HITBYTES S.r.l, as Data Controller, as conforming at art. 13 of the EU Regulation n. 2016/679 (“GDPR"), wishes to provide the following specific information concerning the processing of personal data of users who use the chatbot.
1. Data controller
The data controller is HITBYTES S.r.l located in via Pietro Borsieri 25, cap 20159, Milan (MI), Italy, e-mail firstname.lastname@example.org.
2. Type of data processed
Hitbytes S.r.l. process personal data voluntarily provided by users, by registration to the chatbot, or acquired by Hitbytes S.r.l. through the Facebook platform, in particular: name, surname, C.F., P.IVA, email, n. telephone number (“personal data"). Hitbytes S.r.l. it can also deal with particular data, related to health and sex life, to the racial and ethnic origin of an individual, to his religious, political and philosophical convictions and adhesions, voluntarily provided by users [ex. as part of the use of the service] to be able to satisfy users’ requests (“particular data"). Hitbytes S.r.l. can process the data collected through the use of technical cookies.
3. Purpose of the processing
Personal data will be processed for the following purposes:
1. Purposes related to the provision of the services requested, ie answers to questions asked by users and sending of the requested information.
2. Purposes related to the fulfillment of obligations under the law, a regulation, the Community legislation or an order of the Authority (such as for anti-money laundering) to which the Data Controller is subject.
3. Purposes related to the exercise of a legitimate interest of the owner, including for example the right to defense in court.
4. Specific and distinct consent for the purpose of marketing activities:
– sending by e-mail, mail and / or text messages and / or chat and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Owner and detection of the degree of satisfaction on the quality of services;
– sending by e-mail, mail and / or sms and / or telephone contacts of commercial and / or promotional communications of third parties (for example, business partners).
The particular data will be processed for the following purposes:
2. Allow consultation of the chatbot, as they allow the chatbot to work;
4. Nature of the provision of data
Without prejudice to what is indicated in relation to technical cookies, necessary for the functioning of the chatbot, users are free to provide their personal data, but the provision of data is a prerequisite for the execution of the service. Failure to provide data may make it impossible for the Data Controller to receive questions via the chatbot and to send the requested information. Users are free to provide their personal data and to grant their consent for sending promotional communications. Failure to grant consent will not allow the Owner to transmit their promotional offers. Users are free to provide their particular data and to give their consent, to receive answers to the questions posed in the chatbot in terms of health and sex life, of racial and ethnic origin of an individual, of religious beliefs and adhesions, policies and philosophical.
5. Methods of treatment
Personal data are processed using automated tools and paper methods. The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from termination of the relationship for the purposes related to the services offered and no later than 2 years from the collection of data for the purposes related to activities of marketing. Specific security measures are observed to prevent the loss of personal data, illicit or incorrect use and unauthorized access. In particular, specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, including:
– planning periodic backup of databases;
– the limitation of access to databases through the use of credentials;
– limiting access to databases through policies on belonging to the same network in the Microsoft Azure cloud;
– the limitation of access to machine instances through the use of ssh keys;
– the limitation of access to the configurations of the environments through the creation of accounts with distinct roles.
6. Subjects authorized to treatment
The personal and particular data voluntarily provided by you through the registration and use of the chatbot or acquired by Hitbytes S.r.l. through Facebook Messenger, Telegram, Whatsapp, Google Hangouts, Skype, Viber, LINE, WeChat can be communicated:
– to employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons authorized to process and / or internal process managers and / or system administrators;
– to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Owner, in their capacity as external managers of treatment.
The updated list of managers is kept at the registered office of the Data Controller.
7. Data transfer
Personal data is stored on servers located in Ireland and Frankfurt, within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
8. Rights of the interested party
The user has the right to exercise at any time the rights referred to in articles 12 and following. of EU Regulation 2016/679, namely:
1. access to personal data;
2. to obtain the correction or cancellation of the same or the limitation of the processing that concerns him;
3. to oppose the treatment;
4. to the portability of data;
5. to withdraw consent;
6. to propose a complaint to the supervisory authority (Privacy Guarantor).
To exercise the aforementioned rights, make a report or receive information on the processing of personal data, requests can be made by writing to the Data Controller at the address via Pietro Borsieri 25, Milan (MI), 20159 or at the following email address electronic email@example.com.
Last Updated May 30, 2018