In compliance with the provisions of EU Regulation no. 2016/679 (hereinafter "GDPR"), 247 Growth S.r.l., informs you that the personal data provided by you (hereinafter the "User") through the website Surfchat (the "Website"), will be processed in the following ways and for the following purposes.
1 – Data controller
The data controller is 247 Growth S.r.l. (hereinafter "247" or also the "Company"), with registered office in Via Baudana Vaccolini 14 00153 Rome, - Tel: +39 06 45435 208 - e-mail email@example.com.
2 - Object of treatment
The processing shall concern single operations, or a complex of operations, of processing (such as, by way of example: collection, registration, organization, conservation, elaboration, communication, modification, selection, use), the data provided by the interested party and the personal data related to its employees of the following personal data provided within the execution of the services object of the Agreement (the "Personal Data" or also the "Data"):
- identification and contact data, provided by the user during registration on the Websites or through requests for information sent to the Company, including but not limited to, first name, last name, e-mail address, address and mobile phone number;
- browsing data: for simple access to the Website it is not necessary to provide any personal data; however, the computer systems and software used to operate the Website acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information collected is not associated with identified individuals.
3 - Purpose of treatment
Personal Data is processed for the following purposes:
A) without the express consent of the User, GDPR article 6 (b), for the following purposes:
- to process a request for contact and/or registration on the Websites;
- to manage and maintain the Websites;
- to fulfill obligations under law, regulation, EU legislation or by an order of the Authorities;
- to fulfill obligations related to the management of relations with Users;
- to prevent or uncover fraudulent activity or abuse harmful to the Websites;
- to exercise the rights of the Company, such as to exercise a right in court.
4 - Mode and duration of treatment
The processing of Personal Data is carried out by means of the operations indicated in Article 4 n. 2) of the GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of Data.
Personal Data is subject to both paper and electronic and/or automated processing.
The Data Controller will process the Personal Data for the time necessary to fulfill the above purposes, and guarantees the following maximum retention times:
- for the purposes under article 3 (a): after the use of the service for which it is collected, the Data may be stored and maintained for a maximum period of 10 years;
- for the purposes under article 3 (b): 3 years from consent, with subsequent updating of the Data and renewal of the consent given.
5 - Security
The Data Controller has adopted a variety of security measures to protect the Data against the risk of loss, misuse or alteration, consistent with the measures expressed in Article 32 GDPR.
6 - Access and Communication
The Data may be made accessible for the purposes referred to in Article 3 above:
- to employees, collaborators, associates and partners of the Data Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators, in any country (pursuant to the provisions of art. 7 below);
- to third party companies or other entities that perform outsourcing activities on behalf of the Data Controller, in their capacity as data processors.
Without the express consent of the User, the Data may not be transferred to third parties for their use for their own purposes, and therefore outside of the access referred to in this article 6.
The Data will not, in any case, be disclosed.
7 - Data Transfer
Data management and storage will be prioritized in Europe.
The management and storage of data will take place in Europe, on servers located in Belgium and the Netherlands and/or by third party companies appointed and duly appointed as Data Processors.
The Data Controller may also provide its services in other countries, in which case the transfer of Data to these countries is strictly limited to the actual need to be aware of the Data. 247 will take the necessary measures to protect the personal data of Users and prevent unauthorized access. All information of Users will be accessible and processed exclusively by the employees of 247 involved in the purposes referred to in article 3 above, in any Country, as well as by authorized third parties as companies that provide ratings to assist the Company in the scope of the aforementioned purposes.
In cases where the Data is transferred to the systems used by 247 also outside the European Union, the Company guarantees the application of the standard contractual clauses of the European Commission to ensure a secure international transfer of personal data, in accordance with GDPR articles 44, 45 and 46.
8 – Provision of the Data and consequences of refusal
The provision of data for the purposes referred to in article 3 (a) is mandatory. In its absence, the User cannot be guaranteed the reply to contact requests, access the Website and the relevant services.
The provision of Data for the purposes referred to in article 3 (b) is optional. The User may decide not to provide any Data or to subsequently deny the possibility to process the Data provided: in such case, the User may not receive newsletters or other communications from 247.
9 - Rights of the interested party
Each Interested Party has the rights under Article 15 GDPR and specifically the rights to:
- obtain confirmation of the existence or not of Personal Data concerning the interested party, even if not yet recorded, and their communication in intelligible form;
- obtain information on: a) the origin of the Personal Data; b) the purposes and methods of processing; c) the logic applied in case of processing with the aid of electronic instruments; d) the identity of the owner, manager and the representative appointed under Article 5, paragraph 2 Privacy Code and Article 3, paragraph 1, GDPR; e) the subjects or categories of persons to whom the Personal Data may be communicated or who can learn about them as appointed representative in the State, managers or agents;
- obtain: a) the updating, rectification or, when the User has an interest in it, the integration of the Data; b) the cancellation, transformation into anonymous form or blocking of Data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the Data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the Data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- oppose, in whole or in part: a) for legitimate reasons the processing of Personal Data concerning the interested party, even if pertinent to the purpose of collection; b) the processing of Personal Data for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by phone and / or mail. It should be noted that the right of the interested party to object, as set out in the previous point b), for the purposes of direct marketing through automated methods is extended to traditional ones and that, however, the possibility remains for the interested party to exercise the right to object even in part. Therefore, the interested party may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication.
Where applicable, data subjects are also entitled to the rights referred to in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to Data portability, right to object), as well as the right to complain to the Supervisory Authority.
10 - How to exercise rights
The interested party may at any time exercise its rights by sending:
- an email to firstname.lastname@example.org;
- a registered letter with return receipt to 247 Growth S.r.l. with registered office in Via Baudana Vaccolini 14 00153 Rome (RM).
12 - Amendments to this policy
This policy may be subject to change. We therefore recommend that you check this policy regularly and refer to the most up-to-date version.
Update Date: 13/07/2022