Table of Contents
This information is provided for the website https://supporthost.com/ (Site) owned by SupportHost OÜ, with the registered office at Ahtri tn 12, Tallinn, 10151, Estonia (Data Controller), in the name of the legal representative and sole shareholder Mr. Ivan Messina (VAT EE102402247) as Data Controller under the GDPR.
Purchases on the Site
Subject to your prior consent, your personal data will be processed to allow you to make purchases on the Site.
The information and data requested in case of registration will be used to allow you to access the private area of the Site, and to use the online services offered by the Data Controller to registered users.
Subject to your consent, the Data Controller may process the personal data provided by you in order to send you advertising material and/or newsletters relating to its own services or those of third parties.
The data controller may use, for the purposes of direct sales of services offered for sale through the Site, the e-mail addresses you provided in the context of purchase on the Site, even without your consent, provided that it is a service similar to that of the previous sale (so-called soft spamming). You may refuse this treatment at any time by communicating your refusal to the Data Controller.
In compliance with the GDPR, we hereby inform you that the Data Controller will process your personal data under the following conditions.
Art. 1. Purpose and legal basis of the data processing. Compulsory or optional conferment. Consequences of refusal of treatment.
The processing of personal data is aimed at achieving the following purposes:
a. to allow registration on the Site and access to services reserved for registered users as well as to enable compliance with obligations arising from the law or regulations in force, in particular, in the administrative, accounting, public security. The legal basis for the data processing is the need for the Data Controller to execute pre-contractual measures adopted at the request of the data subject or to comply with a legal obligation;
b. in the case of making an online purchase order, to permit the conclusion of the purchase contract and the proper execution of transactions related to the same (and, where necessary under the legislation, to fulfill tax obligations). The processing legal basis is the obligation of the Data Controller to execute the contract with the data subject or to comply with legal obligations;
c. in order to protect the Data Controller from fraudulent purchases, personal and payment data are preventively filtered by an automated external service that allows checking for the purpose of monitoring and preventing fraudulent payments. The passing of this check with a negative result will prevent the completion of the transaction. The interested party will be notified of the circumstance and may have to submit documents or useful information to invalidate the negative outcome of the automatic preventive checks. The legal basis of the data processing is the legitimate interest of the owner, taking into account the appropriate balance of the legitimate interest with the rights of the person concerned, without prejudice to the right of the person concerned to object to the processing for the purposes in question, desisting from proceeding with the order itself.
d. limited to the email addresses you provide in the context of a purchase through the Site, to allow the direct offer by the Data Controller of similar services (so-called soft spamming), unless you object to such treatment in the manner provided by this policy. The legal basis for the processing is the legitimate interest of the Data Controller to send this type of communication. This legitimate interest can be considered equivalent to the interest of the data subject in receiving "soft-spam" communications;
e. with your consent, to send newsletters and to carry out market surveys, including those aimed at assessing the degree of user satisfaction, and the sending of advertising material relating to services of the Data Controller and/or third parties, by means of systems such as email (marketing purposes); the legal basis for the processing is the consent of the data subject;
f. to respond by email, telephone to your requests. The provision of data is optional, but your refusal will make it impossible for the Data Controller to respond to your requests. The legal basis of the processing is the legitimate interest of the Data Controller to respond to your requests. This legitimate interest is equivalent to the user's interest in receiving responses to communications sent to the Data Controller.
The provision of data for the purposes referred to in points a), b) and c) is merely optional. However, since such processing is necessary to make a purchase on the Site, your refusal to provide such data will make it impossible to make such a purchase through the Site.
Consent to the processing of your data for marketing purposes is purely optional. Failure to consent will only imply the consequences described below.
Failure to consent to the processing of your data for marketing purposes will make it impossible for you to receive advertising material relating to the services of the Data Controller and/or third parties, and it will also make it impossible for the Data Controller to carry out market surveys, including those aimed at assessing the level of user satisfaction and to send you newsletters.
Notwithstanding the above, it is understood that the Data Controller may still use your personal data for the sole purpose of correctly fulfilling the obligations provided for by the laws in force and the obligations arising from the contractual relationship between you and the Data Controller.
We wish to remind you that you may object to the processing of your personal data also through the link at the bottom of any promotional email sent by the Data Controller.
Payment card data
To make a payment through one of the payment cards offered on the Site, the user must enter confidential data of the payment card directly on a page that will communicate through secure encryption protocol with the provider of the payment service (which will act as an autonomous owner of the treatment), without passing through the server of the owner of the treatment which, therefore, will not process such data in any way. The data will be acquired in an encrypted format.
In execution of the legal obligations provided for by Directive 2015/2366/ (EU) on payment services in the internal market (PSD2), You are informed that with reference to purchases made on the Site by credit card, among the data necessary for the conclusion of the purchase process may include the cell phone number provided by You, or a different source of personal data necessary to complete the purchase process. In fact, in order to allow you to complete the purchase, the payment institution in charge of managing the transaction will send you an authentication code, which must be entered by you during the purchase process to meet the authentication criteria provided by PSD2 (Strong Customer Authentication). The processing of your personal data for these purposes has as its legal basis the fulfillment of legal obligations and does not require your consent.
With reference to payment card data, it should be noted that the processing of your personal data is necessary to allow the conclusion of the online purchase contract with the Data Controller. Failure to provide this data, therefore, will not allow you to complete the online purchase process.
On the Site, you can also buy through PayPal. In this case, you will be directed to a page outside the site, where you must indicate your personal information required by PayPal - which will act as an independent data controller - to complete the purchase process. The personal data will not transit from the server of the Site that, therefore, will not process such data in any way. The processing of your personal data is necessary to allow the conclusion of the online purchase contract with the Data Controller. Failure to provide this data, therefore, will not allow you to complete the online purchase process.
If you choose bank transfer as a means of payment, in the presence of any hypothesis of reimbursement, the owner will ask for the bank details useful to send the payment.
Particular or judicial data
The Data Controller does not process particular or judicial data.
Art. 2. Processing methods
The processing of your personal data will be mainly carried out with the help of electronic or automated means, in the manner and with the tools necessary to ensure security and confidentiality in accordance with the GDPR.
The information acquired and the methods of treatment will be relevant and not excessive in relation to the type of services rendered. The data will also be managed and protected in environments where access is under constant control.
Art. 3. Communication and dissemination of data
Your data may be communicated:
- to all those subjects (including the Public Authorities) who have access to personal data under regulatory or administrative measures
- to banks and companies that manage national or international payment circuits through which online payments are made for products purchased through the Site
- to companies, consultants or professionals who may be responsible for the installation, maintenance, updating and, in general, the management of hardware and software of the Data Controller or which the latter uses for the provision of its services
- to external companies in charge of sending advertising communications on behalf of the Data Controller
- employees and/or collaborators of the Data Controller
- subjects that manage online payment transactions
- to all those public and/or private individuals and/or legal (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Chambers and Offices of Labor, etc..), If the communication is necessary or functional to the proper fulfillment of obligations under the law.
The data concerning you will not be disclosed, except in anonymous and aggregate form, for statistical or research purposes.
Some of the above recipients are appointed as data processors. It is possible to ask the data controller for a list of those responsible.
Art. 4. Contact details of the data controller
The Data Controller can be contacted at the following addresses:
SupportHost OÜ, with the registered office at Ahtri tn 12, Tallinn, 10151, Estonia through the contact form on the Site or through the opening of a ticket for those who are already customers.
Art. 5. Storage of personal data
Personal data will be stored according to the following logic: (i) for marketing purposes, until consent is revoked; (ii) for the purpose of executing the sales contract, for 10 years from the date of receipt of the purchase order; (iii) for the purpose of defense in court, until the judgment becomes final; (iv) for the purpose of complying with legislation, for the time necessary for this purpose; (v) for the purpose of performing any service requested through the Site, for the time necessary to execute the request and not more than 5 years, (vi) for the verification of documents for the purposes of anti-fraud protection, for the time strictly necessary to carry out the verification (maximum 3 days).
Art. 6. Transfer of data to third countries
The personal data of the interested party are stored within the European Union.
In some cases, the interested party's data may be transferred outside the European Union if there is an Adequacy Decision by the European Commission or, in any case, if there are adequate guarantees.
In the event that the data subject himself/herself chooses a domain name or a server located in a country for which there is neither an Adequacy Decision nor adequate protection guarantees, the transfer takes place on the basis of art. 49,. b) GDPR, or for the need to transfer the data for the performance of a contract concluded between the data subject and the data controller.
Rights of the interested party
In accordance with art. 13 of the Privacy Regulations, the Data Controller informs you that you have the right to:
- request access to your personal data from the Data Controller and the rectification or cancellation of the same or the limitation of the processing concerning you or to oppose their processing, in addition to the right to data portability
- revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation
- to lodge a complaint with a supervisory authority (e.g. the Italian Data Protection Authority).
The rights referred to above may be exercised by making a request without formalities to the Data Controller to the contacts indicated above.
Art. 7. Changes
The Data Controller reserves the right to make changes to this policy at any time, giving appropriate publicity to users of the Site and ensuring, in any case, an adequate and similar protection of personal data. In order to view any changes, you are invited to regularly consult this information.
Art. 8. Cookies
What are cookies and what are they used for?
A cookie is a text file that a website visited by the user sends to his terminal (computer, mobile devices such as smartphone or tablet), where it is stored and then transmitted to that site on a subsequent visit to the same site.
Cookies are distinguished:
- on the basis of the subject who installs them, depending on whether it is the same manager of the site visited (so-called "first party cookies") or a different subject (so-called "third party cookies");
- according to the purpose of each cookie: some cookies allow better navigation, storing some of the user's choices, such as language (so-called "technical cookies"), other cookies allow monitoring the user's navigation also in order to send advertising and/or offer services in line with his/her preferences (so-called "profiling cookies").
Only Advertisement cookies require the prior consent of the user to their use.
The Site uses technical cookies as well as third-party profiling cookies.
The Data Controller is only responsible for first-party cookies installed on the Site.
How to give consent to profiling cookies
On your first visit to the Site, you may accept all cookies by performing one of the following actions:
- by clicking the "Accept" button present in the banner itself.
Cookies installed through the Site
With reference to the cookies installed by the Site we inform you that:
- the data being collected is exclusively for the purposes indicated in this policy;
- technical cookies do not require the prior consent of the user as they are necessary for the operation of the Site. Removing these technical cookies may adversely affect the navigation of the Site;