WEBSITE AND COOKIE NOTICE
 
To access the cookie policy immediately click here
 
Introduction

In order to provide personalized and non-personalized services as envisaged by its website, Emoticron S.r.l. VAT number 07897461211 (hereinafter referred to as "Emoticron"), as Data Controller, must process certain identifying data necessary for the provision of such services.

In accordance with Art. 13 of the GDPR 679/2016 – "General Data Protection Regulation" and in relation to personal data concerning you and which will be the subject of processing, Emoticron ensures, within the framework of the legal provisions, that the processing of personal data is carried out in respect of the rights and fundamental freedoms, as well as the dignity of the data subject with particular reference to confidentiality, personal identity, the right and protection of personal data itself.

This document describes the management methods of the website https://www.phlay.com/ with regard to the processing of personal data of those who interact with the services provided: the notice is provided in accordance with the "General Data Protection Regulation" 679/2016 (hereinafter GDPR) only for the aforementioned website and not for other websites that may be consulted by the user via links, for which Emoticron is in no way responsible.

This notice is therefore drawn up and personalized for visitors to the website https://www.phlay.com/ and this document fully supersedes any other document previously published on the subject of web privacy and cookies.

Specific Information

Additional and contextual specific information is provided on the pages of the website, prepared for specific services on request that involve forms for data collection.

Types of Data Processed

Personal data may be collected automatically during navigation and use of the website and the services provided therein or voluntarily entered by the user.

Among the personal data collected by the Data Controller independently or through third parties, there may be, by way of example and not exhaustively: cookies, usage data, passwords, name, surname, and email.

Browsing Data and other Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information that are not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. This data is used only to obtain anonymous statistical information about the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site upon request of the competent authorities.

The possible use of cookies – or other tracking tools – by this website or by the owners of third-party services used by it, unless otherwise specified, has the purpose of identifying the user and recording their preferences for purposes strictly related to the provision of the service requested by the user.

Failure to provide certain personal data by the user may prevent the website from providing its services.

Personal Data provided voluntarily by the user

At various points on this website, the user has the opportunity to transmit their personal data (e.g., email address, name, postal code, other personal and non-personal data) also by filling out forms or sending email messages. The provision of this data is optional, explicit, and voluntary, and entails the subsequent acquisition of the sender's email address, necessary to respond to requests, as well as any other personal data entered for the purposes of the service and those further granted by the user. Summary information notices are provided on the pages containing the forms, with possible indication of the obligatory nature of providing the data necessary to use the specific service.

The user assumes responsibility for the personal data of third parties possibly published or shared through this website and guarantees to have the right to communicate or disseminate them, releasing the Controller from any liability towards third parties.

Legal basis of processing

Personal data is processed, as further highlighted in the following paragraph, exclusively for purposes related to the activities of Emoticron and the obligations connected thereto; the legal bases can be found in consent (e.g., for the processing of "special categories of personal data" or for marketing/profiling) and/or in the performance of a contract or a service managed by us of which the user is a party or in the performance of pre-contractual measures taken at the request of the user and/or in compliance with legal obligations to which the Controller is subject and/or in the legitimate interest of the same.

Purposes of Processing
 
User data is collected and processed for the following purposes:

• performance of operations strictly related and instrumental to the management of relationships with users or visitors to the website, such as:
• browsing;
• registration and authentication;
• collection, storage, and processing of user data for statistical analysis, even in anonymous and/or aggregated form; statistical analysis aimed at verifying the quality of the services offered by the website;

Further processing purposes may be implemented, subject to explicit consent, when necessary, in relation to services activatable within the website and these include, by way of example and not exhaustively: interaction with social networks and external platforms, social applications, payment management, interaction with support and feedback platforms, infrastructure monitoring, traffic optimization and distribution, interaction with live chat platforms, remarketing and behavioral targeting, address management and email sending, viewing of content from external platforms, commercial affiliation, heat mapping, user database management, and management of support and contact requests.

Voluntary provision of Data, consequences of refusal, and Management of consent, where provided

The provision of data is optional, except for those indicated as mandatory to allow the user to access the services offered.

The processing of data for the purpose described in point 1 of the previous paragraph is mandatory and any failure to communicate, or incorrect communication, of any of the information may limit and/or prevent the full use of the functions and services available on the website.

Regarding optional provision, more information is provided regarding cookies on the website in the "Cookies Policy" document accessible both from this complete notice and from the brief notice contained in the banner published on the website.

Furthermore, only with the express consent of the user can the data be used for communications for market research or commercial information on the products and promotional initiatives of the Controller by postal mail, email, telemarketing, SMS, MMS.

At any time, it will be possible to reread the notice and eventually modify the consents previously provided, verify and/or modify the status of active services, and eventually request additional services.

Data Processing Methods

The processing of personal data may be carried out with or without the use of electronic or automated means, including by associating and integrating them with other databases, and also through cookies. In any case, the processing will be carried out in compliance with all precautionary measures to ensure their security and confidentiality, for the time necessary to perform the service requested by the user, or required by the purposes described in this document, and the user can always request the interruption of the processing or the deletion of the data.

Emoticron has also implemented all necessary cybersecurity measures, in accordance with the provisions of the GDPR, adopting security measures deemed adequate to minimize the risk of users' privacy violation by third parties, constantly updated and whenever deemed indispensable.

The data are processed at the operational offices of the Data Controller and in any other location where the parties involved in the processing are located. For further information, you can contact the Data Controller at the contact details specified below.

Data Retention

Personal data will be processed for the time strictly necessary to achieve the purposes described above, to fulfill contractual, legal, and regulatory obligations, subject to statutory and legal time limits, in compliance with rights and in accordance with resulting obligations.

In particular, the criteria used to determine the retention period are established by specific legal provisions, and by tax regulations regarding the processing of administrative-accounting data.

With regard to data collected for commercial purposes, the details are limited – for profiling activities – to 1 year from the acquisition date and 2 years for direct marketing activities.

Finally, the personal data of the website user may be retained for the time permitted by Italian law to protect the legitimate interests of the Data Controller (Article 2947, paragraphs 1 and 3, of the Civil Code).

Scope of Data Processing

The processing of personal data will be carried out, within the limits of the general authorizations issued by the Guarantor for the protection of personal data, by subjects expressly and specifically authorized by Emoticron. The data may also be processed by third-party subjects (outsourcers), whom we use to provide services connected to the pursued purpose, and whom our organization binds with specific contractual clauses or formal appointment acts as External Data Processors for the treatments carried out by them. In all cases, these subjects will process the data in accordance with the instructions received from the Data Controller, according to operational profiles assigned to them in relation to the functions performed, limited to what is necessary and instrumental for the execution of specific operations within the requested services and exclusively for the achievement of the purposes indicated in this information. The constantly updated list of Data Processors can be requested by sending a communication using the methods indicated in the subsequent section concerning the rights of the data subject.

Communication and Dissemination

The data may be communicated, with this term understood as making it known to one or more specific subjects, in the following terms:

• to subjects, public and private, who can access the data by virtue of provisions of law, regulations, or European Union legislation, within the limits provided for by these norms (examples include, but are not limited to, social security and welfare institutions, associations of local authorities, public administrations and bodies, associations, foundations, associative and/or insurance entities);
• to subjects who need to access the data for purposes ancillary to the relationship between the parties, within the strictly necessary limits to carry out ancillary tasks (examples include, but are not limited to, banks and credit institutions, service delivery companies, carriers, and shipping companies);
• to our consultants, within the necessary limits to carry out their assignment within our organization, subject to our letter of engagement imposing the duty of confidentiality and security;
• to companies (providing ancillary services, including IT services), subject to the signing of appropriate contractual clauses imposing the duty of confidentiality and security.

The data will not be disseminated, with this term understood as making it known to undetermined subjects in any way, including by making it available or consultation, unless specific, free, and informed consent is granted for each type of processing.

Legal Defense

The personal data of the user may be used by the Data Controller for defense in court or in the preliminary stages leading to its possible establishment, against abuses in the use thereof or of the connected services by the user. The user declares to be aware that the Data Controller may be required to disclose the data upon request of public authorities.

Data Controller

The data controller is Emoticron S.r.l., located at Via dei Mille, 16 – 80121 Napoli (NA).
 
The Controller maintains an updated list of appointed data processors, available for review by the data subject at the aforementioned address.
 
Data Processor
 
Emoticron, Via dei Mille, 16 – 80121 Napoli (NA).

Data Protection Officer
 
Mario Amura, mail: info@emoticron.com, oppure pec: emoticron@pec.it
 
Rights of the Data Subject

The data subjects, to whom the personal data refers, have the right to exercise at any time their rights (Right to access personal data and other rights), in particular: the right to obtain confirmation of the existence or not of their personal data, to access it and know its content and origin, to verify its accuracy, to request its integration or updating, limitation of processing or portability. Rectification and blocking can be requested if the data is incomplete, incorrect, or collected in violation of the current regulations, and in this sense, it is also possible to object to their processing for legitimate reasons or to any automated decision-making process (including profiling), as well as to request, for the same reasons, their deletion provided it complies with current regulations and if there are no other obligations of conservation and processing incumbent on Emoticron. Data subjects also have the right to object to the processing of their personal data for marketing purposes even if carried out with automated contact methods; this right also extends to traditional methods, and data subjects may exercise these rights in whole or in part (e.g., only to communications via SMS, email, or telephone or by objecting to the sole sending of promotional communications made through automated tools, etc.).

Regarding the exercise of their rights listed above, as well as to know the updated list of data processing controllers, the data subject may address their requests through specific communication by mail addressed to the same Company, or through the email address: info@emoticron.comalso by sending communication to the indicated email address, in order to obtain prompt feedback.

If the data subject has given consent to the processing for a specific purpose, they always have the right to revoke it at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.

It is also noted that the data subject always has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data for the exercise of their rights or for any other matter relating to the processing of their personal data.

Application and Changes to this Policy

The data controller reserves the right to make changes to this privacy policy at any time by publicizing them to users on this page. Therefore, it is advisable to consult this page frequently, with reference to the date of the last modification indicated at the bottom. In the event of non-acceptance of the changes made to this privacy policy, the user is required to cease using this site and the connected services and may request the data controller to remove their personal data. Unless otherwise specified, the previous privacy policy will continue to apply to personal data collected up to that time.

Publication Date
09.01.2023