Privacy Policy

Privacy Policy

General information

This Privacy Policy document is to inform users of the website www.t20.studio about the character, scope, and purposes of personal data that is processed by the responsible provider. It also applies to the provider’s external online presence such as social media profiles, and regardless of the used domains, systems, platforms, and devices on which this website is run. This policy is not applicable to any information collected offline.

With regard to the terms used, such as “personal data”, “user” or “processing”, we refer to Article 4 of the General Data Protection Regulation (GDPR).

Personal data of users is processed solely in accordance with the relevant data protection regulations. Based on Article 13 GDPR, we inform you about the legal basis of our data processing operations. Unless the legal basis is specified within this data privacy policy, the following shall apply:

(i) The legal basis for the processing of personal data with separate consent are Article 6(1)(a) and Article 7 GDPR; (ii) the legal basis for the processing of data in order to fulfill our services and to execute contractual measures is Article 6(1)(b) GDPR; (iii) the legal basis for the processing of personal data in order to fulfill our legal obligations is Article 6(1)(c) GDPR; (iv) the legal basis for the processing of personal data in order to preserve our legitimate interests is Article 6(1)(f) GDPR.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us through email at ciao@t20.studio

What personal data we collect and why we collect it

For questions and matters of any kind, you have a number of options to contact us (e.g., via email, phone or our social media channels). When doing so, the data and information provided by the person contacting us will be processed as far as this is necessary to reply to a specific request. This can include personal data such as name, address, email address, phone number, but also content data such as images, videos, or text input. The processing of data for the purpose of making contact with us is carried out in accordance with Article 6(1)(f) GDPR (legitimate interest), and if applicable, in order to fulfill contractual purposes or take pre-contractual measures (Article 6(1)(b) GDPR).

Cookies

We make use of cookies on our website. Cookies are pieces of information that are transferred from our web server or web servers of third parties to the web browser of the user, and are being stored for future calls. Cookies can be small files or other types of information storage.

The use of cookies, on the one hand, serves to make the usage of our services attractive. We, therefore, implement so-called “session cookies” in order to learn that a user has accessed individual pages of our website. These cookies are automatically deleted when you leave our website. Besides that, temporary cookies, which are stored on the users’ device for a specified period of time, are used in order to improve usability. When a user returns to our website to use our services, it is automatically recognized that the user has visited our site before and which inputs and settings were made so they do not have to be entered again.

Some of the cookies are for security reasons, are essential to run our website (e.g., to display the website correctly), or are required to store your preferences from the cookie banner. 

Legal basis for the data processing is your given consent in accordance with Article 6(1)(a) GDPR. With regard to cookies that are essential either for security reasons or to run our website, legal basis is our legitimate interest in accordance with Article 6(1)(f) GDPR.

Most browsers accept cookies automatically. You can still configure your browser in a way that no cookies are being stored on your computer, or a notification appears each time a new cookie is about to be installed. Completely deactivating cookies can, however, lead to a limited functionality of our website.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Event booking

Making a booking to attend an event, you acknowledge that we may process your personal data in accordance with our Privacy Policy. By making a booking and providing any delegate personal data to us, you warrant that:

(i) you have a lawful basis for processing the personal data, including (where applicable) fully-informed consent (as defined in the GDPR) and notices in place to enable lawful transfer of the data to us; (ii) you have brought our Privacy Policy to the attention of each delegate you are booking to attend an event; (iii) agree to fully indemnify us for any and all loss suffered in connection with a breach of your obligations under this clause below.

Analytics

Based on your given consent, we use Google Analytics to analyze, improve and economically operate our website. Google Analytics is a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”. 

Please note that, with the use of the service, data may be transferred to a third country outside the EU (USA). Google Inc. is Privacy Shield-certified, and, hence, commits itself to providing an adequate level of data protection in accordance with Article 45 GDPR. 

You can view Google’s detailed privacy policy here: https://policies.google.com/privacy.

In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of our website such as browser type/version, operating system, referrer URL (the previously visited website), host name of the accessing computer (IP address) as well as date and time of the server request is transferred to a Google server and stored there.

The information is used to evaluate the usage of our website, to create reports on website activities and to fulfill further services connected to the website and internet usage for the purpose of market research and the needs-based shaping of this website. IP addresses are anonymized, so no allocation can be made (“IP masking“).

No data will be transferred to Google without your consent. Even after you have given consent, you can disallow the use of cookies by selecting the relevant settings in your browser. This can, however, lead to a limited functionality of our website.

You can also refuse the collection of data generated by the cookie and related to your use of our website (incl. your IP address) as well as the processing of that data by Google after you have given consent by downloading and installing the browser add-on provided here: https://tools.google.com/dlpage/gaoptout?hl=en.

Who we share your data with

Personal data may only be transferred to third parties based on legal permissions and within the legal requirements. We only transfer user data to third parties as long as this is, e.g., based on Article 6(1)(b) GDPR, required for contractual purposes, or when we make use of services within our legitimate interests (Article 6(1)(f) GDPR). Provided that third parties are engaged in the processing of personal data under a “Data Processing Agreement”, this happens on the basis of Article 28 GDPR.

As far as we make use of third-party services in order to provide our own services, we take appropriate measures to ensure the protection of personal data according to the relevant legal requirements.

This may include the transfer of personal data to servers outside the EU or to trusted third parties located outside the EU in order to process this data on our behalf. Be aware that many countries do not offer the same legal protection of personal data as is the case within the EU. While your personal information resides in another country, courts, prosecution and national security authorities of the respective country can access your data in accordance with its laws. 

Subject to such legitimate requests for access, we promise that everybody involved in the processing of your personal information outside the EU has to take measures in order to protect them and is only allowed to process them in accordance with our instructions and applicable EU law. We therefore only allow data to be processed in a third country provided that the specific preconditions of Article 44 ff. GDPR apply.

This means that data processing happens, e.g., based on special guarantees such as an officially acknowledged assessment in conformity with the EU’s level of data privacy (e.g., for USA, the so-called “Privacy Shield”), or based on compliance with specific contractual obligations (so-called “standard contractual clauses”).

What rights you have over your data

(i) In accordance with Article 15 GDPR, to receive information about your personal data processed by us upon request; (ii) in accordance with Article 15 GDPR, to immediately request rectification of inaccurate or incomplete personal data stored by us; (iii) in accordance with Article 17 GDPR, to request deletion of personal data stored by us as long as its processing is not required to exercise freedom of expression and information, to fulfill a legal obligation, for reasons of public interests or to claim, exercise or defend legal rights; (iv) in accordance with Article 18 GDPR, to request limitation of processing of your personal data; (v) in accordance with Article 20 GDPR, to receive information on your personal data provided to us in a structured, common and machine-readable format or to request its transmission to another responsible entity; (vi) in accordance with Article 7(3) GDPR, to revoke your consent once given to us, effective for the future; (vii) in accordance with Article 77 GDPR, to complain to a supervisory authority. You can do this by approaching the supervisory authority of your usual place of residence or place of work or the supervisory authority of our registered office.

Data security

All of your browser’s communication with our services is secured via an encrypted SSL connection in order to protect your data against unauthorized access by third parties. Only selected administrators can access your data and only to the extent as it is necessary to maintain the services.

Apart from that, we take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or access by unauthorized persons. Our security measures are constantly being improved according to technological development.

Our website includes links to some of our online profiles on the social media and blog/publishing platforms listed below. By implementing a simple linked graphic or text link instead of plug-ins, we prevent that data is being processed by the related platforms when you just visit our website. A connection to the respective platform is established only as a corresponding link is being clicked.

Once you are being redirected to a platform, data is collected and processed by the responsible provider. This includes usage data (e.g., access times, pages visited) as well as communication data (e.g., IP address, device information). If you have a user account with the respective platform provider and are logged in while clicking on the related link on our page, the provider may collect and process further personal data like name, address, email address, phone number, but also content data such as images, videos or text input, and associate this data with your personal user account. 

To prevent your data from being linked with your personal user account, you need to make sure that you are either logged out from the related platform or that you have adjusted your user account settings accordingly before clicking the related link on our website.

Please note that your user data may be processed outside the EU (e.g., in the USA). This can lead to increased risks for you, e.g., with regard to accessing that data at a later point. It can neither be accessed by us. The access possibility lies with the platform provider only. Requesting information or exercising data subject rights will therefore best be addressed directly to the platform provider.

Please review the privacy policies of the individual providers for details on the applicable data protection regulations including the specific kinds of data processing or information on how to object.

Facebook and Instagram

Instagram is a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The processing of data, in this case, is a joint responsibility of Facebook Ireland Limited and T20 APS. You can view the agreement on the regulations and obligations of this joint responsibility in accordance with GDPR here: https://www.facebook.com/legal/terms/page_controller_addendum.

Parent company Facebook, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, is Privacy Shield-certified and, hence, commits itself to comply with the European data protection principles: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

You can view Instagram’s detailed privacy policy here: http://instagram.com/about/legal/privacy.

Adjustments to your Instagram’s personal settings can be made here (login required): https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/.

You can view Facebook’s detailed privacy policy here: https://www.facebook.com/about/privacy

Adjustments to your Facebook’s personal settings can be made here (login required): https://www.facebook.com/settings?tab=privacy

Instagram’s and Facebook’s data protection officer, with Facebook Ireland Limited as the responsible provider, can be contacted via this online form: https://www.facebook.com/help/contact/540977946302970.

Medium

Medium is a service provided by A Medium Corporation, 760 Medium Street, San Francisco, CA 94102, USA.

You can view Medium’s detailed privacy policy here: https://medium.com/policy/medium-privacy-policy-f03bf92035c9.

Adjustments to your personal settings can be made here (login required): https://medium.com/me/settings.

Medium’s data protection officer, represented by VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland, can be contacted via this online form: https://www.verasafe.com/privacy-services/contact-article-27-representative.

Newsletter

Subject to your explicit agreement as per Article 6(1)(a) GDPR, we use your email address to send you our newsletter on a regular basis. In case that the content of the newsletter is specifically described during the course of the subscription to the newsletter, this information is decisive for the user’s consent. Apart from that, our newsletters provide information on our products, services, promotions, and our company. To receive our newsletter, a valid email address is required. 

For newsletter subscriptions, we make use of the so-called double opt-in procedure, i.e., we will send a newsletter to your email address only after you have explicitly agreed to the activation of our newsletter service. To do so, we will send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a corresponding link provided in the notification email.

With subscribing to our newsletter, we store your IP address and the subscription date in order to be able to prove your subscription. 

You can withdraw your consent to receiving our newsletter at any time. You can do this either via a corresponding link in the newsletter itself or by sending us a message to the email address stated above.

For managing and sending our newsletter, we use “MailChimp”, a newsletter publishing platform by US provider The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter subscribers and further types of data described here are stored by MailChimp on their servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. In addition to that and according to their own admission, MailChimp can make further use of this data in order to optimize or improve their own services, e.g., for the technical optimization of newsletter submission and/or display, or for economic purposes in order to determine the countries that subscribers are from. MailChimp, however, does not use subscribers’ data to send own emails nor to provide the data to third parties.

The newsletters contain a so-called “web beacon”. This is a pixel-sized file which is called from MailChimp’s server when the newsletter is being opened. Within this call, first of all, technical information such as information on your browser and system as well as your IP address and date/time of your newsletter call are collected. This information serves to technically improve MailChimp’s services based on technical data, or on target groups and their reading behavior based on access locations (which can be identified through the IP addresses) or access times.

The collection of statistics also includes assessing if and when newsletters are being opened, and which links are clicked. For technical reasons, this information can be attributed to the individual newsletter subscribers, but it is neither our nor MailChimp’s ambition to monitor individual users. The evaluations rather serve to learn about our subscribers’ reading habits and to adjust our newsletter content accordingly.

MailChimp is Privacy Shield-certified and, hence, commits itself to comply with the European data protection principles:

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.

Please visit https://mailchimp.com/legal/privacy/ and https://mailchimp.com/legal/terms/ for further information and to learn more about Mailchimp’s privacy policy.

Access data and log files

We follow a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. Data is collected explicitly on the basis of our legitimate interest in accordance with Article 6(1)(f) GDPR, namely for maintenance and optimization of our services as well as for security reasons.

Rights of objection and withdrawal

Provided that your personal data is processed based on legitimate interests in accordance with Article 6(1)(f) GDPR, you have the right, in accordance with Article 21 GDPR, to lodge an objection against the processing of your personal data when there are valid reasons arising out of your particular situation, or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without the specification of a particular situation. If you want to make use of your right of objection, simply send us an email to the email address mentioned above.

Provided that you have given consent in accordance with Article 6(1)(a) GDPR, you have the right to withdraw this consent at any time with effect for the future. Withdrawing consent does not affect the lawfulness of data processing that has been performed before your withdrawal and based on your previous consent. If you want to make use of your right of withdrawal, simply send us an email to ciao@t20.studio

Changes

We reserve the right to make changes to this data privacy policy from time to time to meet the obligations of changed legal positions or to extend the scope of functions of our internet presence. You should therefore review this data privacy policy on a regular basis to stay informed about the protection of your data. By continuing the use of our services, you agree with this data privacy policy in its current version.

Contact information

T20 APS

Loc. Presa, 1
33090 Tramonti di Sopra (PN) – Italy

ciao@t20.studio
+39 351 831 3036