Privacy Policy

This information is provided – pursuant to Articles 13 and 14 of Regulation (EU) 679/2016 (hereinafter referred to as “G.D.P.R.”) – to customers who make purchases (hereinafter referred to as “Customers”) and users (hereinafter referred to as “Users” or “User”) of the website www.swarmlikeseismicity.it, in desktop and mobile versions (hereinafter referred to as “Site”), owned by the Individual Company Next Lab di Martino Francesco, Data Controller (hereinafter referred to as “Controller”), with its registered office in Castrovillari (CS) at Via Parco Pia, 9/D  (ZIP code 87012), and aims to describe the methods and purposes of processing any personal data provided by the User/Customer.

This information is provided exclusively for the Site and does not concern other sites accessible via links on the Site itself.

Principles Applicable to Personal Data Processing

The Controller informs that – in compliance with the G.D.P.R. and the current legislation on personal data protection – the processing will be based on the principles of fairness, lawfulness, transparency, and the protection of confidentiality and fundamental rights.

Object of the Processing

Below are specified the User/Customer data that can be processed by the Controller:

Automatically Acquired Personal Data When Visiting the Site:

  • Browsing Data: The Controller automatically collects data on the device (PC, tablet, mobile phone, or other mobile device) and the connection used by the User, such as IP address, access date and time, hardware and software information, device event information, and crash data.

  • Site Usage Data: The Controller collects information on how the User has used the Site, including pages and content viewed, searches performed, third-party applications on the Site used by the User, and links to third-party sites and applications clicked by the User (e.g., Google Maps).

Personal Data Provided Directly by the User/Customer:

  • Data Provided through Information Requests via Email or “Stay in Touch with Us” Form: If the User/Customer explicitly and voluntarily requests information via email to the addresses indicated on the Site or by filling out the “stay in touch with us” form on the Site, the Controller acquires the User/Customer’s email address, name, surname, and any personal data entered in the communication.

  • Data Provided to Create an Account: The Controller acquires the personal and contact details provided by the Customer/User to create an account on the Site.

  • Data Provided for Purchases: To process orders, the Controller collects personal data (e.g., name and surname), contact details (e.g., email and phone number), and shipping data (e.g., shipping address).

  • Data Entered in the “Order Notes” Form: To process orders, the Controller collects any personal data entered by the User/Customer in the “order notes” form.

  • Transaction Data: The Controller collects information relating to transactions made by the User/Customer on the Site, such as payment method, purchase date, amounts paid, transaction code, etc. Note: the Controller does not process data related to payment instruments (e.g., credit card expiration, security codes, etc.); all transactions are encrypted.

  • Data Provided for Marketing Communications: To send marketing communications, with the User/Customer’s consent, the Controller collects the contact details (e.g., email address) of the User/Customer.

Personal Data Collected Through Cookies

  • The Controller uses cookies to collect data on the User/Customer’s activity on the Site and their preferences, as well as other technical data related to the User. For more information on the use of cookies, the User/Customer can refer to the Site’s cookie policy.

Purposes and Legal Basis of the Processing

The User/Customer’s data are processed:

  • To ensure the Site’s operation;
  • To provide the products offered by the Controller through the Site;
  • To operate, measure, and improve the Site;
  • To operate, measure, and improve the services provided by the Controller through the Site;
  • To make payment management and processing possible;
  • To keep the services provided by the Controller through the Site safe, secure, and operational;
  • To send communications about any disruptions related to online sales or to handle information requests.

Pursuant to Article 6, paragraph 1, letter b) of the G.D.P.R., data processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the same.

The User/Customer’s data are processed:

  • To prevent, detect, and mitigate fraud, security breaches, and potentially prohibited or illegal activities;
  • To resolve disputes with the User/Customer, to recover amounts due from the User for goods purchased from the Controller through the Site;
  • To identify and resolve problems encountered by the User/Customer when using the Site (e.g., blocked or non-functioning pages) and provide them with a better experience;
  • To collect statistical information, in aggregate form, on the number of Users visiting the Site and how Users visit the Site.

Pursuant to Article 6, paragraph 1, letter f) of the G.D.P.R., data processing is necessary for the legitimate interests pursued by the Controller or third parties, provided these interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

The User/Customer’s data are processed:

  • For the newsletter service, for information and/or promotions on products.

Pursuant to Article 6, paragraph 1, letter a) of the G.D.P.R., processing is carried out based on the consent expressed by the data subject.

Data Recipients

The collected personal data may be processed by subjects or categories of subjects acting, pursuant to Article 28 of the G.D.P.R., as Data Processors or who, pursuant to Article 29 of the G.D.P.R., are authorized to process the data.

Apart from these cases, personal data are not communicated to third parties except to subjects, entities, and authorities to whom the communication is mandatory by law or regulation.

Finally, only with the User’s consent, data may be communicated for marketing purposes. Consent can be revoked at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Data Transfer to a Third Country or International Organization

Personal data collected through the Site may be transferred outside the national territory only and exclusively to perform the services requested through the Site, to provide the most appropriate responses to requests made, to improve the requested services, and in compliance with the specific provisions provided by the G.D.P.R. Any transfer of data outside the European Union will be carried out in full compliance with the G.D.P.R. and all data protection security measures as per Article 46 G.D.P.R., such as the so-called Standard Contractual Clauses.

Processing Methods and Data Retention Period

The User/Customer’s personal data are processed using paper, computer, or telematic tools exclusively to achieve the purposes for which they were collected.

Pursuant to Articles 24, 25, and 32 of the G.D.P.R., the Controller adopts all necessary technical and organizational measures to reduce the risks of unauthorized access, dissemination, loss, and destruction of data.

The User/Customer’s personal data are retained for the time strictly necessary to perform the service requested by the User/Customer or, in any case, to achieve the described purposes.

The User/Customer’s personal data may be retained for the time necessary to fulfill legal, administrative, and accounting obligations incumbent on the Controller or to ascertain, exercise, or defend a right in court, or to pursue other public interest needs.

If the User/Customer has provided consent for their data to be processed for promotional communications, they can revoke such consent at any time. Data processed for promotional purposes will be retained for no more than 18 months.

Upon the expiry of these retention periods, the User/Customer’s data will be deleted or permanently anonymized.

Transactions via PayPal

All transactions made via PayPal are subject to PayPal’s privacy policy, which can be viewed at the following link: https://www.paypal.com/ie/webapps/mpp/ua/privacy-full

Rights of Data Subjects

Pursuant to Articles 15 – 22 of the G.D.P.R., the User/Customer has the right to request at any time:

  • Confirmation of the existence or otherwise of personal data concerning them, even if not yet registered, in a concise, transparent, intelligible, and easily accessible form, with simple and clear language;

  • Indication of:

    • The origin of personal data;
    • The purposes and methods of processing;
    • The legitimate interests pursued by the Controller or third parties;
    • Any recipients or categories of recipients of personal data;
    • Any intention of the controller to transfer personal data to a third country or an international organization;
    • The period of retention of personal data;
    • The logic applied, as well as the importance and expected consequences of such processing for the data subject, in the case of processing carried out with the aid of electronic tools as part of an automatic collection and/or profiling process;
    • The identification details of the Controller, processors, any designated representative, and the Data Protection Officer (DPO);
    • Subjects and categories of subjects to whom personal data may be communicated or who may become aware of it as designated representatives in the territory of the State, processors, or authorized persons.
  • The possibility of lodging a complaint with a supervisory authority;

  • The updating, rectification, or, when interested, integration of data;

  • The deletion, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;

  • The limitation of processing;

  • The portability of personal data concerning them to another data controller;

  • The revocation of consent to processing;

  • The objection, in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of the collection.

The Controller will proceed to fulfill the User/Customer’s request without delay and, in any case, within one month of receipt. If necessary, the term may be extended by two months, considering the complexity and number of requests received by the Controller. In this case, within one month of receiving the request, the Controller will inform the User/Customer of the extension of the term and the reasons for it.

The User/Customer can exercise the aforementioned rights by written request, without formalities, to the Controller at the following email address: info@next-lab.eu

If the response is not deemed satisfactory by the User/Customer, they can lodge a complaint with the Data Protection Authority (http://www.garanteprivacy.it/).

Data Controller

The Data Controller is the Individual Company Next Lab di Martino Francesco, with its registered office in Castrovillari (CS) at Via Parco Pia, 9/D (ZIP code 87012).

Email: info@next-lab.eu

Changes to the Privacy Policy

This privacy policy may be modified at any time by giving adequate publicity on this page of the Site. Therefore, the User/Customer is advised to consult this page upon each access.

Date of last update: June, 12 2024