This Website collects certain Personal Data of its users.


Data controller

ITC srl – Via F. Melzi d’Eril, 44 – 20154 Milan

Data Controller’s email address: info@recallfirsthand.com

Type of data collected

Among the Personal Data collected by this Website, independently or through third parties, there are: Cookies; Usage data; email; first name; surname; various types of data; payment data; address; business name. Full details of each data type collected are given in the relevant sections of this privacy policy or in specific information texts displayed before the data is collected. Personal data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Website. Unless otherwise specified, all the Data requested by this Website are mandatory. If the User refuses to communicate them, it may be impossible for this Website to provide the Service. In cases where this Website indicates certain Data as optional, Users are free to refrain from sending such Data, without this having any consequence for Service availability or operation. Users in doubt as to what data is compulsory are encouraged to contact the data controller. Any use of Cookies – or other tracking tools – by this Application or by third-party service providers used by this Application, unless otherwise specified, is intended to provide the service requested by the User, in addition to the additional purposes described in this document and the Cookie Policy, if available.

The user assumes the responsibilities for Personal Data of third parties published or shared through this Website and warrants that they have the right to disclose or disseminate, freeing the Controller from any liability to third parties.

Method and place of processing the collected data.

Method of processing

The Data Controller shall take appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. The processing is carried out using IT and/or electronic telecommunication tools, within organisational procedures and for reasons strictly related and limited to the stated purposes. In addition to the Data Controller, other parties involved in the organisation of this Website may also have access to the Data (administrative, commercial, marketing, legal, system administrator personnel) or external parties (such as third-party technical service providers, couriers, hosting providers, IT companies, communication agencies) and where necessary, a Data Manager appointed by the Data Controller. An updated list of Data Manager is always available on request from the Data Controller.

Legal basis for data processing

The Data Controller shall process the User’s Personal Data if one of the following conditions is met:

  • the User has given consent for one or more specific purposes. NB: in some judicial systems the data controller may be authorised to process personal data without the user’s consent or on any other of the legal bases specified below unless the user objects to such processing (opts out).
    However, this does not apply if the processing of personal data is governed by European legislation on the protection of personal data;
  • processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
  • the processing is necessary to fulfil a legal obligation to which the data controller is subject;
  • processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the Data Controller;
  • the processing is necessary to pursue the legitimate interest of the data controller or a third party.

However, it is always possible to ask the Data Controller to clarify the specific legal basis of all processing and, in particular, to specify whether the processing is based on the law, provided for by a contract or necessary for the conclusion of a contract.

Place

The data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the

processing are located. For further information, contact the Data Controller. Personal data may be transferred to a country other than that in which users are located. More information on the place of processing is available in the section on details of personal data processing.

The User has the right to obtain information on the legal basis for the transfer of Data outside the European Union or an international organisation governed by public international law or consisting of two or more countries, such as the UN, and on the security measures taken by the Controller to protect the Data Controller.

The User can check if one of the transfers described above takes place by examining the section of this document concerning the details on the processing of Personal Data or request information from the Data Controller by contacting them at the addresses indicated herein.

Retention period

Data is processed and stored for the time required for the purposes for which it was collected.
Therefore:

Personal data collected for purposes related to the execution of an agreement between the controller and a user will be retained until the execution of the agreement is complete.

The Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. Further information regarding the legitimate interest pursued by the controller can be obtained from the relevant sections of this document or by contacting the controller.

Where the processing of personal data is based on user consent, the controller may retain the data for longer, until consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, Personal Data will be erased. The right to access, annul and rectify Personal Data and the right to portability of data can, therefore, no longer be exercised after this period has ended.

Purposes for Processing collected Personal Data

The Data concerning the User is collected to allow the Data Controller to provide its Services, as well as for the following purposes:
Statistics, Displaying content from external platforms, SPAM protection, Contacting the User,
Payment management and interaction with external social networks and platforms.

See the relevant sections of this document for more detailed information on the purposes of processing and on the specific personal data related to each purpose.

Details regarding the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

  • Contact the user

Mailing list or newsletter (this Website)

By registering for the mailing list or newsletter, the User’s email address is automatically included in a list of contacts to which email messages, including commercial and promotional information, relating to this Application may be sent. The User’s email address may also be added to this list after registering to this Website or after making a purchase.

Personal data collected: email and name.

Contact form (this Website)

The User, by filling in the contact form with his/her Data, consents to their use to respond to requests for information, quotes, or any other category indicated in the header of the form.

Personal Data collected: surname; email; first name; various types of information.

  • Management of payments

Payment management services allow this Website to process payments by credit card, bank transfer or other means. The data used for the payment are acquired directly by the provider of the payment service requested without being in any way processed by this application. Some of these services may also allow the programmed sending of messages to the User, such as emails containing invoices or payment notifications.

Payment by bank transfer (this Website)

If the payment method chosen is direct bank transfer to the current account indicated on this Website, the Data Controller will collect the data relating to the User’s payment, i.e. the payer’s current account number, SWIFT code, Bank and the payer’s name. These data will be collected and processed exclusively in the context of the transaction and for billing purposes only.

Personal Data collected: surname; payment data; address; first name; business name.

PayPal (Paypal)

PayPal is a payment service provided by PayPal Inc., which allows the User to make payments online.
Personal Data Collected: various types of Data as specified in the service privacy policy.
Place of processing: Consult the PayPal privacy policy – Privacy Policy.

Interaction with social networks and external platforms

These services enable interaction with social networks or other external platforms directly from the pages of this Website. The interactions and information obtained from this Website are, in any case, subject to the User’s privacy settings relative to each social network. This type of service could still collect traffic data for the pages where the service is installed, even when Users do not use it. It is recommended to disconnect from the respective services to make sure that the data processed on this Website is not connected to the User’s profile.

PayPal button and widget (Paypal)

The PayPal button and widget are interaction services with the PayPal platform, provided by PayPal Inc.
Personal Data Collected: Cookies; Usage Data.

Place of processing: Consult the PayPal privacy policy – Privacy Policy.

Facebook ‘Like’ button and social media widgets (Facebook, Inc.)

Facebook’s ‘Like’ button and social media widgets are services that enable interaction with the Facebook social network, provided by Facebook, Inc.

Personal Data Collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Person adhering to the Privacy Shield.

  • Protection against SPAM

This type of service analyses the traffic from this Application, potentially containing User Personal Data, to filter it from parts of traffic, messages and content recognised as SPAM.

Google reCAPTCHA (Google Ireland Limited)

Google reCAPTCHA is a SPAM protection service provided by Google Ireland Limited.
Use of the reCAPTCHA system is subject to Google’s privacy policy and terms of use.

Personal Data Collected: Cookies; Usage Data.
Place of treatment: Ireland – Privacy Policy. Person adhering to the Privacy Shield.

  • Statistics

The services contained in this section allow the Data Controller to monitor and analyse traffic data and are used to keep track of the User’s behaviour.

User ID extension for Google Analytics (Google Ireland Limited)

Google Analytics on this site uses a function called User ID. This enables more accurate tracking of Users by assigning each one a unique ID for various sessions and devices, but not allowing Google to personally identify an individual or permanently identify a specific device. The User ID extension also allows you to connect Data from Google Analytics to other User Data collected from this site. The Opt-Out link provided below allows you to disable tracking for the device you are using, but does not exclude further tracking activities carried out by the Data Controller. To deactivate the latter, contact the owner via the contact email address.

Personal data collected: Cookies.
Place of processing: Ireland – Privacy PolicyOpt Out. Person adhering to the Privacy Shield.

Google Analytics (Google Ireland Limited)

Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected for tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google. Google may use your Personal Information to contextualise and customise ads in its advertising network. Personal Data Collected: Cookies; Usage Data.

Place of processing: Ireland – Privacy PolicyOpt Out. Person adhering to the Privacy Shield.

Google Analytics with anonymised IP (Google Ireland Limited)

Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected for tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google. Google may use your Personal Information to contextualise and customise ads in its advertising network. This integration of Google Analytics makes your IP address anonymous. Anonymity works by abbreviating users’ IP addresses within the borders of European Union Member States or other countries adhering to the agreement in the European Economic Area. Only in exceptional cases will the IP address be sent to Google’s servers and abbreviated within the United States. Personal Data Collected: Cookies; Usage Data.

Place of processing: Ireland – Privacy PolicyOpt Out. Person adhering to the Privacy Shield.

  • Displaying contents from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this Application and to interact with it. This type of service could still collect traffic data for the web pages where the service is installed, even when Users do not use it.

Google Fonts (Google Ireland Limited)

Google Fonts is a service for the display of font styles run by Google Inc. that allows this application to integrate said content on its pages.

Personal Information: Usage data and various types of data as specified by the privacy policy for the service.
Place of treatment: Ireland – Privacy Policy. Person adhering to the Privacy Shield.

YouTube Video Widget (Google Ireland Limited)

YouTube is a video content viewing service operated by Google LLC that allows this Website to integrate such content into its pages.

Personal Data Collected: Cookies; Usage Data.
Place of treatment: Ireland – Privacy PolicyPrivacy Policy. Person adhering to the Privacy Shield.

Further information about Personal Data

  • Online Sale of goods and services

The Personal Data collected is used for the provision of services to the User or the sale of products, including payment and any delivery. The Personal Data collected to submit the payment may be those relating to the credit card, the bank account used for the transfer or other payment instruments provided. The Payment Data collected from this website depend on the payment system used.

User rights

Users may exercise certain rights concerning the data processed by the controller.

In particular, the User has the right to:

  • withdraw their consent at any time. The User can withdraw consent to the treatment of his own
    Personal Data previously expressed.
  • object to the processing of their data. Users may object to the processing of their data when it is done so on legal grounds other than consent. More details on the right to object are given in the section below.
  • access their data. Users have the right to obtain information on what data is processed by the controller and on particular aspects of the processing and to obtain a copy of any data processed.
  • verify and ask for the data to be corrected. Users may check that their data is correct and ask for it to be updated or corrected.
  • have the processing restricted. When certain conditions are satisfied, users may ask for the processing of their data to be restricted. In this eventuality, the controller may not process the data for any purpose other than for its retention.
  • have their Personal Information removed or deleted. When certain conditions are met, the User may request the cancellation of his/her Data by the Data Controller.
  • have their data sent to themselves or transferred to another Data Controller. Users have the right to receive their data in a structured format that is commonly used and readable by automatic devices, and where technically feasible, to have it transferred without hindrance to another Data Controller. This instruction is applicable where the data is processed by automated means and processing is based on user consent, in respect of an agreement to which the user is a party or contractual measures connected to this.
  • lodge a complaint. Users may submit a complaint with the competent supervisory authority for data protection or take legal action.

Details of the right of objection

When Personal Data is processed in the public interest, in the exercise of public powers vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.

Users are reminded that where their data is processed for direct marketing purposes, they may object to the processing without giving any reason. To find out whether the controller processes data for direct marketing purposes, users should refer to the relevant sections of this document.

How to exercise such rights

To exercise the User’s rights, Users may address a request to the Data Controller contact details indicated in this document. Requests shall be filed free of charge and processed by the Data Controller as soon as possible and in any event within one month.

Cookie Policy

This Website uses Cookies. For more information and to read the detailed information notice, the User can consult the Cookie Policy.

Further information on data processing

Legal defence

User Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages for its possible establishment to defend against misuse of this Application or related Services by the User.

Users declare that they are aware that the data controller may be obliged to disclose the Data by order of public authorities.

Specific information

At your request, in addition to the information contained in this privacy policy, this Application may provide the User with the additional and contextual information regarding specific Services or the collection and processing of Personal Data.

System Logs and Maintenance

Out of necessity related to operation and maintenance, this Website and any third-party services used by it may collect system logs, which are files which record the interactions and may also contain Personal Data, such as the IP address of the User.

Information not contained in this policy

Further information concerning the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Response to “Do Not Track” requests

This Website does not support “Do Not Track” requests. To learn whether any third-party support services have been employed, Users are invited to consult the respective privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make modifications to this privacy policy at any time by informing Users on this page and, if possible, on this Website and, where technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller. Please consult this page regularly and check the date of the latest change, which is indicated at the bottom of the page.

Where changes involve processing on the legal grounds of user consent, the data controller will seek to obtain renewed user consent if necessary.

Definitions and legal references

Personal Data (or Data)

Personal Data is any information that, directly or indirectly, also in connection with any other information, including a personal identification number, can identify a physical person or make him/her identifiable.

Usage data

This is information collected automatically through this Website (or by third-party applications integrated into this Website), including: IP addresses or domain names of the computers used by Users to connect to the Website, Uniform Resource Identifiers (URIs)​, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal aspects of the visit (for example, the time spent on each page) and the details of the path followed within the Application, with particular reference to the sequence of pages visited, to the parameters related to the User’s operating system and the User’s IT environment.

User

The individual who uses this Website which, unless otherwise specified, coincides with the Data Subject.

The data subject

The physical person to whom the Personal Information refers.

Data Processor (or Processor)

The physical person, legal entity, public administration and any other entity that processes personal data on behalf of the Data Controller, as set forth in this Privacy Policy.

Data Controller (or Controller)

The physical or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and the instruments to be used, including any security measures relating to the operation and use of this Website. Unless otherwise specified, the Data Controller is the owner of this website.

This Website (or this Application)

The hardware or software tool through which the Personal Data of Users are collected.

Service

The Service provided by this Application as defined in the relevant terms (if any) on this site/application.

European Union (or EU)

Unless otherwise stated, any reference in this document to the European Union shall be deemed to extend to all current Member States of the European Union and the European Economic Area.

Cookie

A small packet of data stored on the User’s device.

Legal references

This Privacy Policy is drawn up based on multiple legislative systems, including articles 13 and 14 of EU Regulation 2016/679.

Unless otherwise specified, this privacy policy only concerns this Website.