Information pursuant to art. 13 and 14 of EU Regulation 2016/679

This page illustrates the “Privacy Policy” of this site and aims to provide information on how the personal data of users who interact with this website, who use the services provided by the same to users, are processed, as well as to provide the information provided for by articles 13 and 14 of EU Regulation 2016/679.
This information is provided only for this site (www.blhack.it) and not for other websites that may be consulted by the user through links on the web pages of this site.
The Regulation (EU) 2016/679 on the protection of personal data (hereinafter, the “Regulation”) establishes rules relating to the protection of individuals with regard to the processing of personal data, as well as rules relating to the free movement of such data and protects the fundamental rights and freedoms of individuals, with particular reference to the right to the protection of personal data.
Article 4, n. 1 of the Regulation provides that “Personal Data” must be understood as any information concerning an identified or identifiable natural person (hereinafter, “Data Subject”).
In paragraph 2 of the same art. 4 of the Regulation, it is possible to find the definition of “Processing” to mean any operation or complex of operations, carried out with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, the restriction, cancellation or destruction
Pursuant to articles 12 et seq. of the Regulation, it is also required that the interested party must be made aware of the appropriate information relating to the processing activities that are carried out by the data controller and the rights of the interested parties.

Data controller

Blhack S.r.l.
Via Pegoraro 26, 21013, Gallarate (VA)
VAT number IT03793170121
E-pošta: info@blhack.it

Personal Data Protection Officer

The Data Protection Officer appointed by the Data Controller can be contacted at the following email address: dpo@blhack.it

Purposes of the processing and legal bases of the processing

The user's personal data will be processed for the pursuit of the following purposes and with the legal bases indicated below:

1. for the conclusion and for the correct execution of the contract to which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same; the legal basis for the listed treatments is represented by art. 6 par. 1 letter b) of EU Regulation 2016/679;
2. respond to requests sent by the user via email and/or form and/or chat on the site; the legal basis for the treatments listed is represented by art. 6 par. 1 letter b) of EU Regulation 2016/679;
3. to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority; the legal basis for this type of treatment is represented by art. 6 par.1 letter c);
4. ascertain, exercise or defend a right in court; the legal basis for this type of treatment is represented by the legitimate interest of the Data Controller as provided for in art. 6 par. 1 letter f);
5. make it possible and functional to navigate the site, as well as to guarantee an adequate level of security, integrity and availability; the legal basis for this type of treatment is the legitimate interest of the Data Controller as provided for in art. 6 par. 1 letter f);
6. for the analysis of statistical data on aggregated or anonymous data, with the purpose of monitoring the proper functioning of the Site, traffic, usability and interest; the legal basis for this type of treatment is represented by the legitimate interest of the Data Controller as provided for by art. 6 par. 1 letter f).

Type of data

The data necessary for the pursuit of the purposes set out above will be collected and processed, including:

1. identification data
2. contact details
3. data relating to the contractual relationship
4. data related to navigation

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, currently the data on web contacts do not persist for more than seven days.
Data provided voluntarily by the user. The optional, explicit and voluntary sending of e-mail to the addresses indicated on this site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
Refusal to provide data
Apart from what is specified for navigation data, users/visitors are free to provide their personal data. The provision of Data is in some cases necessary because, any refusal to provide them, could result in the failure to conclude or the incorrect fulfillment of the contract to which the interested party is a party and/or the failure to comply with the legal obligations to which the Data Controller is subject.
The provision of data for treatments that require consent, where required, is always optional. Furthermore, failure to provide it will not make it impossible to use the services offered by the Data Controller. Even if the interested party has given their consent, they will still have the right to revoke it and to subsequently object, in whole or in part, to the processing of their Personal Data for the purposes set out above, by making a simple request to the Data Controller at the addresses indicated above.

Source of the data

The Data will be provided by the interested party or collected from third parties.

Methods of Treatment

In accordance with the provisions of art. 5 of the Regulation, the Personal Data subject to processing will be:

1. processed lawfully, correctly and transparently with respect to the interested party;
2. collected and recorded for specific, explicit and legitimate purposes, and subsequently processed in terms compatible with those purposes;
3. adequate, relevant and limited to what is necessary for the purposes for which they are processed;
4. accurate and, if necessary, updated;
5. processed in such a way as to ensure an adequate level of security;
6. kept in a form that allows the identification of the interested party for a period of time not exceeding the achievement of the purposes for which they are processed.

The processing will be carried out both with manual and/or IT and telematic tools with organizational and processing logic strictly related to the purposes themselves and in any case in order to guarantee the security, integrity and confidentiality of the data itself in compliance with the organizational, physical and logical measures provided for by the provisions in force.

Data communication

Personal data may be communicated to the subjects authorized to process, as well as to the external data processors appointed by the data controller (the complete list of external managers is available at the Data Controller), responsible for managing the purposes set out above. As part of the pursuit of the purposes indicated above, the data may be communicated to other subjects who act as independent controllers.

Dissemination of data

Personal data will not be disclosed except for compliance with specific legal requirements.

Transfer of data abroad

For the purposes indicated above, Personal Data will be processed within the European Economic Area (EEA). If they are transferred to Third Countries, in the absence of an appropriateness decision by the European Commission, the provisions of the applicable legislation regarding the transfer of Personal Data to third countries will still be respected, such as the Standard Contractual Clauses approved by the European Commission.

Data Retention.

In general, Personal Data will be kept for the time strictly necessary for the pursuit of the purposes for which they were collected and processed, including the storage period required by applicable legislation and, in any case, for a maximum period of 10 years from the termination of the existing relationship with the Data Controller, except for the possible need of the Data Controller to defend its right in court.

Rights of the interested party.

Pursuant to European Regulation EU 2016/679 art. 15 ss. and current national legislation, the interested party may, in the manner and within the limits established by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning him (right of access);
- know its origin;
- receive intelligible communication;
- to have information about the logic, methods and purposes of the processing;
- request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
- the right to file a complaint with the Supervisory Authority (Privacy Guarantor);
- as well as, more generally, to exercise all the rights granted to him by current legal provisions.
The exercise of rights may take place by sending a request that must be addressed without any formality to the Data Controller at the addresses indicated above.
Before providing a response, the owner may need to identify the interested party, by request to provide a copy of his identity document.
Written feedback will be provided without undue delay and, in any case, no later than one month from the receipt of the request itself.

Cookie policy