INFORMATION ON THE PROCESSING OF PERSONAL DATA

With the present document (“notice”) the Data Controller, as defined below, provides information on the scope and methodologies of the processing of Personal Data (or “Data”).

1. Data controller

Funnel s.r.l., based in Via Arno n. 21, 09122 Cagliari, CF and VAT 03927350920, is the Data Controller (hereinafter called “Data Controller” or also Funnel) related to the website funnel.srl, (the “website”) and for this purpose pursuant to Legislative Decree no. 196/03 (later called “Privacy Code”) and EU Regulation No. 2016/679 (hereinafter referred to as “GDPR”), user data will be processed in the manner and for the purposes specified below. Users can contact the Data Controller by means of the following email address funnel.srl@pec.it

2. Personal Data Processed

The Data Controller may process Personal Data used to subscribe to the newsletter and other forms of communication, in particular: name, surname, and email address.

3. Legal Basis for Data Processing

Data processing must be based on one of the following conditions:

– The user gives consent for one or more specific purposes;

– Processing is necessary for the performance of a contract and/or pre-contractual phases;

– Processing is necessary to fulfil a legal obligation to which the Data Controller is subject.

– Processing is necessary for the performance of a task in the public interest or for the exercise of official authority vested in the Data Controller;

– The processing is necessary in pursuit of the Data Controller’s legitimate interest.

3.1 Access and use of the website funnel.srl and legal basis of the processing

The processing of Personal Data is necessary to access and use services provided through the website. Specifically, Data are used to:

– Browse the website funnel.srl.

– Use the newsletter subscription form or other utilities on the website.

– Comply with legal obligations, regulations, EU legislative requirements, or as ordered by the authorities.

– Prevent or detect illegal or fraudulent activities.

– Exercise the rights of the Data Controller, such as the right of defense in court.

Legal basis for Data processing: execution of contractual obligations

3.2 Compliance and Legal Basis for Data Processing

Even without express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate user Data supervisory bodies, judicial authorities, and to all other entities and/or individuals to whom such communication is mandated by law for compliance purposes. In this case, Data will not be exposed.

Legal basis for processing: fulfilment of a legal obligation

3.3 Marketing Activities for Funnel Products and Legal Basis for Data Processing

Only with the consent of the Data subject, Funnel may process Personal Data in order to send commercial, promotional and/or advertising communication regarding Funnel products and services (direct marketing), or to carry out direct sales or market research activities. For these purposes, the Data Controller will use automated contact methods, such as, email, fax, SMS, MMS, instant messaging, apps, automated calls without an operator, etc.) and/or traditional methods (such as, telephone calls with operator and postal mail). Legal basis for processing: consent of the Data subject.

Legal basis for processing: consent of the Data subject.

3.4 Marketing Activities for Third Party Products and Legal Basis for Processing

Only with the consent of the Data subject, the Data Controller may send commercial communications regarding products and services offered by Funnel subsidiaries, parent companies or associates and/or by third-party companies for marketing purposes. The processing involves market research and/ or commercial communications related to products and services of third-party companies through the use of tools such as email, telefax, SMS, MMS, instant messaging, apps, automated call systems without operator, etc. ) and/or traditional methods (such as telephone calls with operator and postal mail). Legal basis for processing: consent of the Data subject.

Legal basis for processing: consent of the Data subject.

3.5 Transfer of Personal Data for Marketing Purposes and Legal Basis for Processing

Only with the consent of the Data subject, the Data Controller may transfer her/his Personal Data to third-party companies, including Funnel subsidiaries, marketing companies, market research companies and consultancy companies for their own marketing activities, which will process Personal Data as independent data controllers (“third party assignees”), and will provide appropriate data processing information to the Data subject. In any case, users may exercise their rights with respect to third party assignees.

Legal basis for processing: consent of the Data subject.

3.6 Reporting and General Management Purposes and Legal Basis for Processing

Funnel can also use Personal Data for: surveying customer satisfaction in regards to the quality of services; monitoring the use of services; in preaparation for judicial and/or extra-judicial litigation.

Legal basis for processing: legitimate interest.

4. Preservation of Processed Data

In reference to the afore mentioned cases, processed Personal Data will be preserved only for the time necessary to accomplish their specific purposes.

In particular:

– Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied. Users may obtain further information on the legitimate interest pursued by the Data Controller in relevant sections of this document or by contacting the Data Controller directly.

– The Data Controller may be obliged to retain Personal Data for a longer period in compliance with legal obligations or by order of the authorities.

– At the end of the required retention period, processed Personal Data will be deleted. Thus, from that point on the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

5. How data will be processed .

he Data Controller shall take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. In some cases, in addition to the Data Controller, other parties involved in the production and operations of this website/application may have access to user Data: internal professionals in administrative, commercial, marketing, legal, and IT systems positions; external resources such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, etc. appointed when necessary to be themselves Data Processors by the Data Controller. The updated list of Data Processors may always be requested from the Data Controller.

6. Persons who may retrieve personal data

The Data Controller may also have the need to communicate user Personal Data to third parties (even to parties located outside the European Union if in compliance with regulatory conditions that allow it) falling, by way of example, under one of the following categories: parties providing support services for the execution of user requested provisions or payment services, debit and credit cards services, tax collectors and treasuries; parties handling packaging, shipping and archiving of documentation related to customer relations, in both paper and electronic form; parties offering services of quality detection, market research, information and commercial promotion of products and/or services; Funnel srl, in order to carry out certain operations or requested services (for example for the execution of payment services) may transfer user Personal Data to recipients outside the European Union upon ensuring an adequate level of Data protection.

7. User Rights

In relation to Data processing as described in this Document, users may exercise rights set forth in Articles 15 to 22 of the GDPR with regard to Data concerning them. In particular:

– Right of access: right to obtain confirmation of the existence of Personal Data processing procedures and, if so, to obtain access to their Personal Data;

– Right of rectification: right to obtain, without undue delay, the rectification of inaccurate Personal Data and/or the integration of incomplete Personal Data;

– Right to erasure (right to be forgotten): right to obtain, without undue delay, the erasure of Personal Data. The right to cancellation does not apply to the extent that processing is necessary for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defense of rights before a court;

– Right of limitation of processing: right to obtain limitation of processing;

– Right to data portability: right to receive the processed Data in a structured, commonly used format readable on an automatic device, or to have them transferred another Data Controller;

– Right to object: right to object to the processing of Personal Data for reasons related to a particular purpose, and in any case to the use of Data for marketing purposes;

– Right not to be subject to automated decision-making: the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on the user or significantly affects the user;

– Right to lodge a complaint with the Data Protection Authority: http://www.garanteprivacy.it;

– Right to withdraw the consent given at any time and as easily as it was given without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal.

8. Place of Processing

User Data are processed at the Data Controller’s base of operations and in any other place where the parties involved in the processing are located. For more information, please contact the Data Controller.

User Personal Data may be transferred to a country other than the one where the user is located. To obtain further information on the place of processing, users can refer to this Document or contact the Data Controller directly.

Users have the right to obtain information about the legal basis of the transfer of Data outside the European Union or to an international public law organization representing two or more countries, such as the United Nations, as well as regarding the security measures taken by the Data Controller to protect Data.

Users can obtain further information on any such data transfers by contacting the Data Controller directly.