PRIVACY POLICY FOR PERSONAL DATA PROCESSING

pursuant to article 13 of Regulation (EU) 2016/679

The purpose of this privacy policy is to provide maximum transparency regarding the information collected and the purposes and methods of use. In compliance with the obligations arising from the General Regulation for the protection of personal data n. 2016/679 (GDPR) and national legislation (Privacy Code), we respect and protect the privacy of visitors, users and customers (all included in the category of Data Subjects), making every possible and proportionate effort not to harm their rights. This privacy policy concerns all processing carried out by the company, both through the website and through additional channels. In specific cases, more detailed information related to the context is provided. With reference to processing carried out online, this privacy policy refers to the following domains owned by the company: https://dmware.com.

DATA CONTROLLER

The data controller is the company DM di Davide Masserini, with registered office at via Provinciale, 82 Albino (BG), VAT: 03558220160 – Unique Code: KRRH6B9, contactable via email privacy@dmware.com or at the physical address indicated.

TYPES OF DATA COLLECTED

This website collects data in two ways.

Data collected automatically

During Users' navigation, the following information may be collected and stored in server log files (hosting), in some cases also in the site database:

• Internet Protocol (IP) address;
• browser type;
• parameters of the device used to connect to the site;
• Internet Service Provider (ISP) name;
• date and time of visit;
• visitor's referring web page (referral) and exit page;
• number of clicks and pages visited.

This data is used for statistical and analytical purposes, exclusively in aggregate form. None of this information is correlated to the physical person-user of the site, and does not allow their identification in any way. The IP address is used exclusively for security purposes and is not cross-referenced with any other data.

Furthermore, the site may collect additional data, including user navigation data, for advertising purposes. Such data does not include name, address, email address or phone number, and is used to provide personalized advertisements on products and services. For more information on such services, please read the information provided by third-party companies, which also indicate options to possibly disable the collection of information by such companies.

Data provided voluntarily

The site may collect other data in case of voluntary use of services by users, such as comment services, communication (chat, contact forms, newsletter sending), purchase (cart), and will be used exclusively for providing the requested service:

• name and surname;
• date and place of birth;
• physical residence address;
• VAT number and/or tax code;
• company and headquarters;
• image (avatar);
• social profiles;
• contact data (phone, email);
• domain names;
• any trademarks;
• residence or geographical location;
• payment methods and banking data.

The User exempts the Controller from any responsibility regarding possible violations of laws, guaranteeing to have the right to communicate or disseminate the data. It is up to the User to verify having the permissions and rights for entering personal data of third parties or content protected by national and international regulations (e.g. copyright).

DATA PROCESSING METHODS

The processing of personal data is carried out mainly using electronic procedures and supports, in compliance with the principles of lawfulness, correctness, non-excess and relevance provided by current European legislation. Data is processed at the Data Controller's headquarters, and at the data centers in use, which, processing data on behalf of the Controller, acts as data processor based on a specific agreement (DPA), and in compliance with European regulations. Web hosting is located in the European Economic Area but could also propagate its information to nations located outside of it.

PURPOSE OF PROCESSING

Data is used exclusively for the purposes for which it was collected, unless it is reasonably possible to use it for compatible purposes under applicable laws. In particular:

Service provision

Data is used mainly for providing services requested by Users:

• hosting, cloud, domain management, email, customer support services.

Domain name registration involves the collection of a series of data also in order to allow contact with the user and their verification, and also for communications such as expiration dates and any transfers. Furthermore, domain name registration involves entering one's personal data into a publicly accessible registry ("Whois") kept at the competent Registration Authority for the chosen extension, except in cases where the Data Subject has requested the obscuring of personal data in the ways provided by the competent Registration Authority or by the contractual conditions relating to the Service.

Statistics (analysis)

Data is used exclusively in aggregate and anonymous form in order to verify the correct functioning of the site, to improve the platform. None of this information is correlated to the physical person (data subject) user or visitor of the site, and does not allow their identification in any way.

Security

Data is processed in order to protect the security of the site (firewall, virus detection), users and their information, and to prevent or unmask fraud or abuse (e.g. spam) against the website. They are recorded automatically and may possibly also include personal data (IP address) that could be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to cause damage to other users, or otherwise harmful activities or constituting crimes. Such data is never used for User identification or profiling and is deleted periodically.

Marketing/Advertising

User data may be used by third-party services for sending advertising on other sites. Data (email) is also used for providing newsletter service addressed only to customers for offers or news related to existing contracts.

Shopping

Data is processed to manage orders, provide products and services, manage warranty on products and services, process payments, communicate with users regarding orders, products, services and promotional offers, update records and, in general, manage user accounts, display content such as wish lists and customer reviews and recommend products and services that might be of interest to users.

Accessory activities

Data may be communicated to third parties that perform functions necessary or instrumental to the service's operability, and to allow third parties to carry out technical, logistical and other activities on our behalf. The data controller uses suppliers for carrying out some activities, such as fulfilling orders, delivering packages, sending traditional mail, analyzing data, providing marketing assistance, making credit card payments and providing customer services. Suppliers have access only to personal data that is necessary to carry out their tasks, and commit not to use data for other purposes, and are required to process personal data in compliance with current regulations.

DATA SUBJECT RIGHTS

Under the GDPR, data subjects have the following rights:

• Right of access: To obtain confirmation of whether personal data is being processed and access to such data;
• Right to rectification: To obtain correction of inaccurate personal data;
• Right to erasure: To obtain deletion of personal data in certain circumstances;
• Right to restriction: To obtain restriction of processing in certain circumstances;
• Right to data portability: To receive personal data in a structured, commonly used format;
• Right to object: To object to processing based on legitimate interests or for marketing purposes;
• Right to withdraw consent: Where processing is based on consent, to withdraw it at any time.

To exercise these rights, contact us at privacy@dmware.com.

DATA SECURITY

We implement appropriate technical and organizational measures to ensure the security of personal data, including encryption, access controls, regular security assessments, staff training, and incident response procedures.