Privacy policy
Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council
Youth Technologies s.r.l. (hereinafter referred to as the "Company" or the "Controller"), as the data controller, hereby provides the privacy notice in accordance with Article 13 of Regulation (EU) 2016/679 (hereinafter "GDPR") to the data subjects (hereinafter referred to as the "Data Subjects").
The Company, as the data controller, is committed to protecting the confidentiality and rights of the Data Subjects, and, in accordance with the principles outlined in the aforementioned regulations, the processing of the provided data will be carried out with fairness, lawfulness, and transparency.
1.PURPOSES OF PROCESSING
The personal data of the Data Subjects will be processed by the Company for the following processing purposes:
a) To fulfill pre-contractual and contractual obligations necessary to provide the sales service to the Data Subject in case of a purchase or to offer any other services requested by the Data Subject, including participation in prize competitions;
b) To carry out all administrative, accounting, and tax-related activities related to the purpose mentioned in letter a) above, as well as to comply with national and foreign laws and regulations, or to comply with an order from a judicial authority or other authorities to which the Controller is subject;
c) To exercise the rights of the Controller, particularly in relation to the right to defend legal claims.
The personal data that is necessary for the pursuit of the processing purposes described in letters a), b), and c) are indicated with an asterisk in the registration form.
d) To carry out marketing activities of various kinds, including promoting products, services, distributing informative, advertising, and promotional material, organizing events, sending newsletters, and publications;
e) To conduct analyses - through an automated process - aimed at determining the profile of the Data Subject to tailor marketing activities to the Data Subject's needs.
Providing data for the purposes mentioned in letters a), b), and c) is optional; however, failure to provide the data and/or the possible explicit refusal to allow processing will result in the impossibility for the Controller to provide the requested services. The processing is lawful as it is carried out for the fulfillment of pre-contractual and contractual obligations, compliance with legal and regulatory provisions, and the exercise of the rights of the Controller.
Providing data for the purposes mentioned in letters d) and e) is optional; however, any refusal to provide them will only result in the Controller's inability to carry out the indicated activities.
The Data Subject may also revoke their consent at any time, as easily as it was given.
2. METHODS OF PROCESSING
The processing of data is carried out in electronic and/or paper format, through recording, processing, storage, and transmission of data, also with the aid of computer tools. The tools and supports used in carrying out the processing activities are suitable for ensuring the security and confidentiality of the data.
In the course of processing activities, the Company commits to:
- Ensure the accuracy and updating of the processed data and promptly incorporate any rectifications and/or integrations requested by the Data Subject;
- Adopt security measures suitable for ensuring adequate data protection, taking into consideration the potential impacts that the processing may have on the fundamental rights and freedoms of the Data Subject;
- Notify the Data Subject of any personal data breaches within the timelines and scenarios provided for by applicable laws;
- Ensure the compliance of processing operations with the applicable legal provisions.
3. COMMUNICATION AND DISCLOSURE OF DATA
Without prejudice to communications made in compliance with legal obligations, the personal data of the Data Subject may be disclosed to the following entities, in addition to the Controller:
- Employees and collaborators of the Controller authorized to process data;
- National and foreign companies belonging to the same group as the Controller;
- Administrative/accounting consultants;
- Authorities in general, public administrations, national and foreign organizations;
- Providers of data entry and digital archiving services;
- Marketing companies.
Disclosure to the entities listed above will occur solely for the purposes mentioned above, based on any consents provided by the Data Subject. Personal data will not be subject to dissemination.
4. TRANSFERS ABROAD
Personal data will be stored and processed within the European Union.
In the event of any processing of personal data outside the European Union, such processing will only occur after adopting adequate safeguards, as required by applicable regulations.
5. DATA RETENTION POLICY
The Company retains personal data in its systems in a form that allows the identification of the Data Subjects according to the following criteria:
- For a period not exceeding the achievement of the purposes for which they are processed, unless otherwise provided by legal or contractual obligations;
- To comply with specific legal or contractual obligations;
- If applicable and legitimate, until the Data Subject requests deletion of the data-
6. DATA SUBJECT'S RIGHTS
The Data Subject can assert their rights, as recognized by the applicable regulations, particularly Articles 15 to 22 of the GDPR, including:
- Right of access: The right to obtain confirmation from the Controller whether personal data is being processed and, if so, to access the personal data and additional information about its origin, purposes, categories of data processed, recipients of communication and/or transfer of data, etc.
- Right of rectification: The right to obtain from the Controller the rectification of inaccurate personal data without undue delay, and the right to have incomplete personal data completed by providing a supplementary statement.
- Right to erasure (Right to be forgotten): The right to obtain from the Controller the erasure of personal data without undue delay in the following cases:
- The personal data is no longer necessary for the purposes for which it was collected or processed.
- The Data Subject withdraws consent on which the processing is based, and there is no other legal ground for the processing.
- The personal data has been unlawfully processed.
- The personal data must be erased to comply with a legal obligation.
- Right to object to processing: The right to object, at any time, to the processing of personal data based on the legitimate interest of the Controller.
- Right to restriction of processing: The right to obtain from the Controller the restriction of processing in cases where the accuracy of the personal data is contested (for a period enabling the Controller to verify the accuracy of the personal data), the processing is unlawful, and the Data Subject opposes its erasure, the personal data is necessary for the Data Subject to establish, exercise, or defend a legal claim, or when the Data Subject has objected to the processing while waiting for the verification regarding the Controller's legitimate interests.
- Right to data portability: The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where the processing is based on consent or a contract, and is carried out by automated means.
- Right not to be subject to automated decision-making: The right to obtain from the Controller the avoidance of being subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning the Data Subject or significantly affects them, except where such decisions are necessary for the performance of a contract or are based on the Data Subject's explicit consent.
- Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, the Data Subject who considers that the processing of their personal data infringes the GDPR has the right to lodge a complaint with a supervisory authority.
For the exercise of the rights provided by the GDPR, the Data Subject may write to youth@youthprolabs.com, indicating "Privacy" in the subject line.