Privacy Policy

This privacy policy is provided to users who fill out the contact form on the iTube website at www.i-tube.it, pursuant to Art. 13 of the General Data Protection Regulation (EU) 2016/679 (GDPR).

Controller
The Data Controller (hereinafter the “Controller”) is iTube srl, with registered offices in Via Pantanelli, 73 - 61025 Montelabbate (PU) - Tax Code and VAT No. 02447480415.

Source and type of data
Personal, identification (company, name and surname, etc.) and contact data (meaning personal identification details such as e-mail address and telephone number) is provided spontaneously by the data subject via the website’s form. 

Purposes of processing
The personal data of data subjects—users who fill out the “contact” form—is collected and processed to the extent strictly necessary to enable the use of online, electronic and telecommunication services for the following purposes:

• To respond to the data subjects’ requests for information;
• For informative, promotional or direct marketing activities, such as sending newsletters, providing promotional material and/or communicating commercial information, either by telephone or by means of electronic systems such as e-mails, text messages, social networks and other automated systems available for this purpose.

Legal basis
The legal basis for processing personal data is receipt of a request by the user. Any personal data provided voluntarily by data subjects upon filling out the online form is legitimately collected and processed to respond to requests for information received by e-mail. In this context, processing data for the above-mentioned purposes is necessary for the purposes of the legitimate interests pursued by the Controller. Processing data for promotional and direct marketing purposes, instead, is deemed lawful whenever the data subject distinctly expresses, by means of a declaration or an unequivocal positive action, his or her specific consent to the processing of his or her personal data. It is hereby understood, however, that the data subject may at any time withdraw any consent given, pursuant to Art. 7 of the GDPR, by sending a simple communication to the contact persons indicated in this privacy policy. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Compulsory or optional nature of data provision
The data subject may refuse to provide the Controller with his or her personal data, as the provision of such data is optional. However, filling out the fields in the form enables the company respond to any requests received. Any refusal to provide the data requested (identification and contact details) will therefore affect the outcome of the request and will prevent use of the aforementioned service. Failure to consent to the use of such data for direct marketing activities or, more generally, for commercial and promotional purposes, instead, will not affect the possibility of using the service, but will result in the company being unable to send commercial communications promoting its products or illustrating new opportunities of possible interest.

Processing methods
Personal data will be processed by electronic means, also using automated methods, in compliance with the principles of lawfulness, necessity and relevance, adopting safeguards aimed at identifying appropriate security measures at every stage of the processing. In this context, personal data is rendered anonymous and identification data is removed whenever there is no need to process such data in its identifiable form for the aforementioned processing purposes. In any case, such data is removed upon expiry of the storage period indicated in the following paragraph. The Controller does not process the data of users who intend to use this service on the basis of automated decision-making processes (such as profiling).

Such processing will be conducted by persons expressly authorised and trained in the protection of personal data. Data may be accessed, incidentally, by ICT personnel and computer technicians (both in-house and outsourced) who supervise the proper operation of the IT system.

Data storage
The Controller will store personal data for the time needed to pursue the purposes indicated in this privacy policy and, in any case, until the data subject requests the restriction of processing and/or exercises his or her right to object. Thereafter, the data may only be stored for the time determined by current legislation. Moreover, in the event of consent being given for marketing purposes, the data will be stored, without prejudice to the possibility of withdrawing consent, for a period of time not exceeding that necessary to achieve the purposes pursued (twenty-four months), after which the data will be deleted or rendered anonymous and processed solely for statistical analysis (without prejudice to a further storage period imposed by law or at the explicit request of the Authorities).

Data recipients
Any personal data processed by the Controller shall not be disseminated, meaning that it will not be made known or available to unspecified persons, in any form, even just for consultation purposes. Personal data may, on the other hand, be communicated to third parties (parent company conducting management and coordination activities) and, to the extent strictly necessary to perform services on our behalf, to third parties (including, by way of example, companies that provide IT services, companies specialising in the management, development and maintenance of websites, and companies specialising in the management of electronic communications services) employed exclusively for the provision of services related to the purpose pursued and whom, for greater protection, our company appoints as Processors (Art. 28 of the GDPR) on a case by case basis. The list of processors, identified and appointed in writing, is available from the Controller. Lastly, personal data may be communicated to parties authorised to access same in accordance with the provisions of law, regulations and EU legislation.

Cross-border data transfer
The company does not intend to transfer personal data to a third country or international organisation (Art. 13(1)(f) of the GDPR) outside the European Union (or the European Economic Area). However, the Controller does reserve the right to use cloud services, in which case the service providers shall be chosen from among those companies able to provide specific guarantees based on a regulatory framework recognised through an adequacy decision of the European Commission (such as the one dated 10 July 2023 that officially approved the “EU-US Data Privacy Framework”, the new agreement on the transfer of data to the United States) or, failing that, are able to provide suitable contractual or pactional guarantees (including binding corporate rules and standard contractual clauses). For file hosting and file sharing purposes, the company uses the Google Cloud and Google Workspace services. These offer a suite of cloud-based software and productivity tools (including a number of web applications, such as the “Gmail” e-mail system) provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), allowing EU residents to store data in a specific geographical location (within the EU).

Rights of the data subject
The data subject is entitled to exercise his or her rights at any time (pursuant to Articles 15-22 of the GDPR) in order to:

• obtain confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, access the personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients and/or categories of recipient to whom the personal data has been and/or will be disclosed, and the envisaged period for which the personal data will be stored;
• obtain the rectification of inaccurate personal data concerning him or her and/or the completion of incomplete personal data, including by means of providing a supplementary statement;
• obtain the erasure of personal data or the restriction of processing (as a result of unlawful or improper processing) in the cases provided for by current legislation;
• object to (or “opt out” from) the processing of personal data (meaning that the data subject no longer wishes his or her data to be processed in a certain way) in the cases provided for by current legislation (it being understood that this right does not exist where the lawfulness of processing is based on consent, since in this case the right of withdrawal prevails); this may be extended to the processing of personal data for purposes related to marketing activities carried out either by automated contact methods or by traditional means, it being possible to exercise this right in whole or in part (e.g. by objecting solely to e-mail or telephone communications, or to the sending of promotional communications by automated means, etc.), or to processing operations consisting of automated decision-making processes (such as profiling, where related to direct marketing purposes);
• obtain the portability of data relating to and provided by him or her, in order—in particular—to receive the personal data concerning him or her, which he or she has provided to a controller, and/or to have said personal data transmitted directly from one controller to another (it being understood that this right only applies if the legal basis of the data processing is a contract or consent, and if the data processing is carried out electronically) in the cases provided for by current legislation.

The data subject may exercise the above rights by writing to the Controller by post (at the above address) or by e-mail at info@i-tube.it, specifying the subject of his or her request and the right he or she legitimately intends to exercise.

Right to complain
Data subjects who believe that the processing of their personal data is in violation of the Regulation have the right to lodge a complaint with the competent supervisory authority (pursuant to Art. 77), or to take appropriate legal action pursuant to Art. 79 of the Regulation (GDPR).