Logo BRD innova
Home

Privacy Policy

Data Controller

BRD innova S.R.L.
VAT: 04531200246
info@brdinnova.it

Types of Data Collected

Among the Personal Data collected by this Application, either independently or through third parties, there are: email, Cookies, Usage Data, password, first name, last name, and email.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or by specific information texts displayed prior to the data collection. Personal Data may be freely provided by the User, or, in the case of Usage Data, collected automatically when using this Application. Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, it may be impossible for this Application to provide the Service. In cases where this Application indicates some Data as optional, Users are free to refrain from communicating such Data without any consequence on the availability or operation of the Service. Users who have doubts about which Data is mandatory are encouraged to contact the Data Controller. The possible use of Cookies – or other tracking tools – by this Application or by the owners of third-party services used by this Application, unless otherwise stated, serves to provide the Service requested by the User, as well as for the additional purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Application and guarantees that they have the right to communicate or disseminate it, freeing the Data Controller from any responsibility towards third parties.

Methods and Place of Data Processing

Methods of Processing

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. The processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the Data Controller, in some cases, the Data may be accessible to other subjects involved in the organization of this Application (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of Processors can always be requested from the Data Controller.

Legal Basis of Processing

The Data Controller processes Personal Data relating to the User if one of the following conditions exists:

  • The User has given consent for one or more specific purposes; Note: in some jurisdictions, the Data Controller may be authorized to process Personal Data without the User’s consent or any other legal basis specified below, until the User objects (“opts-out”) to such processing. However, this is not applicable when the processing of Personal Data is regulated by European legislation on the protection of Personal Data;
  • The processing is necessary for the performance of a contract with the User and/or for any pre-contractual obligations thereof;
  • The processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

It is always possible to request the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, required by a contract, or necessary to conclude a contract.

Place

The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located. For more information, contact the Data Controller. The User’s Personal Data may be transferred to a country different from that in which the User is located. To obtain further information on the place of processing, the User can refer to the section detailing the processing of Personal Data.

The User has the right to obtain information regarding the legal basis of the transfer of Data outside the European Union or to an international organization governed by public international law or constituted by two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data.

Should any such transfer take place, the User can find out more by checking the relevant sections of this document or inquire with the Data Controller using the contact information provided at the beginning.

Retention Period

The Data is processed and stored for the time required by the purposes for which it was collected.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until such contract has been fully performed.
  • Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained as long as needed to fulfill such purposes. The User can obtain specific information regarding the legitimate interests pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When the processing is based on the User’s consent, the Data Controller may retain Personal Data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Upon expiration of the retention period, Personal Data will be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

Purposes of Data Processing

The User’s Data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Contacting the User, Interaction with external social networks and platforms, Registration and authentication, Access to accounts on third-party services, Payment management, Infrastructure monitoring, Interaction with live chat platforms, Remarketing and behavioral targeting, Managing email addresses and sending messages, Statistics, Displaying content from external platforms, Commercial affiliation, Interaction with support and feedback platforms, User database management, Handling requests for support and contact, and Hosting and backend infrastructure.

To obtain detailed information on the purposes of the processing and on the Personal Data concretely relevant for each purpose, the User may refer to the relevant sections of this document.

Facebook Permissions Requested by this Application

This Application may request some Facebook permissions that allow it to perform actions with the User’s Facebook account and to collect information, including Personal Data, from it. This service allows this Application to connect with the User’s account on the social network Facebook, provided by Facebook Inc.

For more information about the following permissions, refer to the Facebook permissions documentation and the Facebook privacy policy.

The requested permissions are as follows:

Basic Information:

The basic information of the User registered on Facebook that normally includes the following Data: id, name, picture, gender, and localization settings, and, in some cases, the User’s Facebook “Friends”. If the User has made more Data publicly available, more information will be available.

Email

Provides access to the User’s primary email address.

Manage Pages

Allows the application to retrieve access tokens for the Pages and applications the User manages.

Insight

Provides access to the Insight data for pages, applications, and domains the User owns.

User Rights

Users may exercise certain rights regarding their Data processed by the Data Controller.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Data Controller, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Data Controller will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Data Controller.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract of which the User is part, or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details About the Right to Object

When Personal Data is processed in the public interest, in the exercise of an official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether the Data Controller is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to Exercise These Rights

Any requests to exercise User rights can be directed to the Data Controller through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Data Controller as early as possible and always within one month.

Additional Information About Data Processing

Legal Defense

The User’s Personal Data may be used for legal purposes by the Data Controller in court or in the stages leading to possible legal action arising from improper use of this Application or the related Services. The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

Specific Information

At the User’s request, in addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data.

System Logs and Maintenance

For operation and maintenance purposes, this Application and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.