Information on the processing of personal data

In accordance with EU Regulation no. 2016/679 (hereinafter "GDPR"), 247 Growth S.r.l. (hereinafter the “Data Controller”) informs that the data provided by you (hereinafter the "Data Subject") through the website https://247xagencylibrary.com (the "Website"), will be processed in the following manner and for the following purposes.

  1. Data Controller
    The Data Controller is 247 Growth S.r.l., with registered office at Via Costanza Baudana Vaccolini, 14, 00153 Rome, Italy - Tel: +39 +39 339 1241318 - email privacy@247x.io.

  2. Types of data processed
    The processing will concern single operations, or a set of operations of the data provided by the Data Subject and personal data concerning natural persons acting in the name and on behalf of the same, of the following personal data provided by the Data Subject during the use of the services provided by the Data Controller through the Website (the "Personal Data" or also the "Data"): 
    1. identification and contact data provided by the Data Subject during registration on the Website, including but not limited to, first name, last name, e-mail address;
    2. data provided spontaneously by the Data Subject through requests for information sent to the Company;
    3. payment data including but not limited to, VAT number, bank account details;

  3. Data processing purposes
    The Data Controller will process your Personal Data for the following purposes:
    1. the Data referred to in Article 2 a) shall be processed for the following purposes:
        1. to execute the Contract;
        2. to process a request for registration on the Website;
        3. to manage and maintain the Website;
        4. to communicate and transmit information material relating to the activities covered by the Contract;
        5. to fulfil the obligations established by law, by a regulation, by community law or by an order of the Authority;
        6. to exercise the rights of the Data Controller, for example to exercise a right in court;
        7. IT security purposes, to guarantee the security of Personal Data processed;
        8. to prevent or uncover fraudulent activity or abuse harmful to the Website.
    2. The Data referred to in Article 2 b) shall be processed to process a request for contact on the Website.
    3. The Data referred to in Article 2 c) shall be processed for the payment of the consideration due for services and/or products purchased on the website

    The processing of Data for the purposes under a), b) and c) does not require the consent of the Data Subject as it is necessary for (i) fulfilling legal obligations, or (ii) the performance of relations to which the Data Subject is a party or for the adoption of pre-contractual measures taken on request of the same, or (iii) the pursuit of the legitimate interest of the Data Controller, pursuant to Article 6(1)(b), (c) and (f) of the GDPR.

  4. Processing methods and duration
    The processing of Data is carried out through paper or IT procedures by internally authorized and trained individuals. The aforementioned individuals are allowed access to the Data Subject's Personal Data to the extent and within the limits in which it is necessary for the performance of the processing activities.

    The Data Controller periodically verifies the tools by which the Data are processed and the security measures provided for them which are constantly updated; verification, also by means of the subjects authorized to execute the processing, that no Personal Data are collected, processed or stored; verifies that the Data are kept with the guarantee of integrity and authenticity and their use for the purposes of the processing actually performed.

    The Data Controller will process the Personal Data for the time necessary to fulfil the purposes set out above, and - for all the purposes indicated in the preceding art. 3 - guarantees that the Data, after the use of the service for which they are collected, may be stored and maintained for the purposes under article 3 for a maximum period of 10 (ten) years.

  5. Security
    The Data Controller has adopted a variety of security measures to protect the Data against the risk of loss, misuse or alteration, consistent with the measures expressed in GDPR article 32.

    The Data Controller may process, even through its suppliers, Personal Data, including IT Data, to the extent necessary and proportionate to ensure the security and ability of a network or servers connected to it to resist, at a given level security, unforeseen events or illicit or malicious acts that could, even potentially, compromise the availability, authenticity, integrity and confidentiality of Personal Data. For these purposes, the Data Controller provides procedures for the management of the violation of Personal Data (Data Breach) in compliance with the legal obligations to which compliance is required.

  6. Access and communication
    The Data may be made accessible for the purposes referred to in article 3:
    1. to employees, partners, associates and shareholders of the Data Controller, in their capacity as persons authorized of and/or internal managers of Data processing and/or system administrators;
    2. to third-party companies or other parties (for example, Website providers, Cloud providers, hardware and software support technicians, etc.) who perform outsourcing activities on behalf of the Data Controller, in their capacity as data processors.

    Without the express consent of the Data Subject, the Data may not be transferred to third parties for use for their own purposes, and therefore outside the access referred to in article 6.

    In any case the Data will not be disseminated.

  7. Data Transfer
    The management and storage of Data will take place mainly in Europe, on servers of companies generally appointed and duly appointed as Data Processors.

    As part of its organizational structure, the Data Controller uses tools such as Microsoft 365 ( Outlook, Sharepoint, Teams, etc.), Mailchimp, Nutshell and Slack.  These services, to ensure an adequate level of protection, in relation to those countries outside the E.E.S. with which there is no adequacy decision, base the transfer of Personal Data on the standard clauses on data protection approved by the European Commission, also protecting Data in transit through the HTTPS protocol and encrypting inactive data through encryption mechanisms.

  8. Provision of Data and consequences of refusal
    The provision of Personal Data for the purposes referred to in article 3 a) and c) is mandatory. In its absence, the Data Controller and his assignees cannot guarantee the establishment or the continuation of connection with the Data Subject through the Website.

    The provision of Personal Data for the purposes referred to in article 3 b) is optional. The Data Subject may decide not to provide any Data or subsequently deny the possibility of processing the Data provided: in such case, the Data Subject will not be able to contact the Data Controller through the forum on the Website.

    The provision of Personal Data for the purposes referred to in article 3 d) is optional. The Data Subject may decide not to provide any Data or to subsequently deny the possibility to process the Data provided: in such case, the Data Subject may not receive newsletters or other communications from the Data Controller.

  9. Rights of the parties involved
    Pursuant to Articles from 15 to 22 of the GDPR, as a Data Subject you may request and obtain: a) the confirmation of the existence of processing of Personal Data concerning you and, if so, the access to such Data; b) the rectification of inaccurate Personal Data and the integration of incomplete Personal Data; c) the deletion of Personal Data concerning you, in cases where this is permitted by the Regulations; d) the restriction of processing, in the cases provided for by the Regulation; e) the communication, to the recipients to whom the Personal Data have been transmitted, of the requests for rectification/deletion of Personal Data and restriction of processing received directly from you, unless this proves impossible or involves a disproportionate effort; f) the receipt, in a structured, commonly used and machine-readable format, of the Personal Data provided to the Data Controller, as well as the transmission of the same to another Data Controller, and this at any time, including upon termination of any relationship you may have with the Data Controller.

    You also have the right to object at any time to the processing of Personal Data concerning you. In such cases, the Data Controller is obliged to refrain from any further processing, except in the cases permitted by the Regulation. You also have the right not to be subjected to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or that significantly affects you in a similar way, unless such a decision: a) is necessary for the performance of the mandate you have given to the Data Controller; b) is authorized by the law of the Union or the Member State to which the Data Controller is subject; c) is based on your explicit consent.

    You also have the right to file a complaint with the Privacy Guarantor.

  10. Exercise of rights
    You may at any time exercise your rights by sending:
    1. an e-mail to privacy@247x.io;
    2. a registered letter to 247 Growth S.r.l., Via Costanza Baudana Vaccolini, 14, 00153 Rome, Italy.

  11. Changes to this information
    Each update of this information will be promptly made available to the Data Subject by appropriate means. It will also be communicated if the Data Controller will proceed with the processing of Personal Data of the Data Subject for purposes other than those referred to in this information before proceeding and in time to give consent if necessary.