Data Controller

Punto Maglia srl
Via Silvio Poli n.10
40026 Imola (BO) Italy

Email address of the Owner: info@puntomaglia.it

Types of Data Collected

Among the Personal Data collected by this Website, either independently or through third parties, are: name; email; various types of Data; Tracking Tools; surname; billing address; shipping address; phone number; payment information; device information; Usage Data; physical address; company name; country; state; username; purchase history; number of Users; session statistics; survey responses; clicks; keypress events; motion sensor events; mouse movements; scroll position; touch events; unique device identifiers for advertising (Google Advertiser ID or IDFA identifier, for example); city; browser information; password; Tax Code; geographic location; order ID; time zone; app launches; number of sessions; session duration; page scroll interactions; pageview; interaction events; page events; date of birth; IP address; app information; device logs; operating systems; language; street number; address; geographic region; approximate location; location information; ZIP code; province; county; latitude (of the city); longitude (of the city); metropolitan area; point of sale data; in-app purchases; billing data; product interaction; User ID; identity document; contact details; Data provided during service use.

Full details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed prior to the collection of the Data.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Website.
Unless otherwise specified, all Data requested by this Website is mandatory. If the User refuses to provide it, it may be impossible for this Website to provide the Service. In cases where this Website indicates certain Data as optional, Users are free to refrain from providing such Data without any consequences on the availability or operation of the Service.
Users who have doubts about which Data is mandatory are encouraged to contact the Owner.
The possible use of Cookies - or other tracking tools - by this Website or by the third-party service providers used by this Website is intended to provide the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Website.

Methods and place of processing the collected Data

Processing methods

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
The processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the organization of this Website (administrative, commercial, marketing, legal personnel, system administrators) or external entities (such as third-party technical service providers, postal carriers, hosting providers, IT companies, communication agencies) may have access to the Data, and if necessary, be appointed as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Location

The Data is processed at the operational headquarters of the Controller and in any other place where the parties involved in the processing are located. For more information, contact the Controller.
The User's Personal Data may be transferred to a country different from where the User is located. For further information on the location of the processing, the User can refer to the section on details of the Personal Data processing.

Retention period

Unless otherwise specified in this document, Personal Data is processed and stored for the time required for the purpose for which it was collected and may be retained for a longer period due to any legal obligations or based on the Users' consent.

Purpose of Data Processing

User Data is collected to allow the Owner to provide the Service, comply with legal obligations, respond to requests or enforcement actions, protect its own rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities, as well as for the following purposes: Contacting the User, Platform and hosting services, Tag management, Displaying content from external platforms, Managing contacts and sending messages, Interaction with social networks and external platforms, Remarketing and behavioral targeting, Advertising, Statistics, Protection from spam and bots, and Payment management.

For detailed information on the purposes of the processing and on the Personal Data processed for each purpose, the User can refer to the section "Details on the processing of Personal Data."

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

• Contacting the User

  Contact form (this Website)

  By filling in the contact form with their Data, the User consents to its use to respond to requests for information, quotes, or any other nature indicated by the form’s header.

  Personal Data processed: email; name; Tracking Tools; various types of Data.

  Category of Personal Information collected under the CCPA: identifiers; information relating to activities on the internet or other networks.

  This type of processing constitutes:

  • a Sale in California

  Mailing list or newsletter (this Website)

  By registering for the mailing list or newsletter, the User's email address is automatically added to a contact list to which email messages containing information, including commercial and promotional information, related to this Website may be transmitted. The User's email address may also be added to this list as a result of registering on this Website or after making a purchase.

  Personal Data processed: last name; email; first name; Tracking Tools.

  Category of Personal Information collected under the CCPA: identifiers; information relating to activities on the internet or other networks.

  This type of processing constitutes:

  • a Sale in the United States

• Managing contacts and sending messages

  This type of service allows managing a database of email contacts, phone contacts, or any other type of contact, used to communicate with the User.
  These services may also allow collecting data regarding the date and time the User views the messages, as well as the User's interaction with them, such as information on clicks on the links included in the messages.

  Klaviyo (Klaviyo Inc.)

  Klaviyo is an address management and email message sending service provided by Klaviyo Inc.

  To use the service provided by Klaviyo, the Owner generally shares information regarding Users (who make purchases), such as contact details and purchase history. For more information regarding the scope of this sharing, check the indications provided below under "Personal Data processed."

  Personal Data processed: last name; purchase history; Usage Data; email; physical address; country; first name; phone number; company name; state; Tracking Tools; username; various types of Data.

  Place of processing: United States – Privacy Policy – Opt out.

  Category of Personal Information collected under the CCPA: identifiers; commercial information; information relating to activities on the internet or other networks.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

• Payment management

  Unless otherwise specified, this Website processes all payments by credit card, bank transfer, or other means via external payment service providers. In general, and unless otherwise indicated, Users are asked to provide payment details and personal information directly to such payment service providers. This Website is not involved in the collection and processing of such information: it will instead receive only a notification from the payment service provider in question about the completed payment.

  PayPal (Paypal)

  PayPal is a payment service provided by PayPal Inc., which allows the User to make online payments.

  Personal Data processed: Tax Code; last name; purchase history; Usage Data; email; time zone; order ID; billing address; shipping address; payment information; first name; phone number; password; geographical location; business name; Tracking Tools; username; various types of Data as specified by the service's privacy policy.

  Place of processing: See Paypal's privacy policy – Privacy Policy.

  Category of Personal Information collected under the CCPA: identifiers; commercial information; information related to internet or other network activity; geolocation data.

  Scalapay (Scalapay S.r.l.)

  Scalapay is a payment service provided by Scalapay S.r.l. that allows customers to pay in installments.

  Personal Data processed: in-app purchases; address; metropolitan area; ZIP code; city; clicks; Tax Code; last name; county; purchase history; date of birth; billing data; Usage Data; point of sale data; identity document; session duration; email; interaction events; page events; keypress events; order ID; User ID; billing address; shipping address; physical address; payment information; location information; browser information; device information; app information; product interaction; page scroll interactions; IP address; app launches; city latitude; language; device logs; city longitude; mouse movements; country; first name; street number; session count; phone number; pageview; approximate location; geographical location; scroll location; province; geographical region; operating systems; session statistics; state.

  Place of processing: Italy – Privacy Policy.

  Category of Personal Information collected under the CCPA: identifiers; commercial information; information related to internet or other network activity; geolocation data; information derived from other personal information.

  Satispay (Satispay Europe S.A.)

  Satispay is a payment service provided by Satispay Europe S.A. that allows the User to make online payments.

  Personal Data processed: address; last name; contact details; Usage Data; User ID; first name; Tracking Tools; various types of Data as specified by the service's privacy policy.

  Place of processing: Luxembourg – Privacy Policy.

  Category of Personal Information collected under the CCPA: identifiers; information relating to activities on the internet or other networks.

• Tag management

  This type of service is functional for the centralized management of tags or scripts used on this Website. The use of such services involves the flow of User Data through them and, where applicable, their retention.

  Google Tag Manager (Google Ireland Limited)

  Google Tag Manager is a tag management service provided by Google Ireland Limited.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

• Interaction with social networks and external platforms

  This type of service allows interaction with social networks, or other external platforms, directly from the pages of this Website. Interactions and information acquired from this Website are always subject to the User's privacy settings for each social network. This type of service may still collect traffic data for the pages where the service is installed, even when Users do not use it. It is recommended to log out from the respective services to ensure that the data processed on this Website is not connected back to the User's profile.

  Like button and Facebook social widgets (Meta Platforms Ireland Limited)

  The “Like” button and Facebook social widgets are interaction services with the Facebook social network, provided by Meta Platforms Ireland Limited.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in the United States

• Protection against spam and bots

  This type of service analyzes the traffic of this Website, potentially containing Users' Personal Data, in order to filter it from parts of unwanted traffic, messages, and content recognized as SPAM or to protect it from malicious bot activities.

  Google reCAPTCHA (Google Ireland Limited)

  Google reCAPTCHA is an anti-SPAM protection service provided by Google Ireland Limited. The use of the reCAPTCHA system is subject to Google's privacy policy and terms of use.

  For an understanding of how Google uses data, please refer to the Google Partner Privacy Policies.

  Personal Data processed: clicks; Usage Data; keypress events; motion sensor events; touch events; mouse movements; scroll position; question responses; Tracking Tools.

  Place of processing: Ireland – Privacy Policy.

  Category of Personal Information collected under the CCPA: information on internet or other network activity; information derived from other personal information.

• Advertising

  Some of the services listed below may use Tracking Tools to identify the User, or use behavioral retargeting, meaning display personalized ads based on the User's interests and behavior, or measure the performance of ads. For more information, we suggest checking the privacy policies of the respective services. Generally, services of this kind offer the possibility to disable such tracking. In addition to any opt-out feature provided by any of the services listed in this document, the User can read more about how to disable interest-based advertising in the appropriate section "How to disable interest-based advertising" in this document.

  Meta ads conversion tracking (Meta pixel) (Meta Platforms Ireland Limited)

  Meta ads conversion tracking (Meta pixel) is a statistics service provided by Meta Platforms Ireland Limited that connects data from the Meta advertising network with actions performed on this Website. The Meta pixel tracks conversions that can be attributed to Facebook, Instagram, and Audience Network ads.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California

  Meta Lookalike Audience (Meta Platforms Ireland Limited)

  Meta Lookalike Audience is an advertising and behavioral targeting service provided by Meta Platforms Ireland Limited that uses Data collected through the Meta Custom Audience service to show ads to Users with behaviors similar to Users who are already on a Custom Audience list based on their previous use of this Website or their interaction with relevant content through Meta's applications and services.
  Based on this Data, personalized ads will be shown to Users suggested by Meta Lookalike Audience.

  Users can choose not to use Meta's Tracking Tools for ad personalization by visiting this opt-out page.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Google Ad Manager (Google Ireland Limited)

  Google Ad Manager is an advertising service provided by Google Ireland Limited with which the Owner can conduct advertising campaigns in conjunction with external advertising networks with which the Owner, unless otherwise specified in this document, has no direct relationship.
  For an understanding of how Google uses Data, please refer to the Google Partner Privacy Policies.
  This service uses the "DoubleClick" Cookie, which tracks the use of this Website and the User's behavior in relation to the advertisements, products, and services offered.

  The User can decide at any time to disable all DoubleClick cookies by going to: Ad Settings.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Google Ads Similar Audiences (Google Ireland Limited)

  Similar Audiences is an advertising and behavioral targeting service provided by Google Ireland Limited that uses Google Ads Remarketing Data to show ads to Users with behaviors similar to those of other Users who are already on the remarketing list due to their previous use of this Website.
  Based on this Data, personalized ads will be shown to Users suggested by Google Ads Similar Audiences.

  Users who do not want to be included in similar audiences can choose to opt out and disable the use of advertising Tracking Tools by visiting Google's Ad Settings.

  For an understanding of Google's use of Data, please consult the Google Partner Policies.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Google Ads Conversion Tracking (Google Ireland Limited)

  Google Ads Conversion Tracking is a statistics service provided by Google Ireland Limited that connects data from the Google Ads network with actions performed on this Website.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California

• Remarketing and behavioral targeting

  This type of service allows this Website and its partners to communicate, optimize, and serve advertisements based on the User's past use of this Website.
  This activity is facilitated by tracking Usage Data and using Tracking Tools to collect information that is then transferred to partners who manage remarketing and behavioral targeting activities.
  Some services offer a remarketing option based on email address lists.
  Generally, services of this kind offer the possibility to opt-out of such tracking. In addition to any opt-out feature provided by any of the services listed in this document, the User can read more about how to disable interest-based advertising in the appropriate section "How to disable interest-based advertising" in this document.

  Facebook Remarketing (Meta Platforms Ireland Limited)

  Facebook Remarketing is a remarketing and behavioral targeting service provided by Meta Platforms Ireland Limited that connects the activity of this Website with the Meta advertising network.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Meta Custom Audience (Meta Platforms Ireland Limited)

  Meta Custom Audience is a remarketing and behavioral targeting service provided by Meta Platforms Ireland Limited that connects the activity of this Website with the Meta advertising network.

  Users can opt out of Meta's Tracking Tools for ad personalization by visiting this opt-out page.

  Personal Data processed: email; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt out.

  Category of Personal Information collected under the CCPA: identifiers; information relating to activities on the internet or other networks.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Google Signals (Google Ireland Limited)

  This Website uses Google Signals, a feature of Google Analytics that associates information on views collected from this Website with Google information from users' Google accounts who have consented to this association for ad personalization. This Google information may include the User's location, search history, YouTube history, and Data from Google's partner sites and is used to provide aggregated and anonymous insights into cross-device User behavior.

  If a User falls within the above-described association, they can access and/or delete such Data through the MyActivity feature provided by Google.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Google Ad Manager Audience Extension (Google Ireland Limited)

  Google Ad Manager Audience Extension is a remarketing and behavioral targeting service provided by Google Ireland Limited that tracks visitors to this Website and allows selected advertising partners to display personalized ads to them across the web.

  For an understanding of Google's use of Data, please consult the Google Partner Policies.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Google Ads Remarketing (Google Ireland Limited)

  Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the activity of this Website with the Google Ads advertising network and the DoubleClick Cookie.

  For an understanding of Google's use of Data, please consult the Google Partner Policies.

  Users can opt out of Google's Tracking Tools for ad personalization by visiting Google's Ad Settings.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Remarketing with Google Analytics (Google Ireland Limited)

  Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the tracking activity performed by Google Analytics and its Tracking Tools with the Google Ads advertising network and the DoubleClick Cookie.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt OutOpt Out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

• Platform and Hosting Services

  These services are designed to host and operate key components of this Website, making it possible to deliver this Website from a single platform. These platforms provide the Owner with a wide range of tools such as, for example, analytics tools, user registration management, comment and database management, e-commerce, payment processing, etc. The use of these tools involves the collection and processing of Personal Data.
  Some of these services operate through servers located in different geographical locations, making it difficult to determine the exact location where Personal Data is stored.

  Shopify (Shopify International Limited)

  Shopify is a platform provided by Shopify International Limited that allows the Owner to develop, operate, and host a website dedicated to e-commerce.

  Personal Data processed: last name; Usage Data; email; billing address; shipping address; payment information; device information; first name; phone number; Tracking Tools.

  Place of processing: Ireland – Privacy Policy.

  Category of Personal Information collected under the CCPA: identifiers; commercial information; information relating to activities on the internet or other networks.

• Statistics

  The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

  Google Analytics 4 (Google Ireland Limited)

  Google Analytics is a statistics service provided by Google Ireland Limited ("Google"). Google uses the Personal Data collected to track and examine the use of this Website, compile reports, and share them with other services developed by Google.
  Google may use the Personal Data to contextualize and personalize the ads of its own advertising network.
  In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is recorded in any data center or server. For more information, you can consult the official Google documentation.

  For an understanding of how Google uses data, please refer to the Google Partner Privacy Policies.

  Personal Data processed: Usage Data; number of Users; session statistics; Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California

  Advertising Reporting Features in Google Analytics (Google Ireland Limited)

  Google Analytics on this Website has activated advertising reporting features, which collect additional information from the DoubleClick cookie (web activity) and device advertising IDs (application activity). This allows the Owner to analyze specific Data related to User behaviors and interests (traffic Data and User interaction with ads) and, if enabled, demographic Data (information on age and gender).

  Users can choose not to use Google cookies by visiting Google's [Ad Settings](https://adssettings.google.com/authenticated).

  Personal Data processed: unique device identifiers for advertising (Google Advertiser ID or IDFA identifier, for example); Tracking Tools; various types of Data as specified by the service's privacy policy.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Category of Personal Information collected under the CCPA: identifiers; information relating to activities on the internet or other networks.

  This type of processing constitutes:

  • a Sale in California

  Google Analytics Granular Location and Device Data Collection (Google Ireland Limited)

  On this Website, Google Analytics has activated granular data collection, which collects data related to location and device on a regional basis. This allows the Owner to create and analyze User reports based on these metrics.

  Personal Data processed: city; Usage Data; browser information; device information; number of Users; session statistics; Tracking Tools.

  Place of processing: Ireland – Privacy Policy.

  Category of Personal Information collected under the CCPA: identifiers; information relating to activities on the internet or other networks.

  This type of processing constitutes:

  • a Sale in California
  • a Sharing in California

  Google Analytics Demographics and Interests Reports (Google Ireland Limited)

  Google Analytics Demographics and Interests Reports is an advertising reporting feature that makes demographic and interest Data available within Google Analytics for this Website (demographic Data refers to Data on age and gender).

  Users can choose not to use Google cookies by visiting Google's [Ad Settings](https://adssettings.google.com/authenticated).

  Personal Data processed: unique device identifiers for advertising (Google Advertiser ID or IDFA identifier, for example); Tracking Tools.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Category of Personal Information collected under the CCPA: identifiers; information relating to activities on the internet or other networks.

  This type of processing constitutes:

  • a Sale in California

  Meta Events Manager (Meta Platforms Ireland Limited)

  Meta Events Manager is a statistics service provided by Meta Platforms Ireland Limited. By integrating the Meta pixel, Meta Events Manager can provide the Owner with information on traffic and interactions on this Website.

  Personal Data processed: ZIP code; city; last name; Data communicated during the use of the service; Usage data; email; billing address; shipping address; country; first name; phone number.

  Place of processing: Ireland – Privacy Policy – Opt out.

  Category of Personal Information collected under the CCPA: identifiers; information relating to activities on the internet or other networks.

• Displaying content from external platforms

  This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them. These services are often called widgets, which are small elements embedded in a website or application. They provide specific information or perform a particular function and often allow user interaction.
  This type of service may still collect web traffic data related to the pages where the service is installed, even when users do not use it.

  Google Fonts (Google Ireland Limited)

  Google Fonts is a font style display service managed by Google Ireland Limited that allows this Website to integrate such content within its pages.

  Personal Data processed: Usage Data; Tracking Tools.

  Place of processing: Ireland – Privacy Policy.

  Category of Personal Information collected under the CCPA: information related to internet or other network activity.

  This type of processing constitutes:

  • a Sale in California

Information on how to disable interest-based advertising

In addition to any opt-out feature provided by any of the services listed in this document, Users can read more about how to disable interest-based advertising in the appropriate section of the Cookie Policy.

Cookie Policy

This Website uses Tracking Tools. To learn more, Users can consult the Cookie Policy.

Additional information for users in Switzerland

This section applies to Users in Switzerland and, for such Users, replaces any other differing or conflicting information contained in the privacy policy.

Further details regarding the categories of Data processed, the purposes of the processing, the categories of recipients of the personal data, if any, the retention period, and other information on the Personal Data can be found in the section entitled "Detailed information on the processing of Personal Data" within this document.

User rights under the Federal Data Protection Act

Users can exercise certain rights regarding their data within the limits of the law, including the following:

• right of access to Personal Data;
• the right to object to the processing of their Personal Data (which also allows Users to request the limitation of the processing of Personal Data, the deletion or destruction of Personal Data, the prohibition of disclosure of Personal Data to third parties);
• right to receive their Personal Data and to transfer it to another data controller (data portability);
• right to request the rectification of incorrect Personal Data.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and the Owner will respond as quickly as possible, providing Users with the information required by law.

Additional information for Users in Brazil

This section of the document supplements and completes the information contained in the rest of the privacy policy and is provided by the entity that manages this Website and, if applicable, by its parent company and its subsidiaries and affiliates (for the purposes of this section collectively referred to as "we," "our" or "ours"). This section applies to all Users in Brazil (such Users are hereinafter simply referred to as "you," "your," "yours"), pursuant to the "Lei Geral de Proteção de Dados" and, for such Users, prevails over any other potentially divergent or conflicting information contained in this privacy policy. In this part of the document, the term "personal information" is used as defined by the LGPD.

Legal bases under which we process your personal information

We process your personal information only if there is one of the legal bases for such processing. The legal bases are as follows:

• your consent to the processing activities in question;
• compliance with legal obligations we are required to fulfill;
• the execution of rules dictated by laws or regulations or by contracts, agreements, or other similar legal instruments;
• studies conducted by research entities, preferably carried out on anonymized personal information;
• the execution of a contract and the related pre-contractual obligations, if you are a party to such contract;
• the exercise of our rights in court, in administrative procedures, or in arbitrations;
• the protection or physical safety of you or a third party;
• the protection of health - in the context of procedures implemented by health sector entities or professionals;
• our legitimate interest, provided that your fundamental rights and freedoms do not override such interests; and
• the protection of credit.

To learn more about the legal bases, you can contact us at any time using the contact details provided in this document.

Categories of personal information processed

To know which categories of personal information are processed, you can refer to the section "Details on the Processing of Personal Data" in this document.

Why we process your personal information

To understand why we process your personal information, refer to the sections "Details on the Processing of Personal Data" and "Purpose of the Data Collected" in this document.

Your privacy rights in Brazil, how to submit a request and how it will be handled by us

Your privacy rights in Brazil

You have the right to:

• obtain confirmation of the existence of processing activities concerning your personal information;
• access your personal information;
• obtain the rectification of your incomplete, inaccurate, or outdated personal information;
• obtain the anonymization, blocking, or deletion of unnecessary or excessive personal information, or of information processed in violation of the provisions of the LGPD;
• obtain information regarding the possibility of granting or refusing your consent and the related consequences;
• obtain information regarding the third parties with whom we share your personal information;
• obtain, upon your explicit request, the portability of your personal information (except for anonymized information) to other providers of products or services, provided that our trade and industrial secrets are safeguarded;
• obtain the deletion of personal information processed if the processing was based on your consent, unless one or more of the exceptions provided for in Article 16 LGPD apply;
• revoke your consent at any time;
• file a complaint regarding your personal information with the ANPD (National Data Protection Authority) or a consumer protection body;
• object to processing activities when such processing is not carried out in accordance with legal provisions;
• request clear and adequate information regarding the criteria and procedures used in automated decision-making processes; and
• request a review of decisions that harm your interests, made solely on the basis of automated decision-making processes of your personal information. These include decisions to outline your personal, professional, consumer, or creditor profile, or other aspects of your personality.

You will never be discriminated against, nor will you suffer any unfavorable treatment as a result of exercising your rights.

How to submit a request

You can submit a formal request to exercise your rights free of charge, at any time, using the contact details provided in this document or through your legal representative.

How and when we will handle your request

We will do our best to respond to your request as quickly as possible.
In any case, if it is impossible for us to do so, we will ensure to communicate the factual or legal reasons that prevent us from immediately satisfying or following up on your request. If your personal information is not processed by us, if we are able to do so, we will indicate the natural or legal person to whom you should direct your requests.

If you decide to submit a request for access or a request for confirmation of the existence of processing of personal information, please make sure to specify whether you prefer to receive your personal information in electronic or paper format.
You should also let us know if you want an immediate response, in which case you will receive a simplified response, or if you need a full disclosure.
In the latter case, we will respond within 15 days from the time of your request, providing you with all the information regarding the origin of your personal information, confirmation or not of the existence of personal information concerning you, all the criteria used for processing and the purposes of such processing, while safeguarding our trade and industrial secrets.

If you decide to submit a request for rectification, deletion, anonymization, or blocking of personal information, we will ensure to immediately inform the other parties with whom we have shared your personal information so that they can also fulfill your request - except in cases where such communication is impossible or excessively burdensome for us.

Transfer of personal information outside Brazil in cases permitted by law

We may transfer your personal information outside Brazilian territory in the following cases:

• when the transfer is necessary for international legal cooperation between intelligence services, investigative and criminal procedure bodies, as provided by the instruments made available by international law;
• when the transfer is necessary to protect your life or physical safety or that of third parties;
• when the transfer is authorized by the ANPD;
• when the transfer arises from an obligation assumed in the context of an international cooperation agreement;
• when the transfer is necessary for the exercise of public order or for the fulfillment of a public service;
• when the transfer is necessary for the fulfillment of a legal obligation, the execution of a contract and related pre-contractual obligations, or the normal exercise of rights in judicial, administrative, or arbitral proceedings.

Further information for Users in the United States

This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running this Website and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).

The information contained in this section applies to all Users (Users are referred to below, simply as “you”, “your”, “yours”), who are residents in the following states: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska and Montana.

For such Users, this information supersedes any other possibly divergent or conflicting provisions contained in the privacy policy.

This part of the document uses the term Personal Information (and Sensitive Personal Information).

Notice at collection

The following Notice at collection provides you with timely notice about the categories of Personal Information collected or disclosed in the past 12 months so that you can exercise meaningful control over our use of that Information.

While such categorization of Personal Information is mainly based on California privacy laws, it can also be helpful for anyone who is not a California resident to get a general idea of what types of Personal Information are collected.

ℹ️ You can read the definitions of these concepts inside the “Definitions and legal references section” of the privacy policy.

To know more about your rights in particular to opt out of certain processing activities and to limit the use of your sensitive personal information (“Limit the Use of My Sensitive Personal Information”) you can refer to the “Your privacy rights under US state laws” section of our privacy policy.

For more details on the collection of Personal Information, please read the section “Detailed information on the processing of Personal Data” of our privacy policy.

We won’t process your Information for unexpected purposes, or for purposes that are not reasonably necessary to and compatible with the purposes originally disclosed, without your consent.

What are the sources of the Personal Information we collect?

We collect the above-mentioned categories of Personal Information, either directly or indirectly, from you when you use this Website.

For example, you directly provide your Personal Information when you submit requests via any forms on this Website. You also provide Personal Information indirectly when you navigate this Website, as Personal Information about you is automatically observed and collected.

Finally, we may collect your Personal Information from third parties that work with us in connection with the Service or with the functioning of this Website and features thereof.

Your privacy rights under US state laws

You may exercise certain rights regarding your Personal Information. In particular, to the extent permitted by applicable law, you have:

• the right to access Personal Information: the right to know. You have the right to request that we confirm whether or not we are processing your Personal Information. You also have the right to access such Personal Information;
• the right to correct inaccurate Personal Information. You have the right to request that we correct any inaccurate Personal Information we maintain about you;
• the right to request the deletion of your Personal Information. You have the right to request that we delete any of your Personal Information;
• the right to obtain a copy of your Personal Information. We will provide your Personal Information in a portable and usable format that allows you to transfer data easily to another entity – provided that this is technically feasible;
• the right to opt out from the Sale of your Personal Information; We will not discriminate against you for exercising your privacy rights.
• the right to non-discrimination.

Additional rights for Users residing in California

In addition to the rights listed above common to all Users in the United States, as a User residing in California, you have

• The right to opt out of the Sharing of your Personal Information for cross-context behavioral advertising;
• The right to request to limit our use or disclosure of your Sensitive Personal Information to only that which is necessary to perform the services or provide the goods, as is reasonably expected by an average consumer. Please note that certain exceptions outlined in the law may apply, such as, when the collection and processing of Sensitive Personal Information is necessary to verify or maintain the quality or safety of our service.

Additional rights for Users residing in Virginia, Colorado, Connecticut, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska and Montana

In addition to the rights listed above common to all Users in the United States, as a User residing in Virginia, Colorado, Connecticut, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska and Montana you have

• The right to opt out of the processing of your personal information for Targeted Advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
• The right to freely give, deny or withdraw your consent for the processing of your Sensitive Personal Information. Please note that certain exceptions outlined in the law may apply, such as, but not limited to, when the collection and processing of Sensitive Personal Information is necessary for the provision of a product or service specifically requested by the consumer.

Additional rights for users residing in Utah and Iowa

In addition to the rights listed above common to all Users in the United States, as a User residing in Utah and Iowa, you have

• The right to opt out of the processing of your Personal Information for Targeted Advertising;
• The right to opt out of the processing of your Sensitive Personal Information. Please note that certain exceptions outlined in the law may apply, such as, but not limited to, when the collection and processing of Sensitive Personal Information is necessary for the provision of a product or service specifically requested by the consumer.

How to exercise your privacy rights under US state laws

To exercise the rights described above, you need to submit your request to us by contacting us via the contact details provided in this document.

For us to respond to your request, we must know who you are. We will not respond to any request if we are unable to verify your identity and therefore confirm the Personal Information in our possession relates to you. You are not required to create an account with us to submit your request. We will use any Personal Information collected from you in connection with the verification of your request solely for verification and shall not further disclose the Personal Information, retain it longer than necessary for purposes of verification, or use it for unrelated purposes.

If you are an adult, you can make a request on behalf of a child under your parental authority.

How to exercise your rights to opt out

In addition to what is stated above, to exercise your right to opt-out of Sale or Sharing and Targeted Advertising you can also use the privacy choices link provided on this Website.

If you want to submit requests to opt out of Sale or Sharing and Targeted Advertising activities via a user-enabled global privacy control, such as for example the Global Privacy Control (“GPC”), you are free to do so and we will abide by such request in a frictionless manner.

How and when we are expected to handle your request

We will respond to your request without undue delay, but in all cases within the timeframe required by applicable law. Should we need more time, we will explain to you the reasons why, and how much more time we need.

Should we deny your request, we will explain to you the reasons behind our denial (where envisaged by applicable law you may then contact the relevant authority to submit a complaint).

We do not charge a fee to process or respond to your request unless such request is manifestly unfounded or excessive and in all other cases where it is permitted by the applicable law. In such cases, we may charge a reasonable fee or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind them.

Further information on processing

Legal defense

The User's Personal Data may be used by the Owner in court or in the preparatory stages leading to possible legal action arising from improper use of this Website or the related Services by the User.
The User declares to be aware that the Owner may be required to reveal the Data upon request of public authorities.

Specific information

Upon request of the User, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning specific Services, or the collection and processing of Personal Data.

System logs and maintenance

For operation and maintenance purposes, this Website and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User's IP address.

Information not contained in this policy

Further information related to the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, on this Website as well as, if technically and legally feasible, sending a notification to Users via any contact information available. We encourage you to check this page frequently, referring to the date of the last modification listed at the bottom.

If the changes affect processing activities whose legal basis is consent, the Data Controller will collect new consent from the User, where required.

Definitions and legal references