Privacy Policy - Use of the service

DWSNET S.r.l. (from now on, for the sake of brevity, “DWService”, or the “Company”) informs you that your personal data acquired when you create an account and when you buy and use the Service through DWService’s web site will be processed in accordance with the law on the protection of personal data.

With reference to the methods used for the management and processing of your personal data, DWService provides with the following information pursuant to Article 13 of EU Regulation No. 679/2016:

1. Categories of data collected

Data that you, as the user, supply voluntarily

When creating an account, purchasing or using the Service through DWService’s web site, the following personal data are collected and processed:

• email address;
• password and authentication token;
• user’s language and nationality;
• alias;
• device and service usage data (such as, for example, IP address, browser type);

2. Purposes and legal basis of the processing operations

The data you supply, which are then collected by DWService, shall be processed in order to:

1. allow you to create an account, buy and use the Service provided for by the Data Controller. The legal basis that legitimizes the processing of personal data for this purpose is set out in Article 6, section 1, letter b) of EU Regulation No. 679/2016 – i.e. processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
2. comply with any legal obligations or regulations, or to requests made by the judicial authorities. The legal basis that legitimizes the processing of personal data for this purpose is set out in Article 6, section 1, letter c) of EU Regulation No. 679/2016 – i.e. processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
3. exercise or defend a right in court. The legal basis that legitimizes the processing of personal data for this purpose is set out in Article 6, section 1, letter f) of EU Regulation No. 679/2016 – i.e. processing is necessary for the establishment, exercise or defence of legal claims of whenever courts are acting in their judicial capacity;
4. prevent fraud. The legal basis that legitimizes the processing of personal data for this purpose is set out in Article 6, section 1, letter f) of EU Regulation No. 679/2016 – i.e. processing is necessary to prevent the commission of offences through the use of the services offered by the Data Controller;
5. send marketing communications via email relating to those services and products of the Data Controller that are similar to those already purchased and/or requested by the Data Subject. The legal basis that legitimizes the processing of personal data for this purpose is set out in Art. 130, co. 4, D.lgs. 196/2003 – i.e. processing takes place within a client relationship;

3. Data retention period

Personal data collected and processed for the purposes referred to in points 2 a), 2 b), 2 c) and 2 d) will be stored for the entire period of service provision and for the subsequent period of 10 years, except for those necessary for compliance with tax, accounting and administrative regulations or to comply with other legal obligations or requests from the Judicial Authority and to document the activities carried out. User’s telematic traffic data will be deleted after 24 months.

Personal data collected and processed for the purposes indicated in point 2 e) will be stored for a maximum period of 24 months from the last contact with the data subject.

4. Processing methods and security measures

Any personal data collected will be processed, retained and analyzed using electronic tools and will be stored both in electronic format and in hard copy, organised into databases, and on any other appropriate type of media.

Specific security measures are implemented to prevent the loss, illegal or unfair use of the data, or unauthorized access to them. The list of implemented security measures is available in the Security section of the site.

The processing of your personal data carried out by DWService does not involve any automated decision-making.

5. Disclosure of your personal data

The disclosure of users’ personal data for the purposes set out in Points 2 a), 2 b), 2 c) and 2 d) is necessary for the execution of the contractual relationship with the users and for compliance with the legal requirements and is, therefore, compulsory for those purposes. Failure to provide personal data shall make it impossible for DWService to provide the requested service.

The disclosure of user’s data for the purposes set out at Point 2 e) is optional – failure/refusal to provide personal data for said purpose shall not have consequences for the users.

6. Parties to which your personal data may be disclosed

None of your personal data collected by the DWService will be disclosed indiscriminately, but may be communicated to those parties that have the right to access your personal data to ensure compliance with legal and secondary and/or EU regulations (for example, to Authorities in the framework of judicial cooperation), and to the Data Controller’s own personnel, and also to companies, associations or professional firms that provide services and operations on behalf of the Data Controller, operating as Data Processors, in particular for the provision of ICT services (e.g. web hosting services), to ensure compliance with legal obligations, and for every other organisational and/or administrative requirement that is necessary to provide the requested services. The names of the parties, operating as Data Processors, to which your personal data may be disclosed are shown in an up-to-date list that can be requested from DWService (through the contact information indicated at Point 10).

7. Links to third-party websites or services

This privacy notice is provided only for the processing of personal data carried out through DWService’s web site, and not for other websites that may be visited by the user via links, which act as independent data controllers. Therefore, users are invited to carefully read the privacy policies of third-party services before accessing them. In particular, for the management of user payments, the DWService relies on the Merchant of Records Paddle.com. The data collected by this provider is not accessible or stored by DWService. All information regarding the processing of data by Paddle.com can be found in its privacy policy.

8. Transfer of data outside the European Economic Area or to international organizations

DWService does not regularly transfer personal data collected through its website outside the European Economic Area (EEA) or to international organizations.

If necessary for the provision of the service to the data subject, DWService may transfer user data outside the EEA to countries where its Nodes are located. In these cases, the transfer of data outside the EEA will take place to execute the contract with the customer, in accordance with Article 49(1)(b) of EU Regulation 2016/679.

In exceptional cases, solely for the purpose of complying with legal obligations to which it is subject, DWService may transfer personal data to foreign Public Authorities (e.g. to United States of America’s Authorities). In these cases, the transfer of data outside the EEA will only take place in the presence of relevant reasons of public interest, as provided for in art. 49, par. 1, lett. d) Reg. EU n. 679/2016, and in compliance with the additional applicable data protection laws.

9. Your rights as the Data Subject

In relation to the aforementioned processing operations carried out on your personal data, you are entitled to exercise at all times those rights set out by EU Regulation No. 679/2016 (GDPR), including, for example, the right to be informed, within 30 days from your request, as to:

• the origin of any personal data held that concerns you;
• the purposes and methods of the processing operations;
• the logic applied in the case of processing operations carried out using electronic instruments;
• the identification of the Data Controller, the Data Processors and the designated representative;

As the Data Subject, you have the right to obtain, within the same timeframe of 30 days:

• access to the data, and their updating, rectification or (where in your interest) completion;
• the erasure, transformation into anonymous form or blocking of access to any data processed in breach of the law;
• the limitation of the processing of those data that concern you, or to request that the Data Controller or the Data Processor reduce the purposes and/or methods for/with which your data are being processed;

You can also request a copy of your data in a standard format (the so-called “Right to data portability”).

As the Data Subject, you also have the right to object, at any time and at no cost, wholly or partially:

• for legitimate reasons, to processing of your personal data, even if the processing operations are still relevant to the purpose for which the data were collected in the first place;
• to processing of your personal data carried out pursuant to Article 6, Paragraph 1 of the GDPR, Letters e. (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) or f. (“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”) including profiling on the basis of these provisions;
• to processing of your personal data for the purposes of sending Newsletter, advertising or direct sales material or for the completion of market research or commercial communications (direct marketing), including any relevant profiling operations;

You have the right to withdraw your consent for the processing operations when that consent is based on the circumstances described by Article 6, Paragraph 1, Letter a. (when “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), or by Article 9, Paragraph 2, Letter a. (when “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”) of EU Regulation No. 679/2016, at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

In particular, the data subject, in order not to receive any more marketing communication, may at any time request free cancellation from the service by sending a message to the addresses indicated in point 10 of this notice.

Should you consider the processing operations to have been carried out in breach of current legislation, you have the right to lodge a complaint with a supervisory authority, specifically in the Member State in which you habitually reside or work, or the Member State where the alleged breach has taken place. The Italian supervisory authority can be contacted using the contact data on its own website.

10. Data Controller – Contact data

The Data Controller is DWSNET s.r.l. with its registered offices at via Fedro n. 16, 80122 Napoli, VAT n. IT10018841212.

The Company can also be contacted at the email address support@dwservice.net.

You can submit a request to exercise any of the rights listed above by writing to the following email address: support@dwservice.net.