COOKIE - SDK POLICY PHOTOSI WEBSITE AND APP

updated to 01/12/2023

 

Information on the processing of personal data
Pursuant to European Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016
on the protection of natural persons with regard to the processing of personal data (in short “GDPR

PhotoSì S.p.A Unipersonale, a single-member company (hereinafter “PhotoSì”), in the person of its pro tempore legal representative, in its capacity as Controller of personal data collected directly from the data subject, considers privacy and personal data protection to be fundamental and invites its users to carefully read this Policy which contains important information on Data Processing (“Privacy Policy” in short).In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be ensured by taking all the necessary suitable technical and organisational measures to ensure the security thereof.

This Policy:

• is understood to be provided for the websites https://www.photosi.com/ and https://www.albumepoca.com (hereinafter the “Website”);
• is understood to be provided for the mobile Application called “PhotoSì” (hereinafter the “App”);
• constitutes an integral part of the Website, App and services provided by PhotoSì;
• is provided in compliance with provisions set forth in the General Conditions of Sale and Terms of Use;
• is provided pursuant to art. 13 of the Regulation, to those who interact with the web services of the Website, App and Data Controller, both simply during browsing and during the use of specific services made available by means of the Website and App.

A.1) Data Controller’s identity and contact details

A.2) Contact details for the Data Protection Officer
B) What data we collect and how

• B.1) Data provided voluntarily by the data subject 
• B.2) Automatically collected data 

C) Purposes of personal data processing and legal basis 
D) Push notifications 
E) Managing cookie preferences 
F) Categories of recipients of personal data 
G) Storage and transfer of personal data abroad 
H) Storage period for personal data 
I) Exercisable rights 

A.1) Data Controller’s identity and contact details
PhotoSì S.p.A
Registered office at via Carpegna 22,
Riccione (47838 - RN), Italy
Tax code and VAT number 03550860401
Tel 0541/609903 – privacy@photosi.com

A.2) Contact details for the Data Protection Officer
The Data Protection Officer (DPO) can be reached at the following email address: dpo@photosi.com.

B) What data we collect and how

• B.1) Data provided voluntarily by the data subject
  When using the Website and App, we may ask you to provide us with certain personal data or personal information which can be used to identify you, for example by email or online form, the assistance function incorporated in the App and our Services, or by means of another form of request.
  Such information may include your name, surname, address, email and telephone number.
  Specific summary information may be made available on pages of the Website or App, prepared for particular services upon request.
  The detailed Policy on Data Processing (in short, “Privacy Policy”) is always available to the user and we invite you to read it carefully.
  
  
• B.2) Automatically collected data
  As part of functioning normally, the Website and App may automatically collect some personal data regarding the user, the transmission of which is implicit in the use of Internet and mobile phone communication protocols.
  Such data is collected by means of systems that memorise text and information files, Cookies or SDKs (Software Development Kits), for example.
  Browsing and functionality data, through cookies or technical SDKs: this category includes IP addresses or domain names of computers and terminals used by users, information on the type of device used, mobile device identifiers (like device ID), URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, technical data relating to the request (time, language, method, size, state, outcome, etc.), and other parameters regarding the operating system and the user's computerised environment, resolution, version of the application, information on activities carried out using our Services, like the date and time you used a service, functionalities you used, the chronology of purchases and data generated when you used our Services (for example, help desk and live chat services or the project saved in your cart);
  Statistical data, through analytical cookies or SDKs (own and third party ones integrated by technicians with masked IPs): this data category includes the IP addresses or the domain names of computers and terminals used by users, information on the type of device used, mobile device identifiers (like device ID), aggregated in anonymous form.
  Behavioural and profiling data, through profiling cookies or SDKs (own and third party) and analytical cookies or SDKs (own and third party integrated with profiling with unmasked IPs): this category includes data for tracking browsing, identifying user preferences and improving their browsing experience, sending targeted messages and banners, carrying out marketing/remarketing, retargeting and display advertising activities customised to the user's requirements in order to provide additional functions such as cross-device in-depth analyses and audiences, chronology of searches and browsing third-party websites (data not anonymised).
  These data will only be collected with your consent, if you wish to opt out of customisation, consult the "Manage cookie preferences" section below.
  Social media data: if you use the sharing function of your social media account to access our Services, any information you provide or authorise to be provided on social networks (e.g. Facebook, Google). The Website and App may also request your permission to share data that enable them to execute actions with relative User accounts and to collect information, including personal data, therefrom. Such information may include your user ID and your email address, should you wish to contact us for assistance.
  Information we receive depends on the Services you are using, the terms of use, authorisations, settings and the privacy policies of single social networks, as well as on your privacy settings and, if applicable, the privacy settings of your friends.
  For further information, please directly verify the websites of single social networks.
  Information we receive from social networks and other third parties is stored and used by us in compliance with this Policy.
  With your consent,other information such as precise geolocalisation (latitude and longitude), using information including GPS, Bluetooth or WiFi connection. Similarly, we may request permission to access your image gallery and stored files, and to the photo camera of your device so as to process your purchase order with our Services.
  The configuration of such functionalities depends on single device settings and authorisations requested by the Website or App.
  
  A list of third parties and all partners operating on the Website is always available online in the “Cookie Preferences” or “More Information” sections, visible on the homepage banner.
  
  Some information is necessary for the provision of services linked to the Website and App and failure to collect it may mean we will be unable to provide the aforementioned services, or may result in the Website and App working only partially. Optional information does not affect how services work and the user is free to manage it.
  
  

C) Purposes of personal data processing and legal basis
Your personal data will be processed:
(i) without your mandatory consent for the following purposes:

• guarantee the complete and correct functioning of the Website and App, manage different services linked to the Website and App (for example registration, language, login or access to reserved functions, selected products), use of Website and App functionalities, PhotoSì account registration, the management of PhotoSì services, the management of orders, purchases, sales and deliveries of products and the associated monitoring, customer service management, customer service management via help desk and live chat, the management of payments, the management of returns and repairs, the management of contact with the customer, the management of vouchers and discounts;
• administrative-accounting management and related obligations (issuance of receipts, invoices, preparation of payments);
• collect and analyse traffic, Website and App use in anonymous form, generate internal statistics, economic analysis and management of the company, analysis of software use and feedback on products and services, general promotional offers and, with reference to contact details provided for contractual purposes, the sending of advertisements for similar products, with the right to opt out immediately upon request.

The above processing modes comply with the following legal bases respectively:

• fulfilment of a contract or pre-contractual measures, meeting a request made by the data subject – condition of lawfulness of Article 6, letter b) GDPR;
• legal obligation to which the Data Controller is subject – condition of lawfulness of Article 6, letter c) GDPR – or for the assessment, exercise or defence of a right in judicial proceedings;
• the pursuit of the Data Controller's legitimate interest – condition of lawfulness of Article 6, letter f) GDPR – regarding the full and correct functioning of the Website and App and the pursuit of company policies, direct marketing and customer loyalty building, the improvement of company operation and market surveys, the improvement of services provided to own customers.

The provision of the data for the purposes referred to in the previous section (i) is mandatory and the lack of data and/or any express refusal to data processing will make it impossible for the Data Controller to implement the contract or pre-contractual measures and fulfil the obligation or request with regard to the data subject.

(ii) with your prior consent (Article 7, GDPR) for the following purposes:

• for all automated data collection processes implemented by way of cookies, SDK or other tracking devices for the purposes of analysing behaviour, profiling and customised advertising;
• various types of marketing activities, including the promotion of products and services, the sending of promo codes, the distribution of posters, invitations, information and promotional material, the sending of newsletters and commercial notifications by email, sms, push notifications;
• profiling activities of various kinds, including behavioural analysis for promotional purposes, the creation of lists for promotional purposes, commercial communication and the sending of newsletters, emails, sms, push notifications, the creation of profiles for the provision of services and adverts that are targeted to and personalised for the customer’s requirements.

The provision of data for purposes stated in the previous section (ii) is optional, meaning that you may decide not to grant your consent, or withdraw it at any time, without any consequences for Website and App functionality.

D) Push notifications
We can reach you by using an instant messaging system without you needing to download anything: text will appear on the device screen provided that the client is active in the background and connected to the network.
We can use this kind of notification to:

• remind you to update the App;
• send messages relating to pending projects or orders in progress;
• inform you that you have received a message;
• inform you when there is a new usage policy;
• announce important news;
• advertise a service or product;

It is possible to deactivate push notifications by managing your preferences in the App settings.

Behavioural and profiling dataPush notifications can also be deactivated on your device by changing device settings.

E) Managing cookie preferences
You can set preferences for customisation and the reception of targeted notifications upon first time access, or change your preferences any time.
On the website you can set your preferences by clicking on "More information" in the cookies banner on the homepage or on the “Cookie preferences” link which can be accessed from the Website at any time.
On the App you can set preferences through your settings in the "Cookie preferences" section.
Naturally, it is recommended that the user consents to customisation and to the use of cookies and SDKs so that we can provide an optimal browsing experience and guarantee that irrelevant adverts are not displayed.
If consent is denied, the use of analytical/performance and/or social media/advertising cookies will be disabled.
Cookies already present on the device, on the basis of previous consent, are not automatically deleted. Such cookies must be manually deleted, by following instructions on your web browser.
The User may manage Cookie preferences directly from their browser and prevent – for example – third parties from installing them.
Browser preferences can also be set to delete previously installed cookies.
Please check Cookie management settings directly from your browser settings.

N.B.General offers and promotions that PhotoSì provides its users with will still be visible, also in relation to periodic campaigns (for example, Christmas, Valentine's Day, Print Promotion campaigns).

F) Categories of recipients of personal data
For the purposes referred to in the previous paragraph, the personal data provided or collected may be transferred or made accessible to:

1. employees and collaborators of the Data Controller, in their capacity as authorised data processing staff (or known as “individuals in charge of processing”);
2. third parties who carry out outsourcing activities on behalf of the Data Controller, in their capacity as Data Processors, including:
   • providers for the development of the Website and Application and the instruments used thereby (e.g. SDK OneSignal, SDK Social Networks, Zendesk), third party cookie managers, contractual partners of PhotoSì who process data provided by users, service providers for the management of the computerised system and telecommunications networks and the company tasked with managing e-commerce, service providers for the management of hard copy and/or computerised documentation storage, service providers for the management of customer services, also through websites, (e.g. call centres, help desks, live chats etc.), service providers for the management of commercial communication;
   • freelancers, offices or companies as part of assistance and consultancy relationships, also for the control of company organisational management;
   • banks and credit and insurance institutions to carry out economic activities (payments/collections), and insurance activities;
   • persons who carry out checks, audits and certifications on the activities carried out by PhotoSì S.p.a., including in the interest of customers;
3. judicial or supervisory authorities, administrations, public bodies and authorities (both national and foreign).

The complete updated list of the Data Processors is available upon written request to the address privacy@photosi.com.

G) Storage and transfer of personal data abroad
Personal data are managed and stored on Cloud and on servers located inside and outside the European Union owned by and/or available for the Data Controller and/or designated third-party companies, duly appointed as Data Processors.
Data are only transferred abroad to non-EU countries in the context of communication intra-group or with contractual partners, in any case in compliance with the provisions contained in Chapter V, GDPR.
Your personal data will not be disclosed.

H) Storage period for personal data
The personal data collected for the purposes indicated in paragraph C above will be kept and processed for the time strictly necessary to achieve the purposes for which they were collected and will be automatically deleted at the end of this period.
Specifically, the data retention period from the first session/visit to the Site or App is as follows:

 

 

After this storage period, the data will be destroyed or anonymised.

I) Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights indicated therein, and more specifically:

• Right of access - To obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following information: the purposes of the processing, the categories of personal data concerned and the storage period, the recipients to whom these data can be disclosed (Article 15, GDPR);
• Right to rectification - To obtain, without undue delay, the rectification of inaccurate personal data concerning you and have incomplete personal data completed (Article 16, GDPR);
• Right to erasure - To obtain, without undue delay, the erasure of the personal data concerning you, in the cases provided for by the GDPR (Article 17, GDPR);
• Right to restriction of processing - To obtain restriction of processing in the cases provided for by the GDPR (Article 18, GDPR);
• Right to data portability - To receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, in the cases provided for by the GDPR (Article 20, GDPR).
• Right to object - To object to processing of personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing (Article 21, GDPR);
• >Right to lodge a complaint with a supervisory authority - To lodge a complaint with the Authority for the protection of personal data, Piazza Venezia n. 11, Rome, Italy - https://www.garanteprivacy.it/.

You may exercise these rights easily through the dedicated section on the Site or the App.

Specifically, to proceed with requesting the deletion of data, click here.

For any further request, please write to privacy@photosi.com