@CULT SRL informs that, pursuant to art. 13 of the European General Data Protection Regulation, no. 2016/679 ("Regulation") and Italian Legislative Decree 196/03 and subsequent amendments and additions, the personal data provided by the User will be processed in accordance with the provisions of the Privacy Code and the Regulation, for the purposes stated below.
The Data Controller is the company @CULT SRL, with registered office in Rome (RM), Via Quintino Sella n. 33, postcode 00187, VAT no. 06851241007 (hereinafter, the "Data Controller").
Purpose, Legal Basis of Processing and Data Retention Period
Personal data will be processed for the following purposes and legal bases:
- Technical browsing data
computer systems and software procedures responsible for the
operation of the website (such as Apple Store and Google Play)
acquire in the course of their normal operation some of your Data
whose transmission is implicit in the use of Internet communication
protocols, smartphones and devices used. This category of data
includes IP addresses or domain names used by Users who connect.
For more information, please visit: https://www.apple.com/it/privacy/; https://www.google.com/intl/it_it/policies/privacy
Legal Basis : the legitimate interest of the Data Controller in making the website usable and safe to browse (Article 6, par. 1, letter f, EU Regulation 2016/679).
Retention: Browsing Data is deleted after processing as it is used only to obtain anonymous statistical information about the use of the website and to check its correct functioning. The data could be used to ascertain liability in the event of any cybercrimes against the website: currently, except for this possibility, data concerning web contacts are not stored for more than 7 (seven) days.
- Contacts by the User by email or telephone contact
optional, explicit and voluntary sending of communications by email
to the addresses indicated on this website entails the subsequent
acquisition of the data communicated by the User, including their
email address, and the User's consent to receive any messages in
response to their requests. In this case, the provision of your email
address and any other data you may provide is optional, but
indispensable in order to be able to use the service and receive a
reply to your request and, in their absence, we will not be able to
proceed with processing. Personal data provided in this way is used
solely for the purpose of fulfilling or responding to requests
submitted and is only disclosed to third parties if this is necessary
for that purpose. The data is stored for the period necessary to
process the request and in compliance with current laws and
Legal Basis : processing is carried out for the fulfilment of a contractual and pre-contractual obligation assumed by the Data Controller with the service (Art. 6, para. 1, letter b).
Retention: Data provided voluntarily by the User is stored for the period necessary to fulfil the request and as permitted by applicable law and any contractual obligations that may have arisen.
- Soft spam activities
Data Controller may send promotional communications by email to the
User concerning Products and/or Services similar to those already
purchased or re-propose the same without the need for the express and
prior consent of the User pursuant to article 130, paragraph 4, of
the Privacy Code, provided that the User does not exercise their
right to object.
Legal Basis : this processing is based on art. 130, paragraph 4, of the Privacy Code as amended by Legislative Decree no. 101 of 2018.
Method and location of the Data processing
Data processing methods
Data Controller processes Users' Personal Data using suitable
security tools to protect against the unauthorised access,
distribution, modification or destruction of Personal
Processing is carried out using electronic and/or telematic tools, with organisational methods and logic strictly related to the stated purposes. In addition to the Data Controller, in certain cases, other parties involved in the organisation of the site may have access to the Data (administrative, sales, legal staff and system administrators) or appointed external categories (such as third-party technical service providers, mail couriers, hosting providers, IT companies and communication agencies) which can, if necessary, be appointed by the Data Controller to handle the Personal Data.
External parties appointed as External Data Processors include business partners (the suppliers).
The updated list of Data Processors can always be requested from the Data Controller.
Place and Times
Data is processed at the Data Controller's operational facilities and at any other place where the parties involved in the processing are based. Data is processed for the time period necessary to provide the User with services, or for the time required for the purposes described in this document, and the User can always request that processing is discontinued or that data is deleted.
Personal data will not be transferred abroad.
The Data Subjects' Rights
Data subjects - the identified or identifiable natural persons to whom the data refer - may exercise specific data protection rights, which are listed below:
- right of access: the right to obtain from the Data Controller confirmation as to whether or not personal data is being processed and, if so, to obtain access to personal data and detailed information on the origin, purposes, categories of data processed, recipients of communication and/or transfer of data, and so on;
- right of rectification: the right to obtain, from the Data Controller, the correction of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by provision of an additional declaration;
- the right to deletion ("the right to be forgotten"): the right to obtain from the Data Controller the deletion of personal data without undue delay where: i. the data is no longer necessary in relation to the purposes of the processing; ii. the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; iii. the personal data has been processed unlawfully; iv. the personal data must be deleted in order to comply with a legal obligation;
- right to object to processing: the right to object at any time to the processing of personal data whose legal basis is a legitimate interest of the Data Controller;
- right to limit the processing: the right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is illegal and/or the data subject has objected to the processing;
- right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another Data Controller, if technically feasible, only for cases where the processing is based on consent or contract and only for data processed by electronic means;
- right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that processing operations concerning them are in breach of the Regulations shall have the right to lodge a complaint with the supervisory authority of the Member State in which that person resides or habitually works, or of the State in which the alleged breach occurred.
The rights can be exercised by contacting the Data Controller at the following addresses: email@example.com