3. What else should I know?

The data will be processed lawfully, fairly, and with the utmost confidentiality, in accordance with appropriate security measures as required by the Code and the Regulation. The processing will be carried out using digital means. The data will not be subject to public disclosure, except for information related to reviews if provided, and the user will not be subjected to automated decision-making processes such as profiling unless they consent to this through the installation of cookies or other tracking tools, for which the relevant notice applies.

4. To whom will my data be disclosed?

The Data Controller may disclose the data to all subjects for whom disclosure is required by law to carry out the purposes provided by law. The Data Controller also relies on certain companies or IT tools that perform data processing activities on behalf of the data subjects, exclusively in the interest of the Data Controller, all duly appointed as Data Processors under Article 28 of the GDPR. The list of Data Processors is available at the company’s headquarters.

5. Where will the data be stored and transferred?

The management and storage of personal data will be carried out on servers located in Europe.

6. What are my rights and how can I exercise them?

a) Data Subject Rights

As a data subject, you have the rights under Article 15 et seq. of the Regulation, specifically:

1. RIGHT OF ACCESS (Article 15 GDPR)

The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet registered, and their communication in an intelligible form.

2. RIGHT TO RECTIFICATION (Article 16 GDPR)

The data subject has the right to obtain the rectification of inaccurate personal data concerning them and the completion of incomplete data.

3. RIGHT TO ERASURE (Article 17 GDPR)

The data subject has the right to obtain the erasure of personal data in the presence of specific reasons such as withdrawal of consent, objection to processing, or if the data are no longer necessary for the purposes for which they were collected and processed or in case of unlawful processing. It may not always be possible to proceed with erasure, but the data controller must provide adequate justification.

4. RIGHT TO RESTRICTION OF PROCESSING (Article 18 GDPR)

The data subject has the right to obtain the restriction of processing in the presence of specific circumstances, such as, for example, in case of a request for rectification or objection during the evaluation period of the requests.

5. RIGHT TO DATA PORTABILITY (Article 20 GDPR)

If the processing is based on consent or a contract and is carried out using automated tools, the data subject may receive the data in a structured, commonly used, and machine-readable format or request their transfer to another controller.

6. RIGHT TO OBJECT (Article 21 GDPR)

The data subject has the right to object, in whole or in part:
a) for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of the collection;
b) to the processing of personal data concerning them for the pursuit of purposes not contemplated in Article 2. The user may submit a request to object to the processing of their personal data under Article 21 of the GDPR, in which they provide the reasons justifying the objection. The Data Controller reserves the right to evaluate the request, which would not be accepted in case there are compelling legitimate reasons for proceeding with the processing that prevail over the user’s interests, rights, and freedoms.

7. RIGHT TO LODGE A COMPLAINT

The data subject has the right to lodge a complaint with the competent supervisory authority under Article 77 of the GDPR if they believe that the processing of their data is contrary to the current legislation.

b) How to exercise your rights:

The data subject may exercise their rights under the Regulation at any time by contacting the Data Controller at the addresses provided above.