Dear Interested Party, Climbo S.r.l. has great respect for the privacy of Users.
The data that may be communicated through the Site will be treated with the utmost care and with all the tools necessary to ensure their security, in full compliance with current legislation placed to protect the confidentiality of data. We wish to inform you that the "European Regulation 2016/679 on the Protection of Individuals with regard to the Processing of Personal Data and on the free movement of such data" (henceforth "Regulation" or "GDPR") provides for the protection of individuals with regard to the processing of data of a personal nature as a fundamental right. Therefore, pursuant to Article 13 of the GDPR, we would like to inform you of the following.
1. WHAT IS CLIMBO AND HOW IT WORKS
Climbo offers its users a software platform called "Climbo", accessible through the website of the same name which, through a series of features and interactions with external providers, allows Customers to:
(a) Centrally manage the reviews of their end customers, also selecting a carousel of the best reviews that they can display on their landing pages;
b) Actively communicate with end customers in order to request the opportunity to review the venue and/or product/service purchased;
c) Monitor the progress of reviews and scores (or "ratings"), which will also be aggregated among the various service providers;
Climbo, in accordance with the GDPR Regulations, acts as:
- Data Controller, with respect to the data of Users who own businesses of various kinds and/or further business activities (hereinafter "Merchants") and browsing data, in particular the data referred to in points a) and b) of Article 2 of this Policy.
- Processor for the data of end customers (i.e. those who review the Merchant's business) conferred by Merchants in the context of requesting, creating and organizing reviews. The processing carried out by Climbo in relation to these categories of data is governed by the "Data Processor Addendum" pursuant to Article 28 of the Regulations. The Addendum constitutes an integral part of the contractual relationship between Climbo and The Merchant, together with this notice and the terms and conditions.
Climbo does not use the data provided by Merchants for its own purposes, such as marketing, market research, communication to third parties, or dissemination. It is understood that Merchants ensure that end customers have been adequately informed that their data will also be processed through external data processors and, in particular, by Climbo.
"Addendum" is the document that governs the relationship between the Merchant and Climbo regarding privacy. "Personal Data" means any information concerning an identified or identifiable natural person, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.
"Climbo" is the company Climbo S.r.l. - Via Marsala 29h - 00185 Rome, Italy P.IVA 15982681007 - Mail: firstname.lastname@example.org
"Processor" the natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Controller.
"Controller" the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data and the instruments adopted, including security measures.
"User(s)" and/or "Customer(s)" "Data Subject(s)" the individual who visits the website www.climbo.com and uses the service, i.e. the one to whom the Personal Data refers who, unless otherwise specified, coincides with the Data Subject.
3. CATEGORIES OF DATA
The Controller collects directly from its Users, Personal Data and other information as part of the online registration processes on the website www.climbo.com, in order to provide the services requested by Users (typically these are data such as e-mail address, first name, last name, contact telephone number of a contact person).
The subject of processing may be personal data of Users such as:
a. Data provided in the basis of registration and the data necessary for payment.
b. Automatically collected data.
The computer systems and applications dedicated to the operation of the Climbo website detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected include the IP addresses and domain names of the computers used by Users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.. ) and other parameters regarding the operating system, browser and computer environment used by the user, name of the internet service provider (ISP), date and time of visit, web page of the visitor's origin (referral) and exit.
c. Data provided voluntarily by the User.
The voluntary and explicit sending of electronic mail to the addresses indicated in the different access channels of this site does not imply a request for consent and involves the acquisition of the sender's address and data, necessary to respond to requests, as well as any other personal data included in the message. These data are understood to be voluntarily provided by the User at the time of the request for the provision of the service. By entering a comment or other information, the User expressly accepts this document, and in particular agrees that the contents entered may also be freely disseminated to third parties. On the contrary, specific summary information will be reported or displayed on the pages of the site set up for particular services on request (forms). The user must therefore explicitly consent to the use of the data in these forms in order to send the request.
d. Data processed as Data Processors.
Climbo processes the data provided by Merchants as a data processor and in accordance with the requirements contained in the Addendum. In particular, Climbo guarantees to comply with the instructions of the Merchant and not to use such data for its own purposes, such as marketing, market research,
communication to third parties or dissemination.
Personal data held by the Owner are collected directly from the Data Subject. End-customer data are uploaded by Merchants as part of the use of services.
5. PURPOSEDATA PROCESSING AND LEGAL BASIS
The processing of Users' data has the following purposes and legal basis:
1. Registration and access to services
Purpose: authentication and use of the site. Legal basis: contractual fulfillment.
2. Payment processing.
Purpose: access to certain purposes of the service. Legal basis: contractual fulfillment.
3. Storage of Users' payment data.
Purpose: to speed up the purchase process. Without consent, nothing will be stored. Legal basis: consent of the User.
4. Communication to business partners and/or third parties
Purpose: Communications for marketing, promotional and/or commercial purposes. Legal basis: consent of the User.
Purpose: to send e-mail about news and topics of interest. Legal basis: consent of the User.
6. Sending direct marketing communications
Purpose: updates on the Owner's products and services. Legal basis: legitimate interest of the Owner.
7. Service maintenance and improvement.
Purpose: Use of aggregated and anonymous data to improve the service. Legal basis: legitimate interest of the Owner.
8. Detecting or preventing fraudulent activities.
Purpose: To detect, prevent or stop fraudulent activities on the site. Legal basis: legitimate interest of the Owner and legal obligation.
9. Compliance with court orders Purpose: to comply with legal obligations.
Legal basis: legal obligation.
10. Accounting records.
Purpose: to comply with legal obligations. Legal basis: legal obligation.
11. Automatically collected data.
Purpose: to ensure and improve the web browsing experience. Legal basis: the legitimate interest of the Data Controller.
12. Data voluntarily provided by the User,
Purpose: is the purpose inherent in the request to enter that data. Legal basis: consent of the User.
13. For cookies and plug-ins: see the cookies policy by clicking here www.climbo.com/legal.
The provision of personal data for the purposes referred to in point 1 and 2 of this article is necessary to allow you to register on the platform and to conclude the contract. Therefore, in the absence of the aforementioned data, you will not be able to use our services.
Consent for the purposes referred to in point 3, 4 and 5 is optional and does not entail any negative consequences for Users' experience.
6. DATA RECIPIENTS
To the extent relevant to the stated processing purposes, Users' data may be disclosed to partners, consulting companies, private companies, third-party technical service providers, hosting providers, IT companies, communications agencies.
If the suppliers process personal data on behalf of the Data Controller, they will be appointed as data processors ex art. 28 GDPR.
7. DATA TRANSFER TO A THIRD COUNTRY
The Climbo website may share some of the data collected with services located outside the European Union area. In particular, through social plug-ins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of the EU Regulation 2016/679, so it does not require specific authorizations.
According to the principle of storage limitation (art.5, GDPR), the verification of the obsolescence of the stored data in relation to the purposes for which they were collected is carried out periodically.
(a) automatically collected data are processed, for the time strictly necessary, for the sole purpose of
derive statistical information on the use of the site and to check its regular operation,
also for security purposes or according to the deadlines stipulated by legal regulations;
b) the data voluntarily provided by the user will be kept for a period of time not exceeding the achievement of the purposes for which they are processed or according to the deadlines provided by the
9. RIGHTS OF THE DATA SUBJECT
The Data Subject always has the right to request from the Data Controller access to his/her data, rectification or erasure of data, restriction of processing or the possibility to object to processing, to request data portability, to revoke consent to processing by asserting these and other rights under the GDPR by simple communication to the Data Controller. The Data Subject may also lodge a complaint with a supervisory authority.
The Interested Party may forward these requests to the following e-mail address: email@example.com
10.DATA PROCESSING METHODS.
The personal data provided by the Users will be subject to processing operations in compliance with the aforementioned regulations and the obligations of confidentiality that inspire the activity of the Data Controller. The data will be processed both with computer tools and on paper media as well as on any other type of suitable media, in compliance with the adequate security measures pursuant to Article 5 par. 1 letter F of the GDPR.
11.FINAL NOTES AND WAY OF UPDATING