This privacy
policy is intended to provide all information on the processing of personal
data carried out by Iumob Srl when the User browses and
registers on www.havemeet.com.
1. INTRODUCTION
– WHO WE ARE?
Iumob Srl, with registered offices in
Milan – Via Comelico, No. 3, 20135, Tax Code/VAT No. 07048770965 registered
with the Company Register of Milan under No. MI- 1931950 (hereinafter the “Data
Controller”), owner of the website https://www.havemeet.com/ (hereinafter the “Website”)
as the Controller of personal data of the users who browse and
are registered on the Website (hereinafter the “Users”) provide the
following privacy policy according to Article 13 of EU Regulation 2016/679
dated 27 April 2016 (hereinafter, “Regulation” or “Applicable
Regulations”).
The Data
Controller takes the utmost account of its Users’ right to privacy and
protection of personal data. For any information related to this privacy
policy, Users may contact the Data Controller at any time,
using the following methods.
Online:
By Postal
Service
Sending a registered letter with return receipt to the registered offices
of the Data Controller (Via Comelico, 3, 20135 Milano);
For specific
requests to be sent to our Data Protection Officer:
Users may also contact the Data Protection Officer (RPD or
DPO) of the Data Controller for any information or request to the
following contact details: company Shibumi Srl - dpo@iumob.it.
3. WHAT DO WE
DO? PROCESSING PURPOSES
By browsing the
Website, the User can register for the service, deciding whether to carry out
the Standard Registration and thus activate a Free Profile, or create the
Complete Subscription, which allows you to have a paid Premium Profile (of
hereinafter, "Service").
In relation to
the activities that can be carried out through the Website, the Data Controller
collects personal data relating to Users.
This Website, as
well as any services offered through them, are reserved for individuals who are
18 years and over. Therefore, the Data Controller does not collect personal
data relating to individuals under 18 years of age. Upon request of the Users,
the Data Controller will promptly delete all personal data that has been
involuntarily collected and related to subjects under the age of 18.
Particularly,
the personal
data of the Users will be processed lawfully by the Data Controller pursuant to
Article 6 of the Regulation for the following processing purposes:
a) Contractual
obligations and provision of the service, to enable the browsing of the Website or to
implement the General Terms and Conditions, which are accepted by the User
during registration to the Website to take advantage of the services offered
through the Website including access to dating on-line and chat platforms
and to fulfil the User’s specific requests. User data collected by the Data
Controller for the purpose of any registration on the Website include: the
nickname voluntarily chosen, date of birth, gender, province of
residence/domicile, email address, picture and any personal information of the
User that may be voluntarily published. With regard to the data that the User
will make available to the public on the Website, as specified in the General
Conditions, Data Controller is granted, among other things, any and all right
of publication, communication and making available to the public and others
users of the Website.
Unless the User
gives the Data Controller a specific and optional consent to the processing of
their data for the further purposes set out in the following paragraphs, the
User's personal data will be used by the Data Controller for the sole purpose
of ascertaining the identity of the User (also by validating the e-mail
address), thus avoiding possible scams or abuses, and contacting the User only
for service reasons (e.g. sending of notifications regarding the services
offered on the Website). Notwithstanding the provisions contained elsewhere in
this privacy policy, under no circumstances will the Data Controller make the
personal data of the Users accessible to other Users and/or third parties.
b)
Administrative and accounting purposes, or to perform organizational, administrative,
financial and accounting activities, such as internal organizational activities
and activities functional to the fulfilment of contractual and pre-contractual
obligations;
c) Legal
obligations, or to fulfil
obligations provided by the law, an authority, a regulation or European
legislation.
The provision of
personal data for the purposes of processing indicated above is optional but
necessary; failure to provide the data will make it impossible for the User of
using the Service.
4. OTHER
PROCESSING PURPOSES
4.1 Marketing
Some of the
User’s personal data, such as name, surname, e-mail address, may also be
processed by the Data Controller for marketing purposes (e.g.
sending of advertising material, direct sales, commercial communication,
sending newsletters containing information in relation to news
relevant to the sector relating to the activities of the Data Controller and/or
services and promotions relating to the contents of the Website and the
services offered through the Website by the Data Controller), or in order for
the Data Controller to contact the User through mail to propose to the User the
purchase of products and/or services offered by the Data Controller and/or by
third parties, to present offers, promotions and business opportunities by the
Data Controller and/or by third parties.
In case of lack
of consent, the possibility to using Service will not be in any way affected.
In case of
consent, the User may at any time revoke the same, making a request to the Data
Controller in the manner indicated in paragraph 8 below.
The User can
also easily oppose further sending of promotional communications via e-mail by
clicking on the appropriate link for the revocation of
consent, which is present in each promotional email. Once the consent has been
revoked, the Data Controller will send the User an e-mail message confirming
the revocation of the consent. If the User intends to revoke his or her consent
to the sending of promotional communications via telephone, while continuing to
receive promotional communications via email, or vice versa, please send a
request to the Data Controller using the methods indicated in paragraph 8
below.
The Data
Controller informs that, following the exercise of the right of opposition to
the sending of promotional communications via email, it is possible that the
User continues to receive further promotional messages due to technical and
operational reasons (e.g. formation of contact lists already completed shortly
before the Data Controller’s receiving of the opposition request).
Should the User
continue to receive promotional messages after 24 hours from the exercise of
the right of opposition, please report the problem to the Data Controller,
using the contacts indicated in paragraph 8 below.
4.2
Communication of data to the Data Controller’s Partners
With the User’s
free and optional consent, some of the User’s personal data (such us name,
surname, gender, date of birth, city/region of residence and e-mail address)
may be conveyed by the Data Processor to the following categories of
third-party companies: (i) clothing, (ii) automotive, (iii) retail, (iv) credit
and insurance, (v) electronics, (vi) information technology, (vii) information,
(iix) health and wellness, (ix) sport, (x) entertainment, (xi) tourism, (xii)
online digital services and (xiii) recruitment (collectively referred to as the
“Data Controller’s Partners”). The Data Controller's Partners, as
independent data controllers, will process the personal data of the User
for marketing purposes (direct sales, sending of advertising
material and commercial communication), and may contact the User by post or
e-mail to propose to the User the purchase of products and/or o services
offered by the same categories of third-party companies and/or by other
companies and to present offers, promotions and business opportunities to the
User.
Pursuant to
Article 14, paragraph 3 of the Regulation, after successful transfer, the Data
Controller’s Partner will be responsible for providing the Users all the
information provided for by Article 14 of the Regulations.
In case of lack
of consent, the possibility to register on the Website will not be in any way
affected.
In case of
consent, the User may at any time revoke the same, making a request to the Data
Controller in the manner indicated in paragraph 8 below.
The Data
Controller informs that the User's personal data will be processed by the Data
Controller’s Partners as autonomous data controllers, on the basis of the
specific information that will be issued by the Data Controller's Partners to
Users. Any requests not to receive further commercial communications from the
Data Controller’s Partners to whom the data has already been communicated by
the Data Controller, must therefore be addressed directly to them.
5. LEGAL BASIS
FOR PROCESSING
Provide the
Service (as
described in the previous paragraph 3, letter a)): the legal basis consists of
art. 6, paragraph 1, lett. b) of the Regulations, or the processing is
necessary for the performance of a contract to which the User is party or in
order to take steps at the request of the data subject prior to entering into a
contract.
Administrative
and accounting purposes (as described in the previous paragraph 3, letter b)):
the legal basis consists of art. 6, paragraph 1, lett. b) of the Regulations,
as the processing is necessary for performance of a contract to which the User
is party or in order to take steps at the request of the data subject prior to
entering into a contract.
Legal
obligations (as
described in the previous paragraph 3, letter c)): the legal basis consists of
art. 6, paragraph 1, lett. c) of the Regulation, as the processing is necessary
for compliance with a legal obligation to which the Data Controller is subject.
Other processing
purposes for the
processing relating to marketing purposes, (as described in the previous
paragraph 4.1) and for that relating to the communication of data to the Data
Controller's Partners (as described in the previous paragraph 4.2), the legal
basis consists of art. 6, paragraph 1, lett. a) of the Regulations, or the
provision by the data subjects of consent to the processing of their personal
data for one or more specific purposes. For this reason, the Data Controller
asks the User to provide specific free and optional consent, to pursue each of
the purposes mentioned in this paragraph.
6. PROCESSING
MEANS AND DATA RETENTION PERIOD
The Data
Controller will process the personal data of Users using manual and IT tools,
with logic strictly related to the purposes themselves and, in any case, in
order to guarantee the security and confidentiality of the data.
The personal
data of Website Users will be retained for the time strictly necessary to carry
out the main purposes explained in paragraph 3 above or, in any case, as
necessary for the protection in civil law of the interests of both the Users
and the Data Controller.
In the cases
referred to in paragraphs 4.1 and 4.2 above, the personal data of Users will be
retained for the time strictly necessary to carry out the purposes described
therein and, in any case, until the User withdraws his consent.
In any case, any
retention terms provided for by law or regulations are reserved.
If the User
decides to block and/or delete their profile, all stored data relating to the
User is deleted. If the complete deletion of User data is not permitted or
required by law, the data is limited for further processing.
7. TRANSMISSION
AND DISSEMINATION OF DATA
The User's
personal data may be transferred outside the European Union and, in this case,
the Data Controller will ensure that the transfer takes place in accordance
with the Applicable Regulations and, in particular, in accordance with Articles
45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to
adequate guarantees) of the Regulation.
The employees
and/or collaborators of the Data Controller who are in charge of carrying out
Website maintenance may become aware of the personal data of the Users. These
subjects, who are formally appointed by the Data Controller as "in
charge of processing", will process the User's data exclusively for
the purposes indicated in this policy and in compliance with the provisions of
the Applicable Regulations.
The personal
data of the Users may also be disclosed to third parties who may process
personal data on behalf of the Data Controller as "Data Processors",
such as, for example, IT and logistic service providers functional to the
operation of the Website, outsourcing or cloud computing service
providers, professionals and consultants.
Users have the
right to obtain a list of any data controllers appointed by the Data
Controller, making a request to the Data Controller in the manner indicated in
paragraph 8 below.
In addition,
other Users may also become aware of the User's personal data, considering the
nature of the Service described above and what is specified in the General
Terms and Conditions in this regard.
8. RIGHTS OF THE
DATA SUBJECTS
Users may
exercise their rights granted by the Applicable Regulations by contacting the
Data Controller as follows:
Online:
By Postal
Service:
Sending a registered letter with return receipt to the registered offices
of the Data Controller (Via Comelico, 3, 20135 Milano);
For specific
requests to be sent to our Data Protection Officer:
Users may also contact the Data Protection Officer (RPD or
DPO) of the Data Controller for any information or request to the
following contact details: company Shibumi Srl - dpo@iumob.it.
Pursuant to
Applicable Regulations, the Data Controller informs that Users have the right
to obtain indication (i) of the origin of personal data; (ii) the purposes and
methods of the processing; (iii) the logic applied in the event of processing
carried out with the aid of electronic instruments; (iv) of the identification
details of the data controller and processors; (v) the subjects or categories
of subjects to whom the personal data may be communicated or who may come to
aware of them as processors or agents.
Furthermore,
Users have the right to obtain:
a) Access, updating, rectification, or,
when interested, integration of data;
b) The cancellation, transformation
into anonymous form or the restriction of data
processed in breach of the law, including data that does not need to be stored
in relation to the purposes for which the data was collected or subsequently
processed;
c) Certification
to the effect that notification has been supplied of operations as per letters
a) and b), as regards their content, to those to whom the data was communicated
or disseminated, except for the case where notification proves impossible or requires
the use of means clearly disproportionate to the right being protected.
Moreover, the
Users have:
a) The right
to withdraw consent at any time, if the processing is based on
their consent;
b) The right
to data portability (the right to receive all personal data
concerning them in a structured format, commonly used and readable by automatic
device);
c) The right
to oppose to:
i) in whole or
part, for legitimate reasons, the processing of personal data relating to you
for legitimate reasons even pertinent to the purpose of collection;
ii) in whole or
part, the handling of personal data for the purpose of sending advertising or
sales materials or for the carrying out of market research or for commercial
communication purposes;
iii) if personal
data is processed for direct marketing purposes, at any time, to the processing
of data for this purpose, including profiling in so far as it is related to
such direct marketing.
d) If it is
deemed that the processing concerning their personal data violates the
Regulation, the right to lodge a complaint with a Supervisory authority (in
the Member State in which they usually reside, in the one in which they work or
in the one in which the alleged violation has occurred). The Italian
Supervisory Authority is the Data Protection Authority, with
registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).
The Data Controller is not responsible for updating all links viewed in
this Privacy Policy, therefore, whenever a link does not work
and/or is not updated, the Users acknowledge and accept that they must always
refer to the document and/or section of the websites referred to by this link.