The purpose of this document is to inform the data subject on how their personal data, as described below, will be collected and processed by the Data Controller, as defined herein, in accordance with the obligations established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, regarding the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "Regulation"), as well as any additional applicable data protection laws.

This Notice may be amended at any time, at the sole discretion of the Data Controller, either in full or in part, through the updating of the same. In such a case, the Data Controller will give notice by publishing the amended version on the Website (as defined below), at which point the changes will become effective and binding for the Data Subject. To the extent permitted by law, if the Data Subject continues to use the Website and its services after the changes have come into effect, their access and/or use of the services will be deemed an implicit acceptance of the amended Notice and the obligations arising therefrom. The amended version shall supersede all previous versions of the Notice.

This Notice has been prepared based on the principle of transparency and all elements required by the GDPR. Terms not defined in this Notice refer to the General Terms and Conditions for the use of Devpunks services and are considered directly integrated into this Notice.

1. DATA CONTROLLER

The Data Controller is Devpunks S.r.l. (VAT No.: 12778070016), represented by its legal representative Giorgio Curini, with registered office at Via Vincenzo Lancia 31/20, Turin. The Data Controller’s contact details are also available on the homepage and/or other webpages of the Website. The Data Controller’s website is https://www.devpunks.com; the Data Controller’s email address is info@devpunks.com. The Data Protection Officer (DPO) is Attorney Andrea De Gasperin, who can be reached at the following email address: dpo@devpunks.com.

2. PERSONAL DATA SUBJECT TO PROCESSING, PURPOSES, LEGAL BASIS, AND MANDATORY OR OPTIONAL NATURE OF PROCESSING**

For “Personal Data,” we mean any information relating to an identified or identifiable natural person, specifically by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

The Personal Data collected by the Website includes the following:

Browsing Data

The Website’s IT systems collect certain Personal Data, the transmission of which is implicit in the use of Internet communication protocols. These data are not collected to be associated with a specific individual, but due to their nature, they could, through processing and association with data held by third parties, enable your identification. Such data includes IP addresses or domain names of the devices used to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters related to your operating system and IT environment.

These data are used to obtain anonymous statistical information about the use of the Website and to check its proper functioning; to ensure – given the architecture of the systems used – the correct provision of the various functionalities you request, for security purposes, and for determining liability in the event of hypothetical computer crimes against the Website or third parties. These data are deleted after 7 days. In any case, such data are stored by the Website Owner for the strictly necessary period and in any case in compliance with current regulatory provisions.

Voluntarily Provided Data

Through the Website, you may voluntarily provide certain Personal Data such as your name, surname, email address, and phone number, through the “Let’s meet - contact us” form or similar services, for participation in projects proposed by the Data Controller, to evaluate the services provided by the Data Controller, and for the improvement of the service.

You are free to provide your personal data; however, failure to provide them may prevent you from receiving the requested service or information or from participating in the proposed projects.

Cookies and Similar Technologies

The Data Controller collects Personal Data through cookies. More information on the use of cookies and similar technologies is available on the relevant page.

The Personal Data you provide through the Website will be processed by the Data Controller for the following purposes:

a) To respond to your contact or information requests that may reach us via email or through the “Let’s meet - contact us” form; the legal basis is the need to respond to your request or perform related services. Providing the data is optional, but without filling in the relevant fields, it will not be possible for the Data Controller to respond to your request;

b) For research/statistical analysis purposes on aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring the functionality of the Website, measuring traffic, evaluating usability and interest, and enabling you to browse the website and its sections; this purpose does not involve the processing of personal data, as it is not possible to trace it back to you;

c) Purposes related to compliance with legal obligations to which the Data Controller may be subject and/or purposes necessary to establish, exercise, or defend a right in court, or whenever judicial authorities exercise their judicial functions. In this case, the legal basis is the legitimate interest of the Data Controller.

3. METHODS

1. Tools and Logics. In relation to the purposes mentioned above, data processing is carried out through IT and telematic tools, with logics strictly related to the aforementioned purposes and, in any case, in a manner that guarantees the security and confidentiality of the data themselves. You are required to promptly notify us of any corrections, modifications, and updates. Such processing may be carried out on behalf of the Data Controller for the purposes and methods described above and in compliance with criteria suitable for ensuring security and confidentiality, by companies, firms, entities, and external collaborators appointed as Data Processors and only concerning the processing activities they perform. The server on which this site is hosted is located within the European Union.

2. Special categories of data. None of your personal data held by the Data Controller falls under the definition of "Special Categories of Data" as per Article 9 of EU Regulation 2016/679. Should you provide such data, in the absence of your explicit written consent, we will promptly delete it.

4. THIRD PARTIES TO WHOM YOUR DATA MAY BE DISCLOSED

Your Personal Data may be disclosed, for the purposes specified in point 2, to: subjects necessary for the provision of services offered by the Website (including, but not limited to, the company that created and manages the website from a technical standpoint), which typically act as independent data controllers or external data processors; the Data Controller has selected these partners by verifying their compliance with the applicable data protection laws; persons authorized by the Data Controller to process Personal Data who have committed to confidentiality or have an appropriate legal confidentiality obligation (e.g., employees and collaborators of the Data Controller), appointed as data processors or external data processors, and judicial authorities in the exercise of their functions when required by applicable law.

5. TRANSFERS

None of your personal data is normally transferred to recipients outside the European Economic Area. Should this occur, the Data Controller ensures that the electronic processing of your Personal Data by the recipients complies with the applicable law. In fact, such transfers will alternatively be based on an adequacy decision or on Standard Model Clauses approved by the European Commission. Your personal data will not be disclosed or communicated to unauthorized third parties.

6. DATA RETENTION

The Data Controller will process your Personal Data for the time strictly necessary to achieve the purposes indicated in point 2. By way of example, the Data Controller will process the Personal Data you provide to request information until the request is fulfilled. Notwithstanding the above, the Data Controller will process your Personal Data for the time allowed by Italian law to protect its interests (Art. 2947(1)(3) of the Italian Civil Code). Further information regarding the data retention period and the criteria used to determine such period can be requested by writing to the Data Controller or to the DPO.

7. YOUR RIGHTS

Within the limits of the Applicable Law, you have the right to request from the Data Controller, at any time, access to your Personal Data, rectification or deletion of such data, or to object to their processing, as well as to request the restriction of processing and to obtain the data concerning you in a structured, commonly used, and machine-readable format.

Requests must be submitted via email to the Data Controller or the DPO.

In accordance with the Applicable Law, you also have the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority) if you believe that the processing of your Personal Data violates the applicable law.

1. Right of access

You have the right to obtain confirmation from the Data Controller as to whether or not your Personal Data is being processed and, if so, to access the Personal Data and the information provided under Article 15 of the Regulation, including, but not limited to: the purposes of the processing, the categories of Personal Data processed, etc.

If your Personal Data is transferred to a third country or an international organization, you have the right to be informed of the existence of appropriate safeguards relating to the transfer.

Upon request, the Data Controller may provide you with a copy of the Personal Data undergoing processing. For any additional copies requested, the Data Controller may charge a reasonable fee based on administrative costs. If the request is submitted electronically, and unless otherwise requested, the information will be provided to you in a commonly used electronic format.

2. Right to rectification

You have the right to obtain from the Data Controller the rectification of inaccurate Personal Data, as well as the right to have incomplete data completed, taking into account the purposes of the processing, by providing a supplementary statement.

3. Right to erasure ("right to be forgotten")

You have the right to obtain from the Data Controller the erasure of your Personal Data where one of the grounds provided by Article 17 of the Regulation applies, including, but not limited to, when the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or when the consent on which the processing is based has been withdrawn and no other legal basis for the processing exists. Please note that the Data Controller cannot proceed with the deletion of your Personal Data if its processing is necessary, for example, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

4. Right to restriction of processing

You have the right to obtain the restriction of processing of your Personal Data where one of the circumstances provided by Article 18 of the Regulation applies, including, for example, when you contest the accuracy of your Personal Data being processed or when the Personal Data is needed for the establishment, exercise, or defense of legal claims, even if the Data Controller no longer needs it for the purposes of processing.

5. Right to data portability

If the processing of your Personal Data is based on consent or is necessary for the performance of a contract or pre-contractual measures and the processing is carried out by automated means, you have the right to:

– Request to receive the Personal Data you have provided in a structured, commonly used, and machine-readable format (e.g., computer and/or tablet);

– Transmit the Personal Data you have received to another Data Controller without hindrance from the original Data Controller.

You may also request that your Personal Data be transmitted directly by the Data Controller to another Data Controller you have specified, where technically feasible for the Data Controller. In this case, it is your responsibility to provide us with all the exact details of the new Data Controller to whom you wish to transfer your Personal Data, along with a specific written authorization.

6. Right to Object

You may object at any time to the processing of your Personal Data if the processing is carried out for the performance of a task carried out in the public interest or for the purposes of pursuing a legitimate interest of the Data Controller (including profiling activities).

If you choose to exercise the right to object as described here, the Data Controller will refrain from further processing your Personal Data unless there are legitimate grounds to continue the processing (grounds overriding the interests, rights, and freedoms of the data subject), or the processing is necessary for the establishment, exercise, or defense of legal claims.

7. Right to Lodge a Complaint with the Data Protection Authority

Without prejudice to your right to seek recourse through any other administrative or judicial venue, if you believe that the processing of your Personal Data by the Data Controller is in violation of the Regulation and/or applicable law, you may lodge a complaint with the competent Data Protection Authority (www.garanteprivacy.it).

By accepting this notice, the Data Subject expressly declares without reservation:

• that they have read in its entirety the Information Notice regarding the processing of their Personal Data, accepting all the parts concerning the purposes of processing;
• that they have received from the Data Controller and/or the individuals expressly authorized to process their Personal Data, adequate explanations and clarifications, where requested, concerning the purposes of their consent to the processing of their Personal Data, the related processing methods, and their rights connected to giving consent to the processing and its consequences.

This Privacy Policy was last updated on April 12th, 2024.