BOOM IMAGE STUDIO S.R.L., with registered office in Milan, Corso Magenta, 85, fiscal code 10189460966 (“BOOM“) is a company that, through its website, offers digital services aimed at improving the multimedia experience of photographic materials and video on the web (hereafter, “Services”).
In carrying out its activities, BOOM processes personal data in compliance with the applicable laws and contractual provisions, using methods based on principles of correctness, lawfulness and transparency, protecting the privacy of the data subject and his/her rights.
Through this document, BOOM, in its quality of data controller of the processing of personal data (hereinafter “Controller“), intends to provide the information pursuant to art. 13 and following of EU Regulation 679/2016 (hereinafter “GDPR”), with reference to the processing of personal data of users (hereinafter, “User/Users“) of the website https://boom.co (hereafter, “Website“).
1. TYPES OF DATA PROCESSED AND TYPES OF PROCESSING
- Navigation data: the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subject, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical IT crimes to the detriment of the Website: apart from this eventuality, the data on web contacts do not persist for more than seven days.
- Data provided voluntarily by the User for the Service “Your quotation”: using the service “Your quotation”, involves the processing of User data, required in the appropriate section of the Website, for the sole purpose of offering the Services and fulfill the related administrative obligations. The data being processed are: name, e-mail, mobile phone number, home address, data related to the service requested (Food, Real Estate, Portrait, Still Life, Fashion, number of photos requested).
- Data provided voluntarily by the user for the “Join us” section: submitting your application involves process of your personal data requested in the appropriate section of the Website, with the purpose of evaluating your candidature for the purposes of a possible professional collaboration. The data being processed are: name, e-mail, mobile phone number, home address, data contained in its attached portfolio and data contained in the “Tell us a little about yourself” section, type of equipment used.
- Data provided voluntarily by the User for receiving promotional communications related to the Services: in the event that the data Subject signs up for the newsletter service or expresses his consent for the receipt of commercial communications by the Data Controller, the data will be processed for sending such communications by e-mail or ordinary mail, to the addresses provided by the Data Subject. The data being processed are: name, e-mail, domicile.
- Cookies: for the process of data through cookies, please take a look to the relevant policy.
2. PURPOSES OF THE PROCESSING AS WELL AS THE LEGAL BASIS FOR THE PROCESSING
User’s data collected are processed by the Controller for:
- FUNCTIONING OF THE SITE: to pursue a legitimate interest of the Controller, consisting in ensuring the safety of the Website and the information exchanged therein, that is the capacity of such Website to resist, at a given level of security, to unforeseen events or acts illicit or malicious that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible. The legal basis for processing is art. 6, par. 1 lett. f) of GDPR.
- USE THE SERVICES: to use the Services offered through the Website, by way of example, to allow the User to book a Service, to download the requested Service, etc. The legal basis for processing is art. 6, par. 1, lett. b) of GDPR, being the processing necessary the execution of the contract of which the data subject is a party;
- EVALUATION OF THE PROFESSIONAL PROFILE: to evaluate the spontaneous candidature of a data subject for the purposes of a possible professional collaboration. The legal basis for processing is art. 6, par. 1, lett. b) of GDPR;
- SENDING OF COMMERCIAL\PROMOTIONAL COMMUNICATIONS, INVITATIONS TO EVENTS/WORKSHOP OF THE CONTROLLER: if the data subject has expressed his explicit consent, to receive invitations to training courses, events organized by the Controller or for sending promotional communications related to the activity of the Controller, including market research. The legal basis for processing is art. 6, lett. A) of GDPR, ie the consent of the data subject.
3. DURATION OF PROCESSING AND THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
For the purposes referred to in art. 2) herein above personal data will be processed for the period strictly necessary for the pursuit of the aforementioned objectives and also subsequently, for the fulfillment of legal obligations and/or for defensive purposes.
The data provided for commercial communications activities, opinion polls and market research will be stored until the request by the data subject to interrupt such activity or for 2 years from the last granting of consent.
4. PROCESSING METHODS
The processing will be carried out both on paper and electronically, with the help of modern computer systems and manual procedures, only by persons expressly appointed for this purpose. The processing will take place with logic and through forms of organization of data strictly related to the obligations, tasks or purposes mentioned above. The Data Controller uses technical and organizational measures to protect the data in his possession from manipulation, loss, destruction and against access by unauthorized persons. Security measures are constantly improved on the basis of technological development.
5. MANDATORY/OPTIONAL NATURE OF PROVIDING DATA
Providing the data referred to in point 1, lett. b) is optional. In case of refusal, however, the User will not be able to use the “Your quotation” service. Provided the data referred to in point 1, lett. c) is optional. Any refusal to such processing, however, would make it impossible to follow up on the evaluation of the User’s position for the purposes of his possible collaboration.
Providing data referred to in point 1, lett. d) is optional. The User can withdraw his consent at any time and without indicating the reasons. The easiest way to do this is to click on the “Unsubscribe” link, which is available in every newsletter or communication received. The User can alternatively send a communication to the Controller at [email protected].
6. DATA DISCLOSURE
The User’s personal data will be processed by parties authorized to perform these tasks, duly appointed as data processors or in charge of processing, equipped with security measures to guarantee the confidentiality of the data subjects to which the data refer and to avoid undue access to third parties or unauthorized personnel. If necessary, the data collected may be communicated, within the limits strictly relevant to the obligations, tasks or purposes referred to in point 2, to public or private subjects (insurers, auditing and certification companies, etc.) or competent Authorities for the purpose of prevention, detection or repression of crimes, with the observance of the rules that regulate the matter. No data will be disseminated.
The updated list of all Data Processors is available at BOOM’s office and may be requested at the following e-mail address [email protected]. Such list may be updated from time to time.
User’s data, stored in electronic form, is stored on a server owned by AWS located in the European Union.
7. USER’S RIGHTS
Users have the right to know their rights, essentially consisting of the right to receive from the other contractual party information about the existence of the processing of their personal data, as well as access to their data, to obtain rectification, integration, update, erasure or block. Furthermore, the User will also have the right to obtain a copy of his data, limitation of processing and/or to oppose to their processing, as well as the right to data portability and to submit a complaint with the competent control Authorities at the conditions and within the limits indicated in art. 13 of the GDPR.
Each data subject has the right to the following pursuant to articles 15 and following of the GDPR:
- Right to be informed;
- Right of access by the data subject;
- Right to rectification;
- Right to erasure (‘right to be forgotten’);
- Right to restriction of processing;
- Right to data portability;
- Right to object.
The data subject can therefore know what personal data are hold by the Controller, their origin and how they are used, request the updating, correction or integration and, in the cases provided for by the provisions in force, the cancellation, the limitation of treatment or oppose to their treatment. Each data subject may, if he wishes, request to receive a copy of the personal data held by the Data Controller in a format readable by electronic devices and, where technically possible, the Data Controller may transfer the data directly to a third party indicated by Interested.
If the user considers that the processing of his/her personal data has been carried out illegitimately, he/she can file a complaint with one of the competent control Authorities for compliance with the rules on the protection of personal data. In Italy, the complaint can be filed to Garante per la Protezione dei Dati Personali (http://www.garanteprivacy.it/).
8. EXERCISE OF RIGHTS
To exercise the aforementioned rights, Users can send a communication to the FOLLOWING email address [email protected], indicating the subject “Privacy – exercise of rights”.