Privacy Policy

pursuant to art. 13 EU Regulation 2016/679

Dear Data Subject, with this Policy (the «Information«), we intend to renew our commitment to guarantee that the processing of personal data collected through the website www.crossbowtrustee.sm (the «Site«), carried out using both automated and manual methods, is done in full compliance with the protections and rights recognized by Regulation (EU) 2016/679 («GDPR» or the «Regulation«) and by the other applicable laws on the subject of personal data protection.

The term personal data refers to the definition contained in the art. 4 paragraph 1 of the Regulation, i.e. “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person» (the «Personal Data«).

This Policy – drafted on the basis of the transparency principle and inclusive of all the elements required by art. 13 of the Regulation – aims to provide you in a simple and intuitive way with all the useful and necessary information so that you can provide their Personal Data in a conscious and informed way and, at any time, exercise your rights under the GDPR.

 

CONTROLLER

The company that will process your Personal Data for the purposes referred to in this Policy and that, therefore, will be the Data Controller, i.e. «the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” is CrossBow S.p.A., with registered office in Via 3 Settembre 99, 47891 – Dogana – Republic of San Marino (the «Controller«).

 

DATA PROTECTION OFFICER

The Controller, in order to facilitate relations with data subjects, has appointed SAPG Legal Tech S.r.l. with registered office at Via Durini n. 15, 20122 – Milan (MI), as its Data Protection Officer (the «DPO«).

As required by art. 38 of the GDPR, you can freely contact the DPO for all questions relating to the processing of your personal data and / or if you wish to exercise your rights as provided for in this Policy, by sending a written communication to the e-mail address: dpo.privacy@sapglegal.com.

 

PURPOSE AND LEGAL BASIS OF THE PROCESSING

While browsing the Site, some of your Personal Data may be acquired in the following ways.

  • Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, by way of example: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the Site, the access time, the stay on the single page, the analysis of the internal path and other parameters relating to the operating system and the user’s IT environment.

These technical / IT data are collected and used exclusively in an aggregate and non-identifying manner and could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site.

The processing will be legally based on the legitimate interest of the Controller in the better functioning of its systems, in the optimization and improvement of the browsing experience, in avoiding fraudulent activities and in improving the security of the Site (Article 6, paragraph 1, letter f) of the Regulation).
For more information on Cookies and their use within the Site, they can view the specific Policy available at the following Policy

  • Data provided voluntarily by the visitor

These are all the Personal Data released freely by the visitor on the Site, for example, to register and / or access a reserved area, download free resources, request information on a specific product or service via a form, subscribe to the newsletter service. , write to an e-mail address or call a telephone number displayed on the Site to have direct contact with the company (in order, for example, to request assistance or more information on a product / service of the Controller). This processing will be lawful under art. 6, paragraph 1, letter b) of the Regulations (execution of a contract or pre-contractual measures adopted at the request of the data subject) as well as for the fulfillment of any legal obligations.

To allow the Controller to carry out the processing activities for these purposes, it will be necessary to provide the Personal Data requested in the appropriate forms. In case of failure to fill in even one of the fields marked as mandatory, it may not be possible to process your Personal Data and, consequently, to provide you with the information and services requested.

No Personal Data relating to your health and, in general, special categories of personal data referred to in art. 9 of the Regulations will be processed.

In addition to the above, your Personal Data may be processed by the Controller for the following and additional purposes.

  • Direct marketing – This term means the carrying out of promotional activities (using both automated and traditional methods) of the products and / or services of your interest sold and / or provided by the Controller. With regard to this direct marketing purpose, it should be noted that, by virtue of art. 6 paragraph 1 letter. f) of the Regulation and art. 130 paragraph 4 of the Privacy Code (the so-called soft spam exception), the Controller may carry out this activity based on its legitimate interest, regardless of your explicit consent, as better explained in Recital 47 of the Regulation in which it is stated that “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. This will be possible following the assessments made by the Controller regarding the possible prevalence of your interests, fundamental rights and liberties. Moreover, you can lawfully and at any time (even partially) oppose the receipt of promotional communications, without in any way prejudicing the processing for other purposes.

 

SUBJECTS TO WHOM YOUR PERSONAL DATA MAY BE COMMUNICATED

Your Personal Data may be managed, on behalf of the Controller, exclusively by personnel expressly authorized to process (pursuant to art.29 GDPR) and by third parties expressly appointed as data processors (pursuant to art.28 GDPR), in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Policy.

Where required by law or to prevent or suppress the commission of a crime, your Personal Data may also be disclosed to public bodies or the judicial authorities.

 

PERIOD OF STORAGE OF PERSONAL DATA

In compliance with the principle of limitation of the retention period (Article 5.1, letter e) of the GDPR), your Personal Data will be processed by the Controller limited to what is necessary for the pursuit of the purposes referred to in this Policy.

In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulation, i.e. until the termination of the existing relationship between you and the Controller, as well as for a further retention period that may be imposed by law (as also required by Recital 65 of the Regulation).

 

CONNECTION TO / FROM THIRD PARTY SITES

Browsing on the Site, it may be possible to connect through specific links to other third party websites.

In this regard, the Controller cannot be held responsible for any management of Personal Data by third party websites and for the management of authentication credentials provided by third parties.

 

RIGHTS OF DATA SUBJECT

You can exercise your rights at any time under Articles 15 and ss. of the Regulation towards the Controller. In particular, you have the right to obtain:

  • confirmation as to whether or not your Personal Data is being processed and to obtain access to the data and the following information: purpose of the processing, categories of personal data, recipients and / or categories of recipients to whom the data have been and / or the relative retention period will be communicated;
  • the rectification of your inaccurate Personal Data and / or the integration of incomplete Personal Data, also by providing a supplementary declaration;
  • the erasure of your Personal Data and the restriction of processing in the cases provided for by the GDPR and by the privacy legislation in force;
  • where applicable, the portability of your Personal Data and, in particular, the possibility of requesting the direct transmission of your Personal Data to another Controller;
  • object to the processing at any time, for reasons related to your particular situation, to the processing of your Personal Data in full compliance with the privacy legislation in force.

To exercise your rights, you can contact the Controller at the following e-mail address, attaching a copy of your identity document: privacy@crossbowtrustee.sm.

In any case, if you believe that the processing of Personal Data is contrary to the privacy legislation, you will always have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) pursuant to art. 77 of the GDPR.

 

TERRITORIAL SCOPE OF PROCESSING

Your Personal Data will be processed within the territory of the Republic of San Marino and, in any case, within the territory of the European Union.