Privacy Policy for Users
The purpose of this Website Privacy Policy is to inform on how information about you is collected and used when you visit www.xyzdesignlab.com.
XYZ Design Lab is part of Tangoo S.r.l with registered offices in Via Lentasio n.9, 20122 Milano, Italy, VAT No. and Fiscal Code No. IT02143630685 (hereinafter, “Controller”), manager of the internet website www.xyzdesignlab.com (hereinafter, the “Website”), in its capacity as data controller in relation to personal data pertaining to the users using the Website (hereinafter, the “Users”) hereby provides the privacy policy pursuant to art. 13 of the Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, “Regulation” or “Applicable Law”).
- Purposes of data processing
The User may contact the Data Controller using the appropriate form when browsing the Site.
The Users’ personal data will be processed by the Controller lawfully pursuant to art. 6 of the Regulation for the following processing purposes:
a) executing the User’s request: the personal data of the Users will be processed by the Controller with the only purpose to reply to their queries. The Controller will collect the following personal data in order to be able to reply to the User’s request: name, surname, email address, name of User’s company, User’s job title and any other information relating to the User voluntary given by the User to the Controller through the checkboxes in the contact form. No other processing will be carried out by the Controller in relation to the Users’ personal data. Without prejudice to what is stipulated elsewhere, under no circumstances the Controller will make the personal data accessible to other Users and/or third parties.
b) legal obligations, or in order to fulfil obligations provided by the law or the European laws and regulations.
Providing the personal data for the processing purposes specified above is optional but necessary, since failing to provide the same imply the impossibility for the User to make a request to the Controller.
A star in the form identifies the personal data, which are necessary for purporting the processing purposes described under this paragraph 1.
- Legal Basis
Fulfillment of the User’s request (as described in par. 1, lett. a): the legal basis consists in art. 6, paragraph 1, lett. b) of the Regulation, as the processing is necessary for the execution of a contract and/or the execution of pre-contractual measures adopted upon the User’s request.
Legal obligations (as described in paragraph 1, lett. b) above): the legal basis is Article 6, paragraph 1, lett. c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.
- Processing methods and data retention
The Controller will carry out the processing of Users’ personal data by manual and IT instruments, applying logics strictly connected to the purposes and, in any case, so that the safety and confidentiality of the relevant data is guaranteed.
Users’ personal data will be retained for the time strictly necessary to carry out the relevant purposes described in the previous paragraph 1, and in any case for the time necessary for the protection of the civil interests of the Users and of the Controller.
- Scope of communication and transfer of data
The User’s personal data may be transferred outside the European Union and, in this case, the Data Controller will ensure that the transfer takes place in accordance with the Applicable Legislation and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the EU Regulation.
The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Site and the Users’ requests. These subjects, who have been instructed in this sense by the Controller pursuant to art. 29 of the Regulation, will process Users’ data exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Law.
Users’ personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors pursuant to Article 28 of the Regulations, such as, by way of example, suppliers of IT and logistical services functional to the operation of the Data Controller’s Site, suppliers of outsourcing or cloud computing services, professionals and consultants.
The User has the right to obtain a list of any data processors appointed by the Controller, by making a request to the Controller in the manner indicated in paragraph 5 below.
- Data subjects’ rights
Users may exercise their rights granted by the Applicable Law by contacting the Data Controller as follows:
- Sending a registered letter to the registered office of the Controller: Via Lentasio n.9, 20122 Milano, Italy
- Sending an email to privacy@tangoomedia.com;
The Company has not identified the person in charge of data protection (RPD or DPO), as it is not subject to the obligation of designation provided for by art. 37 of the Rules.
Pursuant to the Applicable Law, the Controller hereby informs that any Users has the right to obtain the indication of (i) the source of the personal data; (ii) the purposes and methods of the processing; (iii) the logic applied to the processing, if the latter is carried out with the help of electronic means; (iv) the identification data concerning data controller and data processors; (v) the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated data processor(s) or person(s) in charge of the processing.
Furthermore, data subjects have the right to obtain:
a) access, updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
Furthermore, Users have:
a) the right to withdraw the consent at any time, when the processing is based on consent;
b) the right to data portability (if applicable), that is the right to receive all the personal data concerning the User, in a structured, commonly used and machine-readable format; the right to restriction of processing of the personal data; the right to erasure (right to be forgotten).
c)the right to object:
i) in whole or in part, on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
d) the right to lodge a complaint with a supervisory authority (in the Member State of his or her habitual residence, place of work or place of the alleged infringement) if the User considers that the processing of personal data relating to him/her infringes the Regulation. The Italian Data Protection Authority is the Garante per la protezione dei dati personali, with registered office in Piazza Venezia, n. 11, 00187 – Rome (http://www.garanteprivacy.it).
The Controller is not responsible for updating all links that can be viewed in this Privacy Policy, therefore whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to such link.