1.1 The Maltese company BlackOverLab LTD fiscal code and VAT number MT24769627, with registered offices in Malta, advises that the personal data collected by way of the use of the website www. blackoverlab.ink (hereinafter Website), shall be processed in compliance with the following policy which constitute the present Privacy Statement (hereinafter Statement), compliant with UE Regulation n. 2016/679 (hereinafter “Regulation”).
1.2 The present Statement concerns only the website and it is not valid for the consultation, through any link, of other websites by the users (hereinafter Users).
2) DATA CONTROLLER
2.1. The controller of the processing of the data regarding the present Statement is the Maltese company BlackOverLab LTD fiscal code and VAT number MT24769627, with registered offices Malta (hereinafter “Controller”), which shall be contacted through the contact form on the site.
The Controller declares that the personal data provided by the Users by the way of use of the Website shall be processed according to the Regulation’s provisions.
3) DATA PROCESSOR
3.1. The data processor shall be the subject appointed pro-tempore by the Controller, whose name shall be available at the registered office of the Controller.
4) TYPE OF THE PROCESSED DATA, POURPOSE AND PROCEDURES OF HANDLING
4.1 The Controller collect individually identifiable data sent by the Users by the way of use of the Website and other data not individually identifiable collected through cookies.
The Controller collect personal data of the Users who use the Website and therefore, to place purchase orders of the products published on the Website, who subscribe Website’s Newsletter, who fill out on-line surveys, who participate in promotions and offers related to the product published on the Website. Always by way of non-exhaustive example such personal data may consist of:
– Users’ name and surname;
– Users’ email address;
– Users’ billing address;
– Users’ residence or domicile;
– delivery address of the products of the purchase order;
– Users’ telephone number;
– Users’ credit card data;
– consumer patterns, lifestyle and preference or products choices.
The Controller declares that all the above mentioned data shall be processed in compliance with Users’ privacy, and to all the guarantees and necessary measures provided for by the existing laws (for example but not limited to Regulation), in order to guarantee the privacy, the security and integrity of the data.
The processing of personal data will take place using electronic and/or manual means, with the same standards that are compatible with the purposes and in compliance with all the safety measures provided by law, in order to ensure the confidentiality, security and integrity of such data.
4.2 Navigation data – The IT systems and the software procedures used to operate the Website collect, during their normal exercise, some personal data transmitted with communication protocols of the Internet. Those data concern information which is not collected to be associated with specific individuals, but by their own very nature could enable the identification of the customers by processing and associating with data collected by third parties.
This category of data includes IP addresses or domain names of computers used by Users who connect to the Website; URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.) and other parameters about the operating system and the user’s IT environment.
This data is used only to obtain anonymous statistical information on the Site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website except for this possibility, the data containing web contacts are not stored for more than 7 days.
4.3 Mandatory data – the submission of certain types of data is necessary and so mandatory, in order to fulfill specific Users’ requests.
Users are always free not to submit their personal data, but as a consequence could be not possible for the Controller to fulfill their request as, for example including but not limited to, successfully perform the on line purchase of the products published on the Website.
The submission of the personal data is mandatory for the following Users’ utilization of the website:
– the subscription to the Newsletter of the website (need by way of example and not exhaustive Users’ e-mail address);
– the registration on the website for the creation of a personal account (need by way of example and not exhaustive name, surname, e-mail address, password and residence);
– the purchase of products published on the website (need by way of example and not exhaustive name, surname, delivery address included City, Postal Code, State), telephone number, e-mail address, password, utilized credit card data.
All the above mentioned data shall be processed through paper and electronic supports and shall be stored at Controller’s registered office until the Users will maintain their subscription to the Websites’s Newsletter, their personal account on the Website, without prejudice to the storage periods determined by law.
At the expiring of the storage periods the data shall be automatically deleted or permanently modified into anonymous form.
4.4 Non-mandatory Data – The Controller shall collect non-mandatory data, for whose processing Users’ free consent is required. The consent shall be given through the use of the website, for example inside the Newsletter’s subscription form, during the registration process for a new account or at the time of a purchase order of products published on the Website .
Such data may include, for example but not limited to:
– full name, sex, date of birth, complete address, telephone number, email address, occupation, preferences and consumption habits.
Failure to grant consent for the processing of these data does not affect the ability for users to use the Website through the methods listed in paragraph 4.3 above.
4.5 The mandatory data will be processed for the following primary purposes:
– in relation to Users’ Website’s modalities of use (such as those described above in point 4.3);
– performance of ordinary management accounting and administrative; activities;
– fulfillment of laws provisions and, be they fiscal, administrative, contract or tortious;
– protection of the Controller’s rights and of their staff;
– processing in an anonymous and/or aggregate of the data for statistical purposes, for the monitoring of the Website.
The data used for these purposes will be processed with both electronic and paper media and will be kept by the Controller exclusively as long as Users will maintain their subscription to the Website’s Newsletter, except for any conservation different target times prescribed for by laws.
After such storage times, the personal Data shall be automatically deleted or permanently anonimysed.
4.6 The non-mandatory data, will be processed for the following secondary objectives of marketing and profiling:
– sending advertising material or commercial communications or for direct sales other than newsletter, for solicitation to purchase behavior, market research, surveys, statistics;
– definition of individual or collective profiles of customer segments with homogenuoscharacteristics, of propensity to consume.
Through the authorization to treatment for the above purposes of marketing and profiling, users specifically acknowledge these promotional, sales and marketing in the sense of the processing (including the consequent managerial and administrative activities) and expressly authorize such treatment.
The consent eventually given includes the receipt of commercial communications not only through automated contact, but also through traditional methods such as paper mail or operator calls.
Users have the right to revoke any consent given for the processing of their personal data for marketing purposes and profiling, in whole or only in relation to certain procedures, through the contact form on the site.
The data requested for these purposes will be processed with both electronic and paper media and will be retained by the Controller for a period not exceeding twelve months, for the profiling purposes and twenty-four months for marketing purposes, starting from registration for such purposes .
After such storage times, the non-mandatory data will be automatically deleted or permanently modified into anonymous form while those already collected for the purposes referred to in paragraph 4.5, will cease to be processed for marketing and profiling purposes.
4.7 The consent to the processing of mandatory data for other purposes, even for purposes provided above at 4.6 shall be required. In case Users do not give the consent to the processing of such data for such purposes, however, the data given will never be processed by the Controller for the purposes provided in paragraph 4.6.
5) COMMUNICATION OF DATA OF THIRD PARTIES
Users acknowledge that the indication of personal data and contact of any third party constitutes processing of personal data with respect to which Users are presented as autonomous controllers, assuming all the obligations and responsibilities under the Regulation. Users guarantee starting from now that these data have been acquired in full compliance with the Regulation and undertake to indemnify the Controller of any dispute, claim or action that any third party were to move towards the same Controller.
6) COMMUNICATION OF DATA TO THIRD PARTIES
6.1 The Users’ data may be communicated to third parties to whom the owner has concluded commercial agreements, in order to pursue the same secondary purposes of marketing and profiling set out in previous paragraph 4.6.
This activity is subject to discretionary consent given by Users, which must give it separately and in a separate box graphically distinguished. Users shall revoke the consent with the same procedure provided for in paragraph 4.6.
6.2 Managers or processors employees of the Controller can become aware of personal data referred to in this Statement, each limited to their competences and tasks and on the basis of the assigned tasks and instructions given.
6.3 The Controller shall communicate the personal data of Users, for the primary purposes listed above, to any third party whose intervention in the processing is necessary for the ordinary management activities, accounting and administrative, such as, but not limited to:
– companies of the group;
– to third-party suppliers required for the sole purpose of providing the requested service;
– postal service company,
– banking institutions and financial intermediaries,
– legal and notary offices,
– consultants, including associations,
– service companies,
– as well as to other parties in compliance with any legal obligations.
The data processed for the purposes set forth herein shall be communicated, respecting the specific security measures, to third parties, designated as managers or agents, of whom the controller may use for various services (postal services, technical assistance and information, and similar).
6.4 In certain specific cases, personal data may also be transferred abroad, to entities based in countries even outside the European Union. In such cases, the transfer of data abroad will be made in accordance with the contractual clauses set out by European Commission’s decision of 5 February 2010, as well as providing the appropriate warranties in compliance with art. 46 or 47 or 49 of the Regulation.
6.5 Personal data covered by this statement shall not be diffused in any case.
7) RIGHTS OF THE INTERESTED PARTY
Users may at any time contact the Controller in order to exercise the rights provided for by Articles15 and following of the Regulation.
Users have the right to obtain at any time confirmation of the existence or not of their personal data, to know their content and origin, verify and request the integration, updating or rectification.
Users also have the right to request cancellation, modification into anonymous form or blocking of data processed unlawfully, the limitation of treatment of the personal data, in order to grant the exclusive storage by the controller, in the cases set out under art. 18 of the Regulation, the portability of your personal data, and to oppose in any case their treatment.
The User also has the right to issue a claim before the Data Protection Authority (protection commissioner), in accordance with art. 77 of the Regulation, as well to revoke any consent in any moment, without prejudice to the lawfulness of the treatment carried out before the revocation, in accordance with art. 7.3 of the Regulation.
For the exercise of such rights, or to get any information, requests should be addressed:
– through the contact form on the site.