This policy refers only to how data is processed as a result of filling out contact forms for the newsletter and/or "Get in touch" service, if any. For the general privacy of MeetAlpha, please refer to the "Privacy Policy".
The newsletter service consists of sending communications following the recipient's express request by filling in the appropriate fields at www.meetalpha.it.
The "Get in touch" service consists of sending communications following the express request of the recipient, which can be identified in the person of Sales Associate/Store Manager/Brand/Retail Manager/Brand Executive, VP/Other, by filling in the appropriate fields after clicking the “Get in touch” button located at the top right of the website www.meetalpha.it.
1. THE DATA CONTROLLER
2. DATA PROCESSED.
3. LEGAL BASIS
4. PURPOSES OF THE SPECIFIC PROCESSING
5. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU
6. FOR THOSE WHO ARE RESIDENTS OUTSIDE THE EU
7. FOR HOW LONG YOUR DATA WILL BE KEPT
8. DATA PROTECTION RIGHTS
9. THE DATA PROTECTION SUPERVISORY AUTHORITY
10. DATA PROTECTION
11. COMMUNICATIONS
***
1. THE DATA CONTROLLER
This information explains how we process your data limited to the newsletter and the "Get in touch" contact form on https://www.meetalpha.it.
The following are the DATA CONTROLLER of your personal data in Alpha, according to Art. 26 GDPR:
All our servers are physically located in Europe, specifically in Frankfurt (DE).
SINCE THE JOINT OWNERS ARE LEGAL ENTITIES THAT ARE PART OF THE SAME CORPORATE GROUP (INTRA-GROUP DATA TRANSFER), BUT SUBJECT TO ITALIAN LAW AND AMERICAN LAW RESPECTIVELY, THEY HAVE JOINTLY DECIDED TO REGULATE THE PROCESSING OF DATA THROUGH THE ALPHA APPLICATION AS FOLLOWS, PAYING GREAT ATTENTION TO COMPLIANCE WITH THE GDPR.
THE JOINT OWNERS HAVE DECIDED TO APPLY THE EUROPEAN REGULATIONS ALSO TO NON-EU USERS, AS THESE PROVISIONS ARE MORE PROTECTIVE OF THE RIGHTS ASSOCIATED WITH THE PROCESSING OF PERSONAL DATA
Article 26(2) of the GDPR provides that, 'The co-ownership agreement shall adequately reflect the roles and relationships of the co-owners with the data subjects. The essential content of the agreement shall be made available to the data subjects."
The parties signed a DPA (Data Protection Agreement) in order to limit the areas of circulation and processing of personal data (e.g. storage, archiving and retention of data on their own servers or in the cloud) to countries within the European Union.
2. DATA PROCESSED
For newsletter and marketing purposes we process the following categories of data:
"Common" type of personal data having as subject: first and last name, email address, telephone number and any other information you decide to share with us on a voluntary basis by filling out the appropriate form.
3. LEGAL BASIS
We process data with your CONSENT.
By using our services you explicitly approve the Privacy Policy, consenting to the processing of your personal data in point 2) in relation to the methods and purposes described below. The provision of consent to the newsletter and the "Get in touch" service is therefore optional. However, its failure to provide the purposes in point 4 will prevent you from being able to receive any type of communication.
You may revoke your consent to the newsletter and the "Get in touch" service via the appropriate disclaimer contained in the footer of each email you receive from our site or by sending an email to dpo@meetalpha.it requesting cancellation.
Consent, according to the European Regulation (art. 4 GDPR), is any free, specific, informed and unequivocal manifestation of will, following our clear and concise request.
If you do not provide consent, we will not be able to allow your account registration to continue and our services to continue.
Your provided consent applies to all processing activities carried out for the same purpose(s).
In case you have any doubts or questions about the rectification/deletion mode, you can contact us at the email below: dpo@meetalpha.it
The provision of consent to the newsletter is therefore optional. However, its failure to provide the purposes mentioned in point 4 will prevent you from being able to receive any type of communication.
Your data will be retained for a period of time not exceeding the achievement of the purposes for which they are processed and for a maximum of 12 months, for profiling, and 24 months, for "generic" marketing, in full compliance with the retention limitation principle provided by the GDPR; that is, until your consent is revoked. You may revoke your consent to the newsletter via the appropriate disclaimer contained in the footer of each email you receive from our site or by sending an email to dpo@meetalpha.it requesting cancellation.
4. PURPOSES OF SPECIFIC PROCESSING
We collect Personal Information for the following purposes:
- Responding to requests for information about the service
- To be contacted for possible offers;
- Involve you in surveys or evaluations
- Sending questions or comments;
- Marketing
5. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU
Your data will not be transferred outside the EU. The management and storage of your personal data will take place in the cloud and on servers located within the European Union (Frankfurt - Germany) owned by and/or at the disposal of the Data Controllers and/or third-party companies duly appointed as data processors.
Any cross-border transfer of data to countries is carried out in accordance with the applicable regulations, as well as in compliance with the provisions taken by the European Court of Justice and the domestic and foreign Authorities on the protection of personal data.
In the absence of consent, your personal data will not be disseminated.
In any event, transfers of personal data to countries outside the European Economic Area (EEA) or to an international organisation are permitted provided that the adequacy of the third country or organisation is recognised by a decision of the European Commission (Article 45 of EU Regulation 2016/679).
In the absence of such a decision, the transfer is permitted where the data controller or processor provides adequate safeguards providing for enforceable rights and effective remedies for data subjects (Art. 46 of EU Regulation 2016/679).
6. FOR NON-EU RESIDENTS
For non-EU residents, the privacy regulations in force will apply, subject to all the security standards and respect for all the rights recognized to EU citizens.
COUNTRY-SPECIFIC INFORMATION
- NEVADA: For residents of the State of Nevada, under a new chapter of Nevada Revised Statutes, Chapter 603A, entitled Security and Privacy of Personal Information, to regulate how a company must respond to breaches of a security system and required data collectors to provide customers with notification of any security breach involving an individual's personally identifiable information. The law requires companies to take reasonable steps to delete or destroy records or data containing personally identifiable information. To make a request in this regard, please contact: dpo@meetalpha.it
- CALIFORNIA: For residents of the State of California, the California Privacy Rights Act (CPRA), which recently went into effect on 1 January 2023, amended and expanded the CCPA by granting additional rights to consumers that limit the use of personal information, correction of personal information, opt-out rights related to personal information, and established the California Privacy Protection Agency (CCPA) to enforce violations of the CCPA and CPRA.
Under the CPRA amendment, users can choose not to share their personal information (including sensitive personal information) with third parties. For the purposes of the above, please contact dpo@meetalpha.it and provide the information to be added to our "opt-out list".
- UNITED KINGDOM: As of 01.01.2022, the GDPR ceased to have direct effect in the UK.
However, given the trade agreement, the UK is committed to maintaining an equivalent data protection regime. the EU and the UK have concluded a trade agreement (the EU-UK Trade & Co-operation Agreement) that sets legislative standards for data protection.
- SWITZERLAND: As an independent authority, the Federal Data Protection and Information Commissioner (FDPIC) oversees data protection. Having noted the adequate level of protection guaranteed by Switzerland, the Garante authorised the transfer of personal data from Italy to the Swiss Confederation by order No. 275 of 26 November 2001.
7. HOW LONG YOUR DATA WILL BE STORED
Pursuant to Article 17 of the GDPR, your data will be stored for as long as we are legally obliged to or for as long as we need your data for the stated purposes or until you decide to discontinue the service.
Your data will then be deleted in accordance with the principle of data minimisation (minimisation).
8. DATA PROTECTION RIGHTS YOU CAN CLAIM AS A DATA SUBJECT
You can exercise multiple rights to which you are entitled as a data subject. To do so, please see the contact details in Section 15 of our privacy policy.
Right of access
You can request information about your stored personal data (Art. 15 of the GDPR). This information includes the categories of data processed by us, the purposes of the processing, the origin of the data if we have not collected it directly from you, and if applicable the recipients to whom we have transmitted your data. You may receive from us a free copy of your data, which is the subject of the agreement. If you are interested in additional copies, we reserve the right to bill you for any additional copies.
Right to rectification and erasure
You can request rectification of inaccurate personal data and completion of incomplete personal data about you. (Art. 16 of the GDPR). In addition, you can request the deletion of your data under the terms and conditions of Art. 17 of the GDPR.
This could happen, for example:
Right to restrict processing
You have the right to limit the processing of your personal data, e.g., by marking your stored data for the purpose of limiting its future processing. For this purpose, you must meet one of the conditions specified in Art. 18 of the GDPR, e.g.
legal claim.
processing outweighs yours.
Right to data portability
You have the right to receive in a structured, commonly used, machine-readable format the personal but non- particular content data you have provided to us. You can transfer said data to another data controller without hindrance. You have the right to obtain direct transmission of personal data to another data controller, if technically feasible (Art. 20 GDPR).
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, provided that the processing of the data is based on your consent or on our legitimate interests or those of a third party. In such a case, we will refrain from further processing your personal data unless you demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of a legal claim. You can object to the processing at any time if your personal data is processed by us for direct marketing purposes (Art. 21 GDPR). The right to withdraw your consent to processing remains freely revocable at any time, regardless of your right to object.
Right to lodge a complaint with a supervisory authority
We work together with you to achieve a fair resolution of any complaints regarding data protection. You have the right to file a complaint with the Data Protection Authority if you believe that our processing of your personal data violates applicable data protection law.
Please note that you will be able to exercise your rights by simply sending a request via e-mail to the Data Controller's Internal Data Protection Contact, indicated in point 1 of this Privacy Policy, as well as being able to use the additional IT systems, adopted by the Data Controllers, which will allow you to independently modify or revoke the consents previously expressed and, where possible, to re-evaluate your preferences regarding the processing carried out (e.g. mail-in and preference center managed on IT platforms).
9. THE PERSONAL DATA PROTECTION SUPERVISORY AUTHORITY
The personal data protection provisions, contained within the GDPR, are available and accessible by clicking this link.
The Supervisory Authorities relevant to the processing of personal data covered by this privacy policy are:
- Garante italiano per la protezione dei dati personali, Italian personal data Protection guarantor
- Garante europeo per la protezione dei dati personali, European Data Protection Supervisor
- European Data Protection Board/EDPB
- Federal Trade Commission/FTC (USA)
10. HOW YOUR DATA IS PROTECTED
The processing of your personal data is carried out by means of the operations indicated in Article 4, No. 2), GDPR - carried out with or without the aid of computer systems - namely: collection, recording, organization, structuring, updating, storage, adaptation or modification, extraction and analysis, consultation, use, communication by transmission, comparison, interconnection, limitation, deletion, or destruction.
In any case, the logical and physical security of the databases and, in general, the confidentiality of the personal data processed will be guaranteed, putting in place all the necessary technical and organizational measures adequate to ensure their security.
11. COMMUNICATIONS
If you have any questions, concerns or requests regarding this Privacy Policy or the processing of your personal data, you may contact us as a data subject at the following e-mail address: dpo@meetalpha.it