot be enforced after expiration.

User Rights

Users may exercise certain rights regarding their Data processed by the Controller. In particular, Users have the right to:

• Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
• Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
• Access their Data. Users have the right to learn if Data is being processed by the Controller, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Data undergoing processing.
• Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• Restrict the processing of their Data. Under certain circumstances, Users have the right to restrict the processing of their Data.
• Have their Personal Data deleted or otherwise removed. Under certain circumstances, Users have the right to request the erasure of their Data from the Controller.
• Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

For any inquiries regarding the processing of personal data, Users can contact the Controller using the contact details provided in this document.

Details on the Right to Object

When Personal Data is processed in the public interest, in the exercise of official authority vested in the Owner, or for the pursuit of a legitimate interest of the Owner, Users have the right to object to the processing for reasons related to their particular situation. Users are informed that if their Data is processed for direct marketing purposes, they may object to such processing without providing any justification. To determine whether the Owner processes data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to Exercise Rights

To exercise their rights, Users may submit a request using the Owner’s contact details provided in this document. Requests are free of charge and will be processed by the Owner as soon as possible, in any case within one month.

Additional Information on Data Processing

Legal Defense

The User’s Personal Data may be used by the Owner in legal proceedings or in the preparatory stages leading to possible legal action, in defense against abuse in the use of this Application or related Services by the User. The User acknowledges that the Owner may be required to disclose Data upon request of public authorities.

Specific Information

Upon the User’s request, in addition to the information provided in this privacy policy, this Application may provide the User with additional and contextual notices concerning specific Services or the collection and processing of Personal Data.

System Logs and Maintenance

For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.

Information Not Contained in This Policy

Further details regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact information provided.

Response to “Do Not Track” Requests

This Application does not support “Do Not Track” requests. To determine whether any third-party services it uses support such requests, the User is encouraged to consult the respective privacy policies.

Changes to This Privacy Policy

The Data Controller reserves the right to modify this privacy policy at any time, notifying Users on this page. Users are encouraged to check this page regularly, referring to the last modification date indicated at the bottom. If the User does not accept the changes made to this privacy policy, they must stop using this Application and may request the Data Controller to delete their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that point.