INFORMATION ON THE PROCESSING OF PERSONAL DATA

(art. 13 of EU Regulation UE 679/2016 – General Data Protection Regulation  – GDPR)

In compliance with art. 13 of EU Regulation 2016/679 (hereinafter referred to as GDPR) and in relation to the personal data (name, surname, address, e-mail, phone and cellphone numbers and any other information required) BYCLY S.r.l. will come into possession with the purpose of carrying out the task assigned, we inform you of what follows:

  • DATA CONTROLLER – EXTERNAL DATA PROCESSOR

The data controller is:

Bycly S.r.l. (hereinafter referred to as “Bycly” for the sake of brevity) based in Bologna, Via Azzurra n. 41, registered at the Business Registry of the Bologna Province under no. 522164, tax code and VAT no.03474631201, in the person of its legal representative Roberto Venturi certified email address: bycly@legalmail.it. The Data controller may delegate the processing of the data exclusively for the purposes described in this document and subject to the prior written designation of one or more data processors.

The Data controller has not currently nominated a Data Protection Officer (DPO).

  • PROCESSING PURPOSE

2.1 Contractual purpose:

a) the personal data you provide will be processed to comply with the contractual obligations following your specific requests even prior to the execution of the contract you are part of, also through the www.bycly.it website;

2.2 Legal obligations:

b) the data will be processed to comply with legal obligations, especially accounting and fiscal ones;

2.3 Rights of the Controller:

c) the data will be processed to manage the relationship with clients and suppliers and to ascertain, exercise or safeguard the rights of the controller during court proceedings;

2.4 Debt collection:

d) the data may be processed to allow the Controller to recover any sums due out of court without having to resort to the court;

2.5 Marketing and Social Networking

e) send commercial information on our products and services; marketing and testimonials also on WWW.BYCLY.IT

f) payment management;

g) interaction with social networks and external platforms;

  • LEGAL BASIS FOR PROCESSING

The Data controller processes your personal data pursuant to art. 6 GDPR and, more specifically:

  • based on your expressed consent for all purposes listed at letters c), d), e), f), g) of the previous paragraph;
  • should the processing be necessary for the execution of a contract your are part of or for the execution of pre-contractual measures adopted as per your request;
  • should the processing be necessary to fulfil a legal obligation the data controller is subject to;
  • to pursue a legitimate interest of the Controller for an Out-of-Court Debt Collection.
  • DATA RECIPIENTS

The data collected may be processed and/or transferred also by external subjects acting as autonomous controllers such as, for example, authorities and supervisory or control bodies and, in general, by private and public subjects entitled to request data.

The data can also be processed on behalf of Bycly by subjects part of the following categories:

  1. Businesses and professionals providing banking, administrative, accounting, credit and company rights protection services;
  2. Workers/Appointees/Collaborators of the controller involved with the trade of its goods and services; agents, sales representatives, etc.; self-employed workers, project-based workers, occasional workers;
  3. Businesses providing management, maintenance and development services for the Company and Website’s IT systems;
  4. Businesses providing support for the production of market surveys.
  • DATA TRANSFER

The data controller will not transfer personal data to third countries or international organisations.

  • DATA RETENTION PERIOD

Your personal data, to be processed for the purposes indicated above, will be retained for the entire duration of the contract and after its termination for 10 years, notwithstanding the period in which the controller is subject to retaining obligations for fiscal purposes or for other purposes envisaged by current regulations.

In case of an out-of-court dispute, for its entire duration and until the end of the enforceability term for appeal.

For the duration of the browsing session on the website.

After the retention period, the data will be destroyed and therefore the right of access, cancellation, modification and portability may no longer be exercised.

  • TIPE OF DATA COLLECTED/ MANDATORY DATA PROVISION

The data collected directly and/or through third-party subjects may include:

  • Personal Datai
  • Contact Data
  • Administrative-Accounting Data
  • Usage Data (e.g. name, surname, phone number, address, credentials, e-mail address, access credentials, IP addresses, or computer domain names, URI (Uniform Resource Identifier) address, time of the request, size of the file obtained in response and other parameters concerning the user operative system and IT environment, pages visited or searched, products selected.

The provision of data for the purposes listed in points 2.1 and 2.2 is mandatory and failure to provide it does not enable the fruition/provision of the products and services required.

All personal data collected for additional purposes are necessary for the correct functioning of the website and to collect statistical information to customise the commercial offer.

  • RIGHTS OF THE INTERESTED PARTY

The rights recognised to you by the GDPR include the following:

–  right to request to the data controller access to your personal data; right to amend inexact data or to integrate incomplete data; right to cancel your personal data (in case one of the conditions indicated in art. 17, par. 1 GDPR applies and in compliance with the exceptions in par. 3 of the same article); right to request the limitation of the processing (if one of the hypotheses indicated in art. 13, par. 1 GDPR applies);

– right to request and obtain – should the juridical base for the processing be the contract or consent and should the processing be performed via automated means – your personal data in a structured format readable by an automatic device also with the purpose of providing such data to another data controller (so-called right to personal data portability);

– right to oppose the processing of your personal data at any moment should any particular situations that concern you occur (art. 21 GDPR);

– right to withdraw the consent at any moment should the processing be based on your consent for one or more specific purposes and regarding common personal data (e.g. Date and place of birth or place of residence) or specific categories of data (e.g. Data that reveal racial origin, political opinions, religious beliefs, state of health or sexual orientation). Processing based on consent and performed before its withdrawal remains licit;

– right to lodge a complaint with the control authority (Authority for the protection of personal data  – WWW.GARANTEPRIVACY.IT);

  • CONSEQUENCE OF THE FAILURE TO SUPPLY PERSONAL DATA

As regards the personal data relating to the execution of the contract you are part of (a) or to the fulfilment of a legal obligation (e.g. fulfilments concerning the keeping of accounting and fiscal records), failure to supply your personal data impedes the implementation of the contract and the provision of the relative service. Failing to supply personal data due to a lack of consent with reference to purpose c) i.e. “management of the relationship with customers, suppliers and of any dispute” does not impede the implementation of the contract nor the provision of the service, which will anyway be provided by BYCLY S.r.l. Failing to supply personal data due to a lack of consent with reference to purposes (d), (e), (g) i.e. “sending commercial information on our products and services: marketing and testimonials also on www.bycly.it” does not impede the implementation of the contract nor the provision of the service, which will anyway be provided by BYCLY S.r.l.

Personal data Processed by Bycly

All data are collected with the purpose of supplying and constantly improving Bycly’s products and services.

We collect and store all the data supplied in relation to Bycly Products and Services, it being understood that, should no data be provided, Bycly will not be able to provide, in part or in full, the service required:

  1. Contact forms

All personal data, e.g.: Name, Surname, E-mail, Description.

  • Interaction with social networks and external platforms

“Like” button and social widgets (Social network).

Personal data: Cookies and Usage data according to what specified in the privacy policy.

  • Platform services

WordPress.com
Personal Data: various types of Data according to what specified in the privacy policy.

  • Content viewer from external platforms

Widget Google Maps

Personal Data: Cookies and Usage data according to what specified in the privacy policy.

  • Google Fonts

Personal Data: Usage Data and various types of Data according to what specified in the privacy policy.

  • Payment management

PayPal
Personal Data: various types of Data according to what specified in the privacy policy.

  • Registration and authentication

WordPress.com Single Sign On

Personal Data: various types of Data according to what specified in the privacy policy.

  • Statistics

Google Analytics and Google Analytics with anonymous IP address

Personal Data: Cookies and Usage data according to what specified in the privacy policy.

  • Hosting e Database

This website is hosted on OVH SRL servers. OVH privacy policy available at: https://www.ovh.it/protezione-dati-personali/

  1. Online sale of goods and services

The Personal Data collected is used to supply services to the User or for the sale of products, including payment and delivery. The Personal Data collected to perfect the payment process can include credit card or bank account details or details used for other methods of payment. The Payment data collected by this Website depend on the payment method used.

Data Processing Manager

Webees srl unipersonale, Via Sebastiano Serlio 16 – CAP 40129 Bologna (Italy) – Tel+39 051 0955801 – e-mail: info@webees.it – Certified e-mail: WEBEES@PEC.IT

Data Controller

Bycly S.r.l. (hereinafter referred to as “Bycly” for the sake of brevity) based in Bologna, Via Azzurra n. 41, registered at the Business Registry of the Bologna Province under no. 522164, tax code and VAT no.03474631201, certified email address: bycly@legalmail.it. BYCLY@LEGALMAIL.IT.

Purpose of the processing

Following the browsing of the www.bycly.it website, data concerning identified or identifiable people may be processed.

The purposes of the processing are as follows:

  • Purchase and delivery of products and services.
  • Receipt and management of orders, supply of products and services
  • Payment management
  • Communications relating to placed orders and products and services required
  • Improvement of Bycly services and resolution of any related problems
  • Performance monitoring, functionality and analysis, correction of mistakes and improvement of the use and efficiency of Services
  • Suggestions and customisations of products and services with particular regard for expressed preferences
  • Fulfilment with legal obligations
  • Communication with customers for the management of the products and services ordered/requested via different channels such as phone, e-mail and chat
  • Advertising based on the expressed interests and preferences
  • Fraud and abuse prevention and detection to protect the safety of our customers
  • The customer may be required to provide consent for the processing of personal data for specific purposes communicated from time to time. In this case, consent may be withdrawn by the customer at any time and Bycly will immediately cease to process said data.

Cookies

The website uses technical and session cookies that guarantee its functionality. Such cookies do not collect information on browsing activities.

Navigation data

The IT systems and software procedures used for the functioning of this website collect, during their normal activity, some personal data whose transfer is implicit in Internet’s communication protocols. These information are not collected to be associated with identified users but, due to their very own nature, could enable the identification of users through elaborations and associations with data collected by third parties. This category includes:

•              IP addresses or computer domain names used by users connecting to the website

•              URI (Uniform Resource Identifier) addresses for the resources requested

•             time of the request

•             method used to submit the request to the server

•              size of the file obtained in response

•              numerical code indicating the status of the response provided by the service (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

These data are only used to gather anonymous statistical information on the usage of the website and to check its correct functioning and are immediately deleted after they are processed. The data may be used to ascertain responsibility in case of hypothetical cybercrimes against the website: except for this reason, web contact data are not stored for longer than seven days.

Disclosure of personal data to third parties

Bycly does not sell the data collected to third parties.

The data collected may be processed and/or transferred also by external subjects acting as autonomous controllers such as, for example, authorities and supervisory and control bodies and, in general, by private and public subjects entitled to request data.

The data can also be processed on behalf of Bycly by subjects part of the following categories:

  • Businesses and professionals providing banking, administrative, accounting, credit and company rights protection services;
  • Workers/Appointees/Collaborators of the controller involved with the trade of its goods and services; agents, sales representatives, etc.; self-employed workers, project-based workers, occasional workers;
  • Businesses providing management, maintenance and development services for the Company and Website’s IT systems;
  • Businesses providing support for the production of market surveys.

Should third-party services and/or products be provided, Bycly will inform customers so as to make them aware of who the third party involved in the transaction is and which data will be made available to it.

The data collected may be made available to companies supplying logistics, transport and credit services e.g. to process product or service orders, deliver packages, send post and e-mails, remove recurring information from client lists, analyse data, provide marketing assistance, provide research results and links (including ads and paid links), process payments, transfer content, calculate credit risks and supply customer assistance services. These third party suppliers only have access to the personal data necessary to perform their activities and may not process the data for further purposes. In addition, said third parties are expected to process the data in compliance with this privacy policy and with applicable regulations in terms of personal data protection.

Tools and Devices to guarantee the security of Personal data

We design all our devices keeping your security and privacy in due consideration.

We undertake to safeguard the security of our customers’ data and transfer them using:

  • The Secure Sockets Layer (SSL) software, which crypts the information provided.
  • We comply with security standards employing Paypal to manage payment transactions both through Paypal and other circuits.
  • We employ physical, electronic and organisational security measures for the collection, storage and transfer of our customers’ personal data. Our safety procedures may occasionally require proof of your identity before displaying personal data.
  • We employ devices that offer security functions to protect them from unauthorised access and data loss.

Nonetheless, it is still indispensable for customers to adopt suitable measures to prevent unauthorised access to their passwords and computers, devices and applications as well as to always make sure to disconnect once they ended their session in a computer shared with other users.

Chart Processing Purpose
1 Processing of customer processes and providing of services and information offered via the Website and required by the customer Fulfilment of a contract
2 Management of the customer account Fulfilment of a contract
3 Verification and performance of the financial operations concerning payments made by the customer Fulfilment of a contract
4 Revision and download of data from the website Our legitimate interest in getting to know our customers better and therefore improving the services provided
5 Enhance and customise our Website and products, services and activities in general by tracking customer preferences through order history and Website interaction Our legitimate interest in improving the services and products provided
6 Identification of Website visitors Our legitimate interest in getting to know our customers better and therefore improving the services provided
7 Carrying out data analyses and market researches Our legitimate interest in getting to know our customers better and therefore improving the services provided
8 Collect data such as product preferences, order history and Website interactions as well as collect data from third parties, the data the customer accepts to share with us on social networks (e.g. Facebook, Instagram etc.) and/or that we can collect from public databases Prior express consent by the customer
9 Get in touch with the customer to meet its requests and deal with complaints Prior express consent by the customer
10 Send marketing communications with news, information and updates of our products and services, special offers, promotions and special events as well as other marketing information that can be of interest to the customer (via SMS, e-mail or phone) and customise customer experience with interests and purchasing habits and by improving our services, especially through profiling. We can also use the data collected to support the marketing of our products and services on third-party websites – fort further information, please refer to our Cookie policy The prior express consent of the customer and our legitimate interest to keep our clients/prospects updated on the services and products offered