INFORMATION ON DATA PROCESSING 

This page describes the methods of managing the site with reference to the processing of personal data of users who visit it, as well as the methods and purposes of personal data processing.

This is information provided pursuant to Articles 13-14 of Regulation (EU) 2016/679 - hereinafter, GDPR to those who interact with web services accessible electronically from the address: www.framework360.it

This site is owned by Marketing Studio Srl Unipersonale who manages and maintains this site for the purpose of providing information and communications related to the products or services offered.

The information is provided only for this website and not for other websites that may be accessed through our links, for which Marketing Studio Srl Unipersonale is in no way responsible.

Marketing Studio Srl Unipersonale based in Turin (TO) - 10121 - Corso Re Umberto, 8 as Data Controller of your personal data, pursuant to and for the purposes of EU Regulation 2016/679 - GDPR, hereby informs you that the aforementioned legislation provides protection for data subjects regarding the processing of personal data and that such processing will be based on principles of fairness, lawfulness, transparency and protection of your privacy and rights.

Contact details of the Data Controller

The Data Controller can be contacted at the following contacts:

  • Phone: 329 0374425
  • Email: info@marketingstudio.it

Your personal data will be processed in accordance with the legislative provisions of the above-mentioned regulation and confidentiality obligations therein provided.

TYPES OF DATA PROCESSED

Browsing Data

The IT systems and software procedures used to operate this website acquire some personal data during their normal operation, whose transmission is implicit in using Internet communication protocols. These are information not collected to be associated with identified individuals but which could, by their nature, through processing and association with data held by third parties, allow identification of users. This category includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, request time, method used to submit the request to the server, size of file obtained in response, numeric code indicating status of response given by server (successful completion, error, etc.) and other parameters related to user's operating system and IT environment. These data are used solely to obtain anonymous statistical information on site use and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain liability in case of hypothetical computer crimes against the site.

Data voluntarily provided by the user

  • SENDING COMMUNICATIONS TO OUR EMAIL ADDRESSES: the optional, explicit and voluntary sending of emails to addresses indicated on this site for sending specific requests involves subsequent acquisition of sender's address necessary to respond to requests, as well as any other personal data included in the message.
  • CONTACT US: filling out the data collection form, explicit and voluntary, aimed at requests for information, involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data entered in the information request.
  • NEWSLETTER: subscription to our newsletter, aimed at sending informational material, involves the subsequent acquisition of your email address, as well as all data necessary to pursue this purpose.
  • CREATE A TEST ENVIRONMENT: filling out the data collection form, explicit and voluntary, aimed at the free trial for 30 days, involves the subsequent acquisition of the sender's address.
  • RESERVED AREA: filling out the data collection form, explicit and voluntary, aimed at creating the reserved area, involves the subsequent acquisition of the sender's address, necessary to create the reserved area, as well as any other personal data entered in the request.
  • AFFILIATE PROGRAM REGISTRATION: filling out the data collection form, explicit and voluntary, aimed at affiliation requests, involves the subsequent acquisition of the sender's address, as well as any other personal data entered in the request.
  • SUBSCRIPTION: filling out the data collection form, explicit and voluntary, aimed at subscription requests to the platform, involves the subsequent acquisition of the sender's address, as well as any other personal data entered in the request.

 

Summary informative specifications are reported or displayed on website pages prepared for particular requested services.

Profile Data

Such data, communicated at registration time in the client area, include your first and last name, email with which you register and related password, as well as contact details.

Purchase Data

At order time we record your purchase data including order number, details on goods subject to purchase, payment method details, supply and billing addresses.

Payment Data

For payment execution we collect payment data you have provided us such as IBAN and BIC or account number and bank code, credit card data and solvency data; furthermore based on payment method we receive payment data from external payment management services and economic information services with which we cooperate for managing payments and verifying solvency. We transmit to our payment management services only those data necessary for performing payment. Payment data also includes further data immediately related to performing payment and verifying solvency. This concerns for example data used by external service providers for identification. Listed below are intermediaries for payment:

PayPal

The payment service provided by PayPall (Europe) S.à r.l. et Cie, S.C.A. 
To learn more about the privacy policy - https://www.paypal.com/webapps/mpp/ua/privacy-full

Stripe

The payment service provided by Stripe Payments Europe Limited. 
To learn more about the privacy policy - https://stripe.com/it/privacy

GoCardless

The payment service provided by GoCardless Ltd.
To learn more about the privacy policy - https://gocardless.com/privacy/

PROCESSING METHODS

Data is mainly processed using electronic and IT tools and stored both on IT media and paper media as well as any other suitable type of support, in compliance with the methods referred to in Articles 6, 32 of the GDPR and through the adoption of appropriate security measures designed to prevent data loss, unlawful or incorrect use, and unauthorized access.

Please be informed that, to provide a complete service, our portal may contain links to other websites not managed by us. We are not responsible for errors, content, cookies, publications of morally unlawful content, advertising, banners or files that do not comply with current regulatory provisions and respect for Privacy regulations by sites managed by us referenced herein. To improve the service offered, immediate reports of malfunctions, abuses or suggestions to the email address: info@marketingstudio.it are appreciated.

Your data will only be processed by personnel expressly authorized by the Data Controller.

PURPOSES OF THE PROCESSING AND LEGAL BASIS

Data processing as Data Controller and Data Processor pursuant to Article 28 GDPR will be carried out for the following purposes:
  1. Website navigation. The legal basis for processing is consent from the data subject pursuant to Article 6(1)(a) of the Regulation. Providing data for these purposes is optional, but failure to provide it would make it impossible to navigate the site; 
  2. Registration on the website and access to reserved areas of the site. The legal basis for processing is the execution of pre-contractual measures pursuant to Article 6(1)(b) of the Regulation. Providing data for these purposes is optional, but failure to provide it would make it impossible to execute the pre-contractual relationship;
  3. Providing information on services and products offered and about changes in products or services. The legal basis for processing is consent from the data subject pursuant to Article 6(1)(a) of the Regulation. Providing data for these purposes is optional, but failure to provide it would make it impossible to obtain the requested feedback;
  4. Allowing platform trials. The legal basis for processing is execution of a pre-contractual measure pursuant to Article 6(1)(b) of the Regulation. Providing data for these purposes is optional, but failure to provide it would make it impossible to execute the contractual relationship;
  5. Subscription to the affiliate program. The legal basis for processing is contract execution pursuant to Article 6(1)(b) of the Regulation. Providing data for these purposes is optional, but failure to provide it would make it impossible to execute the contractual relationship;
  6. Provision of Framwork360 cloud software including hosting service via subscription and assistance activities. The legal basis for processing is contract execution pursuant to Article 6(1)(b) of the Regulation. Providing data for these purposes is optional, but failure to provide it would make it impossible to execute the contractual relationship;
  7. Sending newsletters. The legal basis for processing is consent from the data subject pursuant to Article 6(1)(a) of the Regulation. Providing data for these purposes is optional, but failure to provide it would make it impossible to obtain the requested feedback;
  8. Soft marketing activities with an informative nature within proposed services. The legal basis for processing is legitimate interest pursuant to Article 6(1)(f) of the Regulation.
  9. Fulfilling obligations required by laws or regulations. For this purpose, processing is necessary in order to comply with a legal obligation applicable to the Controller pursuant to Article 6(1)(c) of the Regulation.
  10. Protection of the Controller in judicial proceedings. For this purpose, processing is necessary for pursuing the legitimate interests of the Controller pursuant to Article 6(1)(f) of the Regulation;

Processing personal data necessary for fulfilling such obligations is essential for proper management of relationships and their provision is mandatory in order to implement above-mentioned purposes. Furthermore, please note that failure or incorrect communication of any mandatory information may cause inability on part of Controller to ensure adequacy of such processing.

The Controller informs that at any time, also at time of collection of billing-related data, data subjects can object against use of their personal data (specifically contact details) for sending communications, newsletters and marketing activities within proposed services scope. Such processing does not require consent since under Art. 6(1)(f) and recital 47 GDPR as well as Art. 130 paragraph 4 updated Privacy Code Legislative Decree 196/2003 legitimate interest represents applicable legal basis.

The processing of personal data based on art. 6, paragraph 1, letter a) is not mandatory, their provision is optional and therefore you have the right to withdraw consent at any time without affecting the lawfulness of the processing.

ENTITIES TO WHICH PERSONAL DATA MAY BE DISCLOSED

Personal data related to the processing in question may also be disclosed to entities that are granted access to your personal data by laws or secondary and/or EU regulations. Your data may be disclosed exclusively to competent and duly appointed entities for carrying out the services necessary for proper management of the relationship, guaranteeing protection of the data subject’s rights.  Furthermore, some data may be communicated and disseminated to internet operators used by Marketing Studio Srl Unipersonale for managing its domains.

Some of your personal data may need to be transferred to Recipients outside the European Union, in compliance with applicable legislation, including:

Amazon Web Services (AWS)
Framework360 uses Amazon Web Services (AWS) as a hosting service. The service is provided by Amazon Web Services Inc. Privacy policy: https://aws.amazon.com/privacy/. Specifically, personal data processed through the Framework360 software are located on a server in Paris, Europe.

Framework360 uses ChatGPT solely as an artificial intelligence service for generating texts and translations, without any transfer of personal data.

Your personal data will not be disclosed in any way.

DATA RETENTION PERIOD

Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period necessary to carry out the requested services and in compliance with current regulations regarding retention of fiscal, tax and contractual documentation. Specifically:

  • accounting and tax data: 10 years in compliance with obligations related to retention of accounting and tax records (art. 2220 civil code which provides for keeping accounting records for 10 years; art. 22 of Presidential Decree September 29, 1973, no.600)
  • other data: 10 years from the termination of contract effectiveness or, in case of disputes, for the statute of limitations period provided by law for protecting related rights
  • registration data: until profile deletion request
  • newsletter: data will be kept until consent withdrawal or exercise of deletion rights, but in any case for no longer than 2 years
  • soft marketing: data will be kept until consent withdrawal or exercise of deletion rights, but in any case for no longer than 2 years after contract termination

 

DATA SUBJECTS’ RIGHTS

  1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exist, even if not yet recorded, and their communication in an intelligible form.

2. The data subject has the right to obtain the indication:

  1. of the origin of the personal data;
  2. of the purposes and methods of processing;
  3. of the logic applied in case of processing carried out with the aid of electronic tools;
  4. of the identifying details of the controller, processors, and the representative designated pursuant to article 5, paragraph 2;
  5. of the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as designated representatives within the territory of the State, processors, or persons in charge.

3. The data subject has the right to obtain:

  1. the updating, correction or, when interested, integration of data;
  2. the deletion, anonymization or blocking of data processed unlawfully, including those whose retention is not necessary in relation to the purposes for which they were collected or subsequently processed;
  3. certification that the operations referred to in letters a) and b) have been made known, also regarding their content, to those to whom the data were communicated or disseminated, except where such fulfillment proves impossible or involves a manifestly disproportionate use of means compared to the protected right;
  4. data portability.

4. The data subject has the right to object, in whole or in part:

  1. for legitimate reasons to the processing of personal data concerning him/her, even if relevant to the purpose of collection;
  2. to the processing of personal data concerning him/her for sending advertising material or direct sales or for carrying out market research or commercial communication.

5. The data subject has the right to request restriction of processing.

He/she can exercise his/her rights by sending an email to info@marketingstudio.it or by sending a written request to the contacts specified above.

Furthermore, if the data subject believes that the processing of his/her data is contrary to current legislation he/she can lodge a complaint with the Data Protection Authority pursuant to art. 77 of Regulation 2016/679 or submit a report pursuant to art. 144 of Legislative Decree 101/2018.

ANTISPAM SERVICE – RECAPTCHA

In certain sections of the website, namely on data collection forms, we have implemented an antispam service.

The Captcha is a type of security measure known as Challenge/Response authentication that analyzes website traffic by processing users' personal data in order to protect the site owner, the site itself and users from spam, bot software, worms, spam bots, brute force attacks and password decryption by asking them to pass a simple test proving that they are a person and not a computer attempting to breach a password-protected account.

CONTENT ON EXTERNAL PLATFORMS

The website allows users to view content hosted on external platforms directly on its pages and interact with it. If these services are installed within the website it is possible that even if users do not use them they still collect traffic data related to pages where they are installed.

Youtube
Youtube is a video content viewing service managed by Google that allows this Website to integrate such content within its pages.

To learn more about Youtube's privacy policy – Privacy Policy https://policies.google.com/privacy?hl=it

GoCardless
The payment service provided by GoCardless Ltd.
To learn more about the privacy policy - https://gocardless.com/privacy/

MayTapi
MayTapi is a messaging service integrated into the platform for sending WhatsApp messages.
To learn more about the privacy policy - https://maytapi.com/legal/privacy