Last update: February 2, 2022
BOOM IMAGE STUDIO SPA, with registered office in Milan, via Galvano Fiamma 18, fiscal code 10189460966 (“BOOM”) is a company that offers a tech solution for the production and management of visual assets through an automated end-to-end platform (hereafter, “Services”).
BOOM processes personal data in compliance with the applicable laws and contractual provisions, using methods based on principles of fairness, lawfulness and transparency, protecting the privacy of the Data Subject and his/her rights.
Through this document, BOOM, in its quality of data controller of the processing of personal data (hereinafter “Data Controller” or “Controller”), intends to provide the information pursuant to art. 13 and following of EU Regulation 679/2016 (hereinafter “GDPR”), with reference to the processing of personal data of users (hereinafter, “User/Users”) of the website https://boomimagestudio.com (hereafter, “Website”) and to other processing activities hereinafter specified.
1. TYPES OF DATA PROCESSED AND TYPES OF PROCESSING
a) Navigation data: the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subject, but which by their very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes IP addresses or domain names of the computers used by Users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the User’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical IT crimes to the detriment of the Website: apart from this eventuality, the data on web contacts does not persist for more than seven days.
b) Data provided voluntarily by the User to receive information from BOOM : using the services “Request a Demo”, “Talk to our sales team”, and “Request pricing” involves the processing of User data, required in the relevant sections of the Website, for the sole purpose of offering the Services and fulfilling the related administrative obligations. The processed data are: name, e-mail, mobile phone number, name and number of employees of the company to which the Data Subject pertains, country, expected number of content orders.
c) Data provided voluntarily by the User in the “Join us” section: submitting your application involves processing of your personal data requested in the appropriate section of the Website, with the purpose of evaluating your candidature for the purposes of a possible professional collaboration. The processed data are: name/surname, country, city and ZIP code, e-mail, mobile phone number, data contained in the attached portfolio and data contained in the “Tell us a little about yourself” section, information on the type of equipment used, link to your website or Instagram profile.
d) Data provided voluntarily by the User for receiving promotional communications related to the Services: in the event that the data Subject signs up for the newsletter service and expresses his/her consent for the receipt of commercial communications by the Data Controller, the data will be processed for sending such communications by e-mail. The processed data are: e-mail.
e) Data provided voluntarily by the User for downloading or attending BOOM’s resources available in the section “resources” of the Website, such as articles, webinars, events, eBooks etc.: filling in the form to download or subscribe to a resource involves the processing of User data, required in the relevant sections of the Website, for the sole purpose of downloading or subscribing to the requested resource. The processed data are: name/surname, e-mail, company name and job title.
g) “Live Support” phone calls: in the event that the Data Subject has an inbound or outbound phone call with our “Live Support” Service, BOOM will store the record of the phone call in order to carry out quality controls on the performance of its client and customer support teams. The processed data are: name/surname, phone number, voice, any other information given by the Data Subject during the phone call.
2. PURPOSES OF THE PROCESSING AS WELL AS THE LEGAL BASIS FOR THE PROCESSING
User’s data collected under the processing activities described in the previous section no. 1, let. a-f, are processed by the Controller for:
a) FUNCTIONING OF THE WEBSITE: to pursue a legitimate interest of the Controller (pursuant to Article 6, par. 1 let. f) GDPR), consisting in ensuring the safety of the Website and the information exchanged therein, that is the capacity of such Website to resist, at a given level of security, to unforeseen events or acts illicit or malicious that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible.
b) USE THE SERVICES: to use the Services offered through the Website, by way of example, to allow the User to request demos, pricing, and getting in contact with BOOM's sales team. The legal basis is the execution of the contract to which the Data Subject is a party (pursuant to Article 6, par. 1, let. b) GDPR);
c) EVALUATION OF THE PROFESSIONAL PROFILE: to evaluate the spontaneous candidature of a Data Subject for the purposes of a possible professional collaboration. The legal basis for processing is the necessity to take steps at the request of the Data Subject prior to entering into a contract (Article 6, par. 1, let. b) of GDPR);
d) DISPATCH OF COMMERCIAL/PROMOTIONAL COMMUNICATIONS: if the Data Subject has expressed his/her explicit consent to such processing, to send invitations to training courses and events organized by the Controller or for sending promotional communications related to the activity of the Controller, including requests to participate in market research and opinion pools. The legal basis for processing is the explicit consent of the Data Subject (Article 6, let. a) GDPR);
e) SHARING CONTENTS AND RESOURCES: : if the Data Subject has expressed his/her explicit consent to such processing, to download or subscribe to courses and events organized by the Controller .The legal basis for processing is the explicit consent of the Data Subject (Article 6, let. a) GDPR);
f) QUALITY CONTROL OF THE LIVE SUPPORT SERVICE: Data Subject’s data collected under the processing activity described in section 1, lett. g), are processed to pursue a legitimate interest of the Controller (Article 6, par. 1 let. f) GDPR), consisting in carrying out quality controls on the performance of its client and customer support teams offering the “Live Support” Service. The Data Subject may oppose to such preference by stating his/her opposition at the beginning of the phone call and prior to being connected with the phone operator.
3. DURATION OF PROCESSING AND THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
For the purposes referred to in Article 2 above, personal data will be processed for the period strictly necessary for the pursuit of the aforementioned objectives or also subsequently if necessary for the fulfilment of legal obligations and/or for defensive purposes.
In particular, the data processed for the functioning of the Website (Article 2, a) will be stored for up to 7 days from collection, unless a longer retention period is necessary used to ascertain responsibility in case of hypothetical IT crimes to the detriment of the Website.
The data processed for use of the Services (Article 2, b) will be stored for 1 year from the time of collection. Thereafter, the data will be stored for the time periods provided under applicable laws and in any case for a maximum of 10 years.
The data processed for the evaluation of the professional profile of job applicants (Article 2, c) will not be stored for a period longer than 1 year from the date of its provision or, in relation to the sole purpose of Controller's defence in court, for a period of 5 years from its provision.
The data provided for the dispatch of commercial/promotional communications, invitations to events/workshops of the controller and requests to participate in opinion polls and market research (Article 2, d) will be stored for 2 years from the time of collection or up until the Data Subject withdraws his/her consent.
The data provided for downloading or subscribing to BOOM’s resourcing will be automatically erased from our systems within 7 days from the sending of the email.
If the Data Subject has not opposed to such processing activity, the data processed for quality control of the live support service (Article 2, f) will be stored for 6 months after the phone call has occurred and then permanently deleted.
4. PROCESSING METHODS
The processing will be carried out both on paper and electronically, with the help of modern computer systems and manual procedures, only by persons expressly appointed to this role. The processing will take place with logic and through forms of organization of data strictly related to the obligations, tasks or purposes mentioned above. The Data Controller uses technical and organizational measures to protect the data in its possession from manipulation, loss, destruction and against access by unauthorized persons. Security measures are constantly improved on the basis of technological development.
5. MANDATORY/OPTIONAL NATURE OF PROVIDING DATA
Providing the data processed for the purpose under Article 2, a) (functioning of the Website) is optional. In case of opposition, however, the User might not be able to use and access the Website.
Providing the data processed for the purpose under Article 2, b) (use of the Services) is optional. In case of refusal, however, the User will not be able to use the Services.
Providing the data processed for the purpose under Article 2, c) (evaluation of the professional profile) is optional. Any refusal to such processing, however, will make it impossible to follow up on the evaluation of the User’s position for the purposes of his/her possible collaboration.
Providing the data processed for the purpose under Article 2, d) (dispatch of commercial/promotional communications) is optional. The User can withdraw his/her consent to the processing activities for such purpose at any time, without having to state the reasons, and without this having any impact on the processing carried out until that moment on the basis of the previously given consent. The easiest way to withdraw consent is to click on the “Unsubscribe” link, which is available in every newsletter or communication received. The User can alternatively send a communication to the Controller at email@example.com.
Providing the data processed for the purpose under Article 2, e) (sharing contents and resources), is optional. Nonetheless, if the Data Subject refuses to provide such data, he/she will not be able to download or subscribe to the requested resource.
Providing the data processed for the purpose under Article 2, f (quality control of the live support service), is optional. If the Data Subject opposes to the recording of the relevant data, the Controller will not be able to record the phone conversation for its internal quality control purposes.
6. DATA DISCLOSURE
The User’s personal data will be processed by parties authorized to perform these tasks, duly appointed as data processors or as persons in charge of processing, equipped with security measures to guarantee the confidentiality of the Data Subjects to which the data refer and to avoid undue access by third parties or unauthorized personnel. If necessary, the data collected may be communicated, within the limits strictly relevant to the obligations, tasks or purposes referred to in section 2, to public or private subjects (including insurers, and auditing and certification companies) or competent Authorities for the purpose of prevention, detection or repression of crimes, with the observance of the rules that regulate the matter.
The updated list of all the data processors is available at BOOM’s office and may be requested to the following e-mail address firstname.lastname@example.org. Such list may be updated from time to time.
User’s data, stored in electronic form, is stored on a server owned by AWS and located in the European Union.
7. SOCIAL MEDIA BUTTON
The Website also contains “social buttons” (Facebook, Instagram, LinkedIn e YouTube) that allow the User to be redirected to our social page on the relevant social network. The social media buttons can be recognized by the logo of the respective social network.
On our website, all social media buttons are deactivated by default, which means that simply accessing our website does not result in any data being transferred to the social network providers.
We have no influence on the data collected by the providers of social networks.
The User can examine the information on the management of the data by social networks to whom the social buttons redirect at the following links:
8. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
All Data processing is carried out in Italy and in the countries of the European Union.
Should it be necessary to transfer the Data to Third Countries, the Controller undertakes to:
– Ensure that the country to which the Data will be sent guarantees an adequate level of protection, as provided under Article 45 of the GDPR; or
– Comply with the standard contractual clauses for Data protection approved by the European Commission as to the transfer of personal information outside the EEA in accordance with Article 46.2 of the GDPR.
9. USER’S RIGHTS
Each Data Subject has the following pursuant to Articles 15 to 22 of the GDPR:
• Right of access by the Data Subject;
• Right to rectification;
• Right to erasure (‘right to be forgotten’);
• Right to restriction of processing;
• Right to data portability;
• Right to object also to automated individual decision-making;
as well as the right to submit a complaint with the competent Supervisory Authorities at the conditions and within the limits indicated under Article 77 of the GDPR. If the User considers that the processing of his/her personal data has been carried out illegitimately, he/she can file a complaint with one of the competent control Authorities for compliance with the rules on the protection of personal data. In Italy, the complaint can be filed to Garante per la Protezione dei Dati Personali (http://www.garanteprivacy.it/).
The Data Subject can therefore know what personal data are hold by the Data Controller, their origin and how they are used, request the updating, correction or integration and, in the cases provided for by the provisions in force, the cancellation, the limitation of treatment or oppose to their treatment. Each Data Subject may, if he/she wishes, request to receive a copy of the personal data held by the Data Controller in a format readable by electronic devices and, where technically possible, the Data Controller may transfer the data directly to a third party indicated by the Data Subject.
10. EXERCISE OF RIGHTS
To exercise the aforementioned rights, Users can send a communication to the following email address email@example.com, indicating as subject of the email “Privacy – exercise of rights”.
*** *** ***