With regard to the terms used, such as “personal data”, “user” or “processing”, we refer to Article 4 of the General Data Protection Regulation (GDPR).
(i) The legal basis for the processing of personal data with separate consent are Article 6(1)(a) and Article 7 GDPR; (ii) the legal basis for the processing of data in order to fulfill our services and to execute contractual measures is Article 6(1)(b) GDPR; (iii) the legal basis for the processing of personal data in order to fulfill our legal obligations is Article 6(1)(c) GDPR; (iv) the legal basis for the processing of personal data in order to preserve our legitimate interests is Article 6(1)(f) GDPR.
What personal data we collect and why we collect it
For questions and matters of any kind, you have a number of options to contact us (e.g., via email, phone or our social media channels). When doing so, the data and information provided by the person contacting us will be processed as far as this is necessary to reply to a specific request. This can include personal data such as name, address, email address, phone number, but also content data such as images, videos, or text input. The processing of data for the purpose of making contact with us is carried out in accordance with Article 6(1)(f) GDPR (legitimate interest), and if applicable, in order to fulfill contractual purposes or take pre-contractual measures (Article 6(1)(b) GDPR).
Some of the cookies are for security reasons, are essential to run our website (e.g., to display the website correctly), or are required to store your preferences from the cookie banner.
Legal basis for the data processing is your given consent in accordance with Article 6(1)(a) GDPR. With regard to cookies that are essential either for security reasons or to run our website, legal basis is our legitimate interest in accordance with Article 6(1)(f) GDPR.
Most browsers accept cookies automatically. You can still configure your browser in a way that no cookies are being stored on your computer, or a notification appears each time a new cookie is about to be installed. Completely deactivating cookies can, however, lead to a limited functionality of our website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Based on your given consent, we use Google Analytics to analyze, improve and economically operate our website. Google Analytics is a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
Please note that, with the use of the service, data may be transferred to a third country outside the EU (USA). Google Inc. is Privacy Shield-certified, and, hence, commits itself to providing an adequate level of data protection in accordance with Article 45 GDPR.
In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of our website such as browser type/version, operating system, referrer URL (the previously visited website), host name of the accessing computer (IP address) as well as date and time of the server request is transferred to a Google server and stored there.
The information is used to evaluate the usage of our website, to create reports on website activities and to fulfill further services connected to the website and internet usage for the purpose of market research and the needs-based shaping of this website. IP addresses are anonymized, so no allocation can be made (“IP masking“).
You can also refuse the collection of data generated by the cookie and related to your use of our website (incl. your IP address) as well as the processing of that data by Google after you have given consent by downloading and installing the browser add-on provided here: https://tools.google.com/dlpage/gaoptout?hl=en.
Who we share your data with
Personal data may only be transferred to third parties based on legal permissions and within the legal requirements. We only transfer user data to third parties as long as this is, e.g., based on Article 6(1)(b) GDPR, required for contractual purposes, or when we make use of services within our legitimate interests (Article 6(1)(f) GDPR). Provided that third parties are engaged in the processing of personal data under a “Data Processing Agreement”, this happens on the basis of Article 28 GDPR.
As far as we make use of third-party services in order to provide our own services, we take appropriate measures to ensure the protection of personal data according to the relevant legal requirements.
This may include the transfer of personal data to servers outside the EU or to trusted third parties located outside the EU in order to process this data on our behalf. Be aware that many countries do not offer the same legal protection of personal data as is the case within the EU. While your personal information resides in another country, courts, prosecution and national security authorities of the respective country can access your data in accordance with its laws.
Subject to such legitimate requests for access, we promise that everybody involved in the processing of your personal information outside the EU has to take measures in order to protect them and is only allowed to process them in accordance with our instructions and applicable EU law. We therefore only allow data to be processed in a third country provided that the specific preconditions of Article 44 ff. GDPR apply.
This means that data processing happens, e.g., based on special guarantees such as an officially acknowledged assessment in conformity with the EU’s level of data privacy (e.g., for USA, the so-called “Privacy Shield”), or based on compliance with specific contractual obligations (so-called “standard contractual clauses”).
What rights you have over your data
(i) In accordance with Article 15 GDPR, to receive information about your personal data processed by us upon request; (ii) in accordance with Article 15 GDPR, to immediately request rectification of inaccurate or incomplete personal data stored by us; (iii) in accordance with Article 17 GDPR, to request deletion of personal data stored by us as long as its processing is not required to exercise freedom of expression and information, to fulfill a legal obligation, for reasons of public interests or to claim, exercise or defend legal rights; (iv) in accordance with Article 18 GDPR, to request limitation of processing of your personal data; (v) in accordance with Article 20 GDPR, to receive information on your personal data provided to us in a structured, common and machine-readable format or to request its transmission to another responsible entity; (vi) in accordance with Article 7(3) GDPR, to revoke your consent once given to us, effective for the future; (vii) in accordance with Article 77 GDPR, to complain to a supervisory authority. You can do this by approaching the supervisory authority of your usual place of residence or place of work or the supervisory authority of our registered office.
All of your browser’s communication with our services is secured via an encrypted SSL connection in order to protect your data against unauthorized access by third parties. Only selected administrators can access your data and only to the extent as it is necessary to maintain the services.
Apart from that, we take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or access by unauthorized persons. Our security measures are constantly being improved according to technological development.
Our website includes links to some of our online profiles on the social media and blog/publishing platforms listed below. By implementing a simple linked graphic or text link instead of plug-ins, we prevent that data is being processed by the related platforms when you just visit our website. A connection to the respective platform is established only as a corresponding link is being clicked.
Once you are being redirected to a platform, data is collected and processed by the responsible provider. This includes usage data (e.g., access times, pages visited) as well as communication data (e.g., IP address, device information). If you have a user account with the respective platform provider and are logged in while clicking on the related link on our page, the provider may collect and process further personal data like name, address, email address, phone number, but also content data such as images, videos or text input, and associate this data with your personal user account.
To prevent your data from being linked with your personal user account, you need to make sure that you are either logged out from the related platform or that you have adjusted your user account settings accordingly before clicking the related link on our website.
Please note that your user data may be processed outside the EU (e.g., in the USA). This can lead to increased risks for you, e.g., with regard to accessing that data at a later point. It can neither be accessed by us. The access possibility lies with the platform provider only. Requesting information or exercising data subject rights will therefore best be addressed directly to the platform provider.
Please review the privacy policies of the individual providers for details on the applicable data protection regulations including the specific kinds of data processing or information on how to object.
Facebook and Instagram
Instagram is a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The processing of data, in this case, is a joint responsibility of Facebook Ireland Limited and T20 APS. You can view the agreement on the regulations and obligations of this joint responsibility in accordance with GDPR here: https://www.facebook.com/legal/terms/page_controller_addendum.
Parent company Facebook, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, is Privacy Shield-certified and, hence, commits itself to comply with the European data protection principles: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Adjustments to your Instagram’s personal settings can be made here (login required): https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/.
Adjustments to your Facebook’s personal settings can be made here (login required): https://www.facebook.com/settings?tab=privacy
Instagram’s and Facebook’s data protection officer, with Facebook Ireland Limited as the responsible provider, can be contacted via this online form: https://www.facebook.com/help/contact/540977946302970.
Medium is a service provided by A Medium Corporation, 760 Medium Street, San Francisco, CA 94102, USA.
Adjustments to your personal settings can be made here (login required): https://medium.com/me/settings.
Medium’s data protection officer, represented by VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland, can be contacted via this online form: https://www.verasafe.com/privacy-services/contact-article-27-representative.
Subject to your explicit agreement as per Article 6(1)(a) GDPR, we use your email address to send you our newsletter on a regular basis. In case that the content of the newsletter is specifically described during the course of the subscription to the newsletter, this information is decisive for the user’s consent. Apart from that, our newsletters provide information on our products, services, promotions, and our company. To receive our newsletter, a valid email address is required.
For newsletter subscriptions, we make use of the so-called double opt-in procedure, i.e., we will send a newsletter to your email address only after you have explicitly agreed to the activation of our newsletter service. To do so, we will send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a corresponding link provided in the notification email.
With subscribing to our newsletter, we store your IP address and the subscription date in order to be able to prove your subscription.
You can withdraw your consent to receiving our newsletter at any time. You can do this either via a corresponding link in the newsletter itself or by sending us a message to the email address stated above.
For managing and sending our newsletter, we use “MailChimp”, a newsletter publishing platform by US provider The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter subscribers and further types of data described here are stored by MailChimp on their servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. In addition to that and according to their own admission, MailChimp can make further use of this data in order to optimize or improve their own services, e.g., for the technical optimization of newsletter submission and/or display, or for economic purposes in order to determine the countries that subscribers are from. MailChimp, however, does not use subscribers’ data to send own emails nor to provide the data to third parties.
The newsletters contain a so-called “web beacon”. This is a pixel-sized file which is called from MailChimp’s server when the newsletter is being opened. Within this call, first of all, technical information such as information on your browser and system as well as your IP address and date/time of your newsletter call are collected. This information serves to technically improve MailChimp’s services based on technical data, or on target groups and their reading behavior based on access locations (which can be identified through the IP addresses) or access times.
The collection of statistics also includes assessing if and when newsletters are being opened, and which links are clicked. For technical reasons, this information can be attributed to the individual newsletter subscribers, but it is neither our nor MailChimp’s ambition to monitor individual users. The evaluations rather serve to learn about our subscribers’ reading habits and to adjust our newsletter content accordingly.
MailChimp is Privacy Shield-certified and, hence, commits itself to comply with the European data protection principles:
Access data and log files
We follow a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. Data is collected explicitly on the basis of our legitimate interest in accordance with Article 6(1)(f) GDPR, namely for maintenance and optimization of our services as well as for security reasons.
Rights of objection and withdrawal
Provided that your personal data is processed based on legitimate interests in accordance with Article 6(1)(f) GDPR, you have the right, in accordance with Article 21 GDPR, to lodge an objection against the processing of your personal data when there are valid reasons arising out of your particular situation, or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without the specification of a particular situation. If you want to make use of your right of objection, simply send us an email to the email address mentioned above.
Provided that you have given consent in accordance with Article 6(1)(a) GDPR, you have the right to withdraw this consent at any time with effect for the future. Withdrawing consent does not affect the lawfulness of data processing that has been performed before your withdrawal and based on your previous consent. If you want to make use of your right of withdrawal, simply send us an email to email@example.com
Loc. Presa, 1
33090 Tramonti di Sopra (PN) – Italy
+39 351 831 3036